New Year Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

HP Updated HPE6-A84 Exam Questions and Answers by maddie

Page: 4 / 4

HP HPE6-A84 Exam Overview :

Exam Name: Aruba Certified Network Security Expert Written Exam
Exam Code: HPE6-A84 Dumps
Vendor: HP Certification: ACA - Network Security
Questions: 60 Q&A's Shared By: maddie
Question 16

A customer requires a secure solution for connecting remote users to the corporate main site. You are designing a client-to-site virtual private network (VPN) based on Aruba VIA and Aruba Mobility Controllers acting as VPN Concentrators (VPNCs). Remote users will first use the VIA client to contact the VPNCs and obtain connection settings.

The users should only be allowed to receive the settings if they are the customer's “RemoteEmployees” AD group. After receiving the settings, the VIA clients will automatically establish VPN connections, authenticating to CPPM with certificates.

What should you do to help ensure that only authorized users obtain VIA connection settings?

Options:

A.

Set up the VPNCs' VIA web authentication profile to use CPPM as the authentication server; set up a service on CPPM that uses AD as the authentication source.

B.

Set up the VPNCs' VIA web authentication profile to use an AD domain controller as the LDAP server.

C.

Set up the VPNCs' VIA connection profile to use two authentication profiles, one RADIUS profile to CPPM and one LDAP profile to AD.

D.

Set up the VPNCs' VIA connection profile to use one authentication profile, which is set to the AD domain controller's hostname.

Discussion
Question 17

You are setting up Aruba ClearPass Policy Manager (CPPM) to enforce EAP-TLS authentication with Active Directory as the authentication source. The company wants to prevent users with disabled accounts from connecting even if those users still have valid certificates.

As the first part of meeting these criteria, what should you do to enable CPPM to determine where accounts are enabled in AD or not?

Options:

A.

Add an Endpoint Context Server to the domain controller with actions for querying the domain controller for account status.

B.

Enable OCSP in the EAP-TLS authentication method settings and configure an OCSP override to the domain controller FQDN.

C.

Add a custom attribute for userAccountControl to the filters in the AD authentication source.

D.

Install a Microsoft Active Directory extension in Aruba ClearPass Guest and set up an HTTP authentication source that points to that extension.

Discussion
Question 18

You need to install a certificate on a standalone Aruba Mobility Controller (MC). The MC will need to use the certificate for the Web UI and for implementing RadSec with Aruba ClearPass Policy Manager. You have been given a certificate with these settings:

Questions 18Subject: CN=mc41.site94.example.com

Questions 18No SANs

Questions 18Issuer: CN=ca41.example.com

Questions 18EKUs: Server Authentication, Client Authentication

What issue does this certificate have for the purposes for which the certificate is intended?

Options:

A.

It has conflicting EKUs.

B.

It is issued by a private CA.

C.

It specifies domain info in the CN field instead of the DC field.

D.

It lacks a DNS SAN.

Discussion
Page: 4 / 4

HPE6-A84
PDF

$36.75  $104.99

HPE6-A84 Testing Engine

$43.75  $124.99

HPE6-A84 PDF + Testing Engine

$57.75  $164.99