HP Exam HPE6-A78 Topic 3 Question 77 Discussion

Actual exam question for HP's HPE6-A78 exam

Question #: 77
Topic #: 3

A company has Aruba Mobility Controllers (MCs), Aruba campus APs, and ArubaOS-Switches. The company plans to use ClearPass Policy Manager (CPPM) to classify endpoints by type. This company is using only CPPM and no other ClearPass solutions.

The ClearPass admins tell you that they want to use HTTP User-Agent strings to help classify endpoints.

What should you do as a part of configuring the ArubaOS-Switches to support this requirement?

ACreate a device fingerprinting policy that includes HTTP, and apply the policy to edge ports.

BCreate remote mirrors that collect traffic on edge ports, and mirror it to CPPM's IP address.

CConfigure CPPM as the sFlow collector, and make sure that sFlow is enabled on edge ports.

DConnect the switches to CPPM's span ports, and set up mirroring of HTTP traffic on the switches.

Show Suggested Answer

Suggested Answer: C

ArubaOS-Switches can use sFlow technology to sample network traffic and send the samples to a collector, such as ClearPass Policy Manager (CPPM), for analysis. sFlow can be configured to capture various types of traffic, including HTTP, which typically contains User-Agent strings that can be used for device fingerprinting and classification.

To support the requirement for using HTTP User-Agent strings to classify endpoints, the switches would need to be configured to send sFlow samples containing HTTP traffic to CPPM. CPPM would then analyze these samples and use the User-Agent strings to classify the devices.

Therefore, the correct action to configure ArubaOS-Switches would involve:

Configuring CPPM as the sFlow collector on the switches.

Enabling sFlow on the edge ports that connect to endpoints.

This approach allows the network traffic to be analyzed by CPPM without requiring any additional mirroring or redirection of traffic, which would be resource-intensive and potentially disruptive to network performance.

by Arlene at Apr 30, 2025, 12:12 AM

Limited Time Offer

25%

Off

Get Premium HPE6-A78 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Sang

1 months ago

I wonder if any of these choices involve turning the switches into pretzel-shaped traffic collectors. That would be a fun engineering challenge!

upvoted 0 times

...

Desmond

1 months ago

Wait, did they really ask us to mirror traffic to CPPM's IP address? That's like handing your homework to the teacher before they even ask for it!

upvoted 0 times

India

16 days ago

Wait, did they really ask us to mirror traffic to CPPM's IP address? That's like handing your homework to the teacher before they even ask for it!

upvoted 0 times

...

Loreen

20 days ago

A) Create a device fingerprinting policy that includes HTTP, and apply the policy to edge ports.

upvoted 0 times

...

Dominga

2 months ago

Hmm, I'm not sure about these options. Wouldn't it be simpler to just enable HTTP inspection on the ArubaOS-Switches and let CPPM pull the data directly?

upvoted 0 times

Amie

6 days ago

Exactly. We should focus on configuring the switches to work with CPPM in this specific scenario.

upvoted 0 times

...

France

20 days ago

I see. So, we need to choose the option that aligns with using HTTP User-Agent strings for endpoint classification.

upvoted 0 times

...

Tyisha

21 days ago

But the options provided are more about how to configure the switches to support CPPM's classification requirements.

upvoted 0 times

...

Hui

1 months ago

That's a good point. Enabling HTTP inspection on the switches could be a simpler solution.

upvoted 0 times

...

Azzie

2 months ago

I'd go with C. Configuring CPPM as the sFlow collector is a clean way to capture the necessary data without messing with port mirroring.

upvoted 0 times

Olga

21 days ago

Agreed, keeping it simple is usually the best approach in these situations.

upvoted 0 times

...

Karl

23 days ago

That sounds like a good idea. It's a simple solution without extra configurations.

upvoted 0 times

...

Mariann

2 months ago

C) Configure CPPM as the sFlow collector, and make sure that sFlow is enabled on edge ports.

upvoted 0 times

...

Lanie

2 months ago

I see your point, but I still think option A is the best choice for this scenario.

upvoted 0 times

...

Mabel

2 months ago

But wouldn't option B be more effective in collecting traffic for classification?

upvoted 0 times

...

Ernie

2 months ago

I agree with Lanie, creating a device fingerprinting policy makes sense.

upvoted 0 times

...

Naomi

3 months ago

Option B seems the most logical. Mirroring the edge port traffic to CPPM allows it to analyze the HTTP User-Agent strings and classify the endpoints.

upvoted 0 times

Sina

1 months ago

That makes sense. It's important to configure the switches in a way that allows CPPM to effectively classify the endpoints.

upvoted 0 times

...

Paris

2 months ago

I agree, mirroring the traffic to CPPM will definitely help with endpoint classification based on HTTP User-Agent strings.

upvoted 0 times

...

Von

2 months ago

Option B seems the most logical. Mirroring the edge port traffic to CPPM allows it to analyze the HTTP User-Agent strings and classify the endpoints.

upvoted 0 times

...

Lanie

3 months ago

I think we should go with option A.

upvoted 0 times

...