Practice Free HPE7-A02 Exam Online Questions
You are establishing a cluster of HPE Aruba Networking ClearPass servers. (Assume that they are running version 6.9.).
For which type of certificate it is recommended to install a CA-signed certificate on the Subscriber before it joins the cluster?
- A . Database
- B . HTTPS
- C . RADIUS/EAP
- D . RadSec
You are establishing a cluster of HPE Aruba Networking ClearPass servers. (Assume that they are running version 6.9.).
For which type of certificate it is recommended to install a CA-signed certificate on the Subscriber before it joins the cluster?
- A . Database
- B . HTTPS
- C . RADIUS/EAP
- D . RadSec
Refer to the exhibit.
You have verified that AOS-CX Switch-1 has constructed an IP-to-MAC binding table in VLANs 10-19. Now you need to enable ARP inspection for the endpoint connected to Switch-1.
What must you do first to prevent traffic disruption?
- A . Configure ARP inspection on VLANs 10-19 on Switch-2.
- B . Configure DHCP snooping on VLANs 10-19 on Switch-2.
- C . Configure Switch-1 uplinks as trusted ARP inspection ports.
- D . Create a static IP-to-MAC binding on Switch-1 for the DHCP server.
Refer to the exhibit.
You have verified that AOS-CX Switch-1 has constructed an IP-to-MAC binding table in VLANs 10-19. Now you need to enable ARP inspection for the endpoint connected to Switch-1.
What must you do first to prevent traffic disruption?
- A . Configure ARP inspection on VLANs 10-19 on Switch-2.
- B . Configure DHCP snooping on VLANs 10-19 on Switch-2.
- C . Configure Switch-1 uplinks as trusted ARP inspection ports.
- D . Create a static IP-to-MAC binding on Switch-1 for the DHCP server.
You have installed an HPE Aruba Networking Network Analytic Engine (NAE) script on an AOS-CX switch to monitor a particular function.
Which additional step must you complete to start the monitoring?
- A . Reboot the switch.
- B . Enable NAE, which is disabled by default.
- C . Edit the script to define monitor parameters.
- D . Create an agent from the script.
A company has some office areas that are open to the public. The company wants to implement extra security there and prevent clients of any type from spoofing their IP addresses.
Which features should you configure to meet this requirement?
- A . DHCP snooping and ARP inspection on the VLANs used in those areas and BPDU filtering on the ports
- B . ARP inspection on the VLANs used in those areas and CoPP on the VRF
- C . DHCP snooping and ARP inspection on the VLANs used in those areas and IP source lockdown on the ports
- D . DHCP snooping on the VLANs used in those areas and BPDU protection on the ports
A company is implementing HPE Aruba Networking Wireless IDS/IPS (WIDS/WIPS) on its AOS-10 APs, which are managed in HPE Aruba Networking Central.
What is one requirement for enabling detection of rogue APs?
- A . Each VLAN in the network assigned on at least one AP’s or AM’s port
- B . A Foundation with Security license for each of the APs
- C . One AM deployed for every one AP deployed
- D . A manual radio profile that enables non-regulatory channels
You are using Wireshark to view packets captured from HPE Aruba Networking infrastructure, but you are not sure that the packets are displaying correctly.
In which circumstance does it make sense to ensure that Wireshark has GRE enabled as one of its analyzed protocols?
- A . When the traffic was captured on an HPE Aruba Networking gateway and sent to a remote IP
- B . When the traffic was captured on an HPE Aruba Networking gateway dataplane and saved to a file
- C . When the traffic was captured on an HPE Aruba Networking Mobility Controller (MC) control
plane and saved to a file - D . When the traffic was captured on an HPE Aruba Networking MC dataplane and saved to a file
HPE Aruba Networking switches are implementing MAC-Auth to HPE Aruba Networking ClearPass Policy Manager (CPPM) for a company’s printers. The company wants to quarantine a client that spoofs a legitimate printer’s MAC address. You plan to add a rule to the MAC-Auth service enforcement policy for this purpose.
What condition should you include?
- A . Endpoint Compliance EQUALS false
- B . Endpoint Device Insight Tag EXISTS
- C . Authorization: [Endpoints Repository] Compromised EQUALS true
- D . Authorization: [Endpoints Repository] Conflict EQUALS true
A company wants HPE Aruba Networking ClearPass Policy Manager (CPPM) to respond to Syslog messages from its Check Point firewall. You have added the firewall as an event source and set up an event service. However, test Syslog messages are not triggering the expected actions.
What is one CPPM setting that you should check?
- A . ClearPass Device Insight integration is disabled.
- B . The Check Point Extension is installed through ClearPass Guest.
- C . The CoA delay value is set to 0 on the server.
- D . Ingress Event Dictionaries for Check Point messages are enabled.