HPE6-A90 Exam Guide
This HPE6-A90 exam focuses on practical knowledge and real-world application scenarios related to the subject area. It evaluates your ability to understand core concepts, apply best practices, and make informed decisions in realistic situations rather than relying solely on memorization.
This page provides a structured exam guide, including exam focus areas, skills measured, preparation recommendations, and practice questions with explanations to support effective learning.
Exam Overview
The HPE6-A90 exam typically emphasizes how concepts are used in professional environments, testing both theoretical understanding and practical problem-solving skills.
Skills Measured
- Understanding of core concepts and terminology
- Ability to apply knowledge to practical scenarios
- Analysis and evaluation of solution options
- Identification of best practices and common use cases
Preparation Tips
Successful candidates combine conceptual understanding with hands-on practice. Reviewing measured skills and working through scenario-based questions is strongly recommended.
Practice Questions for HPE6-A90 Exam
The following practice questions are designed to reinforce key HPE6-A90 exam concepts and reflect common scenario-based decision points tested in the certification.
Question#1
A Security Operations Analyst needs to restrict which administrators can execute elevated CLI commands (such as write erase or reload) via SSH on AOS-10 Gateways. The organization requires a centralized, role-based approach to command authorization.
Which configuration strategy correctly fulfills this security requirement?
A. Configure an ACL on the gateway uplink interface to restrict TCP port 22 access exclusively to pre-approved IP subnets.
B. Disable SSH service on the gateway cluster and require all administrative access to occur exclusively via the physical console port.
C. Modify the AOS-10 SSH banner configuration to display a prominent legal warning message explicitly prohibiting execution of privileged commands without documented security team authorization.
D. Integrate the AOS-10 Gateways with ClearPass Policy Manager to enforce TACACS+ role-based command authorization for SSH sessions, enabling granular validation of specific privileged CLI commands like write erase and reload against centrally defined administrative roles.
Question#2
In modern AOS-10 campus deployments, what is the primary distinction between an access point deployment plan optimized for "coverage" versus one optimized for "capacity"?
A. Coverage optimization ensures minimum signal strength across all areas, while capacity optimization provides sufficient airtime and spatial streams to support high client density.
B. Coverage-optimized designs typically leverage 5 GHz and 6 GHz radios to maximize range and obstacle penetration; capacity-optimized designs rely on 2.4 GHz radios with narrower channels to maximize simultaneous low-bandwidth IoT connections in dense environments.
C. Coverage optimization often deploys APs in bridge forwarding mode to reduce latency for local traffic, whereas capacity optimization typically uses tunnel mode to centralize processing and enforce security policies at the controller.
D. Coverage planning commonly specifies directional antennas at the perimeter pointing outward for external zones, while capacity planning specifies omnidirectional antennas placed exclusively in network closets to serve internal high-density zones.
Question#3
254.0.2 65001 0 0 00:00:00 Active
Based on the provided diagnostic output, which TWO underlying misconfigurations are preventing the EVPN control plane from establishing? (Choose 2.)
A. The EVPN-VXLAN Network Identifiers (VNIs) have not been properly mapped to the local VLANs on the edge switch.
B. The AOS-CX 6300 switch requires an Advanced subscription license to activate the OSPF underlay routing process, which has expired.
C. The edge switch has dynamically learned too many MAC addresses, exhausting the hardware CAM table and causing the BGP process to crash.
D. The Loopback interfaces used for the BGP EVPN peerings (10.254.0.1, 10.254.0.2) are not being correctly advertised into the OSPF underlay.
E. There is a BGP Autonomous System Number (ASN) mismatch or a strict firewall filter blocking TCP port 179 between the leaf and the Route Reflector.
Question#4
What is a key architectural distinction between the AOS-CX 6300 and 6400 series switches when planning for access layer and distribution layer high availability?
A. The 6400 natively supports Cloud Authentication services via Aruba Central, while the 6300 requires a dedicated ClearPass Policy Manager appliance for identity management functions.
B. The 6300 uses VSF stacking for high availability; the 6400 is a modular chassis with redundant Management Modules (MMs) providing internal high availability.
C. Both switch series require centralized Aruba Mobility Controllers (MCs) to manage and synchronize their redundant control plane instances across the network.
D. The 6300 series relies on VSX for core routing tasks, whereas the 6400 series utilizes VSF to handle edge access layer connectivity requirements.
Question#5
A Network Compliance Auditor is reviewing the architectural design of a large retail enterprise. The enterprise has 600 stores. The current design utilizes a distinct Central Configuration Group for every single store (e.g., Store_001, Store_002, ..., Store_600), resulting in 600 separate UI Groups.
Each store has identical security policies, identical management VLANs, and identical QoS settings. The only difference between stores is the IP subnet assigned to the local data VLAN.
Which TWO statements accurately identify the operational anti-patterns of this design and propose the correct optimization strategy? (Choose 2.)
A. Managing 600 separate UI Groups creates massive administrative overhead; a global policy change (like updating a RADIUS server IP) requires repeating the change 600 times, negating the value of cloud orchestration.
B. The current architecture requires the deployment of a centralized Mobility Master to route traffic between the 600 distinct Configuration Groups, introducing unnecessary cost.
C. The organization should consolidate all 600 stores into a single Template Group and utilize device-specific Jinja2 variables to inject the unique IP subnets for the data VLAN at each individual site.
D. The organization should abandon UI and Template groups entirely and manage the switches using individualized REST API Python scripts executed daily from a centralized scheduling server.
E. The current architecture violates HPE GreenLake's hard licensing limits, as a single tenant workspace cannot mathematically support more than 250 UI Configuration Groups.
Disclaimer
This page is for educational and exam preparation reference only. It is not affiliated with Hewlett Packard Enterprise (HPE), HPE Advanced Product Certified - HPE Aruba Networking Central, or the official exam provider. Candidates should refer to official documentation and training for authoritative information.
