Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

HP Exam HPE6-A84 Topic 5 Question 46 Discussion

Actual exam question for HP's HPE6-A84 exam
Question #: 46
Topic #: 5
[All HPE6-A84 Questions]

The customer needs a way for users to enroll new wired clients in Intune. The clients should have limited access that only lets them enroll and receive certificates. You plan to set up these rights in an AOS-CX role named ''provision.''

The customer's security team dictates that you must limit these clients' Internet access to only the necessary sites. Your switch software supports IPv4 and IPv6 addresses for the rules applied in the ''provision'' role.

What should you recommend?

Show Suggested Answer Hide Answer
Suggested Answer: C

This is because a downloadable user role (DUR) is a feature that allows the switch to use a central ClearPass server to download user-roles to the switch for authenticated users12A DUR can contain various attributes and rules that define the access level and privileges of the user, such as VLAN, ACL, PoE, reauthentication period, etc3A DUR can also be customized and updated on the ClearPass server without requiring any changes on the switch1

A DUR can be used to create a ''provision'' role that allows users to enroll new wired clients in Intune. The ''provision'' role can have limited access that only lets them enroll and receive certificates from the Intune service. The ''provision'' role can also have rules that restrict the Internet access of the users to only the necessary sites, such as the Intune portal and the certificate authority.The rules can be based on IPv4 or IPv6 addresses, depending on the network configuration and preference2

A) Configuring the rules for the ''provision'' role with IPv6 addresses, which tend to be more stable. This is not a valid recommendation because it does not address how to create and apply the ''provision'' role on the switch.Moreover, IPv6 addresses do not necessarily tend to be more stable than IPv4 addresses, as both protocols have their own advantages and disadvantages4

B) Enabling tunneling to the MCs on the ''provision'' role and then setting up the privileges on the MCs. This is not a valid recommendation because it does not explain how to enable tunneling or what MCs are.Moreover, tunneling is a technique that encapsulates one network protocol within another, which adds complexity and overhead to the network communication5

D) Assigning the ''provision'' role to a VLAN and then setting up the rules within a Layer 2 access control list (ACL). This is not a valid recommendation because it does not explain how to assign a role to a VLAN or how to create a Layer 2 ACL on the switch.Moreover, a Layer 2 ACL is limited in its filtering capabilities, as it can only match on MAC addresses or Ethernet types, which might not be sufficient for restricting Internet access to specific sites


by Slyvia at Aug 01, 2025, 07:13 PM

Limited Time Offer

25%

Off

Get Premium HPE6-A84 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Ruthann
7 hours ago
I'm not a fan of using IPv6 addresses, they can be a pain to manage. Option A doesn't seem like the best choice here.
upvoted 0 times
...
Ollie
1 days ago
Option D seems the most straightforward way to limit access for these clients. Separating them into a dedicated VLAN and using a Layer 2 ACL is a solid approach.
upvoted 0 times
...

Save Cancel