HPE7-A02 Practice Questions

A.  

Choose to decode UDP port 5555 packets as ARUBA_ERM and set the Aruba ERM Type to 0.

B.  

Edit preferences for IEEE 802.11 and chose to ignore the Protection bit with IV.

C.  

Apply the following display filter: wlan.fc.type == 1.

D.  

Edit the Enabled Protocols and make sure that 802.11, GRE, and Aruba_ERM are enabled.

A.  

A view of clients’ authentication status, role, and UBT state

B.  

Alerts triggered by NAE agents deployed on the switch

C.  

A list of all TACACS+, RADIUS, and other authentication events

D.  

All debugging information collected since the last switch reboot

A.  

Specify CPPM as the RADIUS server with the exact CN in CPPM ' s HTTPS certificate.

B.  

Install the root CA certificate for CPPM ' s RADIUS certificate in a TA profile on the switches.

C.  

Configure empty user-roles with names that match enforcement profile names on CPPM.

D.  

Specify a ClearPass username and password that match the name and RADIUS secret in a CPPM network device entry.

A.  

Install the root CA for CPPM’s HTTPS certificate as trusted in the CPDI application.

B.  

Enable Insight in the CPPM server configuration settings.

C.  

Configure WMI, SSH, and SNMP external accounts for device scanning on CPPM.

D.  

Collect a Data Collector token from HPE Aruba Networking Central.

A.  

Have the third-party firewall send Syslogs to CPPM, which can work with network devices to lock internal attackers out of the network.

B.  

Use tunnel mode SSIDs and user-based tunneling (UBT) on AOS-CX switches to pass all internal traffic directly through the third-party firewall.

C.  

Add ClearPass Device Insight (CPDI) to the solution; integrate it with the third-party firewall to develop more complete device profiles.

D.  

Configure CPPM to poll the third-party firewall for a broad array of information about internal clients, such as profile and posture.

A.  

Add a class with this rule, “match any any any,” and reference the class at the end of “policy1.”

B.  

In “ip class2,” change “match any any 10.0.0.0/255.0.0.0” to “ignore any any 10.0.0.0/255.0.0.0.”

C.  

In “ip class2,” change the rule to “match any 10.0.0.0/255.0.0.0 any.”

D.  

Add the “action permit” keyword to the end of the “10 class ip class1” rule in “policy1.”

A.  

HTTPS

B.  

Database

C.  

RADIUS/EAP

D.  

RadSec

A.  

Apply this capture filter: ip proto 47

B.  

Edit protocol preferences and enable ARUBA_ERM.

C.  

Edit protocol preferences and enable HPE_ERM.

D.  

Apply this capture filter: udp port 5555

A.  

The switch always sends the users ' traffic to the VRRP master.

B.  

The switch always sends all users ' traffic to the primary gateway configured in the UBT zone.

C.  

The switch always load shares the users ' traffic across both gateways.

D.  

The switch always sends all users ' traffic to the gateway assigned as the active device designed gateway.

A.  

Enable caching roles and posture attributes from previous sessions in the service ' s enforcement settings.

B.  

Create rules that assign postures in the service ' s role mapping policy.

C.  

Enable profiling in the service ' s general settings.

D.  

Select the Posture Policy type for the service ' s enforcement policy.