HP HPE6-A84 Study & Exam Dumps 2025

Aruba Certified Network Security Expert Written Exam Questions and Answers

Question 1

Refer to the scenario.

This customer is enforcing 802.1X on AOS-CX switches to Aruba ClearPass Policy Manager (CPPM). The customer wants switches to download role settings from CPPM. The “reception-domain” role must have these settings:

— Assigns clients to VLAN 14 on switch 1, VLAN 24 on switch 2, and so on.

— Filters client traffic as follows:

— Clients are permitted full access to 10.1.5.0/24 and the Internet

— Clients are denied access to 10.1.0.0/16

The switch topology is shown here:

How should you configure the VLAN setting for the reception role?

Options:

Assign a consistent name to VLAN 14, 24, or 34 on each access layer switch and reference that name in the enforcement profile VLAN settings.

Configure the enforcement profile as a downloadable role, but specify only the role name and leave the VLAN undefined. Then define a 'reception' role with the correct VLAN setting on each individual access layer switch.

Assign a number-based ID to the access layer switches. Then use this variable in the enforcement profile VLAN settings: %(NAS-ID]4.

Create a separate enforcement profile with a different VLAN ID for each switch. Add all profiles to the profile list in the appropriate enforcement policy rule.

Buy Now

Question 2

You need to install a certificate on a standalone Aruba Mobility Controller (MC). The MC will need to use the certificate for the Web UI and for implementing RadSec with Aruba ClearPass Policy Manager. You have been given a certificate with these settings:

Subject: CN=mc41.site94.example.com

No SANs

Issuer: CN=ca41.example.com

EKUs: Server Authentication, Client Authentication

What issue does this certificate have for the purposes for which the certificate is intended?

Options:

It has conflicting EKUs.

It is issued by a private CA.

It specifies domain info in the CN field instead of the DC field.

It lacks a DNS SAN.

Question 3

Refer to the scenario.

A customer has an Aruba ClearPass cluster. The customer has AOS-CX switches that implement 802.1X authentication to ClearPass Policy Manager (CPPM).

Switches are using local port-access policies.

The customer wants to start tunneling wired clients that pass user authentication only to an Aruba gateway cluster. The gateway cluster should assign these clients to the “eth-internet" role. The gateway should also handle assigning clients to their VLAN, which is VLAN 20.

The plan for the enforcement policy and profiles is shown below:

The gateway cluster has two gateways with these IP addresses:

• Gateway 1

o VLAN 4085 (system IP) = 10.20.4.21

o VLAN 20 (users) = 10.20.20.1

o VLAN 4094 (WAN) = 198.51.100.14

• Gateway 2

o VLAN 4085 (system IP) = 10.20.4.22

o VLAN 20 (users) = 10.20.20.2

o VLAN 4094 (WAN) = 198.51.100.12

• VRRP on VLAN 20 = 10.20.20.254

The customer requires high availability for the tunnels between the switches and the gateway cluster. If one gateway falls, the other gateway should take over its tunnels. Also, the switch should be able to discover the gateway cluster regardless of whether one of the gateways is in the cluster.

What is one change that you should make to the solution?

Options:

Change the ubt-client-vlan to VLAN 13.

Configure edge ports in VLAN trunk mode.

Remove VLAN assignments from role configurations on the gateways.

Configure the UBT solution to use VLAN extend mode.

Get Free HPE6-A84 Questions and Answers

Summer Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

HP HPE6-A84 Exam With Confidence Using Practice Dumps

HPE6-A84: ACA - Network Security Exam 2025 Study Guide Pdf and Test Engine

Related HP Exams

Aruba Certified Network Security Expert Written Exam Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

CompTIA

Fortinet

Microsoft

Salesforce