HP HPE6-A78 Exam Practice Test Instant Access

Question 1

You are configuring ArubaOS-CX switches to tunnel client traffic to an Aruba Mobility Controller (MC). What should you do to enhance security for control channel communications between the switches and the MC?

ACreate one UBT zone for control traffic and a second UBT zone for clients.

BConfigure a long, random PAPI security key that matches on the switches and the MC.

Cinstall certificates on the switches, and make sure that CPsec is enabled on the MC

DMake sure that the UBT client vlan is assigned to the interface on which the switches reach the MC and only that interface.

Answer : C

Question 2

Refer to the exhibit.

This Aruba Mobility Controller (MC) should authenticate managers who access the Web Ul to ClearPass Policy Manager (CPPM) ClearPass admins have asked you to use RADIUS and explained that the MC should accept managers' roles in Aruba-Admin-Role VSAs

Which setting should you change to follow Aruba best security practices?

AChange the local user role to read-only

BClear the MSCHAP check box

CDisable local authentication

DChange the default role to 'guest-provisioning'

Answer : D

Question 3

An ArubaOS-CX switch enforces 802.1X on a port. No fan-through options or port-access roles are configured on the port The 802 1X supplicant on a connected client has not yet completed authentication

Which type of traffic does the authenticator accept from the client?

AEAP only

BDHCP, DNS and RADIUS only

CRADIUS only

DDHCP, DNS, and EAP only

Answer : A

Question 4

You configure an ArubaOS-Switch to enforce 802.1X authentication with ClearPass Policy Manager (CPPM) denned as the RADIUS server Clients cannot authenticate You check Aruba ClearPass Access Tracker and cannot find a record of the authentication attempt.

What are two possible problems that have this symptom? (Select two)

Ausers are logging in with the wrong usernames and passwords or invalid certificates.

BClients are configured to use a mismatched EAP method from the one In the CPPM service.

CThe RADIUS shared secret does not match between the switch and CPPM.

DCPPM does not have a network device defined for the switch's IP address.

EClients are not configured to trust the root CA certificate for CPPM's RADIUS/EAP certificate.

Answer : A, E

Question 5

You have been instructed to look in the ArubaOS Security Dashboard's client list Your goal is to find clients mat belong to the company and have connected to devices that might belong to hackers

Which client fits this description?

AMAC address d8:50:e6:f3;6d;a4; Client Classification Authorized; AP Classification, interfering

BMAC address d8:50:e6 f3;6e;c5; Client Classification Interfering. AP Classification Neighbor

CMAC address d8:50:e6:f3;6e;60; Client Classification Interfering. AP Classification Interfering

DMAC address d8:50:e6:f3;TO;ab; Client Classification Interfering. AP Classification Rogue

Answer : C

Question 6

Refer to the exhibit.

You have set up a RADIUS server on an ArubaOS Mobility Controller (MC) when you created a WLAN named "MyEmployees .You now want to enable the MC to accept change of authorization (CoA) messages from this server for wireless sessions on this WLAN.

What Is a part of the setup on the MC?

ACreate a dynamic authorization, or RFC 3576, server with the 10.5.5.5 address and correct shared secret.

BInstall the root CA associated with the 10 5.5.5 server's certificate as a Trusted CA certificate.

CConfigure a ClearPass username and password in the MyEmployees AAA profile.

DEnable the dynamic authorization setting in the 'clearpass' authentication server settings.

Answer : B

Question 7

Which attack is an example or social engineering?

AAn email Is used to impersonate a Dank and trick users into entering their bank login information on a fake website page.

BA hacker eavesdrops on insecure communications, such as Remote Desktop Program (RDP). and discovers login credentials.

CA user visits a website and downloads a file that contains a worm, which sell-replicates throughout the network.

DAn attack exploits an operating system vulnerability and locks out users until they pay the ransom.

Answer : A

HPE6-A78 Aruba Certified Network Security Associate Exam Practice Test