HPE7-A03 Exam - Topic 4 Question 39 Discussion

Actual exam question for HP's HPE7-A03 exam

Question #: 39
Topic #: 4

A global cruise line company needs to refresh its current fleet. They will refresh the 'insides' of the ship to be cost-effective and increase their sustainability. They will replace the complete WLAN/LAN hardware of the ship. In this refresh, the company will not refresh its current security requirements. The CIO also wants to limit the number of unused ports in the switches. Future expansion will always mean a refresh of hardware. They start with the smallest ship with a maximum of 800 guests.

Each ship has a LAN infrastructure consisting of two core switches, up to 10 redundant distribution switches, and up to 500 access switches (400 cabins, 100 technical rooms). The core switches are located in the MDF of the ship and the distribution switches are located in the IDFs of the ship. Each cabin and technical room gets one single access switch.

The cabling structure of the ship will not be refreshed. Each IDF is connected to the MDF by single-mode fiber (SMF), of which two pairs are available for the interconnect between the core and distribution. The length of SM fiber between MDF and IDF is less than 300 meters (980 ft), type used is OS1. Each cabin is connected by a single OM2 pair to the IDF, maximum length 60 m (200 ft). Each technical room is connected by a single OM2 pair to the IDF, with lengths 100--150 m (320--500 ft).

For each cabin/technical room the customer is looking to replace their current fan-less 2530/2540 without changing the requirements, except they need to upgrade the uplink to distribution switch to 10 GbE to handle the increased network traffic, and the technical rooms need redundant power.

The WLAN infrastructure will be 1:1 refreshed without new cabling or new AP locations. Their WLAN infrastructure is based on the 200/300 series indoor and outdoor APs running InstantOS (less than 300 APs), the customer has no change in WLAN requirements.

The cruise line company will replace its current Internet connection before the LAN/WLAN refresh. The new Internet connection will provide a 99.8% uptime, which is needed to ensure the paid guest Wi-Fi is always operational. With this new Internet connection, the CIO of the cruise line wants to base the design on the ESP architecture from Aruba because the Internet connection is guaranteed.

A week after the presentation of your design to the CIO of the cruise line company, the CIO calls you to discuss increasing the security of the wired network infrastructure. Since one of their competitors had one of their cruise ships cyber hacked, the CSO of the cruise line has mandated increased security on the wired network. They have heard about dynamic segmentation and central and decentral overlay networks. For their POS (Point of Sale) systems, they need a low-latency network connection between the POS system and the PCS server in the data center on the ship. Also, the CSO wants to enhance the WLAN security as well by tunneling all user traffic.

What solution fits the customer's requirements?

AStandardize on 6300 switches for the edge, 3320 for the RR, 8320 for the stub/border, 9240 for the WLAN Gateway, and utilize HPE Aruba Networking Central NetConductor.

BStandardize on 6300 switches for the edge, 8320 for the RR, 8360 for the stub/border, 9240 for the WLAN Gateway, and utilize HPE Aruba Networking Central NetConductor.

CStandardize on 6300 switches for the edge, 8325 for the RR, 8360 for the stub/border, 9240 for the WLAN Gateway, and utilize HPE Aruba Networking Central NetConductor.

DStandardize on 6300 switches for the edge, 8320 for the RR, 8360 for the stub/border, and utilize HPE Aruba Networking Central NetConductor.

EStandardize on 6200 switches for the edge, 8325 for the RR, 8360 for the stub/border, and utilize HPE Aruba Networking Central NetConductor.

Show Suggested Answer

Suggested Answer: C

Comprehensive and Detailed Explanation From Exact Extract:

Aruba's ESP Campus Access Design and NetConductor Architecture guides outline the validated roles of devices in dynamic segmentation deployments.

Access Layer (Edge): Aruba CX 6300

The CX 6300 provides 10 Gb uplinks to distribution, advanced features like VXLAN and EVPN, and support for role-based access control at the edge. It is the recommended choice for modern edge deployments in an ESP fabric.

Route Reflector (RR): Aruba CX 8325

The CX 8325 is optimized for routing and control-plane operations. As a route reflector, it scales overlay BGP sessions and distributes policies/roles through the fabric. It is explicitly referenced as the ideal RR platform in Aruba ESP campus validated designs.

Stub/Border: Aruba CX 8360

The CX 8360 family provides advanced aggregation and fabric services. It supports VXLAN, EVPN, and border routing functions, making it the right choice for stub/border persona in ESP designs.

WLAN Gateway: Aruba 9240

The Aruba 9200/9240 series gateways provide role-based policy enforcement for tunneled WLAN traffic. They terminate GRE/IPsec tunnels from APs, enforce user policies, and forward into the fabric. This is critical to meet the requirement of tunneling all WLAN user traffic for enhanced security.

Dynamic Segmentation with NetConductor

Aruba Central NetConductor enables centralized definition and orchestration of user roles and segmentation policies. Roles are automatically enforced across the fabric using VXLAN with Group-Based Policy (GBP). This supports both centralized tunneling (for WLAN traffic) and distributed segmentation (for wired POS traffic requiring low latency).

Requirement Mapping:

Low-latency POS traffic Distributed role enforcement within the fabric via 8360/8325.

Secure WLAN traffic User traffic tunneled to the 9240 gateway for role-based enforcement.

10 Gb uplinks and redundancy Provided by 6300 edge switches with dual power options in technical rooms.

ESP architecture NetConductor automates overlay, segmentation, and role orchestration.

Other options are eliminated because:

A uses 3320 for RR, which lacks overlay fabric scalability.

B uses 8320 for RR (possible, but Aruba recommends 8325 for RR roles in NetConductor designs).

D omits the WLAN Gateway, which is required to tunnel WLAN traffic.

E uses 6200 at the edge, which does not provide the required 10 Gb uplink capability.

Therefore, Option C is the only design that fully satisfies the cruise line's requirements while aligning with Aruba's ESP Campus validated architectures.

Reference Extracts (Aruba Official Study & Design Guides):

Aruba ESP Campus Design Guide: device personas (edge, RR, stub/border, gateway) and NetConductor integration.

Aruba NetConductor Technical Overview: VXLAN-GBP, dynamic segmentation, and centralized role enforcement.

Aruba Dynamic Segmentation Solution Overview: tunneling of WLAN traffic, role-based security across wired and wireless.

Aruba CX Switch Series Data Sheets: CX 6300 (edge with 10 Gb uplinks), CX 8325 (RR), CX 8360 (border/stub), Aruba 9240 (WLAN gateway).

by Jody at Nov 25, 2025, 10:31 PM

Limited Time Offer

25%

3 months ago

This seems like a pretty complex question with a lot of requirements to consider. I'll need to carefully review all the details and think through the different options.

upvoted 0 times

Lore

2 months ago

Agreed! The security aspect is crucial after that hack.

upvoted 0 times

...

Jacklyn

2 months ago

This is definitely a lot to unpack.

upvoted 0 times

...