HPE7-A02無料問題集「HP Aruba Certified Network Security Professional」

質問 1

(Note that the HPE Aruba Networking Central interface shown here might look slightly different from what you see in your HPE Aruba Networking Central interface as versions change; however, similar concepts continue to apply.) An HPE Aruba Networking 9x00 gateway is part of an HPE Aruba Networking Central group that has the settings shown in the exhibit. What would cause the gateway to drop traffic as part of its IDPS settings?

（A）Its IDPS engine failing

（B）Its site-to-site VPN connections failing

（C）Traffic showing anomalous behavior

（D）Traffic matching a rule in the active ruleset

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

An admin has configured an AOS-CX switch with these settings:
port-access role employees
vlan access name employees
This switch is also configured with CPPM as its RADIUS server.
Which enforcement profile should you configure on CPPM to work with this configuration?

（A）HPE Aruba Networking Downloadable Role Enforcement type with role name set to "employees"

（B）RADIUS Enforcement type with Aruba-User-Role VSA set to "employees"

（C）HPE Aruba Networking Downloadable Role Enforcement type with gateway role name set to
"employees"

（D）RADIUS Enforcement type with HPE-User-Role VSA set to "employees"

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

A company wants HPE Aruba Networking ClearPass Policy Manager (CPPM) to respond to Syslog messages from its Palo Alto Next Generation Firewall (NGFW) by quarantining clients involved in security incidents.
Which step must you complete to enable CPPM to process the Syslogs properly?

（A）Enable Insight and ingress event processing on the CPPM server.

（B）Install a Palo Alto Extension through ClearPass Guest.

（C）Configure the Palo Alto as a context server on CPPM.

（D）Configure CPPM to trust the root CA certificate for the NGFW.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

You need to set up HPE Aruba Networking ClearPass Policy Manager (CPPM) to provide certificate-based authentication of 802.1X supplicants.
How should you upload the root CA certificate for the supplicants' certificates?

（A）As a ClearPass Server certificate with the Database usage

（B）As a Trusted CA with the AD/LDAP usage

（C）As a Trusted CA with the EAP usage

（D）As a ClearPass Server certificate with the RADIUS/EAP usage

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

Your company wants to implement Tunneled EAP (TEAP).
How can you set up HPE Aruba Networking ClearPass Policy Manager (CPPM) to enforce certificated-based authentication for clients using TEAP?

（A）Select a service certificate when you specify TEAP as a service's authentication method.

（B）Select an EAP-TLS-type authentication method for the TEAP method's inner method.

（C）For the service using TEAP, set the authentication source to an internal database.

（D）Create an authentication method named "TEAP" with the type set to EAP-TLS.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

HPE Aruba Networking ClearPass Device Insight (CPDI) could not classify some endpoints using system and user rules. Using machine learning, it did assign those endpoints to a cluster and discover a recommendation.
In which of these circumstances does CPDI automatically classify the endpoints based on that recommendation?

（A）The recommendation has 93% confidence, and it is based on 36 classified devices.

（B）The recommendation has 98% confidence, and it is based on 5 classified devices.

（C）The recommendation has 96% confidence, and it is based on 13 classified devices.

（D）The recommendation has 100% confidence, and it is based on 4 classified devices.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

What is a typical use case for using HPE Aruba Networking ClearPass Onboard to provision devices?

（A）Enhancing security for loT devices that need to authenticate with MAC-Auth

（B）Enforcing posture-based assessment on managed Windows domain computers

（C）Enabling managed Windows domain computers to succeed at certificate-based 802.1X

（D）Enabling unmanaged devices to succeed at certificate-based 802.1X

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

A company has HPE Aruba Networking infrastructure devices. The devices authenticate clients to HPE Aruba Networking ClearPass Policy Manager (CPPM). You want CPPM to track information about clients, such as their IP addresses and their network bandwidth utilization. What should you set up on the network infrastructure devices to help that happen?

（A）An IF-MAP interface with CPPM as the destination.

（B）Dynamic authorization enabled in the RADIUS settings for CPPM.

（C）RADIUS accounting to CPPM, including interim updates.

（D）Logging with CPPM configured as a Syslog server.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

You need to create a rule in an HPE Aruba Networking ClearPass Policy Manager (CPPM) role mapping policy that references a ClearPass Device Insight Tag. Which Type (namespace) should you specify for the rule?

（A）Device

（B）Endpoint

（C）Application

（D）TIPS

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

You have set up a mirroring session between an AOS-CX switch and a management station, running Wireshark. You want to capture just the traffic sent in the mirroring session, not the management station's other traffic.
What should you do?

（A）Apply this capture filter: udp port 5555

（B）Edit protocol preferences and enable HPE_ERM.

（C）Edit protocol preferences and enable ARUBA_ERM.

（D）Apply this capture filter: ip proto 47

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

HPE7-A02 無料問題集「HP Aruba Certified Network Security Professional」

弊社を連絡する

関連リンク

トップ試験