Aruba Certified Network Security Professional v1.0

Page:    1 / 8   
Exam contains 118 questions
Expand All

You are proposing HPE Aruba Networking ZTNA to an organization, which is currently using a third-party, IPsec-based client-to-site VPN. What is one advantage of ZTNA that you should emphasize?

  • A. ZTNA improves security for SaaS applications, which now makes up the majority of remote user traffic.
  • B. ZTNA shrinks the attack surface, eliminating publicly exposed ports and reducing the extent of the private network exposed to remote users.
  • C. ZTNA is specifically designed to enhance security for Internet of Things (IoT) devices, which are proliferating rapidly and which traditional client-to-site VPNs cannot address.
  • D. ZTNA offers no greater security than the current solution, but it makes it much easier for admins to create and maintain consistent policies.


Answer : B

A company wants HPE Aruba Networking ClearPass Policy Manager (CPPM) to periodically poll Microsoft Endpoint Manager (formerly Intune) for attributes about its managed clients.
What should you do on ClearPass to permit this integration?

  • A. Install the Intune extension from ClearPass Guest.
  • B. Configure Endpoint Manager (Intune) as an event source on CPPM.
  • C. Import the Intune dictionary to the ClearPass dictionaries.
  • D. Create an Intune authentication source on CPPM.


Answer : D

What is one use case that companies can fulfill using HPE Aruba Networking ClearPass Policy Manager’s (CPPM’s) Device Profiler?

  • A. Authenticating clients to Active Directory computer accounts
  • B. Identifying OS, browser, and application vulnerabilities by CVE ID
  • C. Applying the correct enforcement profiles to specialized clients as security cameras
  • D. Quarantining and remediating devices that have disabled firewalls


Answer : C

A company has HPE Aruba Networking Central-managed APs. The company wants to block all clients connected through the APs from using YouTube.
Which steps should you take?

  • A. Enable WebCC on all client firewall roles. Then, create WebCC category rules that deny suspicious URLs.
  • B. Enable DPI. Then, create application rules to deny YouTube on the firewall roles.
  • C. Enable Client IPS at the “custom” level, and then specify the check for YouTube.
  • D. Deploy gateways and have the APIs tunnel traffic to the gateways. Then, enable the gateway IDS/IPS engine.


Answer : B

A company wants to use the HPE Aruba Networking ClearPass OnGuard agent to assign posture to clients.
How do you define the conditions by which a client receives a particular posture?

  • A. Create rules directly in a service’s Posture tab.
  • B. Create rules within a WebAuth enforcement policy.
  • C. Create the rules directly in a service’s Enforcement tab.
  • D. Create rules within a posture policy.


Answer : D

The following firewall role is configured on HPE Aruba Networking Central-managed APs:

A client has authenticated and been assigned to the “employees” role. The client has IP address 10.2.2.2.
Which correctly describes behavior in this policy?

  • A. HTTPS traffic from 10.2.2.2 to 10.5.5.5 is denied.
  • B. HTTPS traffic from 10.2.2.2 to 203.0.113.12 is denied.
  • C. Traffic from 10.5.3.3 in an active HTTPS session between 10.2.2.2 and 10.5.3.3 is permitted.
  • D. Traffic from 198.51.100.12 in an active HTTP session between 10.2.2.2 and 198.51.100.12 is denied.


Answer : A

You need to set up HPE Aruba Networking ClearPass Policy Manager (CPPM) to provide certificate-based authentication of 802.1X supplicants.
How should you upload the root CA certificate for the supplicants’ certificates?

  • A. As a ClearPass Server certificate with the RADIUS/EAP usage
  • B. As a ClearPass Server certificate with the Database usage
  • C. As a Trusted CA with the AD/LDAP usage
  • D. As a Trusted CA with the EAP usage


Answer : D

You are setting up policy rules in HPE Aruba Networking SSE. You want to create a single rule that permits users in a particular user group to access multiple applications. What is an easy way to meet this need?

  • A. Associate the applications directly with the IdP used to authenticate the users; chose any for the destination in the policy rule
  • B. Apply the same tag to the applications; select the tag as a destination in the policy rule
  • C. Place all the applications in the same connector zone; select that zone as a destination in the policy rule
  • D. Select the applications within a non-default web profile, select that profile in the policy rule


Answer : B

A company has a variety of HPE Aruba Networking solutions, including an HPE Aruba Networking infrastructure and HPE Aruba Networking ClearPass Policy Manager (CPPM). The company passes traffic from the corporate LAN destined to the data center through a third-party SRX firewall. The company would like to further protect itself from internal threats.
What is one solution that you can recommend?

  • A. Have the third-party firewall send Syslogs to CPPM, which can work with network devices to lock internal attackers out of the network.
  • B. Add ClearPass Device Insight (CPDI) to the solution, integrate it with the third-party firewall to develop more complete device profiles.
  • C. Configure CPPM to poll the third-party firewall for a broad array of information about internal clients, such as profile and posture.
  • D. Use tunnel mode SSIDs and user-based tunneling (UBT) on AOS-CX switches to pass all internal traffic directly through the third-party firewall.


Answer : A

Refer to the exhibit.

The exhibit shows a saved packet capture, which you have opened in Wireshark. You want to focus on the complete conversation between 10.1.70.90 and 10.1.79.11 that uses source port 5448.
What is a simple way to do this in Wireshark?

  • A. Apply a capture filter that selects for both the 10.1.70.90 and 10.1.79.11 IP addresses.
  • B. Click the Source column and then the Destination column to sort the packets into the desired order.
  • C. Apply a capture filter that selects for TCP port 5448.
  • D. Right-click one of the packets between those addresses and choose to follow the stream.


Answer : D

Refer to the exhibit.

These packets have been captured from VLAN 10, which supports clients that receive their IP addresses with DHCP.
What can you interpret from the packets that you see here?

  • A. Someone is possibly implementing a MAC spoofing attack to again unauthorized access.
  • B. The mirroring session that captured the packets was likely misconfigured and captured duplicate traffic.
  • C. An admin has likely misconfigured two clients to use the same DHCP settings.
  • D. Someone is possibly implementing an ARP poisoning and MITM attack.


Answer : A

A company is using HPE Aruba Networking Central SD-WAN Orchestrator to establish a hub-spoke VPN between branch gateways (BGWs) at 1164 site and VPNCs at multiple data centers.
What is part of the configuration that admins need to complete?

  • A. In VPNCs’ groups, establish VPN pools to control which branches connect to which VPNCs.
  • B. In BGWs’ and VPNCs’ groups, create default IKE policies for the SD-WAN Orchestrator to use.
  • C. In BGWs’ groups, select the VPNCs to which to connect in a DC preference list.
  • D. At the global level, create default IPsec policies for the SD-WAN Orchestrator to use.


Answer : C

A company has HPE Aruba Networking APs running AOS-10 that connect to AOS-CX switches. The APs will:
-Authenticate as 802.1X supplicants to HPE Aruba Networking ClearPass Policy Manager (CPPM)
-Be assigned to the “APs” role on the switches
-Have their traffic forwarded locally
What information do you need to help you determine the VLAN settings for the “APs” role?

  • A. Whether the switches are using local user-roles (LURs) or downloadable user-roles (DURs)
  • B. Whether the APs bridge or tunnel traffic on their SSIDs
  • C. Whether the switches have established tunnels with an HPE Aruba Networking gateway
  • D. Whether the APs have static or DHCP-assigned IP addresses


Answer : B

A company has AOS-CX switches, which authenticate clients to HPE Aruba Networking ClearPass Policy Manager (CPPM). CPPM is set up to receive a variety of information about clients’ profile and posture. New information can mean that CPPM should change a client’s reinforcement profile.
What should you set up on the switches to help the solution function correctly?

  • A. Enable RADIUS accounting to CPPM, including interim RADIUS accounting.
  • B. Configure a RADIUS track that references CPPM’s FQDN or IP address.
  • C. Enable dynamic authorization, and specify CPPM as a dynamic authorization client.
  • D. Re-configure the authentication sever on the switch, specifying CPPM as a TACACS server.


Answer : C

A company already uses HPE Aruba Networking ClearPass Policy Manager (CPPM) as the RADIUS server for authenticating wireless clients with 802.1X. Now you are setting up 802.1X on AOS-CX switches to authenticate many of those same clients on wired connections. You decide to copy CPPM’s wireless 802.1X service and then edit it with a new name and enforcement policy.
What else must you change for authentication to work properly?

  • A. Role mapping policy
  • B. Authentication methods
  • C. Authentication source
  • D. Service rules


Answer : D

Page:    1 / 8   
Exam contains 118 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy | Amazon Exams | Cisco Exams | CompTIA Exams | Databricks Exams | Fortinet Exams | Google Exams | Microsoft Exams | VMware Exams