Practice Free HPE7-A02 Exam Online Questions
You are configuring the Gateway IDS/IPS settings for an HPE Aruba Networking Central group.
What is a reason to set the Inspection Mode to IPS instead of IDS?
- A . The company has a dedicated security staff that can respond to alerts quickly.
- B . The company’s highest priority is mitigating potential threats immediately.
- C . The company wants to enforce stricter policies associated with lower CVSS scores.
- D . The company is concerned about false positives disrupting connectivity.
You are deploying a virtual Data Collector for use with HPE Aruba Networking ClearPass Device Insight (CPDI). You have identified VLAN 101 in the data center as the VLAN to which the Data Collector should connect to receive its IP address and connect to HPE Aruba Networking Central.
Which Data Collector virtual ports should you tell the virtual admins to connect to VLAN 101?
- A . The one with the lowest MAC address
- B . The one with the highest port ID
- C . The one with the highest MAC address
- D . The one with the lowest port ID
A company is using HPE Aruba Networking Central SD-WAN Orchestrator to establish a hub-spoke VPN between branch gateways (BGWs) at 1164 site and VPNCs at multiple data centers.
What is part of the configuration that admins need to complete?
- A . In VPNCs’ groups, establish VPN pools to control which branches connect to which VPNCs.
- B . In BGWs’ and VPNCs’ groups, create default IKE policies for the SD-WAN Orchestrator to use.
- C . In BGWs’ groups, select the VPNCs to which to connect in a DC preference list.
- D . At the global level, create default IPsec policies for the SD-WAN Orchestrator to use.
A company has a third-party security appliance deployed in its data center. The company wants to pass all traffic for certain clients through that device before forwarding that traffic toward its ultimate destination.
Which AOS-CX switch technology fulfills this use case?
- A . Virtual Network Based Tunneling (VNBT)
- B . MC-LAG
- C . Network Analytics Engine (NAE)
- D . Device profiles
A company has a third-party security appliance deployed in its data center. The company wants to pass all traffic for certain clients through that device before forwarding that traffic toward its ultimate destination.
Which AOS-CX switch technology fulfills this use case?
- A . Virtual Network Based Tunneling (VNBT)
- B . MC-LAG
- C . Network Analytics Engine (NAE)
- D . Device profiles
A company has HPE Aruba Networking APs managed by HPE Aruba Networking Central. You have set up a WLAN to enforce WPA3 with 802.1X authentication.
What happens if the client fails authentication?
- A . The AP assigns the client to the WLAN’s default role.
- B . The AP drops the client because authentication aborts.
- C . The AP assigns the client to the WLAN’s critical role.
- D . The AP assigns the client to the WLAN’s initial role.
A company has HPE Aruba Networking APs managed by HPE Aruba Networking Central. You have set up a WLAN to enforce WPA3 with 802.1X authentication.
What happens if the client fails authentication?
- A . The AP assigns the client to the WLAN’s default role.
- B . The AP drops the client because authentication aborts.
- C . The AP assigns the client to the WLAN’s critical role.
- D . The AP assigns the client to the WLAN’s initial role.
Refer to Exhibit:
All of the switches in the exhibit are AOS-CX switches.
What is the preferred configuration on Switch-2 for preventing rogue OSPF routers in this network?
- A . Configure OSPF authentication on VLANs 10-19 in password mode.
- B . Configure OSPF authentication on Lag 1 in MD5 mode.
- C . Disable OSPF entirely on VLANs 10-19.
- D . Configure passive-interface as the OSPF default and disable OSPF passive on Lag 1.
You are setting up user-based tunneling (UBT) between access layer AOS-CX switches and AOS-10 gateways. You have selected reserved (local) VLAN mode.
Tunneled devices include IoT devices, which should be assigned to:
Roles: iot on the switches and iot-wired on the gateways
VLAN: 64, for which the gateways route traffic.
IoT devices connect to the access layer switches’ edge ports, and the access layer switches reach the gateways on their uplinks.
Where must you configure VLAN 64?
- A . In the iot-wired role and on no physical interfaces
- B . In the iot role and the iot-wired role and on no physical interfaces
- C . In the iot-wired role and the access switch uplinks
- D . In the iot role and the access switch uplinks
A company has HPE Aruba Networking Central-managed APs. The APs enforce 802.1X authentication for clients connected to the MyCompany SSID. Some clients are assigned to the “contractors” role. You have created a firewall rule for the “contractors” role that uses this extended action: denylist, or blacklist in older software versions.
Which additional step must you take to ensure that the action is applied?
- A . Enable Client IPS at the medium level in the security settings.
- B . Enable Client IDS at the medium level in the security settings.
- C . Enable denylisting, or blacklisting, in contractor role settings.
- D . Enable denylisting, or blacklisting, in the MyCompany SSID settings.