Aruba Certified Professional Network Security (ACP) Practice Exam

Aruba Certified Professional Network Security (ACP) Practice Exam

The Aruba Certified Professional – Network Security (ACP-NS) certification validates your expertise in describing complex security threats and vulnerabilities. This certification ensures your proficiency in device hardening, implementing security at the edge with AAA, advanced roles, firewall policies, and more. It covers the implementation of Zero Trust Security, protecting networks from threats, configuring HPE Aruba Networking infrastructure, and ClearPass solutions to authenticate and control both wired and wireless users. You will also learn to collect contextual information on ClearPass Policy Manager, implement advanced role mapping and enforcement policies, and use ClearPass Device Insight to enhance visibility.

Exam Details

• Exam Code: HPE7-A02
• Exam Type: Proctored
• Exam Duration: 1 hour 45 minutes
• Exam Length: 70 questions
• Passing Score: 67%
• Exam Languages: English, Japanese, Latin American Spanish

Who should take the exam?

Typical candidates for this certification are network engineers responsible for implementing security controls on enterprise networks. They should be able to describe the network security stack (firewall, proxy, remote access, IDS/IPS, access control, NTA, UEBA) and have worked two to three years in networking with a one-year security focus.

Course Outline

The Aruba Certified Professional Network Security (ACP) Exam covers the following topics - 

Domain 1 - Understanding Protect and Defend (26%)

• Define security terminology.
  
• Describe PKI dependencies.
• Mitigate threats using CPDI to identify traffic flows and apply tags, and CPPM to take actions based on tags.
• Explain profiling methods and benefits.
• Describe Aruba solutions for different security vectors.
• Explain Zero Trust Security with Aruba solutions.
• Explain WIPS and WIDS, as well as Aruba 9x00 Series.
• Describe log types and levels, and integrate CPPM ingress event engine with 3rd party logging solutions.
• Explain dynamic segmentation, its benefits, and use cases.
• Explain VPN deployment types and IPsec concepts, including protocols, algorithms, certificate-based authentication with IKE, and reauth intervals.

Domain 2 - Understanding Device Hardening (6%)

• Set up secure authentication and authorization for network infrastructure managers (focus on TACACS+ authorization and multi-factor auth).
• Secure L2 and L3 protocols, as well as other network protocols like SFTP.

Domain 3 - Understanding Secure WLAN (12%)

• Deploy AAA for WLANs with ClearPass Policy Manager (CPPM).
  
• Define and apply advanced firewall policies (appRF, PEF, WIPS, WebCC, UTM).
• Integrate Aruba infrastructure with CPPM to take action in response to events.
• Configure rogue AP detection and mitigation.

Domain 4 - Understanding Secure Wired AOS-CX (19%)

• Deploy AAA for wired devices with CPPM.
  
• Configure 802.1x Authentication for AP.
• Deploy dynamic segmentation.
• Deploy certificate-based authentication for users and devices.
• Integrate Aruba infrastructure with CPPM to take action in response to events.

Domain 5 - Understanding Secure the WAN (5%)

• Understand that Aruba SD-Branch automates VPN deployment for the WAN.
• Design and deploy remote VPN with VIA.

Domain 6 - Understanding Endpoint Classification (8%)

• Deploy and apply endpoint classification to the device.
  
• Define endpoint classification methodology using active and passive methods.
• Define, deploy, and integrate ClearPass and CPDI.

Domain 7 - Understanding Threat Detection (9%)

• Investigate Central alerts.
  
• Interpret packet captures.
• Recommend action based on Central alert analysis.
• Evaluate endpoint posture.

Domain 8 - Understanding Troubleshooting (6%)

• Deploy and analyze Network Analytic Engine (NAE) scripts for monitoring and correlation.
• Perform packet capture on Aruba infrastructure locally and using Central.

Domain 9 - Understanding Endpoint Classification Analysis (8%)

• Analyze endpoint classification data to identify risk.
• Analyze endpoint classification data on CPDI.

Domain 10 - Understanding Forensics (1%)

• Explain CPDI capabilities for showing network conversations on supported Aruba devices.