Curious about Actual HP Aruba (HPE6-A84) Exam Questions?

Here are sample HP Aruba Certified Network Security Expert Written (HPE6-A84) Exam questions from real exam. You can get more HP Aruba (HPE6-A84) Exam premium practice questions at TestInsights.

Page: 1 /
Total 60 questions
Question 1

You are configuring gateway IDS/IPS settings in Aruba Central.

For which reason would you set the Fail Strategy to Bypass?


Correct : A

The Fail Strategy is a configuration option for the IPS mode of inspection on Aruba gateways. It defines the action to be taken when the IPS engine crashes and cannot inspect the traffic.There are two possible options for the Fail Strategy: Bypass and Block1

If you set the Fail Strategy to Bypass, you are telling the gateway to allow the traffic to flow without inspection when the IPS engine fails.This option ensures that there is no disruption in the network connectivity, but it also exposes the network to potential threats that are not detected or prevented by the IPS engine1

If you set the Fail Strategy to Block, you are telling the gateway to stop the traffic flow until the IPS engine resumes inspection.This option ensures that there is no compromise in the network security, but it also causes a loss of network connectivity for the duration of the IPS engine failure1


Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 2

How does Aruba Central handle security for site-to-site connections between AOS 10 gateways?


Correct : B

Aruba Central supports site-to-site VPNs between AOS 10 gateways, which are Aruba devices that provide routing, firewall, and VPN functions. Aruba Central can automatically provision and manage the site-to-site VPNs using the VPN Manager feature.The VPN Manager allows you to create VPN groups that consist of one or more hubs and branches, and define the VPN settings for each group1

Aruba Central uses IPsec as the protocol to secure the site-to-site connections between the AOS 10 gateways. IPsec is a standard protocol that provides encryption, authentication, and integrity for IP packets. Aruba Central automatically establishes IPsec tunnels for all site-to-site connections using keys that are securely distributed by Central. The keys are generated by Central and pushed to the gateways using a secure channel.The keys are rotated periodically to enhance security2


Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 3

Refer to the exhibit.

HPE6-A84 Exam Question 3 Exhibit 1

Which security issue is possibly indicated by this traffic capture?


Correct : C

DNS tunneling is a technique that abuses the DNS protocol to tunnel data or commands between a compromised host and an attacker's server.DNS tunneling can be used to establish a command and control channel, which allows the attacker to remotely control the malware or exfiltrate data from the infected host1

The traffic capture in the exhibit shows some signs of DNS tunneling. The source IP address is 10.1.7.2, which is likely an internal host behind a firewall. The destination IP address is 8.8.8.8, which is a public DNS resolver. The DNS queries are for subdomains of badsite.com, which is likely a malicious domain registered by the attacker. The subdomains have long and random names, such as 0x2a0x2a0x2a0x2a0x2a0x2a0x2a0x2a.badsite.com, which could be used to encode data or commands.The DNS responses have large sizes, such as 512 bytes, which could be used to carry data or commands back to the host2


Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 4

You are working with a developer to design a custom NAE script for a customer. You are helping the developer find the correct REST API resource to monitor.

Refer to the exhibit below.

HPE6-A84 Exam Question 4 Exhibit 1

What should you do before proceeding?


Correct : B

The exhibit shows the ArubaOS-CX REST API documentation interface, which allows you to explore the available resources and try out the API calls using the ''Try it out'' button. However, before you can use this feature, you need to authenticate yourself with your Aruba passport account and collect a token that will be used for subsequent requests. This token will expire after a certain time, so you need to refresh it periodically.You can find more details about how to use the documentation interface and collect a token in theArubaOS-CX REST API Guide1.


Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 5

A customer has an AOS 10 architecture, which includes Aruba APs. Admins have recently enabled WIDS at the high level. They also enabled alerts and email notifications for several events, as shown in the exhibit.

HPE6-A84 Exam Question 5 Exhibit 1

Admins are complaining that they are getting so many emails that they have to ignore them, so they are going to turn off all notifications.

What is one step you could recommend trying first?


Correct : C

According to the AOS 10 documentation1, WIDS is a feature that monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools. WIDS can be configured at different levels, such as low, medium, high, or custom. The higher the level, the more checks are enabled and the more alerts are generated. However, not all checks are equally relevant or indicative of real threats. Some checks may generate false positives or unnecessary alerts that can overwhelm the administrators and reduce the effectiveness of WIDS.

Therefore, one step that could be recommended to reduce the number of email notifications is to change the WIDS level to custom, and enable only the checks most likely to indicate real threats. This way, the administrators can fine-tune the WIDS settings to suit their network environment and security needs, and avoid getting flooded with irrelevant or redundant alerts. Option C is the correct answer.

Option A is incorrect because sending the email notifications directly to a specific folder and only checking the folder once a week is not a good practice for security management. This could lead to missing or ignoring important alerts that require immediate attention or action. Moreover, this does not solve the problem of getting too many emails in the first place.

Option B is incorrect because disabling email notifications for Rogue AP, but leaving the Infrastructure Attack Detected and Client Attack Detected notifications on, is not a sufficient solution. Rogue APs are unauthorized access points that can pose a serious security risk to the network, as they can be used to intercept or steal sensitive data, launch attacks, or compromise network performance. Therefore, disabling email notifications for Rogue APs could result in missing critical alerts that need to be addressed.

Option D is incorrect because disabling just the Rogue AP and Client Attack Detected alerts, as they overlap with the Infrastructure Attack Detected alert, is not a valid assumption. The Infrastructure Attack Detected alert covers a broad range of attacks that target the network infrastructure, such as deauthentication attacks, spoofing attacks, denial-of-service attacks, etc. The Rogue AP and Client Attack Detected alerts are more specific and focus on detecting and classifying rogue devices and clients that may be involved in such attacks. Therefore, disabling these alerts could result in losing valuable information about the source and nature of the attacks.


Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Page:    1 / 12   
Total 60 questions