HP Exam HPE6-A84 Topic 2 Question 15 Discussion

Actual exam question for HP's HPE6-A84 exam

Question #: 15
Topic #: 2

Refer to the scenario.

A hospital has an AOS10 architecture that is managed by Aruba Central. The customer has deployed a pair of Aruba 9000 Series gateways with Security licenses at each clinic. The gateways implement IDS/IPS in IDS mode.

The Security Dashboard shows these several recent events with the same signature, as shown below:

Which step could give you valuable context about the incident?

AView firewall sessions on the APs and record the threat sources' type and OS.

BView the user-table on APs and record the threat sources' 802.11 settings.

CView the RAPIDS Security Dashboard and see if the threat sources are listed as rogues.

DFind the Central client profile for the threat sources and note their category and family.

Show Suggested Answer

Suggested Answer: C

According to the ClearPass Policy Manager User Guide1, userAccountControl is a custom attribute in Active Directory that contains a set of flags that define the properties and behavior of user accounts. One of these flags is ACCOUNTDISABLE, which indicates whether the account is disabled or not. By adding this attribute to the filters in the AD authentication source, CPPM can retrieve this attribute for each user and use it as a condition in the enforcement policies to prevent users with disabled accounts from connecting even if they have valid certificates. Therefore, option C is the correct answer.

by Paz at Apr 09, 2024, 11:47 PM

Limited Time Offer

25%

Off

Get Premium HPE6-A84 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Kip

1 months ago

I'd go with option C. Checking the RAPIDS Security Dashboard just seems like the most straightforward way to get the information we need. Plus, it's probably more fun than trying to decipher a bunch of 802.11 gibberish.

upvoted 0 times

Rupert

9 days ago

Option C is definitely the way to go. It's quick and easy.

upvoted 0 times

...

Mendy

1 months ago

The 802.11 settings of the threat sources? Sounds like a real hoot! I bet they were using the 'Hack-My-Neighbor' wireless protocol.

upvoted 0 times

Brynn

18 days ago

D) Find the Central client profile for the threat sources and note their category and family.

upvoted 0 times

...

Jerry

19 days ago

C) View the RAPIDS Security Dashboard and see if the threat sources are listed as rogues.

upvoted 0 times

...

Latrice

2 months ago

Finding the Central client profile for the threat sources and looking at their category and family might give some insights, but it's not clear how that would provide valuable context about the incident.

upvoted 0 times

Erasmo

19 days ago

C: Let's check if the threat sources are listed as rogues on the RAPIDS Security Dashboard.

upvoted 0 times

...

Cory

25 days ago

B: Yeah, that could help us understand the incident better.

upvoted 0 times

...

Dominga

1 months ago

A: I think we should view the Central client profile for the threat sources.

upvoted 0 times

...

Kara

2 months ago

Checking the firewall sessions and the threat sources' type and OS seems like a logical step. That information could help identify the nature of the threat.

upvoted 0 times

Roslyn

2 days ago

C) View the RAPIDS Security Dashboard and see if the threat sources are listed as rogues.

upvoted 0 times

...

Myrtie

25 days ago

A) View firewall sessions on the APs and record the threat sources' type and OS.

upvoted 0 times

...

Torie

2 months ago

The RAPIDS Security Dashboard sounds like a good place to start. If the threat sources are listed as rogues, that could provide valuable context about the incident.

upvoted 0 times

...