HP HPE7-A10 - HPE Network Security Expert Exam
Page: 2 / 15
Total 74 questions
Question #6 (Topic: Exam A)
# Introduction to the customer
You are helping a company add HPE Aruba Networking ClearPass to their network, which uses HPE Aruba Networking network infrastructure devices.
The company currently has a Windows domain and Windows CA. The Window CA issues certificates to domain computers, domain users, and servers such as domain controllers. An example of a certificate issued by the Windows CA is shown here.
# ClearPass cluster IP addressing and hostnames
A customer's ClearPass cluster has these IP addresses:
• Publisher = 10.47.47.5
• Subscriber 1 = 10.47.47.6
• Subscriber 2 = 10.47.47.7
• Virtual IP with Subscriber 1 and Subscriber 2 = 10.47.47.8
The customer's DNS server has these entries
• cp.acnsxtest.com = 10.47.47.5
• cps1.acnsxtest.com = 10.47.47.6
• cps2.acnsxtest.com = 10.47.47.7
• radius.acnsxtest.com = 10.47.47.8
• onboard.acnsxtest.com = 10.47.47.8
Refer to the scenario.
You have created a role mapping policy as shown in the exhibits below.
What is one change that you need to make to this policy?
You are helping a company add HPE Aruba Networking ClearPass to their network, which uses HPE Aruba Networking network infrastructure devices.
The company currently has a Windows domain and Windows CA. The Window CA issues certificates to domain computers, domain users, and servers such as domain controllers. An example of a certificate issued by the Windows CA is shown here.
# ClearPass cluster IP addressing and hostnames
A customer's ClearPass cluster has these IP addresses:
• Publisher = 10.47.47.5
• Subscriber 1 = 10.47.47.6
• Subscriber 2 = 10.47.47.7
• Virtual IP with Subscriber 1 and Subscriber 2 = 10.47.47.8
The customer's DNS server has these entries
• cp.acnsxtest.com = 10.47.47.5
• cps1.acnsxtest.com = 10.47.47.6
• cps2.acnsxtest.com = 10.47.47.7
• radius.acnsxtest.com = 10.47.47.8
• onboard.acnsxtest.com = 10.47.47.8
Refer to the scenario.
You have created a role mapping policy as shown in the exhibits below.
What is one change that you need to make to this policy?
A. Move rule 1 to the bottom of the list.
B. Change the default role to "mobile-onboarded".
C. In rule 1 change Issuer-CN to Subject-CN.
D. Change the rules evaluation algorithm to select all matches.
Answer: A
Question #7 (Topic: Exam A)
# Introduction to the customer
You are helping a company add HPE Aruba Networking ClearPass to their network, which uses HPE Aruba Networking network infrastructure devices.
The company currently has a Windows domain and Windows CA. The Window CA issues certificates to domain computers, domain users, and servers such as domain controllers. An example of a certificate issued by the Windows CA is shown here.
# ClearPass cluster IP addressing and hostnames
A customer's ClearPass cluster has these IP addresses:
• Publisher = 10.47.47.5
• Subscriber 1 = 10.47.47.6
• Subscriber 2 = 10.47.47.7
• Virtual IP with Subscriber 1 and Subscriber 2 = 10.47.47.8
The customer's DNS server has these entries
• cp.acnsxtest.com = 10.47.47.5
• cps1.acnsxtest.com = 10.47.47.6
• cps2.acnsxtest.com = 10.47.47.7
• radius.acnsxtest.com = 10.47.47.8
• onboard.acnsxtest.com = 10.47.47.8
Refer to the scenario.
The customer has now decided that it needs CPPM to assign certain mobile-onboarded devices to a "nurse-call" AOS user role. These are mobile-onboarded devices that are communicating with IP address 10.1.18.12 using port 4343.
What are the prerequisites for fulfilling this requirement?
You are helping a company add HPE Aruba Networking ClearPass to their network, which uses HPE Aruba Networking network infrastructure devices.
The company currently has a Windows domain and Windows CA. The Window CA issues certificates to domain computers, domain users, and servers such as domain controllers. An example of a certificate issued by the Windows CA is shown here.
# ClearPass cluster IP addressing and hostnames
A customer's ClearPass cluster has these IP addresses:
• Publisher = 10.47.47.5
• Subscriber 1 = 10.47.47.6
• Subscriber 2 = 10.47.47.7
• Virtual IP with Subscriber 1 and Subscriber 2 = 10.47.47.8
The customer's DNS server has these entries
• cp.acnsxtest.com = 10.47.47.5
• cps1.acnsxtest.com = 10.47.47.6
• cps2.acnsxtest.com = 10.47.47.7
• radius.acnsxtest.com = 10.47.47.8
• onboard.acnsxtest.com = 10.47.47.8
Refer to the scenario.
The customer has now decided that it needs CPPM to assign certain mobile-onboarded devices to a "nurse-call" AOS user role. These are mobile-onboarded devices that are communicating with IP address 10.1.18.12 using port 4343.
What are the prerequisites for fulfilling this requirement?
A. Setting up traffic classes and role mapping rules within HPE Aruba Networking Central's global settings
B. Creating a tag on HPE Aruba Networking Central to select the proper destination connection and integrating CPPM with Device Insight
C. Creating server-based role assignment rules on APs that apply roles to clients based on traffic destinations
D. Creating server-based role assignment rules on gateways that apply roles to clients based on traffic destinations
Answer: D
Question #8 (Topic: Exam A)
# Introduction to the customer
You are helping a company add HPE Aruba Networking ClearPass to their network, which uses HPE Aruba Networking network infrastructure devices.
The company currently has a Windows domain and Windows CA. The Window CA issues certificates to domain computers, domain users, and servers such as domain controllers. An example of a certificate issued by the Windows CA is shown here.
# ClearPass cluster IP addressing and hostnames
A customer's ClearPass cluster has these IP addresses:
• Publisher = 10.47.47.5
• Subscriber 1 = 10.47.47.6
• Subscriber 2 = 10.47.47.7
• Virtual IP with Subscriber 1 and Subscriber 2 = 10.47.47.8
The customer's DNS server has these entries
• cp.acnsxtest.com = 10.47.47.5
• cps1.acnsxtest.com = 10.47.47.6
• cps2.acnsxtest.com = 10.47.47.7
• radius.acnsxtest.com = 10.47.47.8
• onboard.acnsxtest.com = 10.47.47.8
The customer needs a secure way for users to enroll their new wireless clients in Intune. You are recommending a new WLAN that will provide the users with limited access for the enrollment. You have set up captive portal for clients on this WLAN to a web page with instructions for enrolling devices. You will need to add several hostnames to the captive portal allowlist manually.
What is one of those hostnames?
You are helping a company add HPE Aruba Networking ClearPass to their network, which uses HPE Aruba Networking network infrastructure devices.
The company currently has a Windows domain and Windows CA. The Window CA issues certificates to domain computers, domain users, and servers such as domain controllers. An example of a certificate issued by the Windows CA is shown here.
# ClearPass cluster IP addressing and hostnames
A customer's ClearPass cluster has these IP addresses:
• Publisher = 10.47.47.5
• Subscriber 1 = 10.47.47.6
• Subscriber 2 = 10.47.47.7
• Virtual IP with Subscriber 1 and Subscriber 2 = 10.47.47.8
The customer's DNS server has these entries
• cp.acnsxtest.com = 10.47.47.5
• cps1.acnsxtest.com = 10.47.47.6
• cps2.acnsxtest.com = 10.47.47.7
• radius.acnsxtest.com = 10.47.47.8
• onboard.acnsxtest.com = 10.47.47.8
The customer needs a secure way for users to enroll their new wireless clients in Intune. You are recommending a new WLAN that will provide the users with limited access for the enrollment. You have set up captive portal for clients on this WLAN to a web page with instructions for enrolling devices. You will need to add several hostnames to the captive portal allowlist manually.
What is one of those hostnames?
A. onboard.acnsxtest.com
B. cps2.acnsxtest.com
C. cps1.acnsxtest.com
D. cp.acnsxtest.com
Answer: A
Question #9 (Topic: Exam A)
# Introduction to the customer
You are helping a company add HPE Aruba Networking ClearPass to their network, which uses HPE Aruba Networking network infrastructure devices.
The company currently has a Windows domain and Windows CA. The Window CA issues certificates to domain computers, domain users, and servers such as domain controllers. An example of a certificate issued by the Windows CA is shown here.
# ClearPass cluster IP addressing and hostnames
A customer's ClearPass cluster has these IP addresses:
• Publisher = 10.47.47.5
• Subscriber 1 = 10.47.47.6
• Subscriber 2 = 10.47.47.7
• Virtual IP with Subscriber 1 and Subscriber 2 = 10.47.47.8
The customer's DNS server has these entries
• cp.acnsxtest.com = 10.47.47.5
• cps1.acnsxtest.com = 10.47.47.6
• cps2.acnsxtest.com = 10.47.47.7
• radius.acnsxtest.com = 10.47.47.8
• onboard.acnsxtest.com = 10.47.47.8
Refer to the scenario.
On CPPM, you are creating the authentication source. You have configured the settings shown in the tab and have not altered any other settings.
What else do you need to do to help authentication proceed correctly?
You are helping a company add HPE Aruba Networking ClearPass to their network, which uses HPE Aruba Networking network infrastructure devices.
The company currently has a Windows domain and Windows CA. The Window CA issues certificates to domain computers, domain users, and servers such as domain controllers. An example of a certificate issued by the Windows CA is shown here.
# ClearPass cluster IP addressing and hostnames
A customer's ClearPass cluster has these IP addresses:
• Publisher = 10.47.47.5
• Subscriber 1 = 10.47.47.6
• Subscriber 2 = 10.47.47.7
• Virtual IP with Subscriber 1 and Subscriber 2 = 10.47.47.8
The customer's DNS server has these entries
• cp.acnsxtest.com = 10.47.47.5
• cps1.acnsxtest.com = 10.47.47.6
• cps2.acnsxtest.com = 10.47.47.7
• radius.acnsxtest.com = 10.47.47.8
• onboard.acnsxtest.com = 10.47.47.8
Refer to the scenario.
On CPPM, you are creating the authentication source. You have configured the settings shown in the tab and have not altered any other settings.
What else do you need to do to help authentication proceed correctly?
A. Change the Connection Security method to StartTLS.
B. Add a custom attribute to the authentication filter to collect the account's userPrincipalName.
C. Change the authentication filter to query for userPrincipalName as well as sAMAccountName.
D. Add two custom filters that query AD based on TEAP Method 1 Username and TEAP Method 2 Username.
Answer: C
Question #10 (Topic: Exam A)
# Introduction to the customer
You are helping a company add HPE Aruba Networking ClearPass to their network, which uses HPE Aruba Networking network infrastructure devices.
The company currently has a Windows domain and Windows CA. The Window CA issues certificates to domain computers, domain users, and servers such as domain controllers. An example of a certificate issued by the Windows CA is shown here.
# ClearPass cluster IP addressing and hostnames
A customer's ClearPass cluster has these IP addresses:
• Publisher = 10.47.47.5
• Subscriber 1 = 10.47.47.6
• Subscriber 2 = 10.47.47.7
• Virtual IP with Subscriber 1 and Subscriber 2 = 10.47.47.8
The customer's DNS server has these entries
• cp.acnsxtest.com = 10.47.47.5
• cps1.acnsxtest.com = 10.47.47.6
• cps2.acnsxtest.com = 10.47.47.7
• radius.acnsxtest.com = 10.47.47.8
• onboard.acnsxtest.com = 10.47.47.8
Refer to the scenario.
A customer has AOS-CX switches with this configuration on their edge ports:
port-access onboarding-method concurrent enable
aaa authentication port-access mac-auth
enable
quiet-period 60
aaa authentication port-access dotx1 authenticator
enable
The switch authenticates clients to HPE Aruba Networking ClearPass Policy Manager (CPPM) which has these services:
1. An 802.1 X service that uses an EAP-TLS method for most clients
2. A MAC-Auth service that uses the [MAC-Auth] method for devices such as printers imported from an inventory manager
The customer now wants to provide limited access to wired guest devices and new devices that need to be enrolled with certificates. You have set up these rights in an AOS-CX role named "guest-login."
How should you apply the "guest-login" role on the switches?
You are helping a company add HPE Aruba Networking ClearPass to their network, which uses HPE Aruba Networking network infrastructure devices.
The company currently has a Windows domain and Windows CA. The Window CA issues certificates to domain computers, domain users, and servers such as domain controllers. An example of a certificate issued by the Windows CA is shown here.
# ClearPass cluster IP addressing and hostnames
A customer's ClearPass cluster has these IP addresses:
• Publisher = 10.47.47.5
• Subscriber 1 = 10.47.47.6
• Subscriber 2 = 10.47.47.7
• Virtual IP with Subscriber 1 and Subscriber 2 = 10.47.47.8
The customer's DNS server has these entries
• cp.acnsxtest.com = 10.47.47.5
• cps1.acnsxtest.com = 10.47.47.6
• cps2.acnsxtest.com = 10.47.47.7
• radius.acnsxtest.com = 10.47.47.8
• onboard.acnsxtest.com = 10.47.47.8
Refer to the scenario.
A customer has AOS-CX switches with this configuration on their edge ports:
port-access onboarding-method concurrent enable
aaa authentication port-access mac-auth
enable
quiet-period 60
aaa authentication port-access dotx1 authenticator
enable
The switch authenticates clients to HPE Aruba Networking ClearPass Policy Manager (CPPM) which has these services:
1. An 802.1 X service that uses an EAP-TLS method for most clients
2. A MAC-Auth service that uses the [MAC-Auth] method for devices such as printers imported from an inventory manager
The customer now wants to provide limited access to wired guest devices and new devices that need to be enrolled with certificates. You have set up these rights in an AOS-CX role named "guest-login."
How should you apply the "guest-login" role on the switches?
A. As the role assigned by the default enforcement profile in CPPM's MAC-Auth service
B. As the port-access preauth-role on the edge interfaces
C. As the port-access reject-role on the edge interfaces
D. As the role assigned by the default enforcement profile in CPPM's 802.1X service
Answer: B
