Leads4pass > HP > HP Certifications > HPE6-A84 > HPE6-A84 Online Practice Questions and Answers

HPE6-A84 Online Practice Questions and Answers

Questions 4

Refer to the scenario.

A customer has asked you to review their AOS-CX switches for potential vulnerabilities. The configuration for these switches is shown below:

What is one immediate remediation that you should recommend?

A. Changing the switch's DNS server to the mgmt VRF

B. Setting the clock manually instead of using NTP

C. Either disabling DHCPv4-snoopinq or leaving it enabled, but also enabling ARP inspection

D. Disabling Telnet

Buy Now
Questions 5

You are reviewing an endpoint entry in ClearPass Policy Manager (CPPM) Endpoints Repository.

What is a good sign that someone has been trying to gain unauthorized access to the network?

A. The entry shows multiple DHCP options under the fingerprints.

B. The entry shows an Unknown status.

C. The entry shows a profile conflict of having a new profile of Computer for a profiled Printer.

D. The entry lacks a hostname or includes a hostname with long seemingly random characters.

Buy Now
Questions 6

What is a common characteristic of a beacon between a compromised device and a command and control server?

A. Use of IPv6 addressing instead of IPv4 addressing

B. Lack of encryption

C. Use of less common protocols such as SNAP

D. Periodic transmission of small, identically sized packets

Buy Now
Questions 7

A customer requires a secure solution for connecting remote users to the corporate main site. You are designing a client-to-site virtual private network (VPN) based on Aruba VIA and Aruba Mobility Controllers acting as VPN Concentrators (VPNCs). Remote users will first use the VIA client to contact the VPNCs and obtain connection settings.

The users should only be allowed to receive the settings if they are the customer's "RemoteEmployees" AD group. After receiving the settings, the VIA clients will automatically establish VPN connections, authenticating to CPPM with certificates.

What should you do to help ensure that only authorized users obtain VIA connection settings?

A. Set up the VPNCs' VIA web authentication profile to use CPPM as the authentication server; set up a service on CPPM that uses AD as the authentication source.

B. Set up the VPNCs' VIA web authentication profile to use an AD domain controller as the LDAP server.

C. Set up the VPNCs' VIA connection profile to use two authentication profiles, one RADIUS profile to CPPM and one LDAP profile to AD.

D. Set up the VPNCs' VIA connection profile to use one authentication profile, which is set to the AD domain controller's hostname.

Buy Now
Questions 8

Refer to the scenario.

An organization wants the AOS-CX switch to trigger an alert if its RADIUS server (cp.acnsxtest.local) rejects an unusual number of client authentication requests per hour. After some discussions with other Aruba admins, you are still not sure

how many rejections are usual or unusual. You expect that the value could be different on each switch.

You are helping the developer understand how to develop an NAE script for this use case.

You are helping the developer find the right URI for the monitor.

Refer to the exhibit.

You have used the REST API reference interface to submit a test call. The results are shown in the exhibit.

Which URI should you give to the developer?

A. /rest/v1/system/vrfs/mgmt/radius/servers/cp.acnsxtest.local/2083/tcp?attributes=authstatisti cs

B. /rest/v1/system/vrfs/mgmt/radius/servers/cp.acnsxtest.local/2083/tcp?attributes=authstatisti cs?attributes=access_rejects

C. /rest/v1/system/vrfs/mgmt/radius/_servers/cp.acnsxtest.local/2083/tcp

D. /rest/v1/system/vrfs/mgmt/radius/servers/cp.acnsxtest.local/2083/tcp?attributes=authstatisti cs.access_rejects

Buy Now
Questions 9

Several AOS-CX switches are responding to SNMPv2 GET requests for the public community. The customer only permits SNMPv3. You have asked a network admin to fix this problem. The admin says, "I tried to remove the community, but the CLI output an error."

What should you recommend to remediate the vulnerability and meet the customer's requirements?

A. Enabling control plane policing to automatically drop SNMP GET requests

B. Setting the snmp-server settings to "snmpv3-only"

C. Adding an SNMP community with a long random name

D. Enabling SNMPv3, which implicitly disables SNMPv1/v2

Buy Now
Questions 10

Refer to the exhibit.

You have been given this certificate to install on a ClearPass server for the RADIUS/EAP and RadSec usages.

What is one issue?

A. The certificate has a wildcard in the subject common name.

B. The certificate uses a fully qualified the '.local" domain name.

C. The certificate does not have a URI subject alternative name

D. The certificate does not have an IP subject alternative name

Buy Now
Questions 11

You are working with a developer to design a custom NAE script for a customer. You are helping the developer find the correct REST API resource to monitor.

Refer to the exhibit below.

What should you do before proceeding?

A. Go to the v1 API documentation interface instead of the v10.10 interface.

B. Use your Aruba passport account and collect a token to use when trying out API calls.

C. Enable the switch to listen to REST API calls on the default VRF.

D. Make sure that your browser is set up to store authentication tokens and cookies.

Buy Now
Questions 12

Which element helps to lay the foundation for solid network security forensics?

A. Enable BPDU protection and loop protection on edqe switch ports

B. Enabling debug-level information for network infrastructure device logs

C. Implementing 802.1X authentication on switch ports that connect to APs

D. Ensuring that all network devices use a correct, consistent clock

Buy Now
Questions 13

Refer to the scenario.

This customer is enforcing 802.1X on AOS-CX switches to Aruba ClearPass Policy Manager (CPPM). The customer wants switches to download role settings from CPPM. The "reception-domain" role must have these settings:

-- Assigns clients to VLAN 14 on switch 1, VLAN 24 on switch 2, and so on.

-- Filters client traffic as follows:

-- Clients are permitted full access to 10.1.5.0/24 and the Internet

-- Clients are denied access to 10.1.0.0/16 The switch topology is shown here:

How should you configure the VLAN setting for the reception role?

A. Assign a consistent name to VLAN 14, 24, or 34 on each access layer switch and reference that name in the enforcement profile VLAN settings.

B. Configure the enforcement profile as a downloadable role, but specify only the role name and leave the VLAN undefined. Then define a 'reception' role with the correct VLAN setting on each individual access layer switch.

C. Assign a number-based ID to the access layer switches. Then use this variable in the enforcement profile VLAN settings: %(NAS-ID]4.

D. Create a separate enforcement profile with a different VLAN ID for each switch. Add all profiles to the profile list in the appropriate enforcement policy rule.

Buy Now
Exam Code: HPE6-A84
Exam Name: Aruba Certified Network Security Expert Written
Last Update: Jul 09, 2026
Questions: 60
10%OFF Coupon Code: SAVE10

PDF (Q&A)

$49.99

VCE

$55.99

PDF + VCE

$65.99