HPE6-A84 무료 덤프문제 온라인 액세스

A customer's admins have added RF Protect licenses and enabled WIDS for a customer's AOS 8-based solution. The customer wants to use the built-in capabilities of APs without deploying dedicated air monitors (AMs). Admins tested rogue AP detection by connecting an unauthorized wireless AP to a switch. The rogue AP was not detected even after several hours.
What is one point about which you should ask?

• A.Whether admins set at least one radio on each AP to air monitor mode
• B.Whether admins enabled wireless containment
• C.Whether APs' switch ports support all the VLANs that are accessible at the edge
• D.Whether the customer is using non-standard Wi-Fi channels in the deployment

The customer needs a way for users to enroll new wired clients in Intune. The clients should have limited access that only lets them enroll and receive certificates. You plan to set up these rights in an AOS-CX role named "provision." The customer's security team dictates that you must limit these clients' Internet access to only the necessary sites. Your switch software supports IPv4 and IPv6 addresses for the rules applied in the "provision" role.
What should you recommend?

• A.Assigning the "provision" role to a VLAN and then setting up the rules within a Layer 2 access control list (ACL)
• B.Configuring the rules for the "provision" role with IPv6 addresses, which tend to be more stable
• C.Enabling tunneling to the MCs on the "provision" role and then setting up the privileges on the MCs
• D.Configuring the "provision" role as a downloadable user role (DUR) in CPPM

You are designing an Aruba ClearPass Policy Manager (CPPM) solution for a customer. You learn that the customer has a Palo Alto firewall that filters traffic between clients in the campus and the data center.
Which integration can you suggest?

• A.Establishing a double layer of authentication at both the campus edge and the data center DMZ
• B.Importing the firewall's rules to program downloadable user roles for AOS-CX switches more quickly
• C.Importing clients' MAC addresses to configure known clients for MAC authentication more quickly
• D.Sending Syslogs from the firewall to CPPM to signal CPPM to change the authentication status for misbehaving clients

Refer to the scenario.
A customer has an Aruba ClearPass cluster. The customer has AOS-CX switches that implement 802.1X authentication to ClearPass Policy Manager (CPPM).
Switches are using local port-access policies.
The customer wants to start tunneling wired clients that pass user authentication only to an Aruba gateway cluster. The gateway cluster should assign these clients to the "eth-internet" role. The gateway should also handle assigning clients to their VLAN, which is VLAN 20.
The plan for the enforcement policy and profiles is shown below:

The gateway cluster has two gateways with these IP addresses:
* Gateway 1
o VLAN 4085 (system IP) = 10.20.4.21
o VLAN 20 (users) = 10.20.20.1
o VLAN 4094 (WAN) = 198.51.100.14
* Gateway 2
o VLAN 4085 (system IP) = 10.20.4.22
o VLAN 20 (users) = 10.20.20.2
o VLAN 4094 (WAN) = 198.51.100.12
* VRRP on VLAN 20 = 10.20.20.254
The customer requires high availability for the tunnels between the switches and the gateway cluster. If one gateway falls, the other gateway should take over its tunnels. Also, the switch should be able to discover the gateway cluster regardless of whether one of the gateways is in the cluster.
Assume that you are using the "myzone" name for the UBT zone.
Which is a valid minimal configuration for the AOS-CX port-access roles?

• A.port-access role internet-only gateway-zone zone myzone gateway-role eth-internet
• B.port-access role internet-only gateway-zone zone myzone gateway-role eth-internet vlan access 20
• C.port-access role eth-internet gateway-zone zone myzone gateway-role eth-user
• D.port-access role eth-internet gateway-zone zone myzone gateway-role eth-internet vlan access 20

You want to use Device Insight tags as conditions within CPPM role mapping or enforcement policy rules.
What guidelines should you follow?

• A.Create an HTTP authentication source to the Central API that queries for the tags. To use that source as the type for rule conditions, add it an authorization source for the service in question.
• B.Use the Endpoint type for the rule conditions; no extra authorization source is required for services that use policies with these rules.
• C.Use the Application type for the rule conditions; no extra authorization source is required for services that use policies with these rules.
• D.Use the Endpoints Repository type for the rule conditions; Add Endpoints Repository as a secondary authentication source for services that use policies with these rules.