HP Exam HPE6-A84 Topic 7 Question 33 Discussion

Actual exam question for HP's HPE6-A84 exam

Question #: 33
Topic #: 7

Refer to the scenario.

A customer has an AOS10 architecture that is managed by Aruba Central. Aruba infrastructure devices authenticate clients to an Aruba ClearPass cluster.

In Aruba Central, you are examining network traffic flows on a wireless IoT device that is categorized as ''Raspberry Pi'' clients. You see SSH traffic. You then check several more wireless IoT clients and see that they are sending SSH also.

You want an easy way to communicate the information that an IoT client has used SSH to Aruba ClearPass Policy Manager (CPPM).

What step should you take?

AOn CPPM create an Endpoint Context Server that points to the Central API.

BOn CPPM enable Device Insight integration.

COn Central configure APs and gateways to use CPPM as the RADIUS accounting server.

DOn Central set up CPPM as a Webhook application.

Show Suggested Answer

Suggested Answer: D

This is because this URI specifies the exact attribute that contains the number of access rejects from the RADIUS server, which is the information that the NAE script needs to monitor and trigger an alert.

A) /rest/v1/system/vrfs/mgmt/radius/servers/cp.acnsxtest.local/2083/tcp?attributes=authstatistics. This is not the correct URI because it returns the entire authstatistics object, which contains more information than the access rejects, such as access accepts, challenges, timeouts, etc. This might make the NAE script more complex and inefficient to parse and process the data.

B) /rest/v1/system/vrfs/mgmt/radius/servers/cp.acnsxtest.local/2083/tcp?attributes=authstatistics?attributes=access_rejects. This is not a valid URI because it has two question marks, which is a syntax error. The question mark is used to indicate the start of the query string, which can have one or more parameters separated by ampersands. The correct way to specify multiple attributes is to use a comma-separated list after the question mark, such as ?attributes=attr1,attr2,attr3.

C) /rest/v1/system/vrfs/mgmt/radius/_servers/cp.acnsxtest.local/2083/tcp. This is not a valid URI because it has an extra underscore before servers, which is a typo. The correct resource name is servers, not _servers. Moreover, this URI does not specify any attributes, which means it will return the default attributes of the RADIUS server object, such as name, port, protocol, etc., but not the authstatistics or access_rejects.

7of30

by Nelida at Oct 23, 2024, 12:35 PM

Limited Time Offer

25%

Off

Get Premium HPE6-A84 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Moira

2 days ago

Hmm, this is a tricky one. I'm torn between options A and D. Both seem like viable ways to get the SSH info to CPPM, but D does sound a bit more straightforward. Tough call, but I'll go with D for now.

upvoted 0 times

...

Chanel

6 days ago

Haha, I bet the exam writers were laughing when they came up with these options. 'Easy way to communicate SSH? Better configure the entire RADIUS infrastructure!' Sometimes the simplest solution is the best.

upvoted 0 times

...

Theron

7 days ago

Option C sounds like overkill for just communicating SSH traffic. Configuring CPPM as the RADIUS accounting server for the entire infrastructure seems like a lot of work for this specific use case.

upvoted 0 times

...

1 months ago

Option D seems like the easiest way to communicate the SSH traffic to CPPM. Configuring a Webhook integration between Central and CPPM should allow events like SSH usage to be automatically forwarded.

upvoted 0 times