Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

HP Exam HPE6-A84 Topic 10 Question 23 Discussion

Actual exam question for HP's HPE6-A84 exam
Question #: 23
Topic #: 10
[All HPE6-A84 Questions]

A customer has an AOS 10 architecture, which includes Aruba APs. Admins have recently enabled WIDS at the high level. They also enabled alerts and email notifications for several events, as shown in the exhibit.

Admins are complaining that they are getting so many emails that they have to ignore them, so they are going to turn off all notifications.

What is one step you could recommend trying first?

Show Suggested Answer Hide Answer
Suggested Answer: C

According to the AOS 10 documentation1, WIDS is a feature that monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools. WIDS can be configured at different levels, such as low, medium, high, or custom. The higher the level, the more checks are enabled and the more alerts are generated. However, not all checks are equally relevant or indicative of real threats. Some checks may generate false positives or unnecessary alerts that can overwhelm the administrators and reduce the effectiveness of WIDS.

Therefore, one step that could be recommended to reduce the number of email notifications is to change the WIDS level to custom, and enable only the checks most likely to indicate real threats. This way, the administrators can fine-tune the WIDS settings to suit their network environment and security needs, and avoid getting flooded with irrelevant or redundant alerts. Option C is the correct answer.

Option A is incorrect because sending the email notifications directly to a specific folder and only checking the folder once a week is not a good practice for security management. This could lead to missing or ignoring important alerts that require immediate attention or action. Moreover, this does not solve the problem of getting too many emails in the first place.

Option B is incorrect because disabling email notifications for Rogue AP, but leaving the Infrastructure Attack Detected and Client Attack Detected notifications on, is not a sufficient solution. Rogue APs are unauthorized access points that can pose a serious security risk to the network, as they can be used to intercept or steal sensitive data, launch attacks, or compromise network performance. Therefore, disabling email notifications for Rogue APs could result in missing critical alerts that need to be addressed.

Option D is incorrect because disabling just the Rogue AP and Client Attack Detected alerts, as they overlap with the Infrastructure Attack Detected alert, is not a valid assumption. The Infrastructure Attack Detected alert covers a broad range of attacks that target the network infrastructure, such as deauthentication attacks, spoofing attacks, denial-of-service attacks, etc. The Rogue AP and Client Attack Detected alerts are more specific and focus on detecting and classifying rogue devices and clients that may be involved in such attacks. Therefore, disabling these alerts could result in losing valuable information about the source and nature of the attacks.


by Cordelia at Jul 06, 2024, 07:09 PM

Limited Time Offer

25%

Off

Get Premium HPE6-A84 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Ellsworth
15 days ago
Turning off all the notifications is like trying to solve a leaky faucet by cutting off the water supply. Option C is the way to go - let's get surgical with those WIDS checks!
upvoted 0 times
...
Sang
18 days ago
I'm picturing the admins just setting up a separate 'Ignore' mailbox for all these alerts. Might as well just have a 'Useless' folder and call it a day. Anyway, C seems like the most sensible approach.
upvoted 0 times
...
Cassi
22 days ago
Haha, I can picture the admins desperately trying to keep up with all those emails. But disabling everything is like throwing the baby out with the bathwater. Option B sounds like a good compromise.
upvoted 0 times
Colette
6 days ago
That's a good idea. It will help reduce the number of emails without completely turning off all notifications.
upvoted 0 times
...
Sabra
10 days ago
Option B sounds like a good compromise. Let's disable email notifications for Rogue AP, but keep the Infrastructure Attack Detected and Client Attack Detected alerts on.
upvoted 0 times
...
...
Lore
23 days ago
I agree with Alyce. Option C seems like the most efficient solution to address the email notification issue.
upvoted 0 times
...
Matt
24 days ago
That's a valid point, Alyce. It might reduce the number of unnecessary emails we receive.
upvoted 0 times
...
Rickie
28 days ago
Ugh, I feel their pain. Getting flooded with notifications is the worst. Maybe try D and just disable the overlapping alerts? That could help cut down the noise without missing the important stuff.
upvoted 0 times
Melvin
5 days ago
I agree, getting too many notifications can be overwhelming.
upvoted 0 times
...
...
Florinda
2 months ago
Wow, that's a lot of alerts! Turning them all off is definitely not the way to go. I'd suggest trying C - customizing the WIDS level to only monitor the most important threats.
upvoted 0 times
Gerald
12 days ago
User1: Yeah, it's worth a shot to reduce the email overload.
upvoted 0 times
...
Mary
14 days ago
User3: Maybe try that first before completely disabling all notifications.
upvoted 0 times
...
Titus
18 days ago
User2: I think C is a good option, customizing the WIDS level could help filter out unnecessary alerts.
upvoted 0 times
...
Omer
1 months ago
User1: I agree, turning off all notifications seems extreme.
upvoted 0 times
...
...
Alyce
2 months ago
I disagree, I believe option C is better. We should customize the WIDS level to only enable checks for real threats.
upvoted 0 times
...
Matt
2 months ago
I think option B is a good idea. We can disable email notifications for Roque AP only.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77