HPE7-A02 Practice Questions

A.  

Access the client's switch's CLI from your management station. Access the switch shell and run a TCP dump on the client port.

B.  

Go to the client's switch in HPE Aruba Networking Central. Use the "Security" page to run a packet capture.

C.  

Set up a policy that implements a captive portal redirect to your management station. Apply that policy to the client's port.

D.  

Set up a mirror session on the client's switch; set the client port as the source and your station IP address as the tunnel destination.

A.  

Install the root CA for CPPM's HTTPS certificate as trusted in the CPDI application.

B.  

Configure WMI, SSH, and SNMP external accounts for device scanning on CPPM.

C.  

Enable Insight in the CPPM server configuration settings.

D.  

Collect a Data Collector token from HPE Aruba Networking Central.

A.  

It is signed by an HPE Aruba Networking CA and is trusted by many HPE Aruba Networking solutions.

B.  

It works well as a captive portal certificate for guest SSIDs.

C.  

It is a self-signed certificate that should not be used in production.

D.  

It is installed on APs after they connect to and are provisioned by HPE Aruba Networking Central.

A.  

It provides an alternative to IPsec that is suitable for legacy clients.

B.  

It provides a more modern and secure alternative to IPsec.

C.  

It helps to negotiate the IPsec SA automatically and securely.

D.  

It helps remote clients download IPsec profiles for later use.

A.  

Use HPE Aruba Networking Central floorplans or the detecting AP identities to locate the general area for the threat.

B.  

Look for the IP address associated with the offender and then check for that IP address among HPE Aruba Networking Central clients.

C.  

Make sure that you have tuned the threshold for that check, as false positives are common for it.

D.  

Make sure that clients have updated drivers, as faulty drivers are a common explanation for this attack type.

A.  

Endpoint

B.  

TIPS

C.  

Device

D.  

Application

A.  

Enabling unmanaged devices to succeed at certificate-based 802.1X

B.  

Enabling managed Windows domain computers to succeed at certificate-based 802.1X

C.  

Enhancing security for loT devices that need to authenticate with MAC-Auth

D.  

Enforcing posture-based assessment on managed Windows domain computers

A.  

Add the CPPM server's IP address to the IP helper list in all client VLANs on routing switches.

B.  

Schedule periodic subnet scans of all client subnets on CPPM.

C.  

Configure mirror sessions on the APs and switches to copy client HTTP traffic to CPPM.

D.  

On the APs and switches, configure a redirect to ClearPass Guest in the role for devices being profiled.

A.  

No trust for DSCP

B.  

Trust for DSCP

C.  

Auth-mode left at client-mode

D.  

Access VLAN 18 with no support for VLAN 12

A.  

Connecting a known device of this type and getting it discovered in CPPM's Endpoints Repository.

B.  

Enabling HPE Aruba Networking ClearPass Device Insight integration with the correct Data Collector token.

C.  

Pre-defining the desired attributes and rules in an XML format file.

D.  

Disabling the "Automatically download Endpoint Profiler Fingerprints" feature in cluster-wide parameters.