Practice Free HPE6-A90 Exam Online Questions
A Campus IT Manager is evaluating the routing architecture for a new EVPN-VXLAN overlay. They must choose between implementing a Centralized L3 Gateway design (routing at the Border/Spine) and a Distributed L3 Gateway design (Anycast gateway at the Leaf/Edge).
Which THREE statements accurately evaluate the trade-offs and operational mechanics of these two architectural models? (Select all that apply.)
- A . Implementing a Distributed L3 Gateway requires the access layer switches (e.g., AOS-CX 6300) to support advanced routing capabilities and possess sufficient hardware resources to maintain the synchronized Anycast MAC/IP tables.
- B . A Distributed L3 Gateway design (Anycast Gateway) optimizes East-West traffic by routing packets at the ingress edge switch, reducing latency and avoiding traffic hairpinning through the core.
- C . The Distributed L3 Gateway model dictates that all external Internet-bound traffic must bypass the EVPN-VXLAN overlay entirely and route natively over the OSPF underlay.
- D . A Centralized L3 Gateway design inherently requires embedded Data Processing Units (DPUs) on all edge access switches to offload the massive MAC address learning tables.
- E . A Centralized L3 Gateway design simplifies the configuration of the access switches, as they only perform Layer 2 VXLAN encapsulation and rely entirely on the Border/Spine nodes for inter-VLAN routing.
What is the foundational architectural purpose of utilizing a "Workspace" within the HPE GreenLake to HPE Aruba Networking Central integration?
- A . It functions as a dedicated hardware appliance profile for localizing the management plane of campus access points.
- B . It defines the detailed physical port configurations and Spanning Tree Protocol (STP) priority parameters for devices in a single building’s wiring closet.
- C . It provides an isolated tenant boundary to manage organizations or customers.
- D . It automatically distributes available subscription licenses to newly onboarded AOS-10 gateways based on their subnet.
A NOC Operations Engineer is attempting to provision a newly purchased AOS-10 Gateway in HPE Aruba Networking Central. The device successfully appears in the GreenLake global device inventory but is completely inaccessible and cannot be added to any Central Configuration Group.
HPE GreenLake -> Device
Inventory
Device: AOS-10 Gateway (SN:
SG98765432)
Status:
Unassigned
Application Assignment:
None
License Tier:
None
Which action must the engineer perform FIRST to resolve this provisioning roadblock?
- A . Create a new Tag-based rule in Central to dynamically route the unassigned gateway to the default configuration group.
- B . Upgrade the gateway firmware to the latest AOS-10 release using a local USB drive to enable cloud connectivity.
- C . Connect a physical console cable to the gateway and manually configure the Central URL via the command-line interface.
- D . Assign an appropriate Advanced or Foundation subscription license to the gateway within the GreenLake platform.
A NOC Operations Engineer is attempting to provision a newly purchased AOS-10 Gateway in HPE Aruba Networking Central. The device successfully appears in the GreenLake global device inventory but is completely inaccessible and cannot be added to any Central Configuration Group.
HPE GreenLake -> Device
Inventory
Device: AOS-10 Gateway (SN:
SG98765432)
Status:
Unassigned
Application Assignment:
None
License Tier:
None
Which action must the engineer perform FIRST to resolve this provisioning roadblock?
- A . Create a new Tag-based rule in Central to dynamically route the unassigned gateway to the default configuration group.
- B . Upgrade the gateway firmware to the latest AOS-10 release using a local USB drive to enable cloud connectivity.
- C . Connect a physical console cable to the gateway and manually configure the Central URL via the command-line interface.
- D . Assign an appropriate Advanced or Foundation subscription license to the gateway within the GreenLake platform.
A NOC Operations Engineer is attempting to provision a newly purchased AOS-10 Gateway in HPE Aruba Networking Central. The device successfully appears in the GreenLake global device inventory but is completely inaccessible and cannot be added to any Central Configuration Group.
HPE GreenLake -> Device
Inventory
Device: AOS-10 Gateway (SN:
SG98765432)
Status:
Unassigned
Application Assignment:
None
License Tier:
None
Which action must the engineer perform FIRST to resolve this provisioning roadblock?
- A . Create a new Tag-based rule in Central to dynamically route the unassigned gateway to the default configuration group.
- B . Upgrade the gateway firmware to the latest AOS-10 release using a local USB drive to enable cloud connectivity.
- C . Connect a physical console cable to the gateway and manually configure the Central URL via the command-line interface.
- D . Assign an appropriate Advanced or Foundation subscription license to the gateway within the GreenLake platform.
A Network Architect is reviewing the deployment of AOS-10 Tri-band APs. The APs require 802.3bt (Class 6 – 60W) PoE to fully power all three radios, the USB port, and the secondary Ethernet port.
However, the legacy AOS-CX 6200 access switches in the building only provide 802.3at (Class 4 – 30W) PoE+.
The architect reviews the switch port and Central status for one of these APs:
[AOS-CX Switch]
Interface 1/1/10
Power Allocated: 25.5W (Class 4)
LLDP-MED Power Negotiation: Successful
[Central AP Health Status]
Status: Power Restricted
Operational State: 2.4GHz (2×2), 5GHz (2×2), 6GHz (Disabled)
Based on the provided data, which TWO statements accurately describe how the AOS-10 AP and AirMatch interact with this hardware power constraint? (Choose 2.)
- A . The AOS-CX switch enforces a localized Control Plane Policing (CoPP) policy to drop the AP’s management traffic until a valid Class 6 midspan injector is physically installed.
- B . The AP leverages Intelligent Power Monitoring (IPM) to dynamically disable specific hardware features (like the 6 GHz radio) according to a prioritized list, ensuring the core functionality survives within the 30W budget.
- C . AirMatch automatically detects the AP’s reduced power state and adjusts the overall campus RF plan, knowing that the specific AP cannot provide 6 GHz coverage or maximum EIRP on the remaining bands.
- D . The AP automatically transitions its remaining 2.4 GHz and 5 GHz radios into a localized Bridge mode to offset the CPU power required for IPsec encapsulation.
- E . AirMatch overrides the switch’s LLDP-MED negotiation, forcing the port to draw 60W, which risks triggering a hardware overcurrent shutdown on the legacy AOS-CX switch.
A Network Architect is reviewing the deployment of AOS-10 Tri-band APs. The APs require 802.3bt (Class 6 – 60W) PoE to fully power all three radios, the USB port, and the secondary Ethernet port.
However, the legacy AOS-CX 6200 access switches in the building only provide 802.3at (Class 4 – 30W) PoE+.
The architect reviews the switch port and Central status for one of these APs:
[AOS-CX Switch]
Interface 1/1/10
Power Allocated: 25.5W (Class 4)
LLDP-MED Power Negotiation: Successful
[Central AP Health Status]
Status: Power Restricted
Operational State: 2.4GHz (2×2), 5GHz (2×2), 6GHz (Disabled)
Based on the provided data, which TWO statements accurately describe how the AOS-10 AP and AirMatch interact with this hardware power constraint? (Choose 2.)
- A . The AOS-CX switch enforces a localized Control Plane Policing (CoPP) policy to drop the AP’s management traffic until a valid Class 6 midspan injector is physically installed.
- B . The AP leverages Intelligent Power Monitoring (IPM) to dynamically disable specific hardware features (like the 6 GHz radio) according to a prioritized list, ensuring the core functionality survives within the 30W budget.
- C . AirMatch automatically detects the AP’s reduced power state and adjusts the overall campus RF plan, knowing that the specific AP cannot provide 6 GHz coverage or maximum EIRP on the remaining bands.
- D . The AP automatically transitions its remaining 2.4 GHz and 5 GHz radios into a localized Bridge mode to offset the CPU power required for IPsec encapsulation.
- E . AirMatch overrides the switch’s LLDP-MED negotiation, forcing the port to draw 60W, which risks triggering a hardware overcurrent shutdown on the legacy AOS-CX switch.
A Network Architect is designing a highly secure, automated warehouse network leveraging Central NetConductor. Hundreds of headless Automated Guided Vehicles (AGVs) connect to the Wi-Fi. The AGVs only support MAC authentication.
To prevent lateral movement if an AGV’s MAC address is spoofed, the architect designs a strict authorization flow integrating MAC authentication with global fabric roles.
ClearPass Policy Manager ->
Enforcement
Profile
Profile Name:
AGV_Auth_Success
Radius:Aruba:Aruba-User-Role =
"AGV_Secure_Role"
Central NetConductor -> Global
Policy
Manager
Role: AGV_Secure_Role (GPID:
550)
Policy: Permit HTTP to 10.10.10.50
(Control Server)
Policy: Deny All other
traffic
Which THREE statements accurately describe how this architecture securely handles the MAC authentication and subsequent datapath authorization across the EVPN-VXLAN fabric? (Select all that apply.)
- A . The AOS-10 Gateway or Fabric Edge switch intercepts the MAC authentication, proxies it to ClearPass, and awaits the specific Aruba-User-Role VSA to determine the device’s identity context.
- B . Because MAC authentication lacks native encryption, the NetConductor fabric automatically encapsulates all AGV traffic in an IPsec tunnel before injecting it into the VXLAN overlay.
- C . If ClearPass cannot profile the AGV securely (suspected spoofing), it can return a restricted VSA (e.g., Quarantine_Role), which the Gateway will immediately enforce to isolate the device.
- D . The Central NetConductor Global Policy Manager automatically pushes the MAC addresses of all approved AGVs directly to the routing tables of the spine switches to optimize the overlay.
- E . Once the AGV_Secure_Role is applied at the ingress edge, the GPID (550) is embedded in the VXLAN header, ensuring the strict "Deny All" policy follows the AGV as it roams across different switches and APs.
A NOC Operations Engineer receives a critical alert indicating that an AOS-10 Gateway at a remote branch failed its automated firmware upgrade.
The gateway was scheduled to upgrade from 10.3.x to 10.4.x.
The engineer reviews the system log extracted from the gateway’s local buffer:
[2023-11-15 03:00:05] [FW-MGR] Upgrade job received from Central (Target: 10.4.0.2)
[2023-11-15 03:00:06] [FW-MGR] Initiating download from https://images.arubanetworks.com
[2023-11-15 03:00:07] [NETWORK] Resolving hostname images.arubanetworks.com… Failed
[2023-11-15 03:00:10] [NETWORK] Retrying DNS resolution (Attempt 2)… Failed
[2023-11-15 03:00:25] [FW-MGR] Error: Cannot reach image repository.
[2023-11-15 03:00:26] [FW-MGR] Upgrade aborted. Device will remain on current partition.
[2023-11-15 03:00:30] [SYSTEM] Reporting failure status to Central Orchestrator.
Based on the provided log data, which TWO underlying network issues are preventing the AOS-10 Gateway from completing the firmware upgrade? (Choose 2.)
- A . The gateway is missing a valid default gateway route on its primary WAN interface, preventing outbound internet access.
- B . The DNS server configured on the gateway’s management interface is unreachable or is failing to resolve external cloud FQDNs.
- C . The gateway’s secondary boot partition is currently corrupted, preventing the extraction of the downloaded firmware binary.
- D . The gateway is operating in an unlicensed state, which actively blocks the firmware management daemon from executing local upgrades.
- E . An upstream perimeter firewall is actively performing deep packet inspection and dropping the outbound TCP 443 (HTTPS) payload.
A NOC Operations Engineer receives a critical alert indicating that an AOS-10 Gateway at a remote branch failed its automated firmware upgrade.
The gateway was scheduled to upgrade from 10.3.x to 10.4.x.
The engineer reviews the system log extracted from the gateway’s local buffer:
[2023-11-15 03:00:05] [FW-MGR] Upgrade job received from Central (Target: 10.4.0.2)
[2023-11-15 03:00:06] [FW-MGR] Initiating download from https://images.arubanetworks.com
[2023-11-15 03:00:07] [NETWORK] Resolving hostname images.arubanetworks.com… Failed
[2023-11-15 03:00:10] [NETWORK] Retrying DNS resolution (Attempt 2)… Failed
[2023-11-15 03:00:25] [FW-MGR] Error: Cannot reach image repository.
[2023-11-15 03:00:26] [FW-MGR] Upgrade aborted. Device will remain on current partition.
[2023-11-15 03:00:30] [SYSTEM] Reporting failure status to Central Orchestrator.
Based on the provided log data, which TWO underlying network issues are preventing the AOS-10 Gateway from completing the firmware upgrade? (Choose 2.)
- A . The gateway is missing a valid default gateway route on its primary WAN interface, preventing outbound internet access.
- B . The DNS server configured on the gateway’s management interface is unreachable or is failing to resolve external cloud FQDNs.
- C . The gateway’s secondary boot partition is currently corrupted, preventing the extraction of the downloaded firmware binary.
- D . The gateway is operating in an unlicensed state, which actively blocks the firmware management daemon from executing local upgrades.
- E . An upstream perimeter firewall is actively performing deep packet inspection and dropping the outbound TCP 443 (HTTPS) payload.