HP Aruba Certified Network Security Professional Exam HPE7-A02 Question # 18 Topic 2 Discussion
HPE7-A02 Exam Topic 2 Question 18 Discussion:
Question #: 18
Topic #: 2
A company has AOS-CX switches and HPE Aruba Networking APs, which run AOS-10 and bridge their SSIDs. Company security policies require 802.1X on all edge ports, some of which connect to APs. How should you configure the auth-mode on AOS-CX switches?
A.
Leave all edge ports in client auth-mode and configure device auth-mode in the AP role.
B.
Configure all edge ports in client auth-mode.
C.
Configure all edge ports in device auth-mode.
D.
Leave all edge ports in device auth-mode and configure client auth-mode in the AP role.
Client Auth-Mode: Requires each connected endpoint to authenticate individually using 802.1X.
Device Auth-Mode: Allows the port to authenticate a device, such as an AP, as a whole. This mode works when the device bridges traffic (e.g., AP bridging SSID traffic).
AP Role Configuration:
Since the AP bridges traffic from multiple clients, you must configure the AP role to use device auth-mode.
Meanwhile, the ports on edge switches can remain in client auth-mode to enforce 802.1X for individual client connections.
Option Analysis:
Option A: Correct. This ensures the AP itself authenticates with device auth-mode, while edge ports remain in client auth-mode.
Option B: Incorrect. APs require device auth-mode for bridging, not client auth-mode.
Option C: Incorrect. Device auth-mode on all ports would not meet the security policy for clients.
Option D: Incorrect. Leaving all ports in device auth-mode does not meet the policy for 802.1X on edge ports.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit