Question 1

Refer to the exhibit.

Aruba ClearPass Policy Manager (CPPM) is using the settings shown in the exhibit. You reference the tag shown in the exhibit in enforcement policies related to NASes of several types, including Aruba APs, Aruba gateways, and AOS-CX switches.

What should you do to ensure that clients are reclassified and receive the correct treatment based on the tag?

Options :

A : Change the RADIUS action to [Aruba Wireless – Terminate Session] which is supported by all the NASes in question.

B : Change the RADIUS action to [Aruba Wireless – Bounce Switch Port] which is supported by all the NASes in question.

C :

Enable profiling in each service using one of these enforcement profiles. Set the profiling action to the correct one for the NASes using that service.

D : Set the Tags Update Action to No Action. Then instead enable the RADIUS CoAs using enforcement profiles in the rules that match clients with the tag shown in the exhibit.

Answer: D

Question 2

Refer to the exhibit.

Which IP address should you record as a possibly compromised client?

Options :

A : 10.1.26.151

B : 10.1.7.100

C : 10.1.26.1

D : 10.254.1.21

Answer: A

Question 3

A company has Aruba gateways that are Implementing gateway IDS/IPS in IDS mode. The customer complains that admins are receiving too frequent of repeat email notifications for the same threat. The threat itself might be one that the admins should investigate, but the customer does not want the email notification to repeat as often.

Which setting should you adjust in Aruba Central?

Options :

A : Report scheduling settings

B : Alert duration and threshold settings

C : The IDS policy setting (strict, medium, or lenient)

D : The allowlist settings in the IDS policy

Answer: B

Question 4

You are configuring gateway IDS/IPS settings in Aruba Central.

For which reason would you set the Fail Strategy to Bypass?

Options :

A : To permit traffic if the IPS engine falls to inspect It

B : To enable the gateway to honor the allowlist settings configured in IDS/IPS policies

C : To tell gateways to stop enforcing IDS/IPS policies if they lose connectivity to the Internet

D : To avoid wasting IPS engine resources on filtering traffic for unauthenticated clients

Answer: A

Question 5

Refer to the scenario.

A customer is migrating from on-prem AD to Azure AD as its sole domain solution. The customer also manages both wired and wireless devices with Microsoft Endpoint Manager (Intune).

The customer wants to improve security for the network edge. You are helping the customer design a ClearPass deployment for this purpose. Aruba network devices will authenticate wireless and wired clients to an Aruba ClearPass Policy Manager (CPPM) cluster (which uses version 6.10).

The customer has several requirements for authentication. The clients should only pass EAP-TLS authentication if a query to Azure AD shows that they have accounts in Azure AD. To further refine the clients’ privileges, ClearPass also should use information collected by Intune to make access control decisions.

You are planning to use Azure AD as the authentication source in 802.1X services.

What should you make sure that the customer understands is required?

Options :

A : An app registration on Azure AD that references the CPPM-s FQDN

B : Windows 365 subscriptions

C : CPPM-s RADIUS certificate was imported as trusted in the Azure AD directory

D : Azure AD Domain Services

Answer: A

Higher Test Marks with Free Online HPE6-A84 Exam Practice

Buying Options: