HPE6-A78 Question #117: Real Exam Question with Answer & Explanation

Question

Options

• AYou will need to mirror traffic to one of CPPM's span ports from a device such as a core routing
• BClearPass admins will need to provide the credentials of an API admin account to configure on
• CAOS-CX switches do not offer the support necessary for CPPM to use TCP fingerprinting on wired
• DTCP fingerprinting of wireless endpoints requires a third-party Mobility Device Management (MDM)

Explanation

HPE Aruba Networking ClearPass Policy Manager (CPPM) uses TCP fingerprinting as a passive profiling method to classify endpoints by analyzing TCP packet headers (e.g., TTL, window size) to identify the operating system (e.g., Windows, Linux). The company in this scenario has Mobility Controllers (MCs), campus APs, and AOS-CX switches, and wants to use CPPM's TCP fingerprinting capabilities for endpoint classification. TCP Fingerprinting: This method requires CPPM to receive TCP traffic from endpoints. Since CPPM is not typically inline with network traffic, the traffic must be mirrored to CPPM for analysis. This is often done using a SPAN (Switched Port Analyzer) port or mirror port on a switch or controller. Option A, "You will need to mirror traffic to one of CPPM's span ports from a device such as a core routing switch," is correct. For CPPM to perform TCP fingerprinting, it needs to see the TCP traffic from endpoints. This is typically achieved by mirroring traffic from a core routing switch (or another device like an MC) to a SPAN port on the CPPM server. For example, on an AOS-CX switch, you can configure a mirror session with the command mirror session 1 destination interface <CPPM-port> source vlan <vlan-id> to send traffic to CPPM. This is a key consideration for enabling TCP fingerprinting.

No community discussion yet for this question.