Independence Day - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65percent

Welcome To DumpsPedia

HPE6-A78 Sample Questions Answers

Questions 4

You configure an ArubaOS-Switch to enforce 802.1X authentication with ClearPass Policy Manager (CPPM) denned as the RADIUS server Clients cannot authenticate You check Aruba ClearPass Access Tracker and cannot find a record of the authentication attempt.

What are two possible problems that have this symptom? (Select two)

Options:

A.

users are logging in with the wrong usernames and passwords or invalid certificates.

B.

Clients are configured to use a mismatched EAP method from the one In the CPPM service.

C.

The RADIUS shared secret does not match between the switch and CPPM.

D.

CPPM does not have a network device defined for the switch's IP address.

E.

Clients are not configured to trust the root CA certificate for CPPM's RADIUS/EAP certificate.

Buy Now
Questions 5

What is one practice that can help you to maintain a digital chain or custody In your network?

Options:

A.

Enable packet capturing on Instant AP or Moodily Controller (MC) datepath on an ongoing basis

B.

Enable packet capturing on Instant AP or Mobility Controller (MC) control path on an ongoing basis.

C.

Ensure that all network infrastructure devices receive a valid clock using authenticated NTP

D.

Ensure that all network Infrastructure devices use RADIUS rather than TACACS+ to authenticate managers

Buy Now
Questions 6

A company with 439 employees wants to deploy an open WLAN for guests. The company wants the experience to be as follows:

*Guests select the WLAN and connect without having to enter a password.

*Guests are redirected to a welcome web page and log in.

The company also wants to provide encryption for the network for devices that are capable. Which security options should you implement for the WLAN?

Options:

A.

Opportunistic Wireless Encryption (OWE) and WPA3-Personal

B.

WPA3-Personal and MAC-Auth

C.

Captive portal and Opportunistic Wireless Encryption (OWE) in transition mode

D.

Captive portal and WPA3-Personal

Buy Now
Questions 7

A company has Aruba Mobility Controllers (MCs), Aruba campus APs, and ArubaOS-Switches. The company plans to use ClearPass Policy Manager (CPPM) to classify endpoints by type. This company is using only CPPM and no other ClearPass solutions.

The ClearPass admins tell you that they want to use HTTP User-Agent strings to help classify endpoints.

What should you do as a part of configuring the ArubaOS-Switches to support this requirement?

Options:

A.

Create a device fingerprinting policy that includes HTTP, and apply the policy to edge ports.

B.

Create remote mirrors that collect traffic on edge ports, and mirror it to CPPM's IP address.

C.

Configure CPPM as the sFlow collector, and make sure that sFlow is enabled on edge ports.

D.

Connect the switches to CPPM's span ports, and set up mirroring of HTTP traffic on the switches.

Buy Now
Questions 8

Your ArubaoS solution has detected a rogue AP with Wireless intrusion Prevention (WIP). Which information about the detected radio can best help you to locate the rogue device?

Options:

A.

the match method

B.

the detecting devices

C.

the match type

D.

the confidence level

Buy Now
Questions 9

Which is a correct description of a Public Key Infrastructure (PKI)?

Options:

A.

A device uses Intermediate Certification Authorities (CAs) to enable it to trust root CAs that are different from the root CA that signed its own certificate.

B.

A user must manually choose to trust intermediate and end-entity certificates, or those certificates must be installed on the device as trusted in advance.

C.

Root Certification Authorities (CAs) primarily sign certificates, and Intermediate Certification Authorities (CAs) primarily validate signatures.

D.

A user must manually choose to trust a root Certification Authority (CA) certificate, or the root CA certificate must be installed on the device as trusted.

Buy Now
Questions 10

Refer to the exhibit.

This Aruba Mobility Controller (MC) should authenticate managers who access the Web Ul to ClearPass Policy Manager (CPPM) ClearPass admins have asked you to use RADIUS and explained that the MC should accept managers' roles in Aruba-Admin-Role VSAs

Which setting should you change to follow Aruba best security practices?

Options:

A.

Change the local user role to read-only

B.

Clear the MSCHAP check box

C.

Disable local authentication

D.

Change the default role to "guest-provisioning"

Buy Now
Questions 11

Two wireless clients, client 1 and client 2, are connected to an ArubaOS Mobility Controller. Subnet 10.1.10.10/24 is a network of servers on the other side of the ArubaOS firewall. The exhibit shows all three firewall rules that apply to these clients.

Which traffic is permitted?

Options:

A.

an HTTPS request from client 1 to 10.1.10.10 and an HTTPS response from 10.1.10.10 to client 1

B.

an HTTPS request from client 1 to 10.1.10.10 and an HTTPS request from 10.1.10.11 to client 1

C.

an HTTPS request from 10.1.10.10 to client 1 and an HTTPS re-sponse from client 1 to 10.1.10.10

D.

an HTTPS request from client 1 to client 2 and an HTTPS request from client 2 to client 1

Buy Now
Questions 12

What is a vulnerability of an unauthenticated Dime-Heliman exchange?

Options:

A.

A hacker can replace the public values exchanged by the legitimate peers and launch an MITM attack.

B.

A brute force attack can relatively quickly derive Diffie-Hellman private values if they are able to obtain public values

C.

Diffie-Hellman with elliptic curve values is no longer considered secure in modem networks, based on NIST recommendations.

D.

Participants must agree on a passphrase in advance, which can limit the usefulness of Diffie- Hell man in practical contexts.

Buy Now
Questions 13

An admin has created a WLAN that uses the settings shown in the exhibits (and has not otherwise adjusted the settings in the AAA profile) A client connects to the WLAN Under which circumstances will a client receive the default role assignment?

Options:

A.

The client has attempted 802 1X authentication, but the MC could not contact the authentication server

B.

The client has attempted 802 1X authentication, but failed to maintain a reliable connection, leading to a timeout error

C.

The client has passed 802 1X authentication, and the value in the Aruba-User-Role VSA matches a role on the MC

D.

The client has passed 802 1X authentication and the authentication server did not send an Aruba-User-Role VSA

Buy Now
Questions 14

You are configuring ArubaOS-CX switches to tunnel client traffic to an Aruba Mobility Controller (MC). What should you do to enhance security for control channel communications between the switches and the MC?

Options:

A.

Create one UBT zone for control traffic and a second UBT zone for clients.

B.

Configure a long, random PAPI security key that matches on the switches and the MC.

C.

install certificates on the switches, and make sure that CPsec is enabled on the MC

D.

Make sure that the UBT client vlan is assigned to the interface on which the switches reach the MC and only that interface.

Buy Now
Questions 15

Which attack is an example or social engineering?

Options:

A.

An email Is used to impersonate a Dank and trick users into entering their bank login information on a fake website page.

B.

A hacker eavesdrops on insecure communications, such as Remote Desktop Program (RDP). and discovers login credentials.

C.

A user visits a website and downloads a file that contains a worm, which sell-replicates throughout the network.

D.

An attack exploits an operating system vulnerability and locks out users until they pay the ransom.

Buy Now
Questions 16

How does the ArubaOS firewall determine which rules to apply to a specific client's traffic?

Options:

A.

The firewall applies every rule that includes the dent's IP address as the source.

B.

The firewall applies the rules in policies associated with the client's wlan

C.

The firewall applies thee rules in policies associated with the client's user role.

D.

The firewall applies every rule that includes the client's IP address as the source or destination.

Buy Now
Questions 17

Refer to the exhibit.

How can you use the thumbprint?

Options:

A.

Install this thumbprint on management stations to use as two-factor authentication along with manager usernames and passwords, this will ensure managers connect from valid stations

B.

Copy the thumbprint to other Aruba switches to establish a consistent SSH Key for all switches this will enable managers to connect to the switches securely with less effort

C.

When you first connect to the switch with SSH from a management station, make sure that the thumbprint matches to ensure that a man-in-t he-mid die (MITM) attack is not occurring

D.

install this thumbprint on management stations the stations can then authenticate with the thumbprint instead of admins having to enter usernames and passwords.

Buy Now
Questions 18

Refer to the exhibit.

Device A is establishing an HTTPS session with the Arubapedia web sue using Chrome. The Arubapedia web server sends the certificate shown in the exhibit

What does the browser do as part of vacating the web server certificate?

Options:

A.

It uses the public key in the DigCen SHA2 Secure Server CA certificate to check the certificate's signature.

B.

It uses the public key in the DigCert root CA certificate to check the certificate signature

C.

It uses the private key in the DigiCert SHA2 Secure Server CA to check the certificate's signature.

D.

It uses the private key in the Arubapedia web site's certificate to check that certificate's signature

Buy Now
Questions 19

Refer to the exhibit.

This company has ArubaOS-Switches. The exhibit shows one access layer switch, Swllcn-2. as an example, but the campus actually has more switches. The company wants to slop any internal users from exploiting ARP

What Is the proper way to configure the switches to meet these requirements?

Options:

A.

On Switch-1, enable ARP protection globally, and enable ARP protection on ail VLANs.

B.

On Switch-2, make ports connected to employee devices trusted ports for ARP protection

C.

On Swltch-2, enable DHCP snooping globally and on VLAN 201 before enabling ARP protection

D.

On Swltch-2, configure static PP-to-MAC bindings for all end-user devices on the network

Buy Now
Questions 20

A company has an Aruba Instant AP cluster. A Windows 10 client is attempting to connect a WLAN that enforces WPA3-Enterprise with authentication to ClearPass Policy Manager (CPPM). CPPM is configured to require EAP-TLS. The client authentication fails. In the record for this client’s authentication attempt on CPPM, you see this alert.

What is one thing that you check to resolve this issue?

Options:

A.

whether the client has a third-party 802.1 X supplicant, as Windows 10 does not support EAP-TLS

B.

whether the client has a valid certificate installed on it to let it support EAP-TLS

C.

whether EAP-TLS is enabled in the SSID Profile settings for the WLAN on the IAP cluster

D.

whether EAP-TLS is enabled in the AAA Profile settings for the WLAN on the IAP cluster

Buy Now
Questions 21

From which solution can ClearPass Policy Manager (CPPM) receive detailed information about client device type OS and status?

Options:

A.

ClearPass Onboard

B.

ClearPass Access Tracker

C.

ClearPass OnGuard

D.

ClearPass Guest

Buy Now
Questions 22

You have been authorized to use containment to respond to rogue APs detected by ArubaOS Wireless Intrusion Prevention (WIP). What is a consideration for using tarpit containment versus traditional wireless containment?

Options:

A.

Rather than function wirelessly, tarpit containment sends ARP frames over the wired network to poison rogue APs ARP tables and prevent them from transmitting on the wired network.

B.

Rather than target all clients connected to rogue APs, tarpit containment targets only authorized clients that are connected to a rogue AP, reducing the chance of negative effects on neighbors.

C.

Tarpit containment does not require an RF Protect license to function, while traditional wireless containment does.

D.

Tarpit containment forms associations with clients to enable more effective containment with fewer disassociation frames than traditional wireless containment.

Buy Now
Questions 23

What is an example or phishing?

Options:

A.

An attacker sends TCP messages to many different ports to discover which ports are open.

B.

An attacker checks a user’s password by using trying millions of potential passwords.

C.

An attacker lures clients to connect to a software-based AP that is using a legitimate SSID.

D.

An attacker sends emails posing as a service team member to get users to disclose their passwords.

Buy Now
Questions 24

What is a correct guideline for the management protocols that you should use on ArubaOS-Switches?

Options:

A.

Disable Telnet and use TFTP instead.

B.

Disable SSH and use https instead.

C.

Disable Telnet and use SSH instead

D.

Disable HTTPS and use SSH instead

Buy Now
Questions 25

You have an Aruba solution with multiple Mobility Controllers (MCs) and campus APs. You want to deploy a WPA3-Enterprise WLAN and authenticate users to Aruba ClearPass Policy Manager (CPPM) with EAP-TLS.

What is a guideline for ensuring a successful deployment?

Options:

A.

Avoid enabling CNSA mode on the WLAN, which requires the internal MC RADIUS server.

B.

Ensure that clients trust the root CA for the MCs’ Server Certificates.

C.

Educate users in selecting strong passwords with at least 8 characters.

D.

Deploy certificates to clients, signed by a CA that CPPM trusts.

Buy Now
Questions 26

What is an Authorized client as defined by ArubaOS Wireless Intrusion Prevention System (WIP)?

Options:

A.

a client that has a certificate issued by a trusted Certification Authority (CA)

B.

a client that is not on the WIP blacklist

C.

a client that has successfully authenticated to an authorized AP and passed encrypted traffic

D.

a client that is on the WIP whitelist.

Buy Now
Questions 27

What is one way that WPA3-Enterprise enhances security when compared to WPA2-Enterprise?

Options:

A.

WPA3-Enterprise implements the more secure simultaneous authentication of equals (SAE), while WPA2-Enterprise uses 802.1X.

B.

WPA3-Enterprise provides built-in mechanisms that can deploy user certificates to authorized end-user devices.

C.

WPA3-Enterprise uses Diffie-Hellman in order to authenticate clients, while WPA2-Enterprise uses 802.1X authentication.

D.

WPA3-Enterprise can operate in CNSA mode, which mandates that the 802.11 association uses secure algorithms.

Buy Now
Questions 28

You are deploying a new wireless solution with an Aruba Mobility Master (MM). Aruba Mobility Controllers (MCs), and campus APs (CAPs). The solution will include a WLAN that uses Tunnel for the forwarding mode and WPA3-Enterprise for the security option.

You have decided to assign the WLAN to VLAN 301, a new VLAN. A pair of core routing switches will act as the default router for wireless user traffic.

Which links need to carry VLAN 301?

Options:

A.

only links in the campus LAN to ensure seamless roaming

B.

only links between MC ports and the core routing switches

C.

only links on the path between APs and the core routing switches

D.

only links on the path between APs and the MC

Buy Now
Questions 29

You have been instructed to look in the ArubaOS Security Dashboard's client list Your goal is to find clients mat belong to the company and have connected to devices that might belong to hackers

Which client fits this description?

Options:

A.

MAC address d8:50:e6:f3;6d;a4; Client Classification Authorized; AP Classification, interfering

B.

MAC address d8:50:e6 f3;6e;c5; Client Classification Interfering. AP Classification Neighbor

C.

MAC address d8:50:e6:f3;6e;60; Client Classification Interfering. AP Classification Interfering

D.

MAC address d8:50:e6:f3;TO;ab; Client Classification Interfering. AP Classification Rogue

Buy Now
Questions 30

Refer to the exhibit.

You need to ensure that only management stations in subnet 192.168.1.0/24 can access the ArubaOS-Switches' CLI. Web Ul. and REST interfaces The company also wants to let managers use these stations to access other parts of the network What should you do?

Options:

A.

Establish a Control Plane Policing class that selects traffic from 192.168 1.0/24.

B.

Specify 192.168.1.0.255.255.255.0 as authorized IP manager address

C.

Configure the switch to listen for these protocols on OOBM only.

D.

Specify vlan 100 as the management vlan for the switches.

Buy Now
Questions 31

A company has added a new user group. Users in the group try to connect to the WLAN and receive errors that the connection has no Internet access. The users cannot reach any resources. The first exhibit shows the record for one of the users who cannot connect. The second exhibit shows the role to which the ArubaOS device assigned the user's client.

What is a likely problem?

Options:

A.

The ArubaOS device has a server derivation rule configured on it that has overridden the role sent by CPPM.

B.

The ArubaOS device does not have the correct RADIUS dictionaries installed on it to under-stand the Aruba-User-Role VSA.

C.

The role name that CPPM is sending does not match the role name configured on the Aru-baOS device.

D.

The clients rejected the server authentication on their side because they do not have the root CA for CPPM's RADIUS/EAP certificate.

Buy Now
Exam Code: HPE6-A78
Exam Name: Aruba Certified Network Security Associate Exam
Last Update: Jul 12, 2024
Questions: 106
$56  $159.99
$42  $119.99
$35  $99.99
buy now HPE6-A78