HPE Network Security Associate v1.0

Page:    1 / 4   
Exam contains 60 questions
Expand All

What is one way that HPE Aruba Networking ClearPass Policy Manager (CPPM) combines multiple classification methods to profile endpoints?

  • A. Because DHCP fingerprints can be easily spoofed, CPPM examines MAC OUIs, which have a higher reliability, to verify that the DHCP fingerprint is valid.
  • B. Because analyzing DHCP fingerprints can be resource intensive, CPPM can also use Windows DHCP to analyze DHCP fingerprints.
  • C. Because different types of devices with similar OS might have the same DHCP fingerprint, CPPM can examine HTTP User-Agent strings to find the precise device type.
  • D. Because implementing DHCP fingerprinting requires the company to remove its current DHCP servers, CPPM can collect device traffic on a Span port as a less-intrusive option.


Answer : C

Refer to the exhibit.

You are deploying a new HPE Aruba Networking Mobility Controller (MC), which is enforcing authentication to HPE Aruba Networking ClearPass Policy Manager (CPPM). The authentication is not working correctly, and you find the error shown in the exhibit in the CPPM Event Viewer.
What should you check?

  • A. that the MC has been added as a domain machine on the Active Directory domain with which CPPM is synchronized
  • B. that the MC has valid admin credentials configured on it for logging into the CPPM
  • C. that the IP address that the MC is using to reach CPPM matches the one defined for the device on CPPM
  • D. that the shared secret configured for the CPPM authentication server matches the one defined for the device on CPPM


Answer : C

You are setting up an HPE Aruba Networking mobility solution which includes a Mobility Master (MM), Mobility Controllers (MCs), and campus APs (CAPs) for a university. The university plans to enforce WPA2-Enterprise for all users’ connections. The university wants to apply one set of access control rules to faculty users’ traffic and a different set of rules to students’ traffic.
What is the best approach for applying the correct rules to each group?

  • A. Create two roles, a "faculty" role and a "student" role. Apply firewall policies with the correct rules for each group to each role.
  • B. Create two VLANs, one for faculty and one for students. Create one set of firewall access control rules that specify faculty IP addresses for the source and a second set of rules that specify the student IP addresses for the source. Apply the rules to the WLAN.
  • C. Create two VLANs, one for faculty and one for students. Apply firewall policies with the correct rules for each group to each VLAN.
  • D. Create two WLANs, one for faculty and one for students. Apply firewall policies with the correct rules for each group to each WLAN.


Answer : A

You need to implement a WPA3-Enterprise network that can also support WPA2-Enterprise clients.
What is a valid configuration for the WPA3-Enterprise WLAN?

  • A. CNSA mode enabled with 128-bit keys
  • B. CNSA mode disabled with 128-bit keys
  • C. CNSA mode enabled with 256-bit keys
  • D. CNSA mode disabled with 256-bit keys


Answer : B

Refer to the exhibits.

An admin has created a WLAN that uses the settings shown in the exhibits (and has not otherwise adjusted the settings in the AAA profile). A client connects to the WLAN.
Under which circumstances will a client receive the default role assignment?

  • A. The client has passed 802.1 X authentication, and the authentication server did not send an Aruba-User-Role VSA.
  • B. The client has passed 802.1X authentication, and the value in the Aruba-User-Role VSA matches a role on the MC.
  • C. The client has attempted 802.1 X authentication, but the MC could not contact the authentication server.
  • D. The client has attempted 802.1 X authentication, but failed to maintain a reliable connection, leading to a timeout error.


Answer : A

You are deploying a new wireless solution with an HPE Aruba Networking Mobility Master (MM), Mobility Controllers (MCs), and campus APs (CAPs). The solution will include a WLAN that uses Tunnel for the forwarding mode and WPA3-Enterprise for the security option.
You have decided to assign the WLAN to VLAN 301, a new VLAN. A pair of core routing switches will act as the default router for wireless user traffic.
Which links need to carry VLAN 301?

  • A. only links on the path between APs and the core routing switches
  • B. only links between MC ports and the core routing switches
  • C. all links in the campus LAN to ensure seamless roaming
  • D. only links on the path between APs and the MC


Answer : C

What is one method for HPE Aruba Networking ClearPass Policy (CPPM) to use DHCP to classify an endpoint?

  • A. It can alter the DHCP Offer to insert itself as a proxy gateway. It will then be inline in the traffic flow and can apply traffic analytics to classify clients.
  • B. It can snoop DHCP traffic to register the clients’ IP addresses. It then knows where to direct its HTTP requests to actively probe for information about the client.
  • C. It can respond to a client’s DHCP Discover with different DHCP Offers and then analyze the responses to identify the client OS.
  • D. It can determine information such as the endpoint OS from the order of options listed in Option 55 of a DHCP Discover packet.


Answer : D

A company has an A\OS controller-based solution with a WPA3-Enterprise WLAN, which authenticates wireless clients to HPE Aruba Networking ClearPass Policy Manager (CPPM). The company has decided to use digital certificates for authentication. A user’s Windows domain computer has had certificates installed on it. However, the Networks and Connections window shows that authentication has failed for the user. The Mobility Controller’s (MC’s) RADIUS events show that it is receiving Access-Rejects for the authentication attempt.
What is one place that you can you look for deeper insight into why this authentication attempt is failing?

  • A. the reports generated by HPE Aruba Networking ClearPass Insight
  • B. the RADIUS events within the CPPM Event Viewer
  • C. the Alerts tab in the authentication record in CPPM Access Tracker
  • D. the packets captured on the MC controlplane destined to UDP 1812


Answer : C

A customer has an HPE Aruba Networking network infrastructure. The customer is looking for a solution that can classify many different types of devices, including IoT devices.
What can you offer?

  • A. HPE Aruba Networking ClearPass OnGuard
  • B. HPE Aruba Networking ClearPass Device Insight
  • C. HPE Aruba Networking Mobility Conductor
  • D. HPE Aruba Networking ClearPass Onboard


Answer : B

An AOS-CX switch enforces 802.1X on a port. No fail-through options or port-access roles are configured on the port. The 802.1X supplicant on a connected client has not yet completed authentication.
Which type of traffic does the authenticator accept from the client?

  • A. EAP only
  • B. DHCP, DNS, and RADIUS only
  • C. RADIUS only
  • D. DHCP, DNS, and EAP only


Answer : A

A company has HPE Aruba Networking Mobility Controllers (MCs), campus APs, and AOS-CX switches. The company plans to use HPE Aruba Networking ClearPass Policy Manager (CPPM) to classify endpoints by type. The HPE Aruba Networking ClearPass admins tell you that they want to run Network scans as part of the solution.
What should you do to configure the infrastructure to support the scans?

  • A. Create remote mirrors on the AOS-CX switches that collect traffic on edge ports, and mirror it to CPPM’s IP address.
  • B. Create device fingerprinting profiles on the AOS-CX switches that include SNMP, and apply the profiles to edge ports.
  • C. Create SNMPv3 users on the AOS-CX switches, and make sure that the credentials match those configured on CPPM.
  • D. Create a TA profile on the AOS-CX switches with the root CA certificate for HPE Aruba Networking ClearPass’s HTTPS certificate.


Answer : A

You are troubleshooting an authentication issue for HPE Aruba Networking switches that enforce 802.1 X to a cluster of HPE Aruba Networking ClearPass Policy Manager (CPPMs). You know that CPPM is receiving and processing the authentication requests because the Aruba switches are showing Access-Rejects in their statistics. However, you cannot find the record for the Access-Rejects in CPPM Access Tracker.
What is something you can do to look for the records?

  • A. Verify that you are logged in to the CPPM UI with read-write, not read-only, access.
  • B. Click Edit in Access Viewer and make sure that the correct servers are selected.
  • C. Go to the CPPM Event Viewer, because this is where RADIUS Access Rejects are stored.
  • D. Make sure that CPPM cluster settings are configured to show Access-Rejects.


Answer : B

Refer to the exhibit.

A company has an HPE Aruba Networking Instant AP cluster. A Windows 10 client is attempting to connect a WLAN that enforces WPA3-Enterprise with authentication to HPE Aruba Networking ClearPass Policy Manager (CPPM). CPPM is configured to require EAP-TLS. The client authentication fails. In the record for this client's authentication attempt on CPPM, you see this alert.
What is one thing that you check to resolve this issue?

  • A. whether EAP-TLS is enabled in the SSID Profile settings for the WLAN on the IAP cluster
  • B. whether EAP-TLS is enabled in the AAA Profile settings for the WLAN on the IAP cluster
  • C. whether the client has a valid certificate installed on it to let it support EAP-TLS


Answer : C

What is social engineering?

  • A. Hackers use employees to circumvent network security and gather the information they need to launch an attack.
  • B. Hackers use Artificial Intelligence (AI) to mimic a user's online behavior so they can infiltrate a network and launch an attack.
  • C. Hackers spoof the source IP address in their communications so they appear to be a legitimate user.
  • D. Hackers intercept traffic between two users, eavesdrop on their messages, and pretend to be one or both users.


Answer : A

A company has HPE Aruba Networking Mobility Controllers (MCs), HPE Aruba Networking campus APs, and AOS-CX switches. The company plans to use HPE Aruba Networking ClearPass Policy Manager (CPPM) to classify endpoints by type. The company is contemplating the use of ClearPass’s TCP fingerprinting capabilities.
What is a consideration for using those capabilities?

  • A. TCP fingerprinting of wireless endpoints requires a third-party Mobility Device Management (MDM) solution.
  • B. AOS-CX switches do not offer the support necessary for CPPM to use TCP fingerprinting on wired endpoints.
  • C. You will need to mirror traffic to one of CPPM’s span ports from a device such as a core routing switch.
  • D. ClearPass admins will need to provide the credentials of an API admin account to configure on HPE Aruba Networking devices.


Answer : C

Page:    1 / 4   
Exam contains 60 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy | Amazon Exams | Cisco Exams | CompTIA Exams | Databricks Exams | Fortinet Exams | Google Exams | Microsoft Exams | VMware Exams