A company has HPE Aruba Networking Mobility Controllers (MCs), campus APs, and AOS-CX switches. The company plans to use HPE Aruba Networking ClearPass Policy Manager (CPPM) to classify endpoints by type. This company is using only CPPM and no other HPE Aruba Networking ClearPass solutions. The HPE Aruba Networking ClearPass admins tell you that they want to use HTTP User-Agent strings to help profile the endpoints. What should you do as a part of setting up Mobility Controllers (MCs) to support this requirement?
Correct Answer: A
HPE Aruba Networking ClearPass Policy Manager (CPPM) uses device profiling to classify endpoints, and one of its profiling methods involves analyzing HTTP User-Agent strings to identify device types (e.g., iPhone, Windows laptop). HTTP User-Agent strings are sent in HTTP headers when a client accesses a website. For CPPM to profile devices using HTTP User-Agent strings, it must receive the HTTP traffic from the clients. In this scenario, the company is using Mobility Controllers (MCs), campus APs, and AOS-CX switches, and CPPM is the only ClearPass solution in use. HTTP User-Agent Profiling: CPPM can passively profile devices by analyzing HTTP traffic, but it needs to receive this traffic. In an AOS-8 architecture, the MC can mirror client traffic to CPPM for profiling. Since HTTP traffic is part of the data plane (user traffic), the MC must mirror the data plane traffic (not control plane traffic) to CPPM. Option A, "Create datapath mirrors that use the CPPM's IP address as the destination," is correct. The MC can be configured to mirror client HTTP traffic to CPPM using a datapath mirror (also known as a GRE mirror). This involves setting up a mirror session on the MC that sends a copy of the client's HTTP traffic to CPPM's IP address. CPPM then analyzes the HTTP User-Agent strings in this traffic to profile the endpoints. For example, the command mirror session 1 destination ip <CPPM-IP> source ip any protocol http can be used to mirror HTTP traffic to CPPM. Option B, "Create an IF-MAP profile, which specifies credentials for an API admin account on CPPM," is incorrect. IF-MAP (Interface for Metadata Access Points) is a protocol used for sharing profiling data between ClearPass and other systems (e.g., Aruba Introspect), but it is not used for sending HTTP traffic to CPPM for profiling. Additionally, IF-MAP is not relevant when only CPPM is in use. Option C, "Create control path mirrors to mirror HTTP traffic from clients to CPPM," is incorrect. Control path (control plane) traffic includes management traffic between the MC and APs (e.g., AP registration, heartbeats), not client HTTP traffic. HTTP traffic is part of the data plane, so a datapath mirror is required, not a control path mirror. Option D, "Create a firewall whitelist rule that permits HTTP and CPPM's IP address," is incorrect. A firewall whitelist rule on the MC might be needed to allow traffic to CPPM, but this is not the primary step for enabling HTTP User-Agent profiling. The key requirement is to mirror the HTTP traffic to CPPM, which is done via a datapath mirror, not a firewall rule. The HPE Aruba Networking AOS-8 8.11 User Guide states: "To enable ClearPass Policy Manager (CPPM) to profile devices using HTTP User-Agent strings, the Mobility Controller (MC) must mirror client HTTP traffic to CPPM. This is done by creating a datapath mirror session that sends a copy of the client's HTTP traffic to CPPM's IP address. For example, use the command mirror session 1 destination ip <CPPM-IP> source ip any protocol http to mirror HTTP traffic to CPPM. CPPM then analyzes the HTTP User-Agent strings to classify endpoints by type (e.g., iPhone, Windows laptop)." (Page 350, Device Profiling with CPPM Section) Additionally, the HPE Aruba Networking ClearPass Policy Manager 6.11 User Guide notes: "HTTP User-Agent profiling requires ClearPass to receive HTTP traffic from clients. In an Aruba Mobility Controller environment, configure a datapath mirror to send HTTP traffic to ClearPass's IP address. ClearPass will parse the HTTP User-Agent strings to identify device types and operating systems, enabling accurate profiling." (Page 249, HTTP User-Agent Profiling Section) : HPE Aruba Networking AOS-8 8.11 User Guide, Device Profiling with CPPM Section, Page 350. HPE Aruba Networking ClearPass Policy Manager 6.11 User Guide, HTTP User-Agent Profiling Section, Page 249.
Question 57
What is a guideline for managing local certificates on an ArubaOS-Switch?
Correct Answer: A
Question 58
What are the roles of 802.1X authenticators and authentication servers?
Correct Answer: C
In the 802.1X network access control model, the roles of the authenticator and the authentication server are distinct yet complementary. The authenticator acts as a RADIUS client, which is a network device, like a switch or wireless access point, that directly interfaces with the client machine (supplicant). The authentication server, typically a RADIUS server, is responsible for verifying the credentials provided by the supplicant through the authenticator. This setup helps in separating the duties where the authenticator enforces authentication but does not decide on the validity of the credentials, which is the role of the authentication server. : IEEE 802.1X standard for network access control.
Question 59
What is an example or phishing?
Correct Answer: D
Phishing is a type of social engineering attack where an attacker impersonates a trusted entity to deceive people into providing sensitive information, such as passwords or credit card numbers. An example of phishing is when an attacker sends emails posing as a service team member or a legitimate organization with the intention of getting users to disclose their passwords or other confidential information. These emails often contain links to fake websites that look remarkably similar to legitimate ones, tricking users into entering their details.References: Cybersecurity guidelines on identifying and preventing phishing attacks.
Question 60
What does the NIST model for digital forensics define?
Correct Answer: B
The National Institute of Standards and Technology (NIST) provides guidelines on digital forensics, which include methodologies for properly collecting, examining, and analyzing digital evidence. This framework helps ensure that digital evidence is handled in a manner that preserves its integrity and maintains its admissibility in legal proceedings: Digital Forensics Process: This process involves steps to ensure that data collected from digital sources can be used reliably in investigations and court cases, addressing chain-of-custody issues, proper evidence handling, and detailed documentation of forensic procedures.
