New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

HPE7-A02 Exam - Topic 5 Question 24 Discussion

Actual exam question for HP's HPE7-A02 exam
Question #: 24
Topic #: 5
[All HPE7-A02 Questions]

A company uses HPE Aruba Networking ClearPass Policy Manager (CPPM) as a TACACS+ server to authenticate managers on its AOS-CX switches. The company wants CPPM to control which commands managers are allowed to enter.

Which service must you add to the managers' TACACS+ enforcement profile?

Show Suggested Answer Hide Answer
Suggested Answer: B

To control which commands managers are allowed to execute on AOS-CX switches using ClearPass Policy Manager (CPPM) as a TACACS+ server, you must configure the Shell service in the TACACS+ enforcement profile. The Shell service provides the ability to define granular access controls for commands. It supports policy-driven command authorization, which is essential in controlling administrative tasks based on roles.

Reference

Official HPE Aruba ClearPass documentation on TACACS+ integration and command authorization.

Industry best practices for AAA (Authentication, Authorization, and Accounting) configuration in network security architectures.


by Ronny at Jan 05, 2026, 05:16 AM

Limited Time Offer

25%

Off

Get Premium HPE7-A02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Carisa
3 days ago
Cpass:HTTP? Really? That's for web access, not switch commands.
upvoted 0 times
...
Stefany
8 days ago
I'm pretty sure it's Aruba:Common. That's the service for managing Aruba devices, right?
upvoted 0 times
...
Becky
13 days ago
Shell is the correct answer. That's the service for controlling command access.
upvoted 0 times
...
Lea
18 days ago
I recall that D) Aruba:Common is often used for general purposes, but I’m not confident if it applies here for command restrictions.
upvoted 0 times
...
Aleisha
23 days ago
I’m a bit confused about the options. I feel like C) ARAP doesn’t fit the context of managing switch commands.
upvoted 0 times
...
Ty
29 days ago
I remember practicing a similar question where we had to choose the right service for command authorization. I think it was also about TACACS+ profiles.
upvoted 0 times
...
Estrella
1 month ago
I think the answer might be B) Shell since it relates to command control, but I'm not entirely sure.
upvoted 0 times
...
Ellsworth
1 month ago
I feel pretty good about this one. The question is asking about the service CPPM uses to control commands, and based on my understanding of TACACS+, the Shell service is what handles that functionality. I'll go with option B.
upvoted 0 times
...
Nichelle
1 month ago
I'm a bit confused on the difference between the Aruba:Common and Shell options. Do they both provide command control, or is one more specific to CPPM? I'll have to think this through carefully.
upvoted 0 times
...
Luis
2 months ago
Okay, I've seen TACACS+ used for command authorization before. I'm pretty sure the right answer is option B, Shell, since that's the service that handles command-level access control.
upvoted 0 times
...
Trinidad
2 months ago
Hmm, this is a tricky one. I'm not too familiar with CPPM and TACACS+, so I'll need to review the material on those technologies before I can confidently answer this.
upvoted 0 times
...
Jospeh
2 months ago
I think the key here is to identify the service that CPPM uses to control command access for managers. The options seem to be related to different network services, so I'll need to research what each one does.
upvoted 0 times
...

Save Cancel