HP HPE6-A78 Exam Practice Test Instant Access

Question 1

You have been asked to rind logs related to port authentication on an ArubaOS-CX switch for events logged in the past several hours But. you are having trouble searching through the logs What is one approach that you can take to find the relevant logs?

AAdd the '-C and *-c port-access' options to the 'show logging' command.

BConfigure a logging Tiller for the 'port-access' category, and apply that filter globally.

CEnable debugging for 'portaccess' to move the relevant logs to a buffer.

DSpecify a logging facility that selects for 'port-access' messages.

Answer : A

Question 2

What is a benefit of Opportunistic Wireless Encryption (OWE)?

AIt allows both WPA2-capabie and WPA3-capable clients to authenticate to the same WPA-Personal WLAN

BIt offers more control over who can connect to the wireless network when compared with WPA2-Personal

CIt allows anyone lo connect, but provides better protection against eavesdropping than a traditional open network

DIt provides protection for wireless clients against both honeypot APs and man-in-the-middle (MUM) attacks

Answer : C

Question 3

Refer to the exhibit.

You need to ensure that only management stations in subnet 192.168.1.0/24 can access the ArubaOS-Switches' CLI. Web Ul. and REST interfaces The company also wants to let managers use these stations to access other parts of the network What should you do?

AEstablish a Control Plane Policing class that selects traffic from 192.168 1.0/24.

BSpecify 192.168.1.0.255.255.255.0 as authorized IP manager address

CConfigure the switch to listen for these protocols on OOBM only.

DSpecify vlan 100 as the management vlan for the switches.

Answer : A

Question 4

What is a benefit or Protected Management Frames (PMF). sometimes called Management Frame Protection (MFP)?

APMF helps to protect APs and MCs from unauthorized management access by hackers.

BPMF ensures trial traffic between APs and Mobility Controllers (MCs) is encrypted.

CPMF prevents hackers from capturing the traffic between APs and Mobility Controllers.

DPMF protects clients from DoS attacks based on forged de-authentication frames

Answer : A

Question 5

You have detected a Rogue AP using the Security Dashboard Which two actions should you take in responding to this event? (Select two)

AThere is no need to locale the AP If you manually contain It.

BThis is a serious security event, so you should always contain the AP immediately regardless of your company's specific policies.

CYou should receive permission before containing an AP. as this action could have legal Implications.

DFor forensic purposes, you should copy out logs with relevant information, such as the time mat the AP was detected and the AP's MAC address.

EThere is no need to locate the AP If the Aruba solution is properly configured to automatically contain it.

Answer : B, D

Question 6

Which correctly describes a way to deploy certificates to end-user devices?

AClearPass Onboard can help to deploy certificates to end-user devices, whether or not they are members of a Windows domain

BClearPass Device Insight can automatically discover end-user devices and deploy the proper certificates to them

CClearPass OnGuard can help to deploy certificates to end-user devices, whether or not they are members of a Windows domain

Din a Windows domain, domain group policy objects (GPOs) can automatically install computer, but not user certificates

Answer : A

Question 7

What is one way a noneypot can be used to launch a man-in-the-middle (MITM) attack to wireless clients?

Ait uses a combination or software and hardware to jam the RF band and prevent the client from connecting to any wireless networks

Bit runs an NMap scan on the wireless client to And the clients MAC and IP address. The hacker then connects to another network and spoofs those addresses.

Cit examines wireless clients' probes and broadcasts the SSlDs in the probes, so that wireless clients will connect to it automatically.

Dit uses ARP poisoning to disconnect wireless clients from the legitimate wireless network and force clients to connect to the hacker's wireless network instead.

Answer : D

HPE6-A78 Aruba Certified Network Security Associate Exam Practice Test