HPE6-A84 Exam Dumps : Aruba Certified Network Security Expert Written Exam

 This is because this URI specifies the exact attribute that contains the number of access rejects from the RADIUS server, which is the information that the NAE script needs to monitor and trigger an alert.

A. /rest/v1/system/vrfs/mgmt/radius/servers/cp.acnsxtest.local/2083/tcp?attributes=authstatistics. This is not the correct URI because it returns the entire authstatistics object, which contains more information than the access rejects, such as access accepts, challenges, timeouts, etc. This might make the NAE script more complex and inefficient to parse and process the data.

B. /rest/v1/system/vrfs/mgmt/radius/servers/cp.acnsxtest.local/2083/tcp?attributes=authstatistics?attributes=access_rejects. This is not a valid URI because it has two question marks, which is a syntax error. The question mark is used to indicate the start of the query string, which can have one or more parameters separated by ampersands. The correct way to specify multiple attributes is to use a comma-separated list after the question mark, such as ?attributes=attr1,attr2,attr3.

C. /rest/v1/system/vrfs/mgmt/radius/_servers/cp.acnsxtest.local/2083/tcp. This is not a valid URI because it has an extra underscore before servers, which is a typo. The correct resource name is servers, not _servers. Moreover, this URI does not specify any attributes, which means it will return the default attributes of the RADIUS server object, such as name, port, protocol, etc., but not the authstatistics or access_rejects.

7of30

A DNS SAN (Subject Alternative Name) is an extension of the X.509 certificate standard that allows specifying additional hostnames or IP addresses that the certificate can be used for. A DNS SAN is useful for validating the identity of the server or client that presents the certificate, especially when the common name (CN) field does not match the hostname or IP address of the server or client.

In this case, the certificate has a CN of mc41.site94.example.com, which is the fully qualified domain name (FQDN) of the standalone Aruba Mobility Controller (MC). However, this CN may not match the hostname or IP address that the MC uses for the Web UI or for implementing RadSec with Aruba ClearPass Policy Manager. For example, if the MC uses a different FQDN, such as mc41.example.com, or an IP address, such as 192.168.1.41, for these purposes, then the certificate would not be valid for them. Therefore, the certificate should have a DNS SAN that includes all the possible hostnames or IP addresses that the MC may use for the Web UI and RadSec.

The exhibit shows a screenshot of a Malwarebytes alert that indicates that a website was blocked due to compromise. The alert contains the following information:

• The type of protection: Web Protection
• The website that was blocked: 10.254.1.21
• The port that was used: 80
• The process that initiated the connection: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
• The IP address of the device that initiated the connection: 10.1.26.151

The IP address of the device that initiated the connection is the one that should be recorded as a possibly compromised client, as it indicates that the device tried to access a malicious website that could infect it with malware or steal its data. In this case, the IP address of the possibly compromised client is 10.1.26.151.