HP HPE7-A02 - Aruba Certified Network Security Professional Exam
Page: 1 / 24
Total 118 questions
Question #1 (Topic: Exam A)
A company uses HPE Networking ClearPass Policy Manager (CPPM) as a TACACS+ server to authenticate managers on its AOS-CX switches. The company wants CPPM to control commands managers are allowed to enter.
Which service must you add to the managers’ TACACS+ enforcement profile?
Which service must you add to the managers’ TACACS+ enforcement profile?
A. Cpass: HTTP
B. Shell
C. ARAP
D. Aruba:Common
Answer: B
Question #2 (Topic: Exam A)
An AOS-CX switch has this admin user account configured on it:
netadmin in the operators group
You have configured these commands on an AOS-CX switch:
tacacs-server host cp.example.com key plaintext &12xl.powmay7855
aaa authentication login ssh group tacacs local
aaa authentication allow-fail-through
A user accesses the switch with SSH and logs in as netadmin with the correct password. When switch sends a TACACS+ request to the ClearPass server at cp.example.com, the server does not send a response. Authentication times out.
What happens?
netadmin in the operators group
You have configured these commands on an AOS-CX switch:
tacacs-server host cp.example.com key plaintext &12xl.powmay7855
aaa authentication login ssh group tacacs local
aaa authentication allow-fail-through
A user accesses the switch with SSH and logs in as netadmin with the correct password. When switch sends a TACACS+ request to the ClearPass server at cp.example.com, the server does not send a response. Authentication times out.
What happens?
A. The user is logged in and granted operator access.
B. The user is logged in and allowed to enter auditor commands only.
C. The user is logged in and granted administrators access.
D. The user is not allowed to log in.
Answer: A
Question #3 (Topic: Exam A)
You have created this rule in an HPE Aruba Networking ClearPass Policy Manager (CPPM) service’s enforcement policy. IF Authorization [Endpoints Repository] Conflict EQUALS true THEN apply “quarantine_profile”
What information can help you determine whether you need to configure cluster-wide profiler parameters to ignore some conflicts?
What information can help you determine whether you need to configure cluster-wide profiler parameters to ignore some conflicts?
A. Whether the company has devices that use PXE boot
B. Whether some devices are incapable of captive portal or 802.1X authentication
C. Whether the company has rare Internet of Things (IoT) devices
D. Whether some devices are running legacy operating systems
Answer: A
Question #4 (Topic: Exam A)
A port-access role for AOS-CX switches has this policy applied to it:
The company wants to permit clients in this role to access 10.2.12.0/24 with HTTPS.
What should you do?
The company wants to permit clients in this role to access 10.2.12.0/24 with HTTPS.
What should you do?
A. Add this rule to zoneC: 5 match any 10.2.12.0/24 eq https
B. Add this rule to zone A: 5 ignore tcp any 10.2.12.0/24 eq https
C. Add this rule to zone B: 5 match tcp any 10.2.12.0/24 eq https
D. Add this rule to zoneC: 5 ignore tcp any 10.2.12.0/24 eq https
Answer: D
Question #5 (Topic: Exam A)
You are setting up HPE Aruba Networking SSE to prohibit users from uploading and downloading files from Dropbox. What is part of the process?
A. adding a web category that includes Dropbox
B. installing the HPE Aruba Networking SSE root certificate on clients
C. deploying a connector that can reach the remote users
D. deploying a connector that can reach Dropbox
Answer: B
