HP HPE7-A02 - Aruba Certified Network Security Professional Exam
Page: 2 / 24
Total 118 questions
Question #6 (Topic: Exam A)
You are setting up user based tunneling (UBT) between access layer AOS-CX switches and AOS-10 gateways. You have selected reserved (local) VLAN mode.
Tunneled devices include IoT devices, which should be assigned to:
*Roles: iot on the switches and iot-wired on the gateways
*VLAN: 64, for which the gateways route traffic
IoT devices connect to the access layer switches’ edge ports, and the access layer switches reach the gateways on their uplinks.
Where must you configure VLAN 64?
Tunneled devices include IoT devices, which should be assigned to:
*Roles: iot on the switches and iot-wired on the gateways
*VLAN: 64, for which the gateways route traffic
IoT devices connect to the access layer switches’ edge ports, and the access layer switches reach the gateways on their uplinks.
Where must you configure VLAN 64?
A. In the iot-wired role and on no physical interfaces
B. In the iot role and the iot-wired role and on no physical interfaces
C. In the iot-wired role and the access switch uplinks
D. In the iot role and the access switch uplinks
Answer: A
Question #7 (Topic: Exam A)
A company has a third-party security appliance deployed in its data center. The company wants to pass all traffic for certain clients through that device before forwarding that traffic toward its ultimate destination.
Which AOS-CX switch technology fulfills this use case?
Which AOS-CX switch technology fulfills this use case?
A. Virtual Network Based Tunneling (VNBT)
B. MC-LAG
C. Network Analytics Engine (NAE)
D. Device profiles
Answer: A
Question #8 (Topic: Exam A)
You manage AOS-10 APs with HPE Aruba Networking Central. A role is configured on these APs with these rules:
1. Allow udp on port 67 to any destination
2. Allow any to network 10.1.6.0/23
3. Deny any to network 10.1.0.0/16 + log
4. Deny any to network 10.0.0.0/8
5. Allow any to any destination
You add this new rule immediately before rule 2:
Deny ssh to network 10.1.4.0/23 + denylist
After this change, what happens when a client assigned to this role sends SSH traffic to 10.1.11.42?
1. Allow udp on port 67 to any destination
2. Allow any to network 10.1.6.0/23
3. Deny any to network 10.1.0.0/16 + log
4. Deny any to network 10.0.0.0/8
5. Allow any to any destination
You add this new rule immediately before rule 2:
Deny ssh to network 10.1.4.0/23 + denylist
After this change, what happens when a client assigned to this role sends SSH traffic to 10.1.11.42?
A. The traffic is permitted.
B. The traffic is dropped and logged.
C. The traffic is dropped (without any logging or further action against the client).
D. The traffic is dropped, and the client is denylisted.
Answer: B
Question #9 (Topic: Exam A)
HPE Aruba Networking ClearPass Device Insight (CPDI) could not classify some endpoints using system and user rules. Using machine learning, it did assign those endpoints to a cluster and discover a recommendation. In which of these circumstances does CPDI automatically classify the endpoints based on that recommendation?
A. The recommendation has 96% confidence, and it based on 13 classified devices.
B. The recommendation has 98% confidence, and it based on 5 classified devices.
C. The recommendation has 93% confidence, and it based on 36 classified devices.
D. The recommendation has 100% confidence, and it based on 4 classified devices.
Answer: C
Question #10 (Topic: Exam A)
You are setting up HPE Aruba Networking SSE. Which use case requires you to apply a non-default posture in a rule?
A. applying threat inspection to users when they access certain web sites
B. checking whether a client has antivirus software as a condition for receiving access to resources
C. redirecting compromised clients to a remediation server
D. integrating with HPE Aruba Networking ClearPass OnGuard
Answer: B
