HP HPE6-A84 Exam Practice Questions (P. 4)
- Full Access (60 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #16
A customer requires a secure solution for connecting remote users to the corporate main site. You are designing a client-to-site virtual private network (VPN) based on Aruba VIA and Aruba Mobility Controllers acting as VPN Concentrators (VPNCs). Remote users will first use the VIA client to contact the VPNCs and obtain connection settings.
The users should only be allowed to receive the settings if they are the customer's “RemoteEmployees” AD group. After receiving the settings, the VIA clients will automatically establish VPN connections, authenticating to CPPM with certificates.
What should you do to help ensure that only authorized users obtain VIA connection settings?
The users should only be allowed to receive the settings if they are the customer's “RemoteEmployees” AD group. After receiving the settings, the VIA clients will automatically establish VPN connections, authenticating to CPPM with certificates.
What should you do to help ensure that only authorized users obtain VIA connection settings?
- ASet up the VPNCs' VIA web authentication profile to use CPPM as the authentication server; set up a service on CPPM that uses AD as the authentication source.
- BSet up the VPNCs' VIA web authentication profile to use an AD domain controller as the LDAP server.
- CSet up the VPNCs' VIA connection profile to use two authentication profiles, one RADIUS profile to CPPM and one LDAP profile to AD.
- DSet up the VPNCs' VIA connection profile to use one authentication profile, which is set to the AD domain controller's hostname.
Correct Answer:
A
A
send
light_mode
delete
Question #17
Refer to the scenario.
A customer is migrating from on-prem AD to Azure AD as its sole domain solution. The customer also manages both wired and wireless devices with Microsoft Endpoint Manager (Intune).
The customer wants to improve security for the network edge. You are helping the customer design a ClearPass deployment for this purpose. Aruba network devices will authenticate wireless and wired clients to an Aruba ClearPass Policy Manager (CPPM) cluster (which uses version 6.10).
The customer has several requirements for authentication. The clients should only pass EAP-TLS authentication if a query to Azure AD shows that they have accounts in Azure AD. To further refine the clients’ privileges, ClearPass also should use information collected by Intune to make access control decisions.
The customer wants you to configure CPPM to collect information from Intune on demand during the authentication process.
What should you tell the Intune admins about the certificates issued to clients?
A customer is migrating from on-prem AD to Azure AD as its sole domain solution. The customer also manages both wired and wireless devices with Microsoft Endpoint Manager (Intune).
The customer wants to improve security for the network edge. You are helping the customer design a ClearPass deployment for this purpose. Aruba network devices will authenticate wireless and wired clients to an Aruba ClearPass Policy Manager (CPPM) cluster (which uses version 6.10).
The customer has several requirements for authentication. The clients should only pass EAP-TLS authentication if a query to Azure AD shows that they have accounts in Azure AD. To further refine the clients’ privileges, ClearPass also should use information collected by Intune to make access control decisions.
The customer wants you to configure CPPM to collect information from Intune on demand during the authentication process.
What should you tell the Intune admins about the certificates issued to clients?
- AThey must be issued by a well-known, trusted CA.
- BThey must include the Intune ID in the subject name.
- CThey must include the client MAC address in the subject name.
- DThey must be issued by a ClearPass Onboard CA.
Correct Answer:
A
A
send
light_mode
delete
Question #18
Refer to the scenario.
A customer is migrating from on-prem AD to Azure AD as its sole domain solution. The customer also manages both wired and wireless devices with Microsoft Endpoint Manager (Intune).
The customer wants to improve security for the network edge. You are helping the customer design a ClearPass deployment for this purpose. Aruba network devices will authenticate wireless and wired clients to an Aruba ClearPass Policy Manager (CPPM) cluster (which uses version 6.10).
The customer has several requirements for authentication. The clients should only pass EAP-TLS authentication if a query to Azure AD shows that they have accounts in Azure AD. To further refine the clients’ privileges, ClearPass also should use information collected by Intune to make access control decisions.
You are planning to use Azure AD as the authentication source in 802.1X services.
What should you make sure that the customer understands is required?
A customer is migrating from on-prem AD to Azure AD as its sole domain solution. The customer also manages both wired and wireless devices with Microsoft Endpoint Manager (Intune).
The customer wants to improve security for the network edge. You are helping the customer design a ClearPass deployment for this purpose. Aruba network devices will authenticate wireless and wired clients to an Aruba ClearPass Policy Manager (CPPM) cluster (which uses version 6.10).
The customer has several requirements for authentication. The clients should only pass EAP-TLS authentication if a query to Azure AD shows that they have accounts in Azure AD. To further refine the clients’ privileges, ClearPass also should use information collected by Intune to make access control decisions.
You are planning to use Azure AD as the authentication source in 802.1X services.
What should you make sure that the customer understands is required?
- AAn app registration on Azure AD that references the CPPM's FQDN
- BWindows 365 subscriptions
- CCPPM's RADIUS certificate was imported as trusted in the Azure AD directory
- DAzure AD Domain Services
Correct Answer:
A
A
send
light_mode
delete
Question #19
You are configuring gateway IDS/IPS settings in Aruba Central.
For which reason would you set the Fail Strategy to Bypass?
For which reason would you set the Fail Strategy to Bypass?
- ATo permit traffic if the IPS engine falls to inspect It
- BTo enable the gateway to honor the allowlist settings configured in IDS/IPS policies
- CTo tell gateways to stop enforcing IDS/IPS policies if they lose connectivity to the Internet
- DTo avoid wasting IPS engine resources on filtering traffic for unauthenticated clients
Correct Answer:
A
A
send
light_mode
delete
Question #20
How does Aruba Central handle security for site-to-site connections between AOS 10 gateways?
- AIt uses an Aruba proprietary integrity and encryption technologies to secure site-to-site connections, making them resistant to zero day attacks.
- BIt automatically establishes IPsec tunnels for all site-to-site (all HUBs and Branches) connections using keys securely distributed by Central.
- CIt automatically steers traffic away from Internet-based connections to more secure MPLS connections to reduce encryption overhead.
- DIt automatically establishes simple-to-manage and highly secure TLSv1.3 tunnels between gateways.
Correct Answer:
B
B
send
light_mode
delete
All Pages