HPE6-A73 Exam QuestionsBrowse all questions from this exam
Go to Exam

HPE6-A73 Exam - Question 103

A company has recently purchased a ClearPass AAA solution. Their network consists of AOS-CX switches at the access layer. The company is implementing a rollout of IoT devices for smart building management to control the lighting and HVAC systems. The network administrator is concerned about allowing secure access to these devices since they only support MAC-Auth.

Which ClearPass feature should the administrator leverage to help determine that MAC address spoofing is not occurring for this group of devices?

Show Answer
Correct Answer: AB

The correct feature to use is Device Fingerprinting. This feature allows the ClearPass system to examine device protocol information, such as DHCP and HTTP payload information, to identify additional details about the device like the product, operating system, and other pertinent information. This information can help ensure that the MAC addresses of the IoT devices are legitimate and not being spoofed, providing an additional layer of security for devices that only support MAC-Auth.

Discussion

7 comments
Sign in to comment
MaxAMG45Option: B
May 24, 2023

B is correct, p651-652 of SG "To improve overall security, add ACL and/or fingerprint to exam device info..."

sirtackOption: B
Nov 22, 2022

https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=26855 This leans to device fingerprinting so B

SeidorBrunoOption: B
Jul 2, 2023

Pages 651 & 652 Study Guide: To improve overall security with MAC Authentication, use ACLs to strictly limit what devices can access. You can also use device fingerprinting to examine device protocol information, like DHCP and HTTP payload information. Then use this information to identify additional information about the device, like the product, operating system, and other information. [Aruba Networks]

omenOption: B
Sep 1, 2022

Correct Answer: B

cpfanOption: B
Sep 23, 2022

Device Fingerprint to identify the Device type

AlialoOption: D
Nov 4, 2022

I would choose D, the challenge is to avoid MAC address spoofing, i think Device fingerprinting is not enough. A is for Dynamic Segmentation, here they dont have gateway. Refer to: -Downloadable User Role configuration in Aruba OS CX with mac-authentication https://community.arubanetworks.com/blogs/esupport1/2020/04/29/downloadable-user-role-configuration-in-aruba-os-cx-with-mac-authentication

alex711Option: A
Feb 25, 2023

I think it is A. Se the following link. https://www.arubanetworks.com/techdocs/AOS-CX/10.08/HTML/security_6200-6300-6400/Content/Chp_Dev_fngprnt/abo-dev-fngprnt.htm