Practice Free HPE7-A02 Exam Online Questions
What can help justify the extra cost of air monitors (AMs) to a company?
- A . AMs support tarpit containment, which introduces fewer legal issues than deauthentication containment.
- B . AMs can support wireless clients when they are not actively containing a device, so companies benefit from better security and connectivity.
- C . AMs support additional IDS/IPS features, such as malware and Trojan detection, to enhance overall security.
- D . AMs can detect wireless threats much faster than hybrid APs, reducing the company’s vulnerability surface.
What can help justify the extra cost of air monitors (AMs) to a company?
- A . AMs support tarpit containment, which introduces fewer legal issues than deauthentication containment.
- B . AMs can support wireless clients when they are not actively containing a device, so companies benefit from better security and connectivity.
- C . AMs support additional IDS/IPS features, such as malware and Trojan detection, to enhance overall security.
- D . AMs can detect wireless threats much faster than hybrid APs, reducing the company’s vulnerability surface.
Refer to the exhibit.
All of the switches in the exhibit are AOS-CX switches.
What is the preferred configuration on Switch-2 for preventing rogue OSPF routers in this network?
- A . Disable OSPF entirely on VLANs 10-19.
- B . Configure OSPF authentication on VLANs 10-19 in password mode.
- C . Configure OSPF authentication on Lag 1 in MD5 mode.
- D . Configure passive-interface as the OSPF default and disable OSPF passive on Lag 1.
Refer to the exhibit.
All of the switches in the exhibit are AOS-CX switches.
What is the preferred configuration on Switch-2 for preventing rogue OSPF routers in this network?
- A . Disable OSPF entirely on VLANs 10-19.
- B . Configure OSPF authentication on VLANs 10-19 in password mode.
- C . Configure OSPF authentication on Lag 1 in MD5 mode.
- D . Configure passive-interface as the OSPF default and disable OSPF passive on Lag 1.
Which issue can an HPE Aruba Networking Secure Web Gateway (SWG) solution help customers address?
- A . The organization needs a faster way to quarantine clients that have generated threats, as detected by third-party firewalls.
- B . Hybrid workers are exposing their computers to risky internet sites and infection by malware when they work from home.
- C . Remote workers need access to private data center applications without exposing those applications to unauthorized users.
- D . The organization currently has no way to prevent users from exfiltrating sensitive data from SaaS applications.
HPE Aruba Networking Central displays an alert about an Infrastructure Attack that was detected. You go to the Security > RAPIDS events and see that the attack was "Detect adhoc using Valid SSID."
What is one possible next step?
- A . Make sure that you have tuned the threshold for that check as false positives are common for it.
- B . Make sure that clients have updated drivers, as faulty drivers are a common explanation for this attack type.
- C . Use HPE Aruba Networking Central floorplans or the detecting AP identities to locate the general area for the threat.
- D . Look for the IP address associated with the offender and then check for that IP address among HPE Aruba Networking Central clients.
HPE Aruba Networking Central displays an alert about an Infrastructure Attack that was detected. You go to the Security > RAPIDS events and see that the attack was "Detect adhoc using Valid SSID."
What is one possible next step?
- A . Make sure that you have tuned the threshold for that check as false positives are common for it.
- B . Make sure that clients have updated drivers, as faulty drivers are a common explanation for this attack type.
- C . Use HPE Aruba Networking Central floorplans or the detecting AP identities to locate the general area for the threat.
- D . Look for the IP address associated with the offender and then check for that IP address among HPE Aruba Networking Central clients.
A company uses HPE Aruba Networking ClearPass Policy Manager (CPPM) as a TACACS+ server to authenticate managers on its AOS-CX switches. The company wants CPPM to control which commands managers are allowed to enter. You see there is no field to enter these commands in ClearPass.
How do you start configuring the command list on CPPM?
- A . Add the Shell service to the managers’ TACACS+ enforcement profiles.
- B . Edit the TACACS+ settings in the AOS-CX switches’ network device entries.
- C . Create an enforcement policy with the TACACS+ type.
- D . Edit the settings for CPPM’s default TACACS+ admin roles.
Refer to the exhibits.
HPE Aruba Networking ClearPass Policy Manager (CPPM) is authenticating 802.1X clients using Active Directory as the source. CPPM has a custom attribute for AD that uses AccountStatus as userAccountControl.
Which enforcement profile does CPPM apply to a client that:
Succeeds in authenticating to an active AD user account: userAccountControl = 512
Does not succeed at authenticating as a computer
- A . profile3
- B . profile1
- C . Deny Access Profile
- D . profile2
Refer to the exhibits.
HPE Aruba Networking ClearPass Policy Manager (CPPM) is authenticating 802.1X clients using Active Directory as the source. CPPM has a custom attribute for AD that uses AccountStatus as userAccountControl.
Which enforcement profile does CPPM apply to a client that:
Succeeds in authenticating to an active AD user account: userAccountControl = 512
Does not succeed at authenticating as a computer
- A . profile3
- B . profile1
- C . Deny Access Profile
- D . profile2