HP Aruba Certified Network Security Professional Exam HPE7-A02 Question # 20 Topic 3 Discussion
HPE7-A02 Exam Topic 3 Question 20 Discussion:
Question #: 20
Topic #: 3
HPE Aruba Networking Central displays an alert about an Infrastructure Attack that was detected. You go to the Security > RAPIDS events and see that the attack was "Detect adhoc using Valid SSID." What is one possible next step?
A.
Make sure that you have tuned the threshold for that check as false positives are common for it.
B.
Make sure that clients have updated drivers, as faulty drivers are a common explanation for this attack type.
C.
Use HPE Aruba Networking Central floorplans or the detecting AP identities to locate the general area for the threat.
D.
Look for the IP address associated with the offender and then check for that IP address among HPE Aruba Networking Central clients.
The alert "Detect ad-hoc using Valid SSID" indicates that a device is broadcasting an SSID that matches a valid network SSID in ad-hoc mode. This can be an indication of an infrastructure attack or misconfiguration.
Next Steps:
Use Aruba Central floorplans or AP location data to identify the physical area where the offending device is detected.
Locate and investigate the device to determine if it is malicious or simply misconfigured.
Option Analysis:
Option A: Incorrect. While tuning thresholds is useful for reducing false positives, this step does not directly address a potential threat.
Option B: Incorrect. Faulty drivers can cause similar behavior, but this step is not immediately actionable without locating the device first.
Option C: Correct. Floorplans or AP identities help locate the threat's physical area for further investigation.
Option D: Incorrect. RAPIDS focuses on detecting devices via SSID and MAC, not IP addresses, making this approach less relevant.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit