New Year Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

HP Updated HPE6-A84 Exam Questions and Answers by zayaan

Page: 3 / 4

HP HPE6-A84 Exam Overview :

Exam Name: Aruba Certified Network Security Expert Written Exam
Exam Code: HPE6-A84 Dumps
Vendor: HP Certification: ACA - Network Security
Questions: 60 Q&A's Shared By: zayaan
Question 12

Refer to the scenario.

A customer is using an AOS 10 architecture with Aruba APs and Aruba gateways (two per site). Admins have implemented auto-site clustering for gateways with the default gateway mode disabled. WLANs use tunneled mode to the gateways.

The WLAN security is WPA3-Enterprise with authentication to an Aruba ClearPass Policy Manager (CPPM) cluster VIP. RADIUS communications use RADIUS, not RadSec.

For which devices does CPPM require network device entries?

Options:

A.

Forgateways' actual IP addresses and dynamic authorization VRRP addresses

B.

For gateways' actual IP addresses and AP clusters' virtual IP addresses for dynamic authorization

C.

For APs' actual IP addresses

D.

ForAP clusters'virtual IP addresses

Discussion
Question 13

The customer needs a way for users to enroll new wired clients in Intune. The clients should have limited access that only lets them enroll and receive certificates. You plan to set up these rights in an AOS-CX role named “provision.”

The customer’s security team dictates that you must limit these clients’ Internet access to only the necessary sites. Your switch software supports IPv4 and IPv6 addresses for the rules applied in the “provision” role.

What should you recommend?

Options:

A.

Configuring the rules for the “provision” role with IPv6 addresses, which tend to be more stable

B.

Enabling tunneling to the MCs on the “provision” role and then setting up the privileges on the MCs

C.

Configuring the “provision” role as a downloadable user role (DUR) in CPPM

D.

Assigning the “provision” role to a VLAN and then setting up the rules within a Layer 2 access control list (ACL)

Discussion
Elise
I've heard that Cramkey is one of the best websites for exam dumps. They have a high passing rate and the questions are always up-to-date. Is it true?
Cian Sep 26, 2024
Definitely. The dumps are constantly updated to reflect the latest changes in the certification exams. And I also appreciate how they provide explanations for the answers, so I could understand the reasoning behind each question.
Addison
Want to tell everybody through this platform that I passed my exam with excellent score. All credit goes to Cramkey Exam Dumps.
Libby Aug 9, 2024
That's good to know. I might check it out for my next IT certification exam. Thanks for the info.
Sam
Can I get help from these dumps and their support team for preparing my exam?
Audrey Aug 29, 2024
Definitely, you won't regret it. They've helped so many people pass their exams and I'm sure they'll help you too. Good luck with your studies!
Miriam
Highly recommended Dumps. 100% authentic and reliable. Passed my exam with wonderful score.
Milan Sep 24, 2024
I see. Thanks for the information. I'll definitely keep Cramkey in mind for my next exam.
Question 14

Refer to the scenario.

A customer has an Aruba ClearPass cluster. The customer has AOS-CX switches that implement 802.1X authentication to ClearPass Policy Manager (CPPM).

Switches are using local port-access policies.

The customer wants to start tunneling wired clients that pass user authentication only to an Aruba gateway cluster. The gateway cluster should assign these clients to the “eth-internet" role. The gateway should also handle assigning clients to their VLAN, which is VLAN 20.

The plan for the enforcement policy and profiles is shown below:

Questions 14

The gateway cluster has two gateways with these IP addresses:

• Gateway 1

o VLAN 4085 (system IP) = 10.20.4.21

o VLAN 20 (users) = 10.20.20.1

o VLAN 4094 (WAN) = 198.51.100.14

• Gateway 2

o VLAN 4085 (system IP) = 10.20.4.22

o VLAN 20 (users) = 10.20.20.2

o VLAN 4094 (WAN) = 198.51.100.12

• VRRP on VLAN 20 = 10.20.20.254

The customer requires high availability for the tunnels between the switches and the gateway cluster. If one gateway falls, the other gateway should take over its tunnels. Also, the switch should be able to discover the gateway cluster regardless of whether one of the gateways is in the cluster.

What is one change that you should make to the solution?

Options:

A.

Change the ubt-client-vlan to VLAN 13.

B.

Configure edge ports in VLAN trunk mode.

C.

Remove VLAN assignments from role configurations on the gateways.

D.

Configure the UBT solution to use VLAN extend mode.

Discussion
Question 15

Refer to the scenario.

A customer requires these rights for clients in the “medical-mobile” AOS firewall role on Aruba Mobility Controllers (MCs):

Questions 15Permitted to receive IP addresses with DHCP

Questions 15Permitted access to DNS services from 10.8.9.7 and no other server

Questions 15Permitted access to all subnets in the 10.1.0.0/16 range except denied access to 10.1.12.0/22

Questions 15Denied access to other 10.0.0.0/8 subnets

Questions 15Permitted access to the Internet

Questions 15Denied access to the WLAN for a period of time if they send any SSH traffic

Questions 15Denied access to the WLAN for a period of time if they send any Telnet traffic

Questions 15Denied access to all high-risk websites

External devices should not be permitted to initiate sessions with “medical-mobile” clients, only send return traffic.

The exhibits below show the configuration for the role.

Questions 15

There are multiple issues with this configuration. What is one change you must make to meet the scenario requirements? (In the options, rules in a policy are referenced from top to bottom. For example, “medical-mobile” rule 1 is “ipv4 any any svc-dhcp permit,” and rule 8 is “ipv4 any any any permit”.)

Options:

A.

In the “medical-mobile” policy, move rules 2 and 3 between rules 7 and 8.

B.

In the “medical-mobile” policy, change the subnet mask in rule 3 to 255.255.248.0.

C.

Move the rule in the “apprf-medical-mobile-sacl” policy between rules 7 and 8 in the “medical-mobile” policy.

D.

In the “medical-mobile” policy, change the source in rule 8 to “user.”

Discussion
Page: 3 / 4

HPE6-A84
PDF

$36.75  $104.99

HPE6-A84 Testing Engine

$43.75  $124.99

HPE6-A84 PDF + Testing Engine

$57.75  $164.99