Updated HPE7-A02 Dumps (V10.02): Effective Study Materials to Ensure Your HPE Network Security Professional Exam Success

1. You are setting up an HPE Aruba Networking VIA solution for a company. You need to configure access control policies for applications and resources that remote clients can access when connected to the VPN.

Where on the VPNC should you configure these policies?

2. A company wants HPE Aruba Networking ClearPass Policy Manager (CPPM) to respond to Syslog messages from its Palo Alto Next Generation Firewall (NGFW) by quarantining clients involved in security incidents.

Which step must you complete to enable CPPM to process the Syslogs properly?

3. A company has a variety of HPE Aruba Networking solutions, including an HPE Aruba Networking infrastructure and HPE Aruba Networking ClearPass Policy Manager (CPPM). The company passes traffic from the corporate LAN destined to the data center through a third-party SRX firewall. The company would like to further protect itself from internal threats.

What is one solution that you can recommend?

4. You are deploying a virtual Data Collector for use with HPE Aruba Networking ClearPass Device Insight (CPDI). You have identified VLAN 101 in the data center as the VLAN to which the Data Collector should connect to receive its IP address and connect to HPE Aruba Networking Central.

Which Data Collector virtual ports should you tell the virtual admins to connect to VLAN 101?

5. A company assigns a different block of VLAN IDs to each of its access layer AOS-CX switches. The switches run version 10.07. The IDs are used for standard purposes, such as for employees, VolP phones, and cameras. The company wants to apply 802.1X authentication to HPE Aruba Networking ClearPass Policy Manager (CPPM) and then steer clients to the correct VLANs for local forwarding.

What can you do to simplify setting up this solution?

6. Assume that an AOS-CX switch is already implementing DHCP snooping and ARP inspection successfully on several VLANs.

What should you do to help minimize disruption time if the switch reboots?

7. The security team needs you to show them information about MAC spoofing attempts detected by HPE Aruba Networking ClearPass Policy Manager (CPPM).

What should you do?

8. You have created this rule in an HPE Aruba Networking ClearPass Policy Manager (CPPM) service's enforcement policy: IF Authorization [Endpoints Repository]

Conflict EQUALS true THEN apply "quarantine_profile"

What information can help you determine whether you need to configure cluster-wide profiler parameters to ignore some conflicts?

9. HPE Aruba Networking ClearPass Policy Manager (CPPM) uses a service to authenticate clients. You are now adding the Endpoints Repository as an authorization source for the service, and you want to add rules to the service's policies that apply different access levels based, in part, on a client's device category. You need to ensure that CPPM can apply the new correct access level after discovering new clients' categories.

What should you enable on the service?

10. You have installed an HPE Aruba Networking Network Analytic Engine (NAE) script on an AOS-CX switch to monitor a particular function.

Which additional step must you complete to start the monitoring?

11. A company uses HPE Aruba Networking ClearPass Policy Manager (CPPM) as a TACACS+ server to authenticate managers on its AOS-CX switches. You want to assign managers to groups on the AOS-CX switch by name.

How do you configure this setting in a CPPM TACACS+ enforcement profile?

12. Your company wants to implement Tunneled EAP (TEAP).

How can you set up HPE Aruba Networking ClearPass Policy Manager (CPPM) to enforce certificated-based authentication for clients using TEAP?

13. What is a use case for running periodic subnet scans on devices from HPE Aruba Networking ClearPass Policy Manager (CPPM)?

14. HPE Aruba Networking Central displays an alert about an Infrastructure Attack that was detected. You go to the Security > RAPIDS events and see that the attack was "Detect adhoc using Valid SSID."

What is one possible next step?

15. What is one use case for implementing user-based tunneling (UBT) on AOS-CX switches?

16. You need to use "Tips: Posture" conditions within an 802.1X service's enforcement policy.

Which guideline should you follow?

17. Admins have recently turned on Wireless IDS/IPS infrastructure detection at the high level on HPE Aruba Networking APs. When you check WIDS events, you see several RTS rate and CTS rate anomalies, which were triggered by neighboring APs.

What can you interpret from this event?

18. A company wants to turn on Wireless IDS/IPS infrastructure and client detection at the high level on HPE Aruba Networking APs. The company does not want to enable any prevention settings.

What should you explain about HPE Aruba Networking recommendations?

19. What is one use case that companies can fulfill using HPE Aruba Networking ClearPass Policy Manager's (CPPM's) Device Profiler?

20. A company needs you to integrate HPE Aruba Networking ClearPass Policy Manager (CPPM) with HPE Aruba Networking ClearPass Device Insight (CPDI).

What is one task you should do to prepare?

21. A company has an HPE Aruba Networking ClearPass cluster with several servers.

ClearPass Policy Manager (CPPM) is set up to:

. Update client attributes based on Syslog messages from third-party appliances

. Have the clients reauthenticate and apply new profiles to the clients based on the updates

To ensure that the correct profiles apply, what is one step you should take?

22. An admin has configured an AOS-CX switch with these settings:

port-access role employees

vlan access name employees

This switch is also configured with CPPM as its RADIUS server.

Which enforcement profile should you configure on CPPM to work with this configuration?

23. You are using OpenSSL to obtain a certificate signed by a Certification Authority (CA).

You have entered this command:

openssl req -new -out file1.pem -newkey rsa: 3072 -keyout file2.pem Enter PEM pass phrase: ********** Verifying - Enter PEM pass phrase: **********

Country Name (2 letter code) [AU]: US

State or Province Name (full name) [Some-State]: California

Locality Name (eg, city) []: Sunnyvale

Organization Name (eg, company) [Internet Widgits Pty Ltd]: example.com

Organizational Unit Name (eg, section) []: Infrastructure

Common Name (e.g. server FQDN or YOUR name) []: radius.example.com

What is one guideline for continuing to obtain a certificate?

24. A company is implementing HPE Aruba Networking Wireless IDS/IPS (WIDS/WIPS) on its AOS-10 APs, which are managed in HPE Aruba Networking Central.

What is one requirement for enabling detection of rogue APs?

25. A company wants to apply a standard configuration to all AOS-CX switch ports and have the ports dynamically adjust their configuration based on the identity of the user or device that connects. They want to centralize configuration of the identity-based settings as much as possible.

What should you recommend?

26. A company uses HPE Aruba Networking ClearPass Device Insight (CPDI) (the standalone application option). In the details for a generic device cluster, you see a recommendation for "Windows 8/10" with 70% accuracy.

What does this mean?

27. You need to set up HPE Aruba Networking ClearPass Policy Manager (CPPM) to provide certificate-based authentication of 802.1X supplicants.

How should you upload the root CA certificate for the supplicants' certificates?

28. You need to set up an HPE Aruba Networking VIA solution for a customer who needs to support 2100 remote employees. The customer wants employees to download their VIA connection profile from the VPNC. Only employees who authenticate with their domain credentials to HPE Aruba Networking ClearPass Policy Manager (CPPM) should be able to download the profile. (A RADIUS server group for CPPM is already set up on the VPNC.)

How do you configure the VPNC to enforce that requirement?

29. A company uses HPE Aruba Networking ClearPass Policy Manager (CPPM) and HPE Aruba Networking ClearPass Device Insight (CPDI) and has integrated the two. CPDI admins have created a tag. CPPM admins have created rules that use that tag in the wired 802.1X and wireless 802.1X services' enforcement policies.

The company requires CPPM to apply the tag-based rules to a client directly after it learns that the client has that tag.

What is one of the settings that you should verify on CPPM?

30. Refer to the exhibit.

All of the switches in the exhibit are AOS-CX switches.

What is the preferred configuration on Switch-2 for preventing rogue OSPF routers in this network?

31. A company issues user certificates to domain computers using its Windows CA and the default user

certificate template. You have set up HPE Aruba Networking ClearPass Policy Manager (CPPM) to authenticate 802.1X clients with those certificates. However, during tests, you receive an error that authorization has failed because the usernames do not exist in the authentication source.

What is one way to fix this issue and enable clients to successfully authenticate with certificates?

32. A security team needs to track a device's communication patterns and identify patterns such as how many destinations the device is accessing.

Which Aruba solution can show this information at a glance?

33. Refer to Exhibit.

A company is using HPE Aruba Networking ClearPass Device Insight (CPDI) (the standalone application). In the CPDI interface, you go to the Generic Devices page and see the view shown in the exhibit.

What correctly describes what you see?

34. Which use case is fulfilled by applying a time range to a firewall rule on an AOS device?

35. You have set up a mirroring session between an AOS-CX switch and a management station, running Wireshark. You want to capture just the traffic sent in the mirroring session, not the management station's other traffic.

What should you do?

36. A company needs to enforce 802.1X authentication for its Windows domain computers to HPE Aruba Networking ClearPass Policy Manager (CPPM). The company needs the computers to authenticate as both machines and users in the same session.

Which authentication method should you set up on CPPM?

37. A company is using HPE Aruba Networking ClearPass Device Insight (CPDI) (the standalone application). You have identified a device, which is currently classified as one type, but you want to classify it as a custom type. You also want to classify all devices with similar attributes as this type, both already-discovered devices and new devices discovered later.

What should you do?

38. A company has HPE Aruba Networking Central-managed APs. The company wants to block all clients connected through the APs from using YouTube.

Which steps should you take?

39. You have run an Active Endpoint Security Report on HPE Aruba Networking ClearPass. The report indicates that hundreds of endpoints have MAC addresses but no known IP addresses.

What is one step for addressing this issue?

40. You need to create a rule in an HPE Aruba Networking ClearPass Policy Manager (CPPM) role mapping policy that references a ClearPass Device Insight Tag.

Which Type (namespace) should you specify for the rule?

41. A company has HPE Aruba Networking APs running AOS-10 and managed by HPE Aruba Networking Central. The company also has AOS-CX switches. The security team wants you to capture traffic from a particular wireless client. You should capture this client's traffic over a 15 minute time period and then send the traffic to them in a PCAP file.

What should you do?

42. What is a use case for the HPE Aruba Networking ClearPass OnGuard dissolvable agent?

43. A company is using HPE Aruba Networking ClearPass Device Insight (CPDI) (the standalone application). In the CPDI security settings, Security Analysis is On, the Data Source is ClearPass Devices Insight, and Enable Posture Assessment is On. You see that device has a Risk Score of 90.

What can you know from this information?

44. A company is implementing a client-to-site VPN based on tunnel-mode IPsec.

Which devices are responsible for the IPsec encapsulation?

45. 1.You have configured an AOS-CX switch to implement 802.1X on edge ports. Assume ports operate in the default auth-mode. VolP phones are assigned to the "voice" role and need to send traffic that is tagged for VLAN 12.

Where should you configure VLAN 12?

46. A company uses HPE Aruba Networking ClearPass Policy Manager (CPPM) as a TACACS+ server to authenticate managers on its AOS-CX switches. The company wants CPPM to control which commands managers are allowed to enter. You see there is no field to enter these commands in ClearPass.

How do you start configuring the command list on CPPM?

47. A company lacks visibility into the many different types of user and loT devices deployed in its internal network, making it hard for the security team to address those devices.

Which HPE Aruba Networking solution should you recommend to resolve this issue?

48. A company has HPE Aruba Networking APs running AOS-10 that connect to AOS-CX switches.

The APs will:

. Authenticate as 802.1X supplicants to HPE Aruba Networking ClearPass Policy Manager (CPPM)

. Be assigned to the "APs" role on the switches

. Have their traffic forwarded locally

What information do you need to help you determine the VLAN settings for the "APs" role?

49. A company has HPE Aruba Networking APs, which authenticate users to HPE Aruba Networking ClearPass Policy Manager (CPPM).

What does HPE Aruba Networking recommend as the preferred method for assigning clients to a role on the AOS firewall?

50. A company has HPE Aruba Networking APs and AOS-CX switches, as well as HPE Aruba Networking ClearPass. The company wants CPPM to have HTTP User-Agent strings to use in profiling devices.

What can you do to support these requirements?