Get 50% Flat Discount on This Special Offer | Limited Time Offer - Ends In COUPON: SAVE50

Practice HP HPE6-A84 Exam Questions

Page: 1/12
Total 60 Questions
Question No 1
You are designing an Aruba ClearPass Policy Manager (CPPM) solution for a customer. You learn that the customer has a Palo Alto firewall that filters traffic between clients in the campus and the data center. Which integration can you suggest?
Choose the Choices:


Question No 2
Refer to the scenario.

A customer has an Aruba ClearPass cluster. The customer has AOS - CX switches that implement 802.1X authentication to ClearPass Policy Manager (CPPM). Switches are using local port - access policies. The customer wants to start tunneling wired clients that pass user authentication only to an Aruba gateway cluster. The gateway cluster should assign these clients to the “eth - internet" role. The gateway should also handle assigning clients to their VLAN, which is VLAN 20. The plan for the enforcement policy and profiles is shown below



The gateway cluster has two gateways with these IP addresses • Gateway 1 o VLAN 4085 (system IP) = 10.20.4.21 o VLAN 20 (users) = 10.20.20.1 o VLAN 4094 (WAN) = 198.51.100.14 • Gateway 2 o VLAN 4085 (system IP) = 10.20.4.22 o VLAN 20 (users) = 10.20.20.2 o VLAN 4094 (WAN) = 198.51.100.12 • VRRP on VLAN 20 = 10.20.20.254 The customer requires high availability for the tunnels between the switches and the gateway cluster. If one gateway falls, the other gateway should take over its tunnels. Also, the switch should be able to discover the gateway cluster regardless of whether one of the gateways is in the cluster. You are setting up the UBT zone on an AOS - CX switch. Which IP addresses should you define in the zone?
Choose the Choices:


Question No 3
Refer to the scenario. A customer requires these rights for clients in the “medical - mobile” AOS firewall role on Aruba Mobility Controllers (MCs) Permitted to receive IP addresses with DHCP Permitted access to DNS services from 10.8.9.7 and no other server Permitted access to all subnets in the 10.1.0.0/16 range except denied access to 10.1.12.0/22 Denied access to other 10.0.0.0/8 subnets Permitted access to the Internet Denied access to the WLAN for a period of time if they send any SSH traffic Denied access to the WLAN for a period of time if they send any Telnet traffic Denied access to all high - risk websites External devices should not be permitted to initiate sessions with “medical - mobile” clients, only send return traffic. The exhibits below show the configuration for the role.



There are multiple issues with this configuration. What is one change you must make to meet the scenario requirements? (In the options, rules in a policy are referenced from top to bottom. For example, “medical - mobile” rule 1 is “ipv4 any any svc - dhcp permit,” and rule 8 is “ipv4 any any any permit”.)
Choose the Choices:


Question No 4
A company has an Aruba ClearPass server at 10.47.47.8, FQDN radius.acnsxtest.local. This exhibit shows ClearPass Policy Manager's (CPPM's) settings for an Aruba Mobility Controller (MC).



The MC is already configured with RADIUS authentication settings for CPPM, and RADIUS requests between the MC and CPPM are working. A network admin enters and commits this command to enable dynamic authorization on the MC aaa rfc - 3576 - server 10.47.47.8 But when CPPM sends CoA requests to the MC, they are not working. This exhibit shows the RFC 3576 server statistics on the MC



How could you fix this issue?
Choose the Choices:


Question No 5
Refer to the scenario. A customer requires these rights for clients in the “medical - mobile” AOS firewall role on Aruba Mobility Controllers (MCs) Permitted to receive IP addresses with DHCP Permitted access to DNS services from 10.8.9.7 and no other server Permitted access to all subnets in the 10.1.0.0/16 range except denied access to 10.1.12.0/22 Denied access to other 10.0.0.0/8 subnets Permitted access to the Internet Denied access to the WLAN for a period of time if they send any SSH traffic Denied access to the WLAN for a period of time if they send any Telnet traffic Denied access to all high - risk websites External devices should not be permitted to initiate sessions with “medical - mobile” clients, only send return traffic. The exhibits below show the configuration for the role. What setting not shown in the exhibit must you check to ensure that the requirements of the scenario are met?
Choose the Choices:


Page: 1/12
Total 60 Questions