{"id":63490,"date":"2023-08-25T08:09:44","date_gmt":"2023-08-25T08:09:44","guid":{"rendered":"https:\/\/www.dumpsbase.com\/freedumps\/?p=63490"},"modified":"2023-08-25T08:09:49","modified_gmt":"2023-08-25T08:09:49","slug":"how-to-recertify-your-aca-network-security-certification-pass-the-aruba-certified-network-security-expert-written-exam-by-using-hpe6-a84-dumps","status":"publish","type":"post","link":"https:\/\/www.dumpsbase.com\/freedumps\/how-to-recertify-your-aca-network-security-certification-pass-the-aruba-certified-network-security-expert-written-exam-by-using-hpe6-a84-dumps.html","title":{"rendered":"How to Recertify Your ACA &#8211; Network Security Certification? &#8211; Pass the Aruba Certified Network Security Expert Written Exam By Using HPE6-A84 Dumps"},"content":{"rendered":"\n<p>Are you an HPE Aruba Certified professional who needs to recertify your <a href=\"https:\/\/dumpsbase.com\/hpe6-a78.html\"><em><strong>ACA-Network Security<\/strong><\/em><\/a> certification? If so, you may choose to take the HPE6-A84 Aruba Certified Network Security Expert Written Exam. This exam is designed to test your knowledge of network security concepts and technologies and is a great way to demonstrate your skills and expertise in this field. But how can you prepare for this exam and ensure that you pass on the first try? The answer is simple: by using DumpsBase HPE6-A84 dumps.<\/p>\n<p>HPE6-A84 dumps are a set of practice exam questions and answers that are designed to help you prepare for the Aruba Certified Network Security Expert Written Exam. Our dumps are created by a team of experts who have years of experience in the field of network security and understand the latest exam format and content. With our dumps, you can simulate the real exam environment and get a feel for the types of questions you&#8217;ll encounter on exam day.<\/p>\n<h2>Read Aruba Certified Network Security Expert Written Exam <em><span style=\"background-color: #ffff00;\">HPE6-A84 Free Dumps<\/span><\/em><\/h2>\n<script>\n\t  window.fbAsyncInit = function() {\n\t    FB.init({\n\t      appId            : '622169541470367',\n\t      autoLogAppEvents : true,\n\t      xfbml            : true,\n\t      version          : 'v3.1'\n\t    });\n\t  };\n\t\n\t  (function(d, s, id){\n\t     var js, fjs = d.getElementsByTagName(s)[0];\n\t     if (d.getElementById(id)) {return;}\n\t     js = d.createElement(s); js.id = id;\n\t     js.src = \"https:\/\/connect.facebook.net\/en_US\/sdk.js\";\n\t     fjs.parentNode.insertBefore(js, fjs);\n\t   }(document, 'script', 'facebook-jssdk'));\n\t<\/script><script type=\"text\/javascript\" >\ndocument.addEventListener(\"DOMContentLoaded\", function(event) { \nif(!window.jQuery) alert(\"The important jQuery library is not properly loaded in your site. Your WordPress theme is probably missing the essential wp_head() call. You can switch to another theme and you will see that the plugin works fine and this notice disappears. If you are still not sure what to do you can contact us for help.\");\n});\n<\/script>  \n  \n<div  id=\"watupro_quiz\" class=\"quiz-area single-page-quiz\">\n<p id=\"submittingExam7699\" style=\"display:none;text-align:center;\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/img\/loading.gif\" width=\"16\" height=\"16\"><\/p>\n\n<div class=\"watupro-exam-description\" id=\"description-quiz-7699\"><\/div>\n\n<form action=\"\" method=\"post\" class=\"quiz-form\" id=\"quiz-7699\"  enctype=\"multipart\/form-data\" >\n<div class='watu-question ' id='question-1' style=';'><div id='questionWrap-1'  class='   watupro-question-id-284919'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>1. <\/span>You are designing an Aruba ClearPass Policy Manager (CPPM) solution for a customer. You learn that the customer has a Palo Alto firewall that filters traffic between clients in the campus and the data center. <br \/>\r<br>Which integration can you suggest?<\/div><input type='hidden' name='question_id[]' id='qID_1' value='284919' \/><input type='hidden' id='answerType284919' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284919[]' id='answer-id-1120348' class='answer   answerof-284919 ' value='1120348'   \/><label for='answer-id-1120348' id='answer-label-1120348' class=' answer'><span>Sending Syslogs from the firewall to CPPM to signal CPPM to change the authentication status for misbehaving clients<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284919[]' id='answer-id-1120349' class='answer   answerof-284919 ' value='1120349'   \/><label for='answer-id-1120349' id='answer-label-1120349' class=' answer'><span>Importing clients\u2019 MAC addresses to configure known clients for MAC authentication more quickly<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284919[]' id='answer-id-1120350' class='answer   answerof-284919 ' value='1120350'   \/><label for='answer-id-1120350' id='answer-label-1120350' class=' answer'><span>Establishing a double layer of authentication at both the campus edge and the data center DMZ<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284919[]' id='answer-id-1120351' class='answer   answerof-284919 ' value='1120351'   \/><label for='answer-id-1120351' id='answer-label-1120351' class=' answer'><span>Importing the firewall's rules to program downloadable user roles for AOS-CX switches more quickly<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-2' style=';'><div id='questionWrap-2'  class='   watupro-question-id-284920'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>2. <\/span>Refer to the scenario. <br \/>\r<br>A customer has an Aruba ClearPass cluster. The customer has AOS-CX switches that implement 802.1X authentication to ClearPass Policy Manager (CPPM). <br \/>\r<br>Switches are using local port-access policies. <br \/>\r<br>The customer wants to start tunneling wired clients that pass user authentication only to an Aruba gateway cluster. The gateway cluster should assign these clients to the \u201ceth-internet&quot; role. The gateway should also handle assigning clients to their VLAN, which is VLAN 20. <br \/>\r<br>The plan for the enforcement policy and profiles is shown below: <br \/>\r<br><br><img decoding=\"async\" width=650 height=887 id=\"\u56fe\u7247 49\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2023\/08\/image001-46.jpg\"><br><br \/>\r<br>The gateway cluster has two gateways with these IP addresses: <br \/>\r<br>&#8226; Gateway 1 <br \/>\r<br>o VLAN 4085 (system IP) = 10.20.4.21 <br \/>\r<br>o VLAN 20 (users) = 10.20.20.1 <br \/>\r<br>o VLAN 4094 (WAN) = 198.51.100.14 <br \/>\r<br>&#8226; Gateway 2 <br \/>\r<br>o VLAN 4085 (system IP) = 10.20.4.22 <br \/>\r<br>o VLAN 20 (users) = 10.20.20.2 <br \/>\r<br>o VLAN 4094 (WAN) = 198.51.100.12 <br \/>\r<br>&#8226; VRRP on VLAN 20 = 10.20.20.254 <br \/>\r<br>The customer requires high availability for the tunnels between the switches and the gateway cluster. If one gateway falls, the other gateway should take over its tunnels. Also, the switch should be able to discover the gateway cluster regardless of whether one of the gateways is in the cluster. <br \/>\r<br>You are setting up the UBT zone on an AOS-CX switch. <br \/>\r<br>Which IP addresses should you define in the zone?<\/div><input type='hidden' name='question_id[]' id='qID_2' value='284920' \/><input type='hidden' id='answerType284920' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284920[]' id='answer-id-1120352' class='answer   answerof-284920 ' value='1120352'   \/><label for='answer-id-1120352' id='answer-label-1120352' class=' answer'><span>Primary controller = 10.20.4.21; backup controller = 10.20.4.22<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284920[]' id='answer-id-1120353' class='answer   answerof-284920 ' value='1120353'   \/><label for='answer-id-1120353' id='answer-label-1120353' class=' answer'><span>Primary controller = 198.51.100.14; backup controller = 10.20.4.21<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284920[]' id='answer-id-1120354' class='answer   answerof-284920 ' value='1120354'   \/><label for='answer-id-1120354' id='answer-label-1120354' class=' answer'><span>Primary controller = 10.20.4.21; backup controller, not defined<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284920[]' id='answer-id-1120355' class='answer   answerof-284920 ' value='1120355'   \/><label for='answer-id-1120355' id='answer-label-1120355' class=' answer'><span>Primary controller = 10.20.20.254; backup controller, not defined<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-3' style=';'><div id='questionWrap-3'  class='   watupro-question-id-284921'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>3. <\/span>Refer to the scenario. <br \/>\r<br>A customer requires these rights for clients in the \u201cmedical-mobile\u201d AOS firewall role on Aruba Mobility Controllers (MCs): <br \/>\r<br>Permitted to receive IP addresses with DHCP <br \/>\r<br>Permitted access to DNS services from 10.8.9.7 and no other server <br \/>\r<br>Permitted access to all subnets in the 10.1.0.0\/16 range except denied access to 10.1.12.0\/22 <br \/>\r<br>Denied access to other 10.0.0.0\/8 subnets <br \/>\r<br>Permitted access to the Internet <br \/>\r<br>Denied access to the WLAN for a period of time if they send any SSH traffic <br \/>\r<br>Denied access to the WLAN for a period of time if they send any Telnet traffic <br \/>\r<br>Denied access to all high-risk websites <br \/>\r<br>External devices should not be permitted to initiate sessions with \u201cmedical-mobile\u201d clients, only send return traffic. <br \/>\r<br>The exhibits below show the configuration for the role. <br \/>\r<br><br><img decoding=\"async\" width=649 height=599 id=\"\u56fe\u7247 48\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2023\/08\/image002-44.jpg\"><br><br \/>\r<br>There are multiple issues with this configuration. <br \/>\r<br>What is one change you must make to meet the scenario requirements? (In the options, rules in a policy are referenced from top to bottom. For example, \u201cmedical-mobile\u201d rule 1 is \u201cipv4 any any svc-dhcp permit,\u201d and rule 8 is \u201cipv4 any any any permit\u201d.)<\/div><input type='hidden' name='question_id[]' id='qID_3' value='284921' \/><input type='hidden' id='answerType284921' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284921[]' id='answer-id-1120356' class='answer   answerof-284921 ' value='1120356'   \/><label for='answer-id-1120356' id='answer-label-1120356' class=' answer'><span>In the \u201cmedical-mobile\u201d policy, move rules 2 and 3 between rules 7 and 8.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284921[]' id='answer-id-1120357' class='answer   answerof-284921 ' value='1120357'   \/><label for='answer-id-1120357' id='answer-label-1120357' class=' answer'><span>In the \u201cmedical-mobile\u201d policy, change the subnet mask in rule 3 to 255.255.248.0.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284921[]' id='answer-id-1120358' class='answer   answerof-284921 ' value='1120358'   \/><label for='answer-id-1120358' id='answer-label-1120358' class=' answer'><span>Move the rule in the \u201capprf-medical-mobile-sacl\u201d policy between rules 7 and 8 in the \u201cmedical-mobile\u201d policy.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284921[]' id='answer-id-1120359' class='answer   answerof-284921 ' value='1120359'   \/><label for='answer-id-1120359' id='answer-label-1120359' class=' answer'><span>In the \u201cmedical-mobile\u201d policy, change the source in rule 8 to \u201cuser.\u201d<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-4' style=';'><div id='questionWrap-4'  class='   watupro-question-id-284922'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>4. <\/span>A company has an Aruba ClearPass server at 10.47.47.8, FQDN radius.acnsxtest.local. This exhibit shows ClearPass Policy Manager's (CPPM's) settings for an Aruba Mobility Controller (MC). <br \/>\r<br><br><img decoding=\"async\" width=650 height=323 id=\"\u56fe\u7247 47\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2023\/08\/image003-36.jpg\"><br><br \/>\r<br>The MC is already configured with RADIUS authentication settings for CPPM, and RADIUS requests between the MC and CPPM are working. A network admin enters and commits this command to enable dynamic authorization on the MC: aaa rfc-3576-server 10.47.47.8 <br \/>\r<br>But when CPPM sends CoA requests to the MC, they are not working. <br \/>\r<br>This exhibit shows the RFC 3576 server statistics on the MC: <br \/>\r<br><br><img decoding=\"async\" width=616 height=149 id=\"\u56fe\u7247 46\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2023\/08\/image004-33.jpg\"><br><br \/>\r<br>How could you fix this issue?<\/div><input type='hidden' name='question_id[]' id='qID_4' value='284922' \/><input type='hidden' id='answerType284922' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284922[]' id='answer-id-1120360' class='answer   answerof-284922 ' value='1120360'   \/><label for='answer-id-1120360' id='answer-label-1120360' class=' answer'><span>Change the UDP port in the MCs\u2019 RFC 3576 server config to 3799.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284922[]' id='answer-id-1120361' class='answer   answerof-284922 ' value='1120361'   \/><label for='answer-id-1120361' id='answer-label-1120361' class=' answer'><span>Enable RadSec on the MCs\u2019 RFC 3676 server config.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284922[]' id='answer-id-1120362' class='answer   answerof-284922 ' value='1120362'   \/><label for='answer-id-1120362' id='answer-label-1120362' class=' answer'><span>Configure the MC to obtain the time from a valid NTP server.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284922[]' id='answer-id-1120363' class='answer   answerof-284922 ' value='1120363'   \/><label for='answer-id-1120363' id='answer-label-1120363' class=' answer'><span>Make sure that CPPM is using an ArubaOS Wireless RADIUS CoA enforcement profile.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-5' style=';'><div id='questionWrap-5'  class='   watupro-question-id-284923'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>5. <\/span>Refer to the scenario. <br \/>\r<br>A customer requires these rights for clients in the \u201cmedical-mobile\u201d AOS firewall role on Aruba Mobility Controllers (MCs): <br \/>\r<br>Permitted to receive IP addresses with DHCP <br \/>\r<br>Permitted access to DNS services from 10.8.9.7 and no other server <br \/>\r<br>Permitted access to all subnets in the 10.1.0.0\/16 range except denied access to 10.1.12.0\/22 <br \/>\r<br>Denied access to other 10.0.0.0\/8 subnets <br \/>\r<br>Permitted access to the Internet <br \/>\r<br>Denied access to the WLAN for a period of time if they send any SSH traffic <br \/>\r<br>Denied access to the WLAN for a period of time if they send any Telnet traffic <br \/>\r<br>Denied access to all high-risk websites <br \/>\r<br>External devices should not be permitted to initiate sessions with \u201cmedical-mobile\u201d clients, only send return traffic. <br \/>\r<br>The exhibits below show the configuration for the role. <br \/>\r<br><br><img decoding=\"async\" width=649 height=587 id=\"\u56fe\u7247 45\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2023\/08\/image005-31.jpg\"><br><br \/>\r<br>What setting not shown in the exhibit must you check to ensure that the requirements of the scenario are met?<\/div><input type='hidden' name='question_id[]' id='qID_5' value='284923' \/><input type='hidden' id='answerType284923' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284923[]' id='answer-id-1120364' class='answer   answerof-284923 ' value='1120364'   \/><label for='answer-id-1120364' id='answer-label-1120364' class=' answer'><span>That denylisting is enabled globally on the MCs\u2019 firewalls<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284923[]' id='answer-id-1120365' class='answer   answerof-284923 ' value='1120365'   \/><label for='answer-id-1120365' id='answer-label-1120365' class=' answer'><span>That stateful handling of traffic is enabled globally on the MCs\u2019 firewalls and on the medical-mobile role<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284923[]' id='answer-id-1120366' class='answer   answerof-284923 ' value='1120366'   \/><label for='answer-id-1120366' id='answer-label-1120366' class=' answer'><span>That AppRF and WebCC are enabled globally and on the medical-mobile role<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284923[]' id='answer-id-1120367' class='answer   answerof-284923 ' value='1120367'   \/><label for='answer-id-1120367' id='answer-label-1120367' class=' answer'><span>That the MCs are assigned RF Protect licenses<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-6' style=';'><div id='questionWrap-6'  class='   watupro-question-id-284924'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>6. <\/span>Refer to the scenario. <br \/>\r<br>A customer has an Aruba ClearPass cluster. The customer has AOS-CX switches that implement 802.1X authentication to ClearPass Policy Manager (CPPM). <br \/>\r<br>Switches are using local port-access policies. <br \/>\r<br>The customer wants to start tunneling wired clients that pass user authentication only to an Aruba gateway cluster. The gateway cluster should assign these clients to the \u201ceth-internet&quot; role. The gateway should also handle assigning clients to their VLAN, which is VLAN 20. <br \/>\r<br>The plan for the enforcement policy and profiles is shown below: <br \/>\r<br><br><img decoding=\"async\" width=649 height=885 id=\"\u56fe\u7247 44\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2023\/08\/image006-23.jpg\"><br><br \/>\r<br>The gateway cluster has two gateways with these IP addresses: <br \/>\r<br>&#8226; Gateway 1 <br \/>\r<br>o VLAN 4085 (system IP) = 10.20.4.21 <br \/>\r<br>o VLAN 20 (users) = 10.20.20.1 <br \/>\r<br>o VLAN 4094 (WAN) = 198.51.100.14 <br \/>\r<br>&#8226; Gateway 2 <br \/>\r<br>o VLAN 4085 (system IP) = 10.20.4.22 <br \/>\r<br>o VLAN 20 (users) = 10.20.20.2 <br \/>\r<br>o VLAN 4094 (WAN) = 198.51.100.12 <br \/>\r<br>&#8226; VRRP on VLAN 20 = 10.20.20.254 <br \/>\r<br>The customer requires high availability for the tunnels between the switches and the gateway cluster. If one gateway falls, the other gateway should take over its tunnels. Also, the switch should be able to discover the gateway cluster regardless of whether one of the gateways is in the cluster. <br \/>\r<br>Assume that you have configured the correct UBT zone and port-access role settings. However, the solution is not working. <br \/>\r<br>What else should you make sure to do?<\/div><input type='hidden' name='question_id[]' id='qID_6' value='284924' \/><input type='hidden' id='answerType284924' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284924[]' id='answer-id-1120368' class='answer   answerof-284924 ' value='1120368'   \/><label for='answer-id-1120368' id='answer-label-1120368' class=' answer'><span>Assign VLAN 20 as the access VLAN on any edge ports to which tunneled clients might connect.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284924[]' id='answer-id-1120369' class='answer   answerof-284924 ' value='1120369'   \/><label for='answer-id-1120369' id='answer-label-1120369' class=' answer'><span>Create a new VLAN on the AOS-CX switch and configure that VLAN as the UBT client VLA<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284924[]' id='answer-id-1120370' class='answer   answerof-284924 ' value='1120370'   \/><label for='answer-id-1120370' id='answer-label-1120370' class=' answer'><span>Assign sufficient VIA licenses to the gateways based on the number of wired clients that will connect.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284924[]' id='answer-id-1120371' class='answer   answerof-284924 ' value='1120371'   \/><label for='answer-id-1120371' id='answer-label-1120371' class=' answer'><span>Change the port-access auth-mode mode to client-mode on any edge ports to which tunneled clients might connect.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-7' style=';'><div id='questionWrap-7'  class='   watupro-question-id-284925'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>7. <\/span>A company has Aruba gateways and wants to start implementing gateway IDS\/IPS. The customer has selected Block for the Fail Strategy. <br \/>\r<br>What might you recommend to help minimize unexpected outages caused by using this particular fall strategy?<\/div><input type='hidden' name='question_id[]' id='qID_7' value='284925' \/><input type='hidden' id='answerType284925' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284925[]' id='answer-id-1120372' class='answer   answerof-284925 ' value='1120372'   \/><label for='answer-id-1120372' id='answer-label-1120372' class=' answer'><span>Configuring a relatively high threshold for the gateway threat count alerts<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284925[]' id='answer-id-1120373' class='answer   answerof-284925 ' value='1120373'   \/><label for='answer-id-1120373' id='answer-label-1120373' class=' answer'><span>Making sure that the gateways have formed a cluster and operate in default gateway mode<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284925[]' id='answer-id-1120374' class='answer   answerof-284925 ' value='1120374'   \/><label for='answer-id-1120374' id='answer-label-1120374' class=' answer'><span>Setting the IDS or IPS policy to the least restrictive option, Lenient<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284925[]' id='answer-id-1120375' class='answer   answerof-284925 ' value='1120375'   \/><label for='answer-id-1120375' id='answer-label-1120375' class=' answer'><span>Enabling alerts and email notifications for events related to gateway IPS engine utilization and errors<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-8' style=';'><div id='questionWrap-8'  class='   watupro-question-id-284926'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>8. <\/span>A company has Aruba gateways that are Implementing gateway IDS\/IPS in IDS mode. The customer complains that admins are receiving too frequent of repeat email notifications for the same threat. The threat itself might be one that the admins should investigate, but the customer does not want the email notification to repeat as often. <br \/>\r<br>Which setting should you adjust in Aruba Central?<\/div><input type='hidden' name='question_id[]' id='qID_8' value='284926' \/><input type='hidden' id='answerType284926' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284926[]' id='answer-id-1120376' class='answer   answerof-284926 ' value='1120376'   \/><label for='answer-id-1120376' id='answer-label-1120376' class=' answer'><span>Report scheduling settings<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284926[]' id='answer-id-1120377' class='answer   answerof-284926 ' value='1120377'   \/><label for='answer-id-1120377' id='answer-label-1120377' class=' answer'><span>Alert duration and threshold settings<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284926[]' id='answer-id-1120378' class='answer   answerof-284926 ' value='1120378'   \/><label for='answer-id-1120378' id='answer-label-1120378' class=' answer'><span>The IDS policy setting (strict, medium, or lenient)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284926[]' id='answer-id-1120379' class='answer   answerof-284926 ' value='1120379'   \/><label for='answer-id-1120379' id='answer-label-1120379' class=' answer'><span>The allowlist settings in the IDS policy<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-9' style=';'><div id='questionWrap-9'  class='   watupro-question-id-284927'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>9. <\/span>Refer to the scenario. <br \/>\r<br>A customer is migrating from on-prem AD to Azure AD as its sole domain solution. The customer also manages both wired and wireless devices with Microsoft Endpoint Manager (Intune). <br \/>\r<br>The customer wants to improve security for the network edge. You are helping the customer design a ClearPass deployment for this purpose. Aruba network devices will authenticate wireless and wired clients to an Aruba ClearPass Policy Manager (CPPM) cluster (which uses version 6.10). <br \/>\r<br>The customer has several requirements for authentication. The clients should only pass EAP-TLS authentication if a query to Azure AD shows that they have accounts in Azure AD. To further refine the clients\u2019 privileges, ClearPass also should use information collected by Intune to make access control decisions. <br \/>\r<br>Assume that the Azure AD deployment has the proper prerequisites established. <br \/>\r<br>You are planning the CPPM authentication source that you will reference as the authentication source in 802.1X services. <br \/>\r<br>How should you set up this authentication source?<\/div><input type='hidden' name='question_id[]' id='qID_9' value='284927' \/><input type='hidden' id='answerType284927' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284927[]' id='answer-id-1120380' class='answer   answerof-284927 ' value='1120380'   \/><label for='answer-id-1120380' id='answer-label-1120380' class=' answer'><span>As Kerberos type<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284927[]' id='answer-id-1120381' class='answer   answerof-284927 ' value='1120381'   \/><label for='answer-id-1120381' id='answer-label-1120381' class=' answer'><span>As Active Directory type<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284927[]' id='answer-id-1120382' class='answer   answerof-284927 ' value='1120382'   \/><label for='answer-id-1120382' id='answer-label-1120382' class=' answer'><span>As HTTP type, referencing the Intune extension<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284927[]' id='answer-id-1120383' class='answer   answerof-284927 ' value='1120383'   \/><label for='answer-id-1120383' id='answer-label-1120383' class=' answer'><span>AS HTTP type, referencing Azure AD's FQDN<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-10' style=';'><div id='questionWrap-10'  class='   watupro-question-id-284928'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>10. <\/span>Refer to the scenario. <br \/>\r<br>A customer requires these rights for clients in the \u201cmedical-mobile\u201d AOS firewall role on Aruba Mobility Controllers (MCs): <br \/>\r<br>Permitted to receive IP addresses with DHCP <br \/>\r<br>Permitted access to DNS services from 10.8.9.7 and no other server <br \/>\r<br>Permitted access to all subnets in the 10.1.0.0\/16 range except denied access to 10.1.12.0\/22 <br \/>\r<br>Denied access to other 10.0.0.0\/8 subnets <br \/>\r<br>Permitted access to the Internet <br \/>\r<br>Denied access to the WLAN for a period of time if they send any SSH traffic <br \/>\r<br>Denied access to the WLAN for a period of time if they send any Telnet traffic <br \/>\r<br>Denied access to all high-risk websites <br \/>\r<br>External devices should not be permitted to initiate sessions with \u201cmedical-mobile\u201d clients, only send return traffic. <br \/>\r<br>The exhibits below show the configuration for the role. <br \/>\r<br><br><img decoding=\"async\" width=649 height=594 id=\"\u56fe\u7247 43\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2023\/08\/image007-22.jpg\"><br><br \/>\r<br>There are multiple issues with the configuration. <br \/>\r<br>What is one of the changes that you must make to the policies to meet the scenario requirements? (In the options, rules in a policy are referenced from top to bottom. For example, \u201cmedical-mobile\u201d rule 1 is \u201cipv4 any any svc-dhcp permit,\u201d and rule 8 is \u201cipv4 any any any permit\u2019.)<\/div><input type='hidden' name='question_id[]' id='qID_10' value='284928' \/><input type='hidden' id='answerType284928' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284928[]' id='answer-id-1120384' class='answer   answerof-284928 ' value='1120384'   \/><label for='answer-id-1120384' id='answer-label-1120384' class=' answer'><span>In the \u201cmedical-mobile\u201d policy, change the source in rule 1 to \u201cuser.\u201d<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284928[]' id='answer-id-1120385' class='answer   answerof-284928 ' value='1120385'   \/><label for='answer-id-1120385' id='answer-label-1120385' class=' answer'><span>In the \u201cmedical-mobile\u201d policy, change the subnet mask in rule 3 to 255.255.248.0.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284928[]' id='answer-id-1120386' class='answer   answerof-284928 ' value='1120386'   \/><label for='answer-id-1120386' id='answer-label-1120386' class=' answer'><span>In the \u201cmedical-mobile\u201d policy, move rules 6 and 7 to the top of the list.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284928[]' id='answer-id-1120387' class='answer   answerof-284928 ' value='1120387'   \/><label for='answer-id-1120387' id='answer-label-1120387' class=' answer'><span>Move the rule in the \u201capprf-medical-mobile-sacl\u201d policy between rules 7 and 8 in the \u201cmedical-mobile\u201d policy.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-11' style=';'><div id='questionWrap-11'  class='   watupro-question-id-284929'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>11. <\/span>What is a common characteristic of a beacon between a compromised device and a command and control server?<\/div><input type='hidden' name='question_id[]' id='qID_11' value='284929' \/><input type='hidden' id='answerType284929' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284929[]' id='answer-id-1120388' class='answer   answerof-284929 ' value='1120388'   \/><label for='answer-id-1120388' id='answer-label-1120388' class=' answer'><span>Use of IPv6 addressing instead of IPv4 addressing<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284929[]' id='answer-id-1120389' class='answer   answerof-284929 ' value='1120389'   \/><label for='answer-id-1120389' id='answer-label-1120389' class=' answer'><span>Lack of encryption<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284929[]' id='answer-id-1120390' class='answer   answerof-284929 ' value='1120390'   \/><label for='answer-id-1120390' id='answer-label-1120390' class=' answer'><span>Use of less common protocols such as SNAP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284929[]' id='answer-id-1120391' class='answer   answerof-284929 ' value='1120391'   \/><label for='answer-id-1120391' id='answer-label-1120391' class=' answer'><span>Periodic transmission of small, identically sized packets<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-12' style=';'><div id='questionWrap-12'  class='   watupro-question-id-284930'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>12. <\/span>Refer to the scenario. <br \/>\r<br>A hospital has an AOS10 architecture that is managed by Aruba Central. The customer has deployed a pair of Aruba 9000 Series gateways with Security licenses at each clinic. The gateways implement IDS\/IPS in IDS mode. <br \/>\r<br>The Security Dashboard shows these several recent events with the same signature, as shown below: <br \/>\r<br><br><img decoding=\"async\" width=649 height=359 id=\"\u56fe\u7247 42\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2023\/08\/image008-21.jpg\"><br><br \/>\r<br>Which step could give you valuable context about the incident?<\/div><input type='hidden' name='question_id[]' id='qID_12' value='284930' \/><input type='hidden' id='answerType284930' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284930[]' id='answer-id-1120392' class='answer   answerof-284930 ' value='1120392'   \/><label for='answer-id-1120392' id='answer-label-1120392' class=' answer'><span>View firewall sessions on the APs and record the threat sources\u2019 type and O<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284930[]' id='answer-id-1120393' class='answer   answerof-284930 ' value='1120393'   \/><label for='answer-id-1120393' id='answer-label-1120393' class=' answer'><span>View the user-table on APs and record the threat sources\u2019 802.11 settings.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284930[]' id='answer-id-1120394' class='answer   answerof-284930 ' value='1120394'   \/><label for='answer-id-1120394' id='answer-label-1120394' class=' answer'><span>View the RAPIDS Security Dashboard and see if the threat sources are listed as rogues.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284930[]' id='answer-id-1120395' class='answer   answerof-284930 ' value='1120395'   \/><label for='answer-id-1120395' id='answer-label-1120395' class=' answer'><span>Find the Central client profile for the threat sources and note their category and family.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-13' style=';'><div id='questionWrap-13'  class='   watupro-question-id-284931'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>13. <\/span>Refer to the scenario. <br \/>\r<br>A customer has an Aruba ClearPass cluster. The customer has AOS-CX switches that implement 802.1X authentication to ClearPass Policy Manager (CPPM). <br \/>\r<br>Switches are using local port-access policies. <br \/>\r<br>The customer wants to start tunneling wired clients that pass user authentication only to an Aruba gateway cluster. The gateway cluster should assign these clients to the \u201ceth-internet&quot; role. The gateway should also handle assigning clients to their VLAN, which is VLAN 20. <br \/>\r<br>The plan for the enforcement policy and profiles is shown below: <br \/>\r<br><br><img decoding=\"async\" width=649 height=885 id=\"\u56fe\u7247 41\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2023\/08\/image009-18.jpg\"><br><br \/>\r<br>The gateway cluster has two gateways with these IP addresses: <br \/>\r<br>&#8226; Gateway 1 <br \/>\r<br>o VLAN 4085 (system IP) = 10.20.4.21 <br \/>\r<br>o VLAN 20 (users) = 10.20.20.1 <br \/>\r<br>o VLAN 4094 (WAN) = 198.51.100.14 <br \/>\r<br>&#8226; Gateway 2 <br \/>\r<br>o VLAN 4085 (system IP) = 10.20.4.22 <br \/>\r<br>o VLAN 20 (users) = 10.20.20.2 <br \/>\r<br>o VLAN 4094 (WAN) = 198.51.100.12 <br \/>\r<br>&#8226; VRRP on VLAN 20 = 10.20.20.254 <br \/>\r<br>The customer requires high availability for the tunnels between the switches and the gateway cluster. If one gateway falls, the other gateway should take over its tunnels. Also, the switch should be able to discover the gateway cluster regardless of whether one of the gateways is in the cluster. <br \/>\r<br>What is one change that you should make to the solution?<\/div><input type='hidden' name='question_id[]' id='qID_13' value='284931' \/><input type='hidden' id='answerType284931' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284931[]' id='answer-id-1120396' class='answer   answerof-284931 ' value='1120396'   \/><label for='answer-id-1120396' id='answer-label-1120396' class=' answer'><span>Change the ubt-client-vlan to VLAN 13.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284931[]' id='answer-id-1120397' class='answer   answerof-284931 ' value='1120397'   \/><label for='answer-id-1120397' id='answer-label-1120397' class=' answer'><span>Configure edge ports in VLAN trunk mode.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284931[]' id='answer-id-1120398' class='answer   answerof-284931 ' value='1120398'   \/><label for='answer-id-1120398' id='answer-label-1120398' class=' answer'><span>Remove VLAN assignments from role configurations on the gateways.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284931[]' id='answer-id-1120399' class='answer   answerof-284931 ' value='1120399'   \/><label for='answer-id-1120399' id='answer-label-1120399' class=' answer'><span>Configure the UBT solution to use VLAN extend mode.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-14' style=';'><div id='questionWrap-14'  class='   watupro-question-id-284932'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>14. <\/span>Refer to the scenario. <br \/>\r<br>A customer has an Aruba ClearPass cluster. The customer has AOS-CX switches that implement 802.1X authentication to ClearPass Policy Manager (CPPM). <br \/>\r<br>Switches are using local port-access policies. <br \/>\r<br>The customer wants to start tunneling wired clients that pass user authentication only to an Aruba gateway cluster. The gateway cluster should assign these clients to the \u201ceth-internet&quot; role. The gateway should also handle assigning clients to their VLAN, which is VLAN 20. <br \/>\r<br>The plan for the enforcement policy and profiles is shown below: <br \/>\r<br><br><img decoding=\"async\" width=649 height=885 id=\"\u56fe\u7247 40\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2023\/08\/image009-19.jpg\"><br><br \/>\r<br>The gateway cluster has two gateways with these IP addresses: <br \/>\r<br>&#8226; Gateway 1 <br \/>\r<br>o VLAN 4085 (system IP) = 10.20.4.21 <br \/>\r<br>o VLAN 20 (users) = 10.20.20.1 <br \/>\r<br>o VLAN 4094 (WAN) = 198.51.100.14 <br \/>\r<br>&#8226; Gateway 2 <br \/>\r<br>o VLAN 4085 (system IP) = 10.20.4.22 <br \/>\r<br>o VLAN 20 (users) = 10.20.20.2 <br \/>\r<br>o VLAN 4094 (WAN) = 198.51.100.12 <br \/>\r<br>&#8226; VRRP on VLAN 20 = 10.20.20.254 <br \/>\r<br>The customer requires high availability for the tunnels between the switches and the gateway cluster. If one gateway falls, the other gateway should take over its tunnels. Also, the switch should be able to discover the gateway cluster regardless of whether one of the gateways is in the cluster. <br \/>\r<br>Assume that you are using the \u201cmyzone\u201d name for the UBT zone. <br \/>\r<br>Which is a valid minimal configuration for the AOS-CX port-access roles?<\/div><input type='hidden' name='question_id[]' id='qID_14' value='284932' \/><input type='hidden' id='answerType284932' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284932[]' id='answer-id-1120400' class='answer   answerof-284932 ' value='1120400'   \/><label for='answer-id-1120400' id='answer-label-1120400' class=' answer'><span>port-access role eth-internet gateway-zone zone myzone gateway-role eth-user<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284932[]' id='answer-id-1120401' class='answer   answerof-284932 ' value='1120401'   \/><label for='answer-id-1120401' id='answer-label-1120401' class=' answer'><span>port-access role internet-only gateway-zone zone myzone gateway-role eth-internet<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284932[]' id='answer-id-1120402' class='answer   answerof-284932 ' value='1120402'   \/><label for='answer-id-1120402' id='answer-label-1120402' class=' answer'><span>port-access role eth-internet gateway-zone zone myzone gateway-role eth-internet vlan access 20<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284932[]' id='answer-id-1120403' class='answer   answerof-284932 ' value='1120403'   \/><label for='answer-id-1120403' id='answer-label-1120403' class=' answer'><span>port-access role internet-only gateway-zone zone myzone gateway-role eth-internet vlan access 20<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-15' style=';'><div id='questionWrap-15'  class='   watupro-question-id-284933'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>15. <\/span>Refer to the scenario. <br \/>\r<br>A customer requires these rights for clients in the \u201cmedical-mobile\u201d AOS firewall role on Aruba Mobility Controllers (MCs): <br \/>\r<br>Permitted to receive IP addresses with DHCP <br \/>\r<br>Permitted access to DNS services from 10.8.9.7 and no other server <br \/>\r<br>Permitted access to all subnets in the 10.1.0.0\/16 range except denied access to 10.1.12.0\/22 <br \/>\r<br>Denied access to other 10.0.0.0\/8 subnets <br \/>\r<br>Permitted access to the Internet <br \/>\r<br>Denied access to the WLAN for a period of time if they send any SSH traffic <br \/>\r<br>Denied access to the WLAN for a period of time if they send any Telnet traffic <br \/>\r<br>Denied access to all high-risk websites <br \/>\r<br>External devices should not be permitted to initiate sessions with \u201cmedical-mobile\u201d clients, only send return traffic. <br \/>\r<br>The line below shows the effective configuration for the role. <br \/>\r<br><br><img decoding=\"async\" width=649 height=594 id=\"\u56fe\u7247 39\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2023\/08\/image010-17.jpg\"><br><br \/>\r<br>There are multiple issues with this configuration. <br \/>\r<br>What is one change you must make to meet the scenario requirements? (In the options, rules in a policy are referenced from top to bottom. For example, \u201cmedical-mobile\u201d rule 1 is \u201cipv4 any any svc-dhcp permit,\u201d and rule 6 is \u201cipv4 any any any permit\u2019.)<\/div><input type='hidden' name='question_id[]' id='qID_15' value='284933' \/><input type='hidden' id='answerType284933' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284933[]' id='answer-id-1120404' class='answer   answerof-284933 ' value='1120404'   \/><label for='answer-id-1120404' id='answer-label-1120404' class=' answer'><span>Apply the \u201capprf-medical-mobile-sacl&quot; policy explicitly to the \u201cmedical-mobile\u201d user-role under the \u201cmedical-mobile\u201d policy.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284933[]' id='answer-id-1120405' class='answer   answerof-284933 ' value='1120405'   \/><label for='answer-id-1120405' id='answer-label-1120405' class=' answer'><span>In the \u201cmedical-mobile\u201d policy, change the action for rules 2 and 3 to reject.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284933[]' id='answer-id-1120406' class='answer   answerof-284933 ' value='1120406'   \/><label for='answer-id-1120406' id='answer-label-1120406' class=' answer'><span>In the \u201cmedical-mobile\u201d policy, move rule 5 under rule 6.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284933[]' id='answer-id-1120407' class='answer   answerof-284933 ' value='1120407'   \/><label for='answer-id-1120407' id='answer-label-1120407' class=' answer'><span>In the \u201cmedical-mobile\u201d policy, change the subnet mask in rule 5 to 255.255.252.0.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-16' style=';'><div id='questionWrap-16'  class='   watupro-question-id-284934'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>16. <\/span>A customer requires a secure solution for connecting remote users to the corporate main site. You are designing a client-to-site virtual private network (VPN) based on Aruba VIA and Aruba Mobility Controllers acting as VPN Concentrators (VPNCs). Remote users will first use the VIA client to contact the VPNCs and obtain connection settings. <br \/>\r<br>The users should only be allowed to receive the settings if they are the customer's \u201cRemote Employees\u201d AD group. After receiving the settings, the VIA clients will automatically establish VPN connections, authenticating to CPPM with certificates. <br \/>\r<br>What should you do to help ensure that only authorized users obtain VIA connection settings?<\/div><input type='hidden' name='question_id[]' id='qID_16' value='284934' \/><input type='hidden' id='answerType284934' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284934[]' id='answer-id-1120408' class='answer   answerof-284934 ' value='1120408'   \/><label for='answer-id-1120408' id='answer-label-1120408' class=' answer'><span>Set up the VPNCs' VIA web authentication profile to use CPPM as the authentication server; set up a service on CPPM that uses AD as the authentication source.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284934[]' id='answer-id-1120409' class='answer   answerof-284934 ' value='1120409'   \/><label for='answer-id-1120409' id='answer-label-1120409' class=' answer'><span>Set up the VPNCs' VIA web authentication profile to use an AD domain controller as the LDAP server.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284934[]' id='answer-id-1120410' class='answer   answerof-284934 ' value='1120410'   \/><label for='answer-id-1120410' id='answer-label-1120410' class=' answer'><span>Set up the VPNCs' VIA connection profile to use two authentication profiles, one RADIUS profile to CPPM and one LDAP profile to A<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284934[]' id='answer-id-1120411' class='answer   answerof-284934 ' value='1120411'   \/><label for='answer-id-1120411' id='answer-label-1120411' class=' answer'><span>Set up the VPNCs' VIA connection profile to use one authentication profile, which is set to the AD domain controller's hostname.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-17' style=';'><div id='questionWrap-17'  class='   watupro-question-id-284935'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>17. <\/span>Refer to the scenario. <br \/>\r<br>A customer is migrating from on-prem AD to Azure AD as its sole domain solution. The customer also manages both wired and wireless devices with Microsoft Endpoint Manager (Intune). <br \/>\r<br>The customer wants to improve security for the network edge. You are helping the customer design a ClearPass deployment for this purpose. Aruba network devices will authenticate wireless and wired clients to an Aruba ClearPass Policy Manager (CPPM) cluster (which uses version 6.10). <br \/>\r<br>The customer has several requirements for authentication. The clients should only pass EAP-TLS authentication if a query to Azure AD shows that they have accounts in Azure AD. To further refine the clients\u2019 privileges, ClearPass also should use information collected by Intune to make access control decisions. <br \/>\r<br>The customer wants you to configure CPPM to collect information from Intune on demand during the authentication process. <br \/>\r<br>What should you tell the Intune admins about the certificates issued to clients?<\/div><input type='hidden' name='question_id[]' id='qID_17' value='284935' \/><input type='hidden' id='answerType284935' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284935[]' id='answer-id-1120412' class='answer   answerof-284935 ' value='1120412'   \/><label for='answer-id-1120412' id='answer-label-1120412' class=' answer'><span>They must be issued by a well-known, trusted C<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284935[]' id='answer-id-1120413' class='answer   answerof-284935 ' value='1120413'   \/><label for='answer-id-1120413' id='answer-label-1120413' class=' answer'><span>They must include the Intune ID in the subject name.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284935[]' id='answer-id-1120414' class='answer   answerof-284935 ' value='1120414'   \/><label for='answer-id-1120414' id='answer-label-1120414' class=' answer'><span>They must include the client MAC address in the subject name.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284935[]' id='answer-id-1120415' class='answer   answerof-284935 ' value='1120415'   \/><label for='answer-id-1120415' id='answer-label-1120415' class=' answer'><span>They must be issued by a ClearPass Onboard C<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-18' style=';'><div id='questionWrap-18'  class='   watupro-question-id-284936'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>18. <\/span>Refer to the scenario. <br \/>\r<br>A customer is migrating from on-prem AD to Azure AD as its sole domain solution. The customer also manages both wired and wireless devices with Microsoft Endpoint Manager (Intune). <br \/>\r<br>The customer wants to improve security for the network edge. You are helping the customer design a ClearPass deployment for this purpose. Aruba network devices will authenticate wireless and wired clients to an Aruba ClearPass Policy Manager (CPPM) cluster (which uses version 6.10). <br \/>\r<br>The customer has several requirements for authentication. The clients should only pass EAP-TLS authentication if a query to Azure AD shows that they have accounts in Azure AD. To further refine the clients\u2019 privileges, ClearPass also should use information collected by Intune to make access control decisions. <br \/>\r<br>You are planning to use Azure AD as the authentication source in 802.1X services. <br \/>\r<br>What should you make sure that the customer understands is required?<\/div><input type='hidden' name='question_id[]' id='qID_18' value='284936' \/><input type='hidden' id='answerType284936' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284936[]' id='answer-id-1120416' class='answer   answerof-284936 ' value='1120416'   \/><label for='answer-id-1120416' id='answer-label-1120416' class=' answer'><span>An app registration on Azure AD that references the CPPM's FQDN<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284936[]' id='answer-id-1120417' class='answer   answerof-284936 ' value='1120417'   \/><label for='answer-id-1120417' id='answer-label-1120417' class=' answer'><span>Windows 365 subscriptions<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284936[]' id='answer-id-1120418' class='answer   answerof-284936 ' value='1120418'   \/><label for='answer-id-1120418' id='answer-label-1120418' class=' answer'><span>CPPM's RADIUS certificate was imported as trusted in the Azure AD directory<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284936[]' id='answer-id-1120419' class='answer   answerof-284936 ' value='1120419'   \/><label for='answer-id-1120419' id='answer-label-1120419' class=' answer'><span>Azure AD Domain Services<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-19' style=';'><div id='questionWrap-19'  class='   watupro-question-id-284937'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>19. <\/span>You are configuring gateway IDS\/IPS settings in Aruba Central. <br \/>\r<br>For which reason would you set the Fail Strategy to Bypass?<\/div><input type='hidden' name='question_id[]' id='qID_19' value='284937' \/><input type='hidden' id='answerType284937' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284937[]' id='answer-id-1120420' class='answer   answerof-284937 ' value='1120420'   \/><label for='answer-id-1120420' id='answer-label-1120420' class=' answer'><span>To permit traffic if the IPS engine falls to inspect It<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284937[]' id='answer-id-1120421' class='answer   answerof-284937 ' value='1120421'   \/><label for='answer-id-1120421' id='answer-label-1120421' class=' answer'><span>To enable the gateway to honor the allowlist settings configured in IDS\/IPS policies<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284937[]' id='answer-id-1120422' class='answer   answerof-284937 ' value='1120422'   \/><label for='answer-id-1120422' id='answer-label-1120422' class=' answer'><span>To tell gateways to stop enforcing IDS\/IPS policies if they lose connectivity to the Internet<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284937[]' id='answer-id-1120423' class='answer   answerof-284937 ' value='1120423'   \/><label for='answer-id-1120423' id='answer-label-1120423' class=' answer'><span>To avoid wasting IPS engine resources on filtering traffic for unauthenticated clients<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-20' style=';'><div id='questionWrap-20'  class='   watupro-question-id-284938'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>20. <\/span>How does Aruba Central handle security for site-to-site connections between AOS 10 gateways?<\/div><input type='hidden' name='question_id[]' id='qID_20' value='284938' \/><input type='hidden' id='answerType284938' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284938[]' id='answer-id-1120424' class='answer   answerof-284938 ' value='1120424'   \/><label for='answer-id-1120424' id='answer-label-1120424' class=' answer'><span>It uses an Aruba proprietary integrity and encryption technologies to secure site-to-site connections, making them resistant to zero day attacks.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284938[]' id='answer-id-1120425' class='answer   answerof-284938 ' value='1120425'   \/><label for='answer-id-1120425' id='answer-label-1120425' class=' answer'><span>It automatically establishes IPsec tunnels for all site-to-site (all HUBs and Branches) connections using keys securely distributed by Central.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284938[]' id='answer-id-1120426' class='answer   answerof-284938 ' value='1120426'   \/><label for='answer-id-1120426' id='answer-label-1120426' class=' answer'><span>It automatically steers traffic away from Internet-based connections to more secure MPLS connections to reduce encryption overhead.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-284938[]' id='answer-id-1120427' class='answer   answerof-284938 ' value='1120427'   \/><label for='answer-id-1120427' id='answer-label-1120427' class=' answer'><span>It automatically establishes simple-to-manage and highly secure TLSv1.3 tunnels between gateways.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div style='display:none' id='question-21'>\n\t<div class='question-content'>\n\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/img\/loading.gif\" width=\"16\" height=\"16\" alt=\"Loading...\" title=\"Loading...\" \/>&nbsp;Loading...\t<\/div>\n<\/div>\n\n<br \/>\n\t\n\t\t\t<div class=\"watupro_buttons flex \" id=\"watuPROButtons7699\" >\n\t\t  <div id=\"prev-question\" style=\"display:none;\"><input type=\"button\" value=\"&lt; Previous\" onclick=\"WatuPRO.nextQuestion(event, 'previous');\"\/><\/div>\t\t  \t\t  \t\t   \n\t\t   \t  \t\t<div><input type=\"button\" name=\"action\" class=\"watupro-submit-button\" onclick=\"WatuPRO.submitResult(event)\" id=\"action-button\" value=\"View Results\"  \/>\n\t\t<\/div>\n\t\t<\/div>\n\t\t\n\t<input type=\"hidden\" name=\"quiz_id\" value=\"7699\" id=\"watuPROExamID\"\/>\n\t<input type=\"hidden\" name=\"start_time\" id=\"startTime\" value=\"2026-05-01 16:21:36\" \/>\n\t<input type=\"hidden\" name=\"start_timestamp\" id=\"startTimeStamp\" value=\"1777652496\" \/>\n\t<input type=\"hidden\" name=\"question_ids\" value=\"\" \/>\n\t<input type=\"hidden\" name=\"watupro_questions\" value=\"284919:1120348,1120349,1120350,1120351 | 284920:1120352,1120353,1120354,1120355 | 284921:1120356,1120357,1120358,1120359 | 284922:1120360,1120361,1120362,1120363 | 284923:1120364,1120365,1120366,1120367 | 284924:1120368,1120369,1120370,1120371 | 284925:1120372,1120373,1120374,1120375 | 284926:1120376,1120377,1120378,1120379 | 284927:1120380,1120381,1120382,1120383 | 284928:1120384,1120385,1120386,1120387 | 284929:1120388,1120389,1120390,1120391 | 284930:1120392,1120393,1120394,1120395 | 284931:1120396,1120397,1120398,1120399 | 284932:1120400,1120401,1120402,1120403 | 284933:1120404,1120405,1120406,1120407 | 284934:1120408,1120409,1120410,1120411 | 284935:1120412,1120413,1120414,1120415 | 284936:1120416,1120417,1120418,1120419 | 284937:1120420,1120421,1120422,1120423 | 284938:1120424,1120425,1120426,1120427\" \/>\n\t<input type=\"hidden\" name=\"no_ajax\" value=\"0\">\t\t\t<\/form>\n\t<p>&nbsp;<\/p>\n<\/div>\n\n<script type=\"text\/javascript\">\n\/\/jQuery(document).ready(function(){\ndocument.addEventListener(\"DOMContentLoaded\", function(event) { \t\nvar question_ids = \"284919,284920,284921,284922,284923,284924,284925,284926,284927,284928,284929,284930,284931,284932,284933,284934,284935,284936,284937,284938\";\nWatuPROSettings[7699] = {};\nWatuPRO.qArr = question_ids.split(',');\nWatuPRO.exam_id = 7699;\t    \nWatuPRO.post_id = 63490;\nWatuPRO.store_progress = 0;\nWatuPRO.curCatPage = 1;\nWatuPRO.requiredIDs=\"0\".split(\",\");\nWatuPRO.hAppID = \"0.50985700 1777652496\";\nvar url = \"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/show_exam.php\";\nWatuPRO.examMode = 1;\nWatuPRO.siteURL=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-admin\/admin-ajax.php\";\nWatuPRO.emailIsNotRequired = 0;\nWatuPROIntel.init(7699);\nWatuPRO.inCategoryPages=1;});    \t \n<\/script>\n<p>\u00a0<\/p>\n\n\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7161,181],"tags":[16188,16189],"class_list":["post-63490","post","type-post","status-publish","format-standard","hentry","category-aruba-certified-design-expert-acdx-v8","category-hp","tag-hpe6-a84","tag-hpe6-a84-dumps"],"_links":{"self":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/63490","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/comments?post=63490"}],"version-history":[{"count":1,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/63490\/revisions"}],"predecessor-version":[{"id":63495,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/63490\/revisions\/63495"}],"wp:attachment":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/media?parent=63490"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/categories?post=63490"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/tags?post=63490"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}