Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks
Uploaded by wilson.tan1984

HP Certification HPE6-A84 Training Material

advertisement 
Certspots
HPE6-A84
Real Dumps
https://www.certspots.com/exam/hpe6-a84/
HP HPE6-A84 Real Dumps
1. You are designing an Aruba ClearPass Policy Manager (CPPM) solution for a customer.
You learn that the customer has a Palo Alto firewall that filters traffic between clients in
the campus and the data center.
Which integration can you suggest?
A. Sending Syslogs from the firewall to CPPM to signal CPPM to change the
authentication status for misbehaving clients
B. Importing clients’ MAC addresses to configure known clients for MAC authentication
more quickly
C. Establishing a double layer of authentication at both the campus edge and the data
center DMZ
D. Importing the firewall's rules to program downloadable user roles for AOS-CX switches
more quickly
Answer: A
HP HPE6-A84 Real Dumps
2. A company has Aruba gateways that are Implementing gateway IDS/IPS in
IDS mode. The customer complains that admins are receiving too frequent of
repeat email notifications for the same threat. The threat itself might be one
that the admins should investigate, but the customer does not want the email
notification to repeat as often.
Which setting should you adjust in Aruba Central?
A. Report scheduling settings
B. Alert duration and threshold settings
C. The IDS policy setting (strict, medium, or lenient)
D. The allowlist settings in the IDS policy
Answer: B
HP HPE6-A84 Real Dumps
3. You are configuring gateway IDS/IPS settings in Aruba Central.
For which reason would you set the Fail Strategy to Bypass?
A. To permit traffic if the IPS engine falls to inspect It
B. To enable the gateway to honor the allowlist settings configured in
IDS/IPS policies
C. To tell gateways to stop enforcing IDS/IPS policies if they lose
connectivity to the Internet
D. To avoid wasting IPS engine resources on filtering traffic for
unauthenticated clients
Answer: A
HP HPE6-A84 Real Dumps
4. You are working with a developer to design a custom NAE script for a customer. The
NAE agent should trigger an alert when ARP inspection drops packets on a VLAN. The
customer wants the admins to be able to select the correct VLAN ID for the agent to
monitor when they create the agent.
What should you tell the developer to do?
A. Use this variable, %{vlan-id}, when defining the monitor URI in the NAE agent script.
B. Define a VLAN ID parameter; reference that parameter when defining the monitor URI.
C. Create multiple monitors within the script from which admins can select when they
create the agent.
D. Use a callback action to collect the ID of the VLAN on which admins have enabled NAE
monitoring.
Answer: B
HP HPE6-A84 Real Dumps
5. You are reviewing an endpoint entry in ClearPass Policy Manager (CPPM)
Endpoints Repository.
What is a good sign that someone has been trying to gain unauthorized access
to the network?
A. The entry shows multiple DHCP options under the fingerprints.
B. The entry shows an Unknown status.
C. The entry shows a profile conflict of having a new profile of Computer for a
profiled Printer.
D. The entry lacks a hostname or includes a hostname with long seemingly
random characters.
Answer: C
HP HPE6-A84 Real Dumps
6. Which element helps to lay the foundation for solid network security
forensics?
A. Enable BPDU protection and loop protection on edge switch ports
B. Enabling debug-level information for network infrastructure device logs
C. Implementing 802.1X authentication on switch ports that connect to APs
D. Ensuring that all network devices use a correct, consistent clock
Answer: D
HP HPE6-A84 Real Dumps
7. Refer to the scenario.
A customer has an AOS10 architecture that is managed by Aruba Central. Aruba
infrastructure devices authenticate clients to an Aruba ClearPass cluster.
In Aruba Central, you are examining network traffic flows on a wireless IoT device that is
categorized as “Raspberry Pi” clients. You see SSH traffic. You then check several more
wireless IoT clients and see that they are sending SSH also.
You want an easy way to communicate the information that an IoT client has used SSH to
Aruba ClearPass Policy Manager (CPPM).
What step should you take?
A. On CPPM create an Endpoint Context Server that points to the Central API.
B. On CPPM enable Device Insight integration.
C. On Central configure APs and gateways to use CPPM as the RADIUS accounting server.
D. On Central set up CPPM as a Webhook application.
Answer: D
HP HPE6-A84 Real Dumps
8. You want to use Device Insight tags as conditions within CPPM role mapping or
enforcement policy rules.
What guidelines should you follow?
A. Create an HTTP authentication source to the Central API that queries for the tags. To
use that source as the type for rule conditions, add it an authorization source for the
service in question.
B. Use the Application type for the rule conditions; no extra authorization source is
required for services that use policies with these rules.
C. Use the Endpoints Repository type for the rule conditions; Add Endpoints Repository
as a secondary authentication source for services that use policies with these rules.
D. Use the Endpoint type for the rule conditions; no extra authorization source is required
for services that use policies with these rules.
Answer: D
HP HPE6-A84 Real Dumps
9. A customer has an AOS 10-based solution, including Aruba APs. The
customer wants to use Cloud Auth to authenticate non-802.1X capable
IoT devices.
What is a prerequisite for setting up the device role mappings?
A. Configuring a NetConductor-based fabric
B. Configuring Device Insight (client profile) tags in Central
C. Integrating Aruba ClearPass Policy Manager (CPPM) and Device
Insight
D. Creating global role-to-role firewall policies in Central
Answer: B
HP HPE6-A84 Real Dumps
10. A company has Aruba gateways and wants to start implementing gateway IDS/IPS.
The customer has selected Block for the Fail Strategy.
What might you recommend to help minimize unexpected outages caused by using this
particular fall strategy?
A. Configuring a relatively high threshold for the gateway threat count alerts
B. Making sure that the gateways have formed a cluster and operate in default gateway
mode
C. Setting the IDS or IPS policy to the least restrictive option, Lenient
D. Enabling alerts and email notifications for events related to gateway IPS engine
utilization and errors
Answer: B
Related documents
AD0-E134 Adobe Experience Manager Developer Exam
AD0-E134 Adobe Experience Manager Developer Exam
Brendon Thiel Airport CV.pdf
Brendon Thiel Airport CV.pdf
HP HPE7-A01 Dumps Questions Answers
HP HPE7-A01 Dumps Questions Answers
HPE6-A84 Exam Dumps and Free Practice Test
HPE6-A84 Exam Dumps and Free Practice Test
Download
advertisement