CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. HP
  5. HPE6-A84

Free HPE6-A84 Exam Braindumps (page: 6)

Page 6 of 16
PDF with 60 Questions

Refer to the exhibit.



Which security issue is possibly indicated by this traffic capture?

  1. An attempt at a DoS attack by a device acting as an unauthorized DNS server
  2. A port scan being run on the 10.1.7.0/24 subnet
  3. A command and control channel established with DNS tunneling
  4. An ARP poisoning or man-in-the-middle attempt by the device at 94:60:d5:bf:36:40

Answer(s): C

Explanation:

DNS tunneling is a technique that abuses the DNS protocol to tunnel data or commands between a compromised host and an attacker's server. DNS tunneling can be used to establish a command and control channel, which allows the attacker to remotely control the malware or exfiltrate data from the infected host1
The traffic capture in the exhibit shows some signs of DNS tunneling. The source IP address is 10.1.7.2, which is likely an internal host behind a firewall. The destination IP address is 8.8.8.8, which is a public DNS resolver. The DNS queries are for subdomains of badsite.com, which is likely a malicious domain registered by the attacker. The subdomains have long and random names, such as 0x2a0x2a0x2a0x2a0x2a0x2a0x2a0x2a.badsite.com, which could be used to encode data or commands. The DNS responses have large sizes, such as 512 bytes, which could be used to carry data or commands back to the host2



You are working with a developer to design a custom NAE script for a customer. You are helping the developer find the correct REST API resource to monitor.

Refer to the exhibit below.



What should you do before proceeding?

  1. Go to the v1 API documentation interface instead of the v10.10 interface.
  2. Use your Aruba passport account and collect a token to use when trying out API calls.
  3. Enable the switch to listen to REST API calls on the default VRF.
  4. Make sure that your browser is set up to store authentication tokens and cookies.

Answer(s): B

Explanation:

The exhibit shows the ArubaOS-CX REST API documentation interface, which allows you to explore the available resources and try out the API calls using the "Try it out" button. However, before you can use this feature, you need to authenticate yourself with your Aruba passport account and collect a token that will be used for subsequent requests. This token will expire after a certain time, so you need to refresh it periodically. You can find more details about how to use the documentation interface and collect a token in the ArubaOS-CX REST API Guide.



A customer has an AOS 10 architecture, consisting of Aruba AP and AOS-CX switches, managed by Aruba Central. The customer wants to obtain information about the clients, such as their general category and OS.
What should you explain?

  1. The customer must deploy Aruba gateways in order to receive any client profiling information.
  2. You will need to set up Aruba Central as a secondary IP helper for client VLANs, but this will not interfere with existing operations.
  3. Aruba Central will automatically derive this information using telemetry from the Aruba devices.
  4. The customer should set up a dedicated switch VSX group to sniff packets and direct them to Aruba Central.

Answer(s): C

Explanation:

Aruba Central can provide visibility and profiling of clients using the Client Insights feature, which is an AI-powered solution that uses native infrastructure telemetry to identify and classify clients based on their OS and general category. This feature does not require any additional hardware or software, such as gateways, IP helpers, or packet sniffers. It works by collecting and analyzing data from the Aruba APs and AOS-CX switches that are managed by Aruba Central. You can find more information about Client Insights in the Visibility and profiling solutions | HPE Aruba Networking page and the Clients Profile - Aruba page.



You are reviewing an endpoint entry in ClearPass Policy Manager (CPPM) Endpoints Repository.

What is a good sign that someone has been trying to gain unauthorized access to the network?

  1. The entry shows multiple DHCP options under the fingerprints.
  2. The entry shows an Unknown status.
  3. The entry shows a profile conflict of having a new profile of Computer for a profiled Printer.
  4. The entry lacks a hostname or includes a hostname with long seemingly random characters.

Answer(s): C

Explanation:

A profile conflict occurs when ClearPass Policy Manager (CPPM) detects a change in the device category or OS family of an endpoint that has been previously profiled. This could indicate that someone has spoofed the MAC address of a legitimate device and is trying to gain unauthorized access to the network. For example, if an endpoint that was previously profiled as a Printer suddenly shows a new profile of Computer, this could be a sign of an attack. You can find more information about profile conflicts and how to resolve them in the ClearPass Policy Manager User Guide. The other options are not necessarily signs of unauthorized access, as they could have other explanations. For example, multiple DHCP options under the fingerprints could indicate that the device has connected to different networks or subnets, an Unknown status could indicate that the device has not been authenticated yet, and a lack of hostname or a random hostname could indicate that the device has not been configured properly or has been reset to factory settings.



Page 6 of 16



Post your Comments and Discuss HP HPE6-A84 exam with other Community members:

fabio commented on September 09, 2024
great work at all
Anonymous
upvote