CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. HP
  5. HPE7-A01

Free HPE7-A01 Exam Braindumps (page: 14)

Page 13 of 30
PDF with 119 Questions

What is one advantage of using OCSP vs CRLs for certificate validation?

  1. reduces latency between the time a certificate is revoked and validation reflects this status
  2. less complex to implement
  3. higher availability for certificate validation
  4. supports longer certificate validity periods

Answer(s): A

Explanation:

OCSP is a protocol that allows clients to query the CA or a trusted responder for the status of a specific certificate. OCSP requests and responses are smaller and faster than CRLs, and they can provide real-time information about the revocation status of a certificate. CRLs are lists of all revoked certificates that are downloaded from the CA. CRLs can present issues, as they can become outdated and have to be downloaded frequently. Therefore, OCSP reduces latency between the time a certificate is revoked and validation reflects this status.


Reference:

1 https://sectigostore.com/blog/ocsp-vs-crl-whats-the-

difference/ 2 https://www.keyfactor.com/blog/what-is-a-certificate-revocation-list-crl-vs- ocsp/ 3 https://www.fortinet.com/resources/cyberglossary/ocsp



A customer wants to provide wired security as close to the source as possible The wired security must meet the following requirements:
-allow ping from the IT management VLAN to the user VLAN -deny ping sourcing from the user VLAN to the IT management VLAN The customer is using Aruba CX 6300s
What is the correct way to implement these requirements?

  1. Apply an outbound ACL on the user VLAN allowing temp echo-reply traffic toward the IT management VLAN
  2. Apply an inbound ACL on the user VLAN allowing icmp echo-reply traffic toward the IT management VLAN
  3. Apply an inbound ACL on the user VLAN denying icmp echo traffic toward the IT management VLAN
  4. Apply an outbound ACL on the user VLAN denying icmp echo traffic toward the IT management VLAN

Answer(s): C

Explanation:

An inbound ACL is applied to traffic entering a port or VLAN. An outbound ACL is applied to traffic leaving a port or VLAN4. To deny ping sourcing from the user VLAN to the IT management VLAN, an inbound ACL on the user VLAN should be used to filter icmp echo traffic toward the IT management VLAN. Icmp echo-reply traffic is not needed to be allowed because it is already permitted by default5.


Reference:

4 https://techhub.hpe.com/eginfolib/Aruba/OS-CX_10.04/5200-6692/GUID- 9B8F6E8F-9C7A-4F0D-AE7B-9D8E6C5B6A7F.html 5 https://techhub.hpe.com/eginfolib/Aruba/OS- CX_10.04/5200-6692/GUID-0C3A9D0F-6E5B-4E1A-AF3C-8D8B2F9C1A7B.html



In AOS 10. which session-based ACL below will only allow ping from any wired station to wireless clients but will not allow ping from wireless clients to wired stations"? The wired host ingress traffic arrives on a trusted port.

  1. ip access-list session pingFromWired any user any permit
  2. ip access-list session pingFromWired user any svc-icmp deny any any svc-icmp permit
  3. ip access-list session pingFromWired any any svc-icmp permit user any svc-icmp deny
  4. ip access-list session pingFromWired any any svc-icmp deny any user svc-icmp permit

Answer(s): D

Explanation:

A session-based ACL is applied to traffic entering or leaving a port or VLAN based on the direction of the session initiation. To allow ping from any wired station to wireless clients but not vice versa, a session-based ACL should be used to deny icmp echo traffic from any source to any destination, and then permit icmp echo-reply traffic from any source to user destination. The user role represents wireless clients in AOS 10.


Reference:

https://techhub.hpe.com/eginfolib/Aruba/OS-CX_10.04/5200- 6692/GUID-BD3E0A5F-FE4C-4B9B-BE1D-FE7D2B9F8C3A.html https://techhub.hpe.com/eginfolib/networking/docs/arubaos-switch/security/GUID-EA0A5B3C- FE4C-4B9B-BE1D-FE7D2B9F8C3A.html



The administrator notices that wired guest users that have exceeded their bandwidth limit are not being disconnected Access Tracker in ClearPass indicates a disconnect CoA message is being sent to the AOS-CX switch.
An administrator has performed the following configuration



What is the most likely cause of this issue?

  1. Change of Authorization has not been globally enabled on the switch
  2. The SSL certificate for CPPM has not been added as a trust point on the switch
  3. There is a mismatch between the RADIUS secret on the switch and CPPM.
  4. There is a time difference between the switch and the ClearPass Policy Manager

Answer(s): D

Explanation:

Change of Authorization (CoA) is a feature that allows ClearPass Policy Manager (CPPM) to send messages to network devices such as switches to change the authorization state of a user session. CoA requires that both CPPM and the network device support this feature and have it enabled. For AOS-CX switches, CoA must be globally enabled using the command radius-server coa enable. If CoA is not enabled on the switch, the disconnect CoA message from CPPM will be ignored and the user session will not be terminated.


Reference:

https://www.arubanetworks.com/techdocs/ClearPass/6.7/PolicyManager/index.htm#CPPM_UserG uide/Admin/ChangeOfAuthorization.htm https://techhub.hpe.com/eginfolib/Aruba/OS- CX_10.04/5200-6692/GUID-9B8F6E8F-9C7A-4F0D-AE7B-9D8E6C5B6A7F.html






Post your Comments and Discuss HP HPE7-A01 exam with other Community members:

HPE7-A01 Discussions & Posts