[2024年02月]更新のHPE6-A84問題集で時間限定!無料アクセスせよ!
HPE6-A84問題集で2024年最新のHP HPE6-A84試験問題
HP HPE6-A84(Aruba Certified Network Security Expert Writde)認定試験は、Aruba製品とソリューションを使用してネットワークセキュリティを専門とするIT専門家向けに設計されています。この認定試験は、Arubaテクノロジーを使用して安全なワイヤレスおよび有線ネットワークを設計、実装、および管理するために必要な知識とスキルを検証します。 HPE6-A84認定試験は、802.1x認証、ロールベースのアクセス制御(RBAC)、ファイアウォールポリシー、安全なトンネルプロトコルなど、Arubaのネットワークセキュリティ機能を深く理解する必要がある高度なレベルの試験です。
HP HPE6-A84(Aruba Certified Network Security Expert Writde)認定試験は、エンタープライズレベルのArubaネットワークの確保に関する専門知識を実証したい個人向けに設計された包括的な試験です。この認定試験は、ネットワークセキュリティの概念に関する高度な知識と、それらをAruba Network Infrastructureに適用する能力を持つ専門家を対象としています。この試験に合格すると、アルバテクノロジーを使用して安全なネットワークを設計、実装、管理するために必要なスキルと知識を検証します。
質問 # 23
Refer to the exhibit.
Which security issue is possibly indicated by this traffic capture?
- A. A port scan being run on the 10.1.7.0/24 subnet
- B. An attempt at a DoS attack by a device acting as an unauthorized DNS server
- C. A command and control channel established with DNS tunneling
- D. An ARP poisoning or man-in-the-middle attempt by the device at 94:60:d5:bf:36:40
正解:C
解説:
Explanation
DNS tunneling is a technique that abuses the DNS protocol to tunnel data or commands between a compromised host and an attacker's server. DNS tunneling can be used to establish a command and control channel, which allows the attacker to remotely control the malware or exfiltrate data from the infected host1 The traffic capture in the exhibit shows some signs of DNS tunneling. The source IP address is 10.1.7.2, which is likely an internal host behind a firewall. The destination IP address is 8.8.8.8, which is a public DNS resolver. The DNS queries are for subdomains of badsite.com, which is likely a malicious domain registered by the attacker. The subdomains have long and random names, such as
0x2a0x2a0x2a0x2a0x2a0x2a0x2a0x2a.badsite.com, which could be used to encode data or commands. The DNS responses have large sizes, such as 512 bytes, which could be used to carry data or commands back to the host2
質問 # 24
How does Aruba Central handle security for site-to-site connections between AOS 10 gateways?
- A. It automatically establishes simple-to-manage and highly secure TLSv1.3 tunnels between gateways.
- B. It automatically steers traffic away from Internet-based connections to more secure MPLS connections to reduce encryption overhead.
- C. It automatically establishes IPsec tunnels for all site-to-site (all HUBs and Branches) connections using keys securely distributed by Central.
- D. It uses an Aruba proprietary integrity and encryption technologies to secure site-to-site connections, making them resistant to zero day attacks.
正解:C
解説:
Explanation
Aruba Central supports site-to-site VPNs between AOS 10 gateways, which are Aruba devices that provide routing, firewall, and VPN functions. Aruba Central can automatically provision and manage the site-to-site VPNs using the VPN Manager feature. The VPN Manager allows you to create VPN groups that consist of one or more hubs and branches, and define the VPN settings for each group1 Aruba Central uses IPsec as the protocol to secure the site-to-site connections between the AOS 10 gateways.
IPsec is a standard protocol that provides encryption, authentication, and integrity for IP packets. Aruba Central automatically establishes IPsec tunnels for all site-to-site connections using keys that are securely distributed by Central. The keys are generated by Central and pushed to the gateways using a secure channel. The keys are rotated periodically to enhance security2
質問 # 25
Refer to the scenario.
A customer has an Aruba ClearPass cluster. The customer has AOS-CX switches that implement 802.1X authentication to ClearPass Policy Manager (CPPM).
Switches are using local port-access policies.
The customer wants to start tunneling wired clients that pass user authentication only to an Aruba gateway cluster. The gateway cluster should assign these clients to the "eth-internet" role. The gateway should also handle assigning clients to their VLAN, which is VLAN 20.
The plan for the enforcement policy and profiles is shown below:
The gateway cluster has two gateways with these IP addresses:
* Gateway 1
o VLAN 4085 (system IP) = 10.20.4.21
o VLAN 20 (users) = 10.20.20.1
o VLAN 4094 (WAN) = 198.51.100.14
* Gateway 2
o VLAN 4085 (system IP) = 10.20.4.22
o VLAN 20 (users) = 10.20.20.2
o VLAN 4094 (WAN) = 198.51.100.12
* VRRP on VLAN 20 = 10.20.20.254
The customer requires high availability for the tunnels between the switches and the gateway cluster. If one gateway falls, the other gateway should take over its tunnels. Also, the switch should be able to discover the gateway cluster regardless of whether one of the gateways is in the cluster.
What is one change that you should make to the solution?
- A. Remove VLAN assignments from role configurations on the gateways.
- B. Change the ubt-client-vlan to VLAN 13.
- C. Configure the UBT solution to use VLAN extend mode.
- D. Configure edge ports in VLAN trunk mode.
正解:A
質問 # 26
Refer to the scenario.
An organization wants the AOS-CX switch to trigger an alert if its RADIUS server (cp.acnsxtest.local) rejects an unusual number of client authentication requests per hour. After some discussions with other Aruba admins, you are still not sure how many rejections are usual or unusual. You expect that the value could be different on each switch.
You are helping the developer understand how to develop an NAE script for this use case.
You are helping a customer define an NAE script for AOS-CX switches. The script will monitor statistics from a RADIUS server defined on the switch. You want to future proof the script by enabling admins to select a different hostname or IP address for the monitored RADIUS server when they create an agent from the script.
What should you recommend?
- A. Use a callback action to collect the name of any RADIUS servers defined on the switch at the time the agent is created.
- B. Define a parameter for the RADIUS server; reference that parameter instead of the server name/ip when defining the monitor URI.
- C. Use this variable, %{radius-ipV when defining the monitor URI in the NAE agent script.
- D. Make the script editable so that admins can edit it on demand when they are creating scripts.
正解:B
解説:
Explanation
This is because a parameter is a variable that can be defined and modified by the user or the script, and can be used to customize the behavior and output of the NAE script. A parameter can be referred to by using the syntax self ^ramsfname], where ramsfname is the name of the parameter.
By defining a parameter for the RADIUS server, you can make the NAE script more flexible and adaptable to different scenarios and switches. The parameter can be set to a default value, such as cp.acnsxtest.local, but it can also be changed by the user or the script based on the network conditions and requirements. For example, the user can select a different hostname or IP address for the monitored RADIUS server when they create an agent from the script, or the script can automatically detect and update the parameter based on the switch configuration. This way, the NAE script can monitor statistics from any RADIUS server defined on the switch without hard-coding the server name or IP address in the monitor URI.
A: Use this variable, %{radius-ipV when defining the monitor URI in the NAE agent script. This is not a valid recommendation because %{radius-ipV is not a valid variable in NAE scripts. Variables in NAE scripts are prefixed with self ^ramsfname], not with %. Moreover, radius-ipV is not a predefined variable that contains the RADIUS server name or IP address, but rather a generic term that could refer to any IP version.
C: Use a callback action to collect the name of any RADIUS servers defined on the switch at the time the agent is created. This is not a bad recommendation, but it is not as good as defining a parameter. A callback action is a feature that allows an NAE script to execute a command on the switch and collect its output for further processing or display. A callback action can be used to collect the name of any RADIUS servers defined on the switch by executing a command such as show radius-server or show running-config radius-server and parsing its output. However, a callback action might not be as fast or reliable as using a parameter, as it depends on the availability and responsiveness of the switch and its CLI.
D: Make the script editable so that admins can edit it on demand when they are creating scripts. This is not a good recommendation because making the script editable exposes it to potential errors or modifications that could affect its functionality or performance. Making the script editable also requires more effort and expertise from the admins, who might not be familiar with NAE scripting syntax or logic. Moreover, making the script editable does not future proof it, as it does not allow for dynamic changes or updates based on network conditions or requirements.
質問 # 27
A customer wants CPPM to authenticate non-802.1X-capable devices. An admin has created the service shown in the exhibits below:
What is one recommendation to improve security?
- A. Creating and using a custom MAC-Auth authentication method
- B. Using Active Directory as the authentication source
- C. Enabling caching of posture and roles
- D. Adding an enforcement policy rule that denies access to endpoints with the Conflict flaq
正解:A
解説:
Explanation
MAC Authentication Bypass (MAB) is a technique that allows non-802.1X-capable devices to bypass the
802.1X authentication process and gain network access based on their MAC addresses. However, MAB has some security drawbacks, such as the possibility of MAC address spoofing or unauthorized devices being added to the network. Therefore, it is recommended to use a custom MAC-Auth authentication method that adds an additional layer of security to MAB.
A custom MAC-Auth authentication method is a method that uses a combination of the MAC address and another attribute, such as a username, password, or certificate, to authenticate the device. This way, the device needs to provide both the MAC address and the additional attribute to gain access, making it harder for an attacker to spoof or impersonate the device. A custom MAC-Auth authentication method can be created and configured in ClearPass Policy Manager (CPPM) by following the steps in the Customizing MAC Authentication - Aruba page.
質問 # 28
A company has Aruba gateways that are Implementing gateway IDS/IPS in IDS mode. The customer complains that admins are receiving too frequent of repeat email notifications for the same threat. The threat itself might be one that the admins should investigate, but the customer does not want the email notification to repeat as often.
Which setting should you adjust in Aruba Central?
- A. The allowlist settings in the IDS policy
- B. Alert duration and threshold settings
- C. The IDS policy setting (strict, medium, or lenient)
- D. Report scheduling settings
正解:B
質問 # 29
You need to install a certificate on a standalone Aruba Mobility Controller (MC). The MC will need to use the certificate for the Web UI and for implementing RadSec with Aruba ClearPass Policy Manager. You have been given a certificate with these settings:
Subject: CN=mc41.site94.example.com
No SANs
Issuer: CN=ca41.example.com
EKUs: Server Authentication, Client Authentication
What issue does this certificate have for the purposes for which the certificate is intended?
- A. It specifies domain info in the CN field instead of the DC field.
- B. It lacks a DNS SAN.
- C. It is issued by a private CA.
- D. It has conflicting EKUs.
正解:B
質問 # 30
A customer has an AOS 10-based mobility solution, which authenticates clients to Aruba ClearPass Policy Manager (CPPM). The customer has some wireless devices that support WPA2 in personal mode only.
How can you meet these devices' needs but improve security?
- A. Connect these devices to the same WLAN to which 802.1X-capable clients connect, using MAC-Auth fallback.
- B. Configure WIDS policies that apply extra monitoring to these particular devices.
- C. Use MPSK on the WLAN to which the devices connect.
- D. Enable dynamic authorization (RFC 3576) in the AAA profile for the devices.
正解:C
解説:
Explanation
MPSK (Multi Pre-Shared Key) is a feature that allows assigning different pre-shared keys (PSKs) to different devices or groups of devices on the same WLAN. MPSK improves security over WPA2 in personal mode, which uses a single PSK for all devices on the WLAN. With MPSK, you can create and manage multiple PSKs, each with its own role, policy, and expiration date. You can also revoke or change a PSK for a specific device or group without affecting other devices on the WLAN. MPSK is compatible with devices that support WPA2 in personal mode only, as they do not need to support any additional protocols or certificates.
To use MPSK on the WLAN to which the devices connect, you need to enable MPSK in the WLAN settings and configure the PSKs in Aruba ClearPass Policy Manager (CPPM). You can find more information about how to configure MPSK in the [Configuring Multi Pre-Shared Key - Aruba] page and the [ClearPass Policy Manager User Guide] . The other options are not correct because they either do not improve security or are not applicable for devices that support WPA2 in personal mode only. For example, configuring WIDS policies that apply extra monitoring to these particular devices would not prevent them from being compromised or spoofed, but rather detect and mitigate potential attacks. Connecting these devices to the same WLAN to which 802.1X-capable clients connect, using MAC-Auth fallback, would not provide strong authentication or encryption, as MAC addresses can be easily spoofed or captured. Enabling dynamic authorization (RFC 3576) in the AAA profile for the devices would not affect the authentication process, but rather allow CPPM to change the attributes or status of a user session on the controller without requiring re-authentication.
質問 # 31
A customer's admins have added RF Protect licenses and enabled WIDS for a customer's AOS 8-based solution. The customer wants to use the built-in capabilities of APs without deploying dedicated air monitors (AMs). Admins tested rogue AP detection by connecting an unauthorized wireless AP to a switch. The rogue AP was not detected even after several hours.
What is one point about which you should ask?
- A. Whether the customer is using non-standard Wi-Fi channels in the deployment
- B. Whether admins enabled wireless containment
- C. Whether APs' switch ports support all the VLANs that are accessible at the edge
- D. Whether admins set at least one radio on each AP to air monitor mode
正解:D
質問 # 32
Refer to the scenario.
A customer has an Aruba ClearPass cluster. The customer has AOS-CX switches that implement 802.1X authentication to ClearPass Policy Manager (CPPM).
Switches are using local port-access policies.
The customer wants to start tunneling wired clients that pass user authentication only to an Aruba gateway cluster. The gateway cluster should assign these clients to the "eth-internet" role. The gateway should also handle assigning clients to their VLAN, which is VLAN 20.
The plan for the enforcement policy and profiles is shown below:
The gateway cluster has two gateways with these IP addresses:
* Gateway 1
o VLAN 4085 (system IP) = 10.20.4.21
o VLAN 20 (users) = 10.20.20.1
o VLAN 4094 (WAN) = 198.51.100.14
* Gateway 2
o VLAN 4085 (system IP) = 10.20.4.22
o VLAN 20 (users) = 10.20.20.2
o VLAN 4094 (WAN) = 198.51.100.12
* VRRP on VLAN 20 = 10.20.20.254
The customer requires high availability for the tunnels between the switches and the gateway cluster. If one gateway falls, the other gateway should take over its tunnels. Also, the switch should be able to discover the gateway cluster regardless of whether one of the gateways is in the cluster.
You are setting up the UBT zone on an AOS-CX switch.
Which IP addresses should you define in the zone?
- A. Primary controller = 10.20.20.254; backup controller, not defined
- B. [Primary controller = 198.51.100.14; backup controller = 10.20.4.21
- C. Primary controller = 10.20.4.21; backup controller = 10.20.4.22
- D. Primary controller = 10 20 4 21: backup controller not defined
正解:C
解説:
Explanation
To configure user-based tunneling (UBT) on an AOS-CX switch, you need to specify the IP addresses of the mobility gateways that will receive the tunneled traffic from the switch 1. The primary controller is the preferred gateway for the switch to establish a tunnel, and the backup controller is the alternative gateway in case the primary controller fails or becomes unreachable 1. The IP addresses of the gateways should be their system IP addresses, which are used for inter-controller communication and cluster discovery 2.
In this scenario, the customer has a gateway cluster with two gateways, each with a system IP address on VLAN 4085. Therefore, the switch should use these system IP addresses as the primary and backup controllers for UBT. The IP addresses of the gateways on VLAN 20 and VLAN 4094 are not relevant for UBT, as they are used for user traffic and WAN connectivity, respectively 2. The VRRP IP address on VLAN 20 is also not applicable for UBT, as it is a virtual IP address that is not associated with any specific gateway 3.
Therefore, the best option is to use 10.20.4.21 as the primary controller and 10.20.4.22 as the backup controller for UBT on the switch. This will ensure high availability and cluster discovery for the tunneled traffic from the switch to the gateway cluster 12.
質問 # 33
You are working with a developer to design a custom NAE script for a customer. The NAE agent should trigger an alert when ARP inspection drops packets on a VLAN. The customer wants the admins to be able to select the correct VLAN ID for the agent to monitor when they create the agent.
What should you tell the developer to do?
- A. Use this variable, %{vlan-id} when defining the monitor URI in the NAE agent script.
- B. Create multiple monitors within the script from which admins can select when they create the agent.
- C. Define a VLAN ID parameter; reference that parameter when defining the monitor URI.
- D. Use a callback action to collect the ID of the VLAN on which admins have enabled NAE monitoring.
正解:C
解説:
Explanation
A custom NAE script is a Python script that defines the monitors, the alert-trigger logic, and the remedial actions for an NAE agent. A monitor is a URI that specifies the data source and the data type that the NAE agent should collect and analyze. For example, to monitor the ARP inspection statistics on a VLAN, the monitor URI would be something like this:
where <vlan-id> is the ID of the VLAN to be monitored.
To allow the admins to select the correct VLAN ID for the agent to monitor when they create the agent, you need to define a VLAN ID parameter in the NAE script. A parameter is a variable that can be set by the user when creating or modifying an agent. A parameter can be referenced in other parts of the script by using the syntax ${parameter-name}. For example, to define a VLAN ID parameter and reference it in the monitor URI, you would write something like this:
This way, when the admins create or modify the agent, they can enter the VLAN ID that they want to monitor, and the NAE script will use that value in the monitor URI.
You can find more information about how to write custom NAE scripts and use parameters in the NAE Scripting Guide
質問 # 34
Which element helps to lay the foundation for solid network security forensics?
- A. Enable BPDU protection and loop protection on edqe switch ports
- B. Enabling debug-level information for network infrastructure device logs
- C. Implementing 802.1X authentication on switch ports that connect to APs
- D. Ensuring that all network devices use a correct, consistent clock
正解:D
解説:
Explanation
This is because network forensics relies on the analysis of network traffic data, which is often time-stamped by the devices that generate or transmit it. Having a synchronized and accurate clock across all network devices helps to establish a reliable timeline of events and correlate different sources of evidence12
A: Enable BPDU protection and loop protection on edge switch ports is not related to network security forensics, but rather to preventing network loops and topology changes caused by rogue switches or bridges3
B: Enabling debug-level information for network infrastructure device logs might provide more details about the network activity, but it also consumes more resources and storage, and might not be relevant or useful for forensic analysis. Moreover, debug-level information might not be available for long-term retention or legal purposes4
C: Implementing 802.1X authentication on switch ports that connect to APs is a good security practice to prevent unauthorized access to the network, but it does not directly help with network security forensics. 802.1X authentication does not capture or record network traffic data, which is the main source of evidence for network forensics
質問 # 35
You are working with a developer to design a custom NAE script for a customer. You are helping the developer find the correct REST API resource to monitor.
Refer to the exhibit below.
What should you do before proceeding?
- A. Make sure that your browser is set up to store authentication tokens and cookies.
- B. Enable the switch to listen to REST API calls on the default VRF.
- C. Go to the v1 API documentation interface instead of the v10.10 interface.
- D. Use your Aruba passport account and collect a token to use when trying out API calls.
正解:D
解説:
Explanation
The exhibit shows the ArubaOS-CX REST API documentation interface, which allows you to explore the available resources and try out the API calls using the "Try it out" button. However, before you can use this feature, you need to authenticate yourself with your Aruba passport account and collect a token that will be used for subsequent requests. This token will expire after a certain time, so you need to refresh it periodically. You can find more details about how to use the documentation interface and collect a token in the ArubaOS-CX REST API Guide1.
質問 # 36
Refer to the exhibit.
Which IP address should you record as a possibly compromised client?
- A. 10.1.26.1
- B. 10.1J.100
- C. 10.254.1.21
- D. 10.1.26.151
正解:D
質問 # 37
Refer to the scenario.
A customer is migrating from on-prem AD to Azure AD as its sole domain solution. The customer also manages both wired and wireless devices with Microsoft Endpoint Manager (Intune).
The customer wants to improve security for the network edge. You are helping the customer design a ClearPass deployment for this purpose. Aruba network devices will authenticate wireless and wired clients to an Aruba ClearPass Policy Manager (CPPM) cluster (which uses version 6.10).
The customer has several requirements for authentication. The clients should only pass EAP-TLS authentication if a query to Azure AD shows that they have accounts in Azure AD. To further refine the clients' privileges, ClearPass also should use information collected by Intune to make access control decisions.
You are planning to use Azure AD as the authentication source in 802.1X services.
What should you make sure that the customer understands is required?
- A. CPPM's RADIUS certificate was imported as trusted in the Azure AD directory
- B. An app registration on Azure AD that references the CPPM's FQDN
- C. Azure AD Domain Services
- D. Windows 365 subscriptions
正解:B
解説:
Explanation
To use Azure AD as the authentication source in 802.1X services, you need to configure CPPM as a SAML service provider and Azure AD as a SAML identity provider. This allows CPPM to use Azure AD for user authentication and role mapping. To do this, you need to create an app registration on Azure AD that references the CPPM's FQDN as the reply URL and the entity ID. You also need to grant the app registration the required permissions to access user information from Azure AD1
質問 # 38
You are setting up Aruba ClearPass Policy Manager (CPPM) to enforce EAP-TLS authentication with Active Directory as the authentication source. The company wants to prevent users with disabled accounts from connecting even if those users still have valid certificates.
As the first part of meeting these criteria, what should you do to enable CPPM to determine where accounts are enabled in AD or not?
- A. Install a Microsoft Active Directory extension in Aruba ClearPass Guest and set up an HTTP authentication source that points to that extension.
- B. Enable OCSP in the EAP-TLS authentication method settings and configure an OCSP override to the domain controller FQDN.
- C. Add a custom attribute for userAccountControl to the filters in the AD authentication source.
- D. Add an Endpoint Context Server to the domain controller with actions for querying the domain controller for account status.
正解:C
解説:
Explanation
According to the ClearPass Policy Manager User Guide1, userAccountControl is a custom attribute in Active Directory that contains a set of flags that define the properties and behavior of user accounts. One of these flags is ACCOUNTDISABLE, which indicates whether the account is disabled or not. By adding this attribute to the filters in the AD authentication source, CPPM can retrieve this attribute for each user and use it as a condition in the enforcement policies to prevent users with disabled accounts from connecting even if they have valid certificates. Therefore, option C is the correct answer.
質問 # 39
A company has Aruba gateways and wants to start implementing gateway IDS/IPS. The customer has selected Block for the Fail Strategy.
What might you recommend to help minimize unexpected outages caused by using this particular fall strategy?
- A. Setting the IDS or IPS policy to the least restrictive option, Lenient
- B. Enabling alerts and email notifications for events related to gateway IPS engine utilization and errors
- C. Making sure that the gateways have formed a cluster and operate in default gateway mode
- D. Configuring a relatively high threshold for the gateway threat count alerts
正解:B
解説:
Explanation
The correct answer is D. Enabling alerts and email notifications for events related to gateway IPS engine utilization and errors.
Gateway IDS/IPS is a feature that allows the Aruba gateways to monitor and block malicious or unwanted traffic based on predefined or custom rules 1. The Fail Strategy is a setting that determines how the gateways handle traffic when the IPS engine fails or crashes 2. The Block option means that the gateways will stop forwarding traffic until the IPS engine recovers, while the Bypass option means that the gateways will continue forwarding traffic without inspection 2.
The Block option provides more security, but it also increases the risk of network outages if the IPS engine fails frequently or for a long time 2. To minimize this risk, it is recommended to enable alerts and email notifications for events related to gateway IPS engine utilization and errors 3. This way, the network administrators can be informed of any issues with the IPS engine and take appropriate actions to restore or troubleshoot it 3.
The other options are not correct or relevant for this issue:
Option A is not correct because configuring a relatively high threshold for the gateway threat count alerts would not help minimize unexpected outages caused by using the Block option. The gateway threat count alerts are used to notify the network administrators of the number of threats detected by the IPS engine, but they do not affect how the gateways handle traffic when the IPS engine fails 4.
Option B is not correct because making sure that the gateways have formed a cluster and operate in default gateway mode would not help minimize unexpected outages caused by using the Block option.
The gateway cluster mode is used to provide high availability and load balancing for the gateways, but it does not affect how the gateways handle traffic when the IPS engine fails . The default gateway mode is used to enable routing and NAT functions on the gateways, but it does not affect how the gateways handle traffic when the IPS engine fails .
Option C is not correct because setting the IDS or IPS policy to the least restrictive option, Lenient, would not help minimize unexpected outages caused by using the Block option. The IDS or IPS policy is used to define what rules are applied by the IPS engine to inspect and block traffic, but it does not affect how the gateways handle traffic when the IPS engine fails 2. The Lenient option contains fewer and older rules than the Moderate or Strict options, which means that it provides less security and more false negatives .
質問 # 40
A customer needs you to configure Aruba ClearPass Policy Manager (CPPM) to authenticate domain users on domain computers. Domain users, domain computers, and domain controllers receive certificates from a Windows CA. CPPM should validate these certificates and verify that the users and computers have accounts in Windows AD. The customer requires encryption for all communications between CPPM and the domain controllers.
You have imported the root certificate for the Windows CA to the ClearPass CA Trust list.
Which usages should you add to it based on these requirements?
- A. Radec and Aruba infrastructure
- B. EAP and Radsec
- C. EAP and AD/LDAP Server
- D. LDAP and Aruba infrastructure
正解:B
質問 # 41
......
HP HPE6-A84試験は、ネットワークセキュリティに特化したITプロフェッショナルにとって重要な認定テストです。この試験に合格することは、ネットワークセキュリティに関する専門知識を持っていることを証明し、この分野でのキャリアアップに役立つ貴重な資格です。この試験は、ITソリューションおよびサービスの主要プロバイダであるHPが実施し、ネットワークセキュリティに関するスキルと知識が徹底的かつ包括的に評価されることが保証されています。
HP HPE6-A84試験実践テスト問題:https://jp.fast2test.com/HPE6-A84-premium-file.html