HPE7-A02 Dumps Updated: Choose HPE7-A02 Dumps (V9.02) to Complete Your HPE Network Security Professional Exam

1. You have configured an AOS-CX switch to implement 802.1X on edge ports. Assume ports operate in the default auth-mode. VolP phones are assigned to the "voice" role and need to send traffic that is tagged for VLAN 12.

Where should you configure VLAN 12?

2. You need to set up HPE Aruba Networking ClearPass Policy Manager (CPPM) to provide certificate-based authentication of 802.1X supplicants.

How should you upload the root CA certificate for the supplicants' certificates?

3. A company has AOS-CX switches. The company wants to make it simpler and faster for admins to detect denial of service (DoS) attacks, such as ping or ARP floods, launched against the switches.

What can you do to support this use case?

4. You have run an Active Endpoint Security Report on HPE Aruba Networking ClearPass. The report indicates that hundreds of endpoints have MAC addresses but no known IP addresses.

What is one step for addressing this issue?

5. An admin has configured an AOS-CX switch with these settings:

port-access role employees

vlan access name employees

This switch is also configured with CPPM as its RADIUS server.

Which enforcement profile should you configure on CPPM to work with this configuration?

6. The security team needs you to show them information about MAC spoofing attempts detected by HPE Aruba Networking ClearPass Policy Manager (CPPM).

What should you do?

7. You need to set up an HPE Aruba Networking VIA solution for a customer who needs to support 2100 remote employees. The customer wants employees to download their VIA connection profile from the VPNC. Only employees who authenticate with their domain credentials to HPE Aruba Networking ClearPass Policy

Manager (CPPM) should be able to download the profile. (A RADIUS server group for CPPM is already set up on the VPNC.)

How do you configure the VPNC to enforce that requirement?

8. A company is using HPE Aruba Networking ClearPass Device Insight (CPDI) (the standalone application). You have identified a device, which is currently classified as one type, but you want to classify it as a custom type. You also want to classify all devices with similar attributes as this type, both already-discovered devices and new devices discovered later.

What should you do?

9. You are deploying a virtual Data Collector for use with HPE Aruba Networking ClearPass Device Insight (CPDI). You have identified VLAN 101 in the data center as the VLAN to which the Data Collector should connect to receive its IP address and connect to HPE Aruba Networking Central.

Which Data Collector virtual ports should you tell the virtual admins to connect to VLAN 101?

10. A company assigns a different block of VLAN IDs to each of its access layer AOS-CX switches. The switches run version 10.07. The IDs are used for standard purposes, such as for employees, VolP phones, and cameras. The company wants to apply 802.1X authentication to HPE Aruba Networking ClearPass Policy Manager (CPPM) and then steer clients to the correct VLANs for local forwarding.

What can you do to simplify setting up this solution?

11. A company lacks visibility into the many different types of user and loT devices deployed in its internal network, making it hard for the security team to address those devices.

Which HPE Aruba Networking solution should you recommend to resolve this issue?

12. A company is using HPE Aruba Networking ClearPass Device Insight (CPDI) (the standalone application). In the CPDI security settings, Security Analysis is On, the Data Source is ClearPass Devices Insight, and Enable Posture Assessment is On. You see that device has a Risk Score of 90.

What can you know from this information?

13. You have set up a mirroring session between an AOS-CX switch and a management station, running Wireshark. You want to capture just the traffic sent in the mirroring session, not the management station's other traffic.

What should you do?

14. A company uses HPE Aruba Networking ClearPass Policy Manager (CPPM) as a TACACS+ server to authenticate managers on its AOS-CX switches. The company wants CPPM to control which commands managers are allowed to enter. You see there is no field to enter these commands in ClearPass.

How do you start configuring the command list on CPPM?

15. HPE Aruba Networking ClearPass Policy Manager (CPPM) uses a service to authenticate clients. You are now adding the Endpoints Repository as an authorization source for the service, and you want to add rules to the service's policies that apply different access levels based, in part, on a client's device category. You need to ensure that CPPM can apply the new correct access level after discovering new clients' categories.

What should you enable on the service?

16. A company has AOS-CX switches and HPE Aruba Networking APs, which run AOS-10 and bridge their SSIDs. Company security policies require 802.1X on all edge ports, some of which connect to APs.

How should you configure the auth-mode on AOS-CX switches?

17. A company has HPE Aruba Networking Central-managed APs. The company wants to block all clients connected through the APs from using YouTube.

Which steps should you take?

18. What is one use case for implementing user-based tunneling (UBT) on AOS-CX switches?

19. A company has HPE Aruba Networking APs running AOS-10 that connect to AOS-CX switches. The

APs will:

. Authenticate as 802.1X supplicants to HPE Aruba Networking ClearPass Policy Manager (CPPM)

. Be assigned to the "APs" role on the switches

. Have their traffic forwarded locally

What information do you need to help you determine the VLAN settings for the "APs" role?

20. Your company wants to implement Tunneled EAP (TEAP).

How can you set up HPE Aruba Networking ClearPass Policy Manager (CPPM) to enforce certificated-based authentication for clients using TEAP?

21. Admins have recently turned on Wireless IDS/IPS infrastructure detection at the high level on HPE Aruba Networking APs. When you check WIDS events, you see several RTS rate and CTS rate anomalies, which were triggered by neighboring APs.

What can you interpret from this event?

22. HPE Aruba Networking Central displays an alert about an Infrastructure Attack that was detected. You go to the Security > RAPIDS events and see that the attack was "Detect adhoc using Valid SSID."

What is one possible next step?

23. A company has a variety of HPE Aruba Networking solutions, including an HPE Aruba Networking infrastructure and HPE Aruba Networking ClearPass Policy

Manager (CPPM). The company passes traffic from the corporate LAN destined to the data center through a third-party SRX firewall. The company would like to further protect itself from internal threats.

What is one solution that you can recommend?

24. A company wants to apply a standard configuration to all AOS-CX switch ports and have the ports dynamically adjust their configuration based on the identity of the user or device that connects. They want to centralize configuration of the identity-based settings as much as possible.

What should you recommend?

25. A company issues user certificates to domain computers using its Windows CA and the default user certificate template. You have set up HPE Aruba Networking ClearPass Policy Manager (CPPM) to authenticate 802.1X clients with those certificates. However, during tests, you receive an error that authorization has failed because the usernames do not exist in the authentication source.

What is one way to fix this issue and enable clients to successfully authenticate with certificates?

26. You need to use "Tips:Posture" conditions within an 802.1X service's enforcement policy.

Which guideline should you follow?

27. You have created this rule in an HPE Aruba Networking ClearPass Policy Manager (CPPM) service's enforcement policy: IF Authorization [Endpoints Repository] Conflict EQUALS true THEN apply "quarantine_profile"

What information can help you determine whether you need to configure cluster-wide profiler parameters to ignore some conflicts?

28. A company has HPE Aruba Networking APs, which authenticate users to HPE Aruba Networking ClearPass Policy Manager (CPPM).

What does HPE Aruba Networking recommend as the preferred method for assigning clients to a role on the AOS firewall?

29. A security team needs to track a device's communication patterns and identify patterns such as how many destinations the device is accessing.

Which Aruba solution can show this information at a glance?

30. A company uses HPE Aruba Networking ClearPass Policy Manager (CPPM) as a TACACS+ server to authenticate managers on its AOS-CX switches. You want to assign managers to groups on the AOS-CX switch by name.

How do you configure this setting in a CPPM TACACS+ enforcement profile?

31. What is one use case that companies can fulfill using HPE Aruba Networking ClearPass Policy Manager's (CPPM's) Device Profiler?

32. A company needs to enforce 802.1X authentication for its Windows domain computers to HPE Aruba Networking ClearPass Policy Manager (CPPM). The company needs the computers to authenticate as both machines and users in the same session.

Which authentication method should you set up on CPPM?

33. A company is implementing HPE Aruba Networking Wireless IDS/IPS (WIDS/WIPS) on its AOS-10 APs, which are managed in HPE Aruba Networking Central.

What is one requirement for enabling detection of rogue APs?

34. A company uses HPE Aruba Networking ClearPass Device Insight (CPDI) (the standalone application option). In the details for a generic device cluster, you see a recommendation for "Windows 8/10" with 70% accuracy.

What does this mean?

35. Refer to the Exhibit.

All of the switches in the exhibit are AOS-CX switches.

What is the preferred configuration on Switch-2 for preventing rogue OSPF routers in this network?

36. A company has HPE Aruba Networking gateways that implement gateway IDS/IPS. Admins sometimes check the Security Dashboard, but they want a faster way to discover if a gateway starts detecting threats in traffic.

What should they do?

37. What is a use case for the HPE Aruba Networking ClearPass OnGuard dissolvable agent?

38. Which use case is fulfilled by applying a time range to a firewall rule on an AOS device?

39. A company wants HPE Aruba Networking ClearPass Policy Manager (CPPM) to respond to Syslog messages from its Palo Alto Next Generation Firewall (NGFW) by quarantining clients involved in security incidents.

Which step must you complete to enable CPPM to process the Syslogs properly?

40. A company is implementing a client-to-site VPN based on tunnel-mode IPsec.

Which devices are responsible for the IPsec encapsulation?

41. You are setting up an HPE Aruba Networking VIA solution for a company. You need to configure access control policies for applications and resources that remote clients can access when connected to the VPN.

Where on the VPNC should you configure these policies?

42. A company has HPE Aruba Networking APs running AOS-10 and managed by HPE Aruba Networking

Central. The company also has AOS-CX switches. The security team wants you to capture traffic from a particular wireless client. You should capture this client's traffic over a 15 minute time period and then send the traffic to them in a PCAP file.

What should you do?

43. Assume that an AOS-CX switch is already implementing DHCP snooping and ARP inspection successfully on several VLANs.

What should you do to help minimize disruption time if the switch reboots?

44. You need to create a rule in an HPE Aruba Networking ClearPass Policy Manager (CPPM) role mapping policy that references a ClearPass Device Insight Tag.

Which Type (namespace) should you specify for the rule?

45. You are using OpenSSL to obtain a certificate signed by a Certification Authority (CA). You have entered this command:

openssl req -new -out file1.pem -newkey rsa:3072 -keyout file2.pem Enter PEM pass phrase: ********** Verifying - Enter PEM pass phrase: **********

Country Name (2 letter code) [AU]:US

State or Province Name (full name) [Some-State]: California

Locality Name (eg, city) []: Sunnyvale

Organization Name (eg, company) [Internet Widgits Pty Ltd]: example.com

Organizational Unit Name (eg, section) []: Infrastructure

Common Name (e.g. server FQDN or YOUR name) []: radius.example.com

What is one guideline for continuing to obtain a certificate?

46. A company needs you to integrate HPE Aruba Networking ClearPass Policy Manager (CPPM) with HPE Aruba Networking ClearPass Device Insight (CPDI).

What is one task you should do to prepare?

47. You have installed an HPE Aruba Networking Network Analytic Engine (NAE) script on an AOS-CX switch to monitor a particular function.

Which additional step must you complete to start the monitoring?

48. A company uses HPE Aruba Networking ClearPass Policy Manager (CPPM) and HPE Aruba Networking ClearPass Device Insight (CPDI) and has integrated the two. CPDI admins have created a tag. CPPM admins have created rules that use that tag in the wired 802.1X and wireless 802.1X services' enforcement policies.

The company requires CPPM to apply the tag-based rules to a client directly after it learns that the client has that tag.

What is one of the settings that you should verify on CPPM?

49. A company has HPE Aruba Networking APs and AOS-CX switches, as well as HPE Aruba Networking ClearPass. The company wants CPPM to have HTTP User-Agent strings to use in profiling devices.

What can you do to support these requirements?

50. Which statement describes Zero Trust Security?