HPE7-A02試験無料問題集（130題）「HP Aruba Certified Network Security Professional 認定」

出題：1

You want to examine the applications that a device is using and look for any changes in application usage over several different ranges. In which HPE Aruba Networking solution can you view this information in an easy-to-view format?

A. HPE Aruba Networking ClearPass Insight using an Active Endpoint Security report

B. HPE Aruba Networking ClearPass OnGuard agent installed on the device

C. HPE Aruba Networking ClearPass Device Insight (CPDI) in the device's network activity

D. HPE Aruba Networking Central within a device's Live Monitoring page

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

A company needs you to integrate HPE Aruba Networking ClearPass Policy Manager (CPPM) with HPE Aruba Networking ClearPass Device Insight (CPDI).
What is one task you should do to prepare?

A. Collect a Data Collector token from HPE Aruba Networking Central.

B. Install the root CA for CPPM's HTTPS certificate as trusted in the CPDI application.

C. Enable Insight in the CPPM server configuration settings.

D. Configure WMI, SSH, and SNMP external accounts for device scanning on CPPM.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

A company uses HPE Aruba Networking ClearPass Policy Manager (CPPM) as a TACACS+ server to authenticate managers on its AOS-CX switches. The company wants CPPM to control which commands managers are allowed to enter. You see there is no field to enter these commands in ClearPass.
How do you start configuring the command list on CPPM?

A. Create an enforcement policy with the TACACS+ type.

B. Edit the settings for CPPM's default TACACS+ admin roles.

C. Add the Shell service to the managers' TACACS+ enforcement profiles.

D. Edit the TACACS+ settings in the AOS-CX switches' network device entries.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

A company has AOS-CX switches at the access layer, managed by HPE Aruba Networking Central. You have identified suspicious activity on a wired client. You want to analyze the client's traffic with Wireshark, which you have on your management station.
What should you do?

A. Access the client's switch's CLI from your management station. Access the switch shell and run a TCP dump on the client port.

B. Go to the client's switch in HPE Aruba Networking Central. Use the "Security" page to run a packet capture.

C. Set up a mirror session on the client's switch; set the client port as the source and your station IP address as the tunnel destination.

D. Set up a policy that implements a captive portal redirect to your management station. Apply that policy to the client's port.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

You are setting up policy rules in HPE Aruba Networking SSE. You want to create a single rule that permits users in a particular user group to access multiple applications. What is an easy way to meet this need?

A. Associate the applications directly with the IdP used to authenticate the users; choose any for the destination in the policy rule.

B. Place all the applications in the same connector zone; select that zone as a destination in the policy rule.

C. Apply the same tag to the applications; select the tag as a destination in the policy rule.

D. Select the applications within a non-default web profile; select that profile in the policy rule.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

All of the switches in the exhibit are AOS-CX switches.
What is the preferred configuration on Switch-2 for preventing rogue OSPF routers in this network?

A. Configure OSPF authentication on VLANs 10-19 in password mode.

B. Disable OSPF entirely on VLANs 10-19.

C. Configure passive-interface as the OSPF default and disable OSPF passive on Lag 1.

D. Configure OSPF authentication on Lag 1 in MD5 mode.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

HPE Aruba Networking Central displays a Gateway Threat Count alert in the alert list. How can you gather more information about what caused the alert to trigger?

A. Use Live Monitoring on the gateway to download a packet capture of recent traffic flowing through the gateway.

B. Use HPE Aruba Networking Central tools to run a Network Check on the gateway with which the alert is associated.

C. Check the threat list for the gateway associated with the alert. Access threat details and download packet info.

D. Check the gateway's Audit Trail in HPE Aruba Networking Central for more details about the threats that triggered the alert.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

A company has HPE Aruba Networking APs and AOS-CX switches, as well as HPE Aruba Networking ClearPass. The company wants CPPM to have HTTP User- Agent strings to use in profiling devices.
What can you do to support these requirements?

A. Configure mirror sessions on the APs and switches to copy client HTTP traffic to CPPM.

B. On the APs and switches, configure a redirect to ClearPass Guest in the role for devices being profiled.

C. Schedule periodic subnet scans of all client subnets on CPPM.

D. Add the CPPM server's IP address to the IP helper list in all client VLANs on routing switches.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

A company has HPE Aruba Networking Central-managed APs. The company wants to block all clients connected through the APs from using YouTube.
Which steps should you take?

A. Deploy gateways and have the APs tunnel traffic to the gateways. Then, enable the gateway IDS/IPS engine.

B. Enable WebCC on all client firewall roles. Then, create WebCC category rules that deny suspicious URLs.

C. Enable Client IPS at the "custom" level, and then specify the check for YouTube.

D. Enable DPI. Then, create application rules to deny YouTube on the firewall roles.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

A ClearPass Policy Manager (CPPM) service includes these settings:
* Role Mapping Policy:
* Evaluate: Select first
* Rule 1 conditions:
* Authorization:AD:Groups EQUALS Managers
* Authentication:TEAP-Method-1-Status EQUALS Success
* Rule 1 role: manager
Rule 2 conditions:
* Authentication:TEAP-Method-1-Status EQUALS Success
* Rule 2 role: domain-comp
Default role: [Other]
Enforcement Policy:
* Evaluate: Select first
* Rule 1 conditions:
* Tips Role EQUALS manager AND Tips Role EQUALS domain-comp
* Rule 1 profile list: domain-manager
Rule 2 conditions:
* Tips Role EQUALS manager
* Rule 2 profile list: manager-only
Rule 3 conditions:
* Tips Role EQUALS domain-comp
* Rule 3 profile list: domain-only
Default profile: [Deny access]
A client is authenticated by the service. CPPM collects attributes indicating that the user is in the Contractors group, and the client passed both TEAP methods.
Which enforcement policy will be applied?

A. [Deny Access Profile]

B. manager-only

C. domain-manager

D. domain-only

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

HPE7-A02試験無料問題集「HP Aruba Certified Network Security Professional 認定」