Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

HPE7-A02 Exam - Topic 5 Question 24 Discussion

Actual exam question for HP's HPE7-A02 exam
Question #: 24
Topic #: 5
[All HPE7-A02 Questions]

A company uses HPE Aruba Networking ClearPass Policy Manager (CPPM) as a TACACS+ server to authenticate managers on its AOS-CX switches. The company wants CPPM to control which commands managers are allowed to enter.

Which service must you add to the managers' TACACS+ enforcement profile?

Show Suggested Answer Hide Answer
Suggested Answer: B

To control which commands managers are allowed to execute on AOS-CX switches using ClearPass Policy Manager (CPPM) as a TACACS+ server, you must configure the Shell service in the TACACS+ enforcement profile. The Shell service provides the ability to define granular access controls for commands. It supports policy-driven command authorization, which is essential in controlling administrative tasks based on roles.

Reference

Official HPE Aruba ClearPass documentation on TACACS+ integration and command authorization.

Industry best practices for AAA (Authentication, Authorization, and Accounting) configuration in network security architectures.


by Ronny at Jan 05, 2026, 05:16 AM

Limited Time Offer

25%

Off

Get Premium HPE7-A02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Gwen
2 days ago
I agree, Shell seems right. It controls command access.
upvoted 0 times
...
Noe
7 days ago
This question is tricky. I think it’s B) Shell.
upvoted 0 times
...
Rodrigo
12 days ago
I thought ARAP was still a thing, but maybe not for this?
upvoted 0 times
...
Cherrie
18 days ago
Cpass:HTTP doesn't seem relevant for command enforcement.
upvoted 0 times
...
Erick
23 days ago
Wait, are we sure Shell is the right choice?
upvoted 0 times
...
Yvette
28 days ago
I agree, Shell is the way to go here.
upvoted 0 times
...
Carolann
1 month ago
Definitely need to add the Shell service for command control.
upvoted 0 times
...
Herman
1 month ago
I bet the correct answer is "Aruba:Reboot Switch" - that's the one that really gets the job done!
upvoted 0 times
...
Skye
1 month ago
ARAP? What is this, the 90s? That's for ancient dial-up protocols.
upvoted 0 times
...
Carisa
2 months ago
Cpass:HTTP? Really? That's for web access, not switch commands.
upvoted 0 times
...
Stefany
2 months ago
I'm pretty sure it's Aruba:Common. That's the service for managing Aruba devices, right?
upvoted 0 times
...
Becky
2 months ago
Shell is the correct answer. That's the service for controlling command access.
upvoted 0 times
...
Lea
3 months ago
I recall that D) Aruba:Common is often used for general purposes, but I’m not confident if it applies here for command restrictions.
upvoted 0 times
...
Aleisha
3 months ago
I’m a bit confused about the options. I feel like C) ARAP doesn’t fit the context of managing switch commands.
upvoted 0 times
...
Ty
3 months ago
I remember practicing a similar question where we had to choose the right service for command authorization. I think it was also about TACACS+ profiles.
upvoted 0 times
...
Estrella
3 months ago
I think the answer might be B) Shell since it relates to command control, but I'm not entirely sure.
upvoted 0 times
...
Ellsworth
3 months ago
I feel pretty good about this one. The question is asking about the service CPPM uses to control commands, and based on my understanding of TACACS+, the Shell service is what handles that functionality. I'll go with option B.
upvoted 0 times
...
Nichelle
4 months ago
I'm a bit confused on the difference between the Aruba:Common and Shell options. Do they both provide command control, or is one more specific to CPPM? I'll have to think this through carefully.
upvoted 0 times
...
Luis
4 months ago
Okay, I've seen TACACS+ used for command authorization before. I'm pretty sure the right answer is option B, Shell, since that's the service that handles command-level access control.
upvoted 0 times
...
Trinidad
4 months ago
Hmm, this is a tricky one. I'm not too familiar with CPPM and TACACS+, so I'll need to review the material on those technologies before I can confidently answer this.
upvoted 0 times
...
Jospeh
4 months ago
I think the key here is to identify the service that CPPM uses to control command access for managers. The options seem to be related to different network services, so I'll need to research what each one does.
upvoted 0 times
...

Save Cancel