Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

HP Exam HPE6-A84 Topic 10 Question 23 Discussion

Actual exam question for HP's HPE6-A84 exam
Question #: 23
Topic #: 10
[All HPE6-A84 Questions]

A customer has an AOS 10 architecture, which includes Aruba APs. Admins have recently enabled WIDS at the high level. They also enabled alerts and email notifications for several events, as shown in the exhibit.

Admins are complaining that they are getting so many emails that they have to ignore them, so they are going to turn off all notifications.

What is one step you could recommend trying first?

Show Suggested Answer Hide Answer
Suggested Answer: C

According to the AOS 10 documentation1, WIDS is a feature that monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools. WIDS can be configured at different levels, such as low, medium, high, or custom. The higher the level, the more checks are enabled and the more alerts are generated. However, not all checks are equally relevant or indicative of real threats. Some checks may generate false positives or unnecessary alerts that can overwhelm the administrators and reduce the effectiveness of WIDS.

Therefore, one step that could be recommended to reduce the number of email notifications is to change the WIDS level to custom, and enable only the checks most likely to indicate real threats. This way, the administrators can fine-tune the WIDS settings to suit their network environment and security needs, and avoid getting flooded with irrelevant or redundant alerts. Option C is the correct answer.

Option A is incorrect because sending the email notifications directly to a specific folder and only checking the folder once a week is not a good practice for security management. This could lead to missing or ignoring important alerts that require immediate attention or action. Moreover, this does not solve the problem of getting too many emails in the first place.

Option B is incorrect because disabling email notifications for Rogue AP, but leaving the Infrastructure Attack Detected and Client Attack Detected notifications on, is not a sufficient solution. Rogue APs are unauthorized access points that can pose a serious security risk to the network, as they can be used to intercept or steal sensitive data, launch attacks, or compromise network performance. Therefore, disabling email notifications for Rogue APs could result in missing critical alerts that need to be addressed.

Option D is incorrect because disabling just the Rogue AP and Client Attack Detected alerts, as they overlap with the Infrastructure Attack Detected alert, is not a valid assumption. The Infrastructure Attack Detected alert covers a broad range of attacks that target the network infrastructure, such as deauthentication attacks, spoofing attacks, denial-of-service attacks, etc. The Rogue AP and Client Attack Detected alerts are more specific and focus on detecting and classifying rogue devices and clients that may be involved in such attacks. Therefore, disabling these alerts could result in losing valuable information about the source and nature of the attacks.


Contribute your Thoughts:

Ellsworth
4 months ago
Turning off all the notifications is like trying to solve a leaky faucet by cutting off the water supply. Option C is the way to go - let's get surgical with those WIDS checks!
upvoted 0 times
Idella
3 months ago
I agree, we need to fine-tune the notifications to only focus on real threats.
upvoted 0 times
...
Cathrine
3 months ago
Option C sounds like a good idea. Let's focus on the most important checks.
upvoted 0 times
...
...
Sang
4 months ago
I'm picturing the admins just setting up a separate 'Ignore' mailbox for all these alerts. Might as well just have a 'Useless' folder and call it a day. Anyway, C seems like the most sensible approach.
upvoted 0 times
...
Cassi
4 months ago
Haha, I can picture the admins desperately trying to keep up with all those emails. But disabling everything is like throwing the baby out with the bathwater. Option B sounds like a good compromise.
upvoted 0 times
Cecil
3 months ago
Exactly. It's important to find a balance between staying informed and not being overwhelmed by notifications.
upvoted 0 times
...
Colette
4 months ago
That's a good idea. It will help reduce the number of emails without completely turning off all notifications.
upvoted 0 times
...
Sabra
4 months ago
Option B sounds like a good compromise. Let's disable email notifications for Rogue AP, but keep the Infrastructure Attack Detected and Client Attack Detected alerts on.
upvoted 0 times
...
...
Lore
4 months ago
I agree with Alyce. Option C seems like the most efficient solution to address the email notification issue.
upvoted 0 times
...
Matt
4 months ago
That's a valid point, Alyce. It might reduce the number of unnecessary emails we receive.
upvoted 0 times
...
Rickie
4 months ago
Ugh, I feel their pain. Getting flooded with notifications is the worst. Maybe try D and just disable the overlapping alerts? That could help cut down the noise without missing the important stuff.
upvoted 0 times
Mickie
3 months ago
That way, they can still get important alerts without being bombarded.
upvoted 0 times
...
Dexter
3 months ago
I think disabling the overlapping alerts could be a good first step.
upvoted 0 times
...
Adolph
3 months ago
Yeah, it's hard to keep up with them all.
upvoted 0 times
...
Melvin
4 months ago
I agree, getting too many notifications can be overwhelming.
upvoted 0 times
...
...
Florinda
5 months ago
Wow, that's a lot of alerts! Turning them all off is definitely not the way to go. I'd suggest trying C - customizing the WIDS level to only monitor the most important threats.
upvoted 0 times
Gerald
4 months ago
Yeah, it's worth a shot to reduce the email overload.
upvoted 0 times
...
Mary
4 months ago
Maybe try that first before completely disabling all notifications.
upvoted 0 times
...
Titus
4 months ago
I think C is a good option, customizing the WIDS level could help filter out unnecessary alerts.
upvoted 0 times
...
Omer
5 months ago
I agree, turning off all notifications seems extreme.
upvoted 0 times
...
...
Alyce
5 months ago
I disagree, I believe option C is better. We should customize the WIDS level to only enable checks for real threats.
upvoted 0 times
...
Matt
5 months ago
I think option B is a good idea. We can disable email notifications for Roque AP only.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77