Easter Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium HP HPE6-A78 Dumps Questions Answers

Page: 1 / 13
Total 167 questions

Aruba Certified Network Security Associate Exam Questions and Answers

Question 1

Which is a correct description of a stage in the Lockheed Martin kill chain?

Options:

A.

In the delivery stage, malware collects valuable data and delivers or exfilltrated it to the hacker.

B.

In the reconnaissance stage, the hacker assesses the impact of the attack and how much information was exfilltrated.

C.

In the weaponization stage, which occurs after malware has been delivered to a system, the malware executes Its function.

D.

In the exploitation and installation phases, malware creates a backdoor into the infected system for the hacker.

Buy Now
Question 2

What is a consideration for using MAC authentication (MAC-Auth) to secure a wired or wireless connection?

Options:

A.

As a Layer 2 authentication method, MAC-Auth cannot be used to authenticate devices to an external authentication server.

B.

It is very easy for hackers to spoof their MAC addresses and get around MAC authentication.

C.

MAC-Auth can add a degree of security to an open WLAN by enabling the generation of a PMK to encrypt traffic.

D.

Headless devices, such as Internet of Things (loT) devices, must be configured in advance to support MAC-Auth.

Question 3

The first exhibit shows roles on the MC, listed in alphabetic order. The second and third exhibits show the configuration for a WLAN to which a client connects. Which description of the role assigned to a user under various circumstances is correct?

Options:

A.

A user fails 802.1X authentication. The client remains connected, but is assigned the "guest" role.

B.

A user authenticates successfully with 802.1 X. and the RADIUS Access-Accept includes an Aruba-User-Role VSA set to "employeel.” The client’s role is "guest."

C.

A user authenticates successfully with 802.1X. and the RADIUS Access-Accept includes an Aruba-User-Role VSA set to "employee." The client’s role is "guest."

D.

A user authenticates successfully with 802.1X, and the RADIUS Access-Accept includes an Aruba-User-RoleVSA set to "employeel." The client's role is "employeel."

Question 4

Which attack is an example or social engineering?

Options:

A.

An email Is used to impersonate a Dank and trick users into entering their bank login information on a fake website page.

B.

A hacker eavesdrops on insecure communications, such as Remote Desktop Program (RDP). and discovers login credentials.

C.

A user visits a website and downloads a file that contains a worm, which sell-replicates throughout the network.

D.

An attack exploits an operating system vulnerability and locks out users until they pay the ransom.

Question 5

What is a use case for Transport Layer Security (TLS)?

Options:

A.

to establish a framework for devices to determine when to trust other devices' certificates

B.

to enable a client and a server to establish secure communications for another protocol

C.

to enable two parties to asymmetrically encrypt and authenticate all data that passes be-tween them

D.

to provide a secure alternative to certificate authentication that is easier to implement

Question 6

What is a correct description of a stage in the Lockheed Martin kill chain?

Options:

A.

In the delivery stage, the hacker delivers malware to targeted users, often with spear phishing methods.

B.

In the installation phase, hackers seek to install vulnerabilities in operating systems across the network.

C.

In the weaponization stage, malware installed in the targeted network seeks to attack intrusion prevention systems (IPS).

D.

In the exploitation phase, hackers conduct social engineering attacks to exploit weak algorithms and crack user accounts.

Question 7

You are deploying an Aruba Mobility Controller (MC). What is a best practice for setting up secure management access to the ArubaOS Web UP

Options:

A.

Avoid using external manager authentication tor the Web UI.

B.

Change the default 4343 port tor the web UI to TCP 443.

C.

Install a CA-signed certificate to use for the Web UI server certificate.

D.

Make sure to enable HTTPS for the Web UI and select the self-signed certificate Installed in the factory.

Question 8

What is one practice that can help you to maintain a digital chain or custody In your network?

Options:

A.

Enable packet capturing on Instant AP or Moodily Controller (MC) datepath on an ongoing basis

B.

Enable packet capturing on Instant AP or Mobility Controller (MC) control path on an ongoing basis.

C.

Ensure that all network infrastructure devices receive a valid clock using authenticated NTP

D.

Ensure that all network Infrastructure devices use RADIUS rather than TACACS+ to authenticate managers

Question 9

Which is a correct description of a stage in the Lockheed Martin kill chain?

Options:

A.

In the weaponization stage, which occurs after malware has been delivered to a system, the malware executes its function.

B.

In the exploitation and installation phases, malware creates a backdoor into the infected system for the hacker.

C.

In the reconnaissance stage, the hacker assesses the impact of the attack and how much information was exfiltrated.

D.

In the delivery stage, malware collects valuable data and delivers or exfiltrates it to the hacker.

Question 10

What is social engineering?

Options:

A.

Hackers use Artificial Intelligence (Al) to mimic a user’s online behavior so they can infiltrate a network and launch an attack.

B.

Hackers use employees to circumvent network security and gather the information they need to launch an attack.

C.

Hackers intercept traffic between two users, eavesdrop on their messages, and pretend to be one or both users.

D.

Hackers spoof the source IP address in their communications so they appear to be a legitimate user.

Question 11

You have configured a WLAN to use Enterprise security with the WPA3 version.

How does the WLAN handle encryption?

Options:

A.

Traffic is encrypted with TKIP and keys derived from a PMK shared by all clients on the WLAN.

B.

Traffic is encrypted with TKIP and keys derived from a unique PMK per client.

C.

Traffic is encrypted with AES and keys derived from a PMK shared by all clients on the WLAN.

D.

Traffic is encrypted with AES and keys derived from a unique PMK per client.

Question 12

Your company policies require you to encrypt logs between network infrastructure devices and Syslog servers. What should you do to meet these requirements on an ArubaOS-CX switch?

Options:

A.

Specify the Syslog server with the TLS option and make sure the switch has a valid certificate.

B.

Specify the Syslog server with the UDP option and then add an CPsec tunnel that selects Syslog.

C.

Specify a priv key with the Syslog settings that matches a priv key on the Syslog server.

D.

Set up RadSec and then enable Syslog as a protocol carried by the RadSec tunnel.

Question 13

An admin has created a WLAN that uses the settings shown in the exhibits (and has not otherwise adjusted the settings in the AAA profile) A client connects to the WLAN Under which circumstances will a client receive the default role assignment?

Options:

A.

The client has attempted 802 1X authentication, but the MC could not contact the authentication server

B.

The client has attempted 802 1X authentication, but failed to maintain a reliable connection, leading to a timeout error

C.

The client has passed 802 1X authentication, and the value in the Aruba-User-Role VSA matches a role on the MC

D.

The client has passed 802 1X authentication and the authentication server did not send an Aruba-User-Role VSA

Question 14

What role does the Aruba ClearPass Device Insight Analyzer play in the Device Insight architecture?

Options:

A.

It resides in the cloud and manages licensing and configuration for Collectors

B.

It resides on-prem and provides the span port to which traffic is mirrored for deep analytics.

C.

It resides on-prem and is responsible for running active SNMP and Nmap scans

D.

It resides In the cloud and applies machine learning and supervised crowdsourcing to metadata sent by Collectors

Question 15

What is one benefit of a Trusted Platform Module (TPM) on an Aruba AP?

Options:

A.

It enables secure boot, which detects if hackers corrupt the OS with malware.

B.

It deploys the AP with enhanced security, which includes disabling the password recovery mechanism.

C.

It allows the AP to run in secure mode, which automatically enables CPsec and disables the console port.

D.

It enables the AP to encrypt and decrypt 802.11 traffic locally, rather than at the MC.

Question 16

A company with 465 employees wants to deploy an open WLAN for guests. The company wants the experience to be as follows:

    Guests select the WLAN and connect without having to enter a password.

    Guests are redirected to a welcome web page and log in.The company also wants to provide encryption for the network for devices that are capable. Which security options should you implement for the WLAN?

Options:

A.

Opportunistic Wireless Encryption (OWE) and WPA3-Personal

B.

Captive portal and WPA3-Personal

C.

WPA3-Personal and MAC-Auth

D.

Captive portal and Opportunistic Wireless Encryption (OWE) in transition mode

Question 17

What is one difference between EAP-Tunneled Layer Security (EAP-TLS) and Protected EAP (PEAP)?

Options:

A.

EAP-TLS begins with the establishment of a TLS tunnel, but PEAP does not use a TLS tunnel as part of its process.

B.

EAP-TLS requires the supplicant to authenticate with a certificate, but PEAP allows the supplicant to use a username and password.

C.

EAP-TLS creates a TLS tunnel for transmitting user credentials, while PEAP authenticates the server and supplicant during a TLS handshake.

D.

EAP-TLS creates a TLS tunnel for transmitting user credentials securely, while PEAP protects user credentials with TKIP encryption.

Question 18

What purpose does an initialization vector (IV) serve for encryption?

Options:

A.

It helps parties to negotiate the keys and algorithms used to secure data before data transmission.

B.

It makes encryption algorithms more secure by ensuring that same plaintext and key can produce different ciphertext.

C.

It enables programs to convert easily-remembered passphrases to keys of a correct length.

D.

It enables the conversion of asymmetric keys into keys that are suitable for symmetric encryption.

Question 19

What purpose does an initialization vector (IV) serve for encryption?

Options:

A.

It enables programs to convert easily-remembered passphrases to keys of a correct length.

B.

It makes encryption algorithms more secure by ensuring that the same plaintext and key can produce different ciphertext.

C.

It helps parties to negotiate the keys and algorithms used to secure data before data transmission.

D.

It enables the conversion of asymmetric keys into keys that are suitable for symmetric encryption.

Question 20

A company with 439 employees wants to deploy an open WLAN for guests. The company wants the experience to be as follows:

*Guests select the WLAN and connect without having to enter a password.

*Guests are redirected to a welcome web page and log in.

The company also wants to provide encryption for the network for devices that are capable. Which security options should you implement for the WLAN?

Options:

A.

Opportunistic Wireless Encryption (OWE) and WPA3-Personal

B.

WPA3-Personal and MAC-Auth

C.

Captive portal and Opportunistic Wireless Encryption (OWE) in transition mode

D.

Captive portal and WPA3-Personal

Question 21

You have been asked to send RADIUS debug messages from an AOS-CX switch to a central SIEM server at 10.5.15.6. The server is already defined on the switch with this command:

logging 10.5.15.6

You enter this command:

debug radius all

What is the correct debug destination?

Options:

A.

file

B.

console

C.

buffer

D.

syslog

Question 22

You have been asked to rind logs related to port authentication on an ArubaOS-CX switch for events logged in the past several hours But. you are having trouble searching through the logs What is one approach that you can take to find the relevant logs?

Options:

A.

Add the "-C and *-c port-access" options to the "show logging" command.

B.

Configure a logging Tiller for the "port-access" category, and apply that filter globally.

C.

Enable debugging for "portaccess" to move the relevant logs to a buffer.

D.

Specify a logging facility that selects for "port-access" messages.

Question 23

What is one difference between EAP-Tunneled Layer security (EAP-TLS) and Protected EAP (PEAP)?

Options:

A.

EAP-TLS creates a TLS tunnel for transmitting user credentials, while PEAP authenticates the server and supplicant during a TLS handshake.

B.

EAP-TLS requires the supplicant to authenticate with a certificate, hut PEAP allows the supplicant to use a username and password.

C.

EAP-TLS begins with the establishment of a TLS tunnel, but PEAP does not use a TLS tunnel as part of Its process

D.

EAP-TLS creates a TLS tunnel for transmitting user credentials securely while PEAP protects user credentials with TKIP encryption.

Question 24

What is one thing can you determine from the exhibits?

Options:

A.

CPPM originally assigned the client to a role for non-profiled devices. It sent a CoA to the authenticator after it categorized the device.

B.

CPPM sent a CoA message to the client to prompt the client to submit information that CPPM can use to profile it.

C.

CPPM was never able to determine a device category for this device, so you need to check settings in the network infrastructure to ensure they support CPPM's endpoint classification.

D.

CPPM first assigned the client to a role based on the user's identity. Then, it discovered that the client had an invalid category, so it sent a CoA to blacklist the client.

Question 25

Refer to the exhibit.

Device A is establishing an HTTPS session with the Arubapedia web sue using Chrome. The Arubapedia web server sends the certificate shown in the exhibit

What does the browser do as part of vacating the web server certificate?

Options:

A.

It uses the public key in the DigCen SHA2 Secure Server CA certificate to check the certificate's signature.

B.

It uses the public key in the DigCert root CA certificate to check the certificate signature

C.

It uses the private key in the DigiCert SHA2 Secure Server CA to check the certificate's signature.

D.

It uses the private key in the Arubapedia web site's certificate to check that certificate's signature

Question 26

What is one way that WPA3-Enterprise enhances security when compared to WPA2-Enterprise?

Options:

A.

WPA3-Enterprise implements the more secure simultaneous authentication of equals (SAE), while WPA2-Enterprise uses 802.1X.

B.

WPA3-Enterprise provides built-in mechanisms that can deploy user certificates to authorized end-user devices.

C.

WPA3-Enterprise uses Diffie-Hellman in order to authenticate clients, while WPA2-Enterprise uses 802.1X authentication.

D.

WPA3-Enterprise can operate in CNSA mode, which mandates that the 802.11 association uses secure algorithms.

Question 27

You have an Aruba solution with multiple Mobility Controllers (MCs) and campus APs. You want to deploy a WPA3-Enterprise WLAN and authenticate users to Aruba ClearPass Policy Manager (CPPM) with EAP-TLS.

What is a guideline for ensuring a successful deployment?

Options:

A.

Avoid enabling CNSA mode on the WLAN, which requires the internal MC RADIUS server.

B.

Ensure that clients trust the root CA for the MCs’ Server Certificates.

C.

Educate users in selecting strong passwords with at least 8 characters.

D.

Deploy certificates to clients, signed by a CA that CPPM trusts.

Question 28

You have been instructed to look in the ArubaOS Security Dashboard's client list. Your goal is to find clients that belong to the company and have connected to devices that might belong to hackers.

Which client fits this description?

Options:

A.

MAC address: d8:50:e6:f3:70:ab; Client Classification: Interfering; AP Classification: Rogue

B.

MAC address: d8:50:e6:f3:6e:c5; Client Classification: Interfering; AP Classification: Neighbor

C.

MAC address: d8:50:e6:f3:6e:60; Client Classification: Interfering; AP Classification: Authorized

D.

MAC address: d8:50:e6:f3:6d:a4; Client Classification: Authorized; AP Classification: Rogue

Question 29

Which is an accurate description of a type of malware?

Options:

A.

Worms are usually delivered in spear-phishing attacks and require users to open and run a file.

B.

Rootkits can help hackers gain elevated access to a system and often actively conceal themselves from detection.

C.

A Trojan is any type of malware that replicates itself and spreads to other systems automatically.

D.

Malvertising can only infect a system if the user encounters the malware on an untrustworthy site.

Question 30

An organization has HPE Aruba Networking infrastructure, including AOS-CX switches and an AOS-8 mobility infrastructure with Mobility Controllers (MCs) and APs. Clients receive certificates from ClearPass Onboard. The infrastructure devices authenticate clients to ClearPass Policy Manager (CPPM). The company wants to start profiling clients to take their device type into account in their access rights.

What is a role that CPPM should play in this plan?

Options:

A.

Assigning clients to their device categories

B.

Helping to forward profiling information to the component responsible for profiling

C.

Accepting and enforcing CoA messages

D.

Enforcing access control decisions

Question 31

What is a use case for tunneling traffic between an Aruba switch and an AruDa Mobility Controller (MC)?

Options:

A.

applying firewall policies and deep packet inspection to wired clients

B.

enhancing the security of communications from the access layer to the core with data encryption

C.

securing the network infrastructure control plane by creating a virtual out-of-band-management network

D.

simplifying network infrastructure management by using the MC to push configurations to the switches

Question 32

What is another setting that you must configure on the switch to meet these requirements?

Options:

A.

Set the aaa authentication login method for SSH to the "radius" server-group (with local as backup).

B.

Configure a CPPM username and password that match a CPPM admin account.

C.

Create port-access roles with the same names of the roles that CPPM will send in Aruba-Admin-Role VSAs.

D.

Disable SSH on the default VRF and enable it on the mgmt VRF instead.

Question 33

What is a difference between passive and active endpoint classification?

Options:

A.

Passive classification refers exclusively to MAC OUI-based classification, while active classification refers to any other classification method.

B.

Passive classification classifies endpoints based on entries in dictionaries, while active classification uses admin-defined rules to classify endpoints.

C.

Passive classification is only suitable for profiling endpoints in small business environments, while enterprises should use active classification exclusively.

D.

Passive classification analyzes traffic that endpoints send as part of their normal functions; active classification involves sending requests to endpoints.

Question 34

Refer to the exhibit.

How can you use the thumbprint?

Options:

A.

Install this thumbprint on management stations to use as two-factor authentication along with manager usernames and passwords, this will ensure managers connect from valid stations

B.

Copy the thumbprint to other Aruba switches to establish a consistent SSH Key for all switches this will enable managers to connect to the switches securely with less effort

C.

When you first connect to the switch with SSH from a management station, make sure that the thumbprint matches to ensure that a man-in-t he-mid die (MITM) attack is not occurring

D.

install this thumbprint on management stations the stations can then authenticate with the thumbprint instead of admins having to enter usernames and passwords.

Question 35

What is one of the policies that a company should define for digital forensics?

Options:

A.

which data should be routinely logged, where logs should be forwarded, and which logs should be archived

B.

what are the first steps that a company can take to implement micro-segmentation in their environment

C.

to which resources should various users be allowed access, based on their identity and the identity of their clients

D.

which type of EAP method is most secure for authenticating wired and wireless users with 802.1

Question 36

You have been asked to send RADIUS debug messages from an ArubaOS-CX switch to a central SIEM server at 10.5.15.6. The server is already defined on the switch with this command: logging 10.5.6.12

You enter this command: debug radius all

What is the correct debug destination?

Options:

A.

console

B.

file

C.

syslog

D.

buffer

Question 37

Which endpoint classification capabilities do Aruba network infrastructure devices have on their own without ClearPass solutions?

Options:

A.

ArubaOS-CX switches can use a combination of active and passive methods to assign roles to clients.

B.

ArubaOS devices (controllers and lAPs) can use DHCP fingerprints to assign roles to clients.

C.

ArubaOS devices can use a combination of DHCP fingerprints, HTTP User-Agent strings, and Nmap to construct endpoint profiles.

D.

ArubaOS-Switches can use DHCP fingerprints to construct detailed endpoint profiles.

Question 38

What is one way that Control Plane Security (CPsec) enhances security for me network?

Options:

A.

It protects wireless clients' traffic tunneled between APs and Mobility Controllers, from eavesdropping

B.

It prevents Denial of Service (DoS) attacks against Mobility Controllers' (MCs") control plane.

C.

It prevents access from unauthorized IP addresses to critical services, such as SSH on Mobility Controllers (MCs).

D.

It protects management traffic between APs and Mobility Controllers (MCs) from eavesdropping.

Question 39

You have deployed a new HPE Aruba Networking Mobility Controller (MC) and campus APs (CAPs). One of the WLANs enforces 802.1X authentication to HPE Aruba Networking ClearPass Policy Manager (CPPM). When you test connecting the client to the WLAN, the test fails. You check ClearPass Access Tracker and cannot find a record of the authentication attempt. You ping from the MC to CPPM, and the ping is successful.

What is a good next step for troubleshooting?

Options:

A.

Renew CPPM's RADIUS/EAP certificate.

B.

Check connectivity between CPPM and a backend directory server.

C.

Check CPPM Event Viewer.

D.

Reset the user credentials.

Question 40

What distinguishes a Distributed Denial of Service (DDoS) attack from a traditional Denial or service attack (DoS)?

Options:

A.

A DDoS attack originates from external devices, while a DoS attack originates from internal devices

B.

A DDoS attack is launched from multiple devices, while a DoS attack is launched from a single device

C.

A DoS attack targets one server, a DDoS attack targets all the clients that use a server

D.

A DDoS attack targets multiple devices, while a DoS Is designed to Incapacitate only one device

Question 41

A company with 382 employees wants to deploy an open WLAN for guests. The company wants the experience to be as follows:

The company also wants to provide encryption for the network for devices mat are capable, you implement Tor the WLAN?

Which security options should

Options:

A.

WPA3-Personal and MAC-Auth

B.

Captive portal and WPA3-Personai

C.

Captive portal and Opportunistic Wireless Encryption (OWE) in transition mode

D.

Opportunistic Wireless Encryption (OWE) and WPA3-Personal

Question 42

Refer to the exhibit.

This company has ArubaOS-Switches. The exhibit shows one access layer switch, Swllcn-2. as an example, but the campus actually has more switches. The company wants to slop any internal users from exploiting ARP

What Is the proper way to configure the switches to meet these requirements?

Options:

A.

On Switch-1, enable ARP protection globally, and enable ARP protection on ail VLANs.

B.

On Switch-2, make ports connected to employee devices trusted ports for ARP protection

C.

On Swltch-2, enable DHCP snooping globally and on VLAN 201 before enabling ARP protection

D.

On Swltch-2, configure static PP-to-MAC bindings for all end-user devices on the network

Question 43

A user attempts to connect to an SSID configured on an AOS-8 mobility architecture with Mobility Controllers (MCs) and APs. The SSID enforces WPA3-Enterprise security and uses HPE Aruba Networking ClearPass Policy Manager (CPPM) as the authentication server. The WLAN has initial role, logon, and 802.1X default role, guest.

A user attempts to connect to the SSID, and CPPM sends an Access-Accept with an Aruba-User-Role VSA of "contractor," which exists on the MC.

What does the MC do?

Options:

A.

Applies the rules in the logon role, then guest role, and the contractor role

B.

Applies the rules in the contractor role

C.

Applies the rules in the contractor role and the logon role

D.

Applies the rules in the contractor role and guest role

Question 44

Which correctly describes a way to deploy certificates to end-user devices?

Options:

A.

ClearPass Onboard can help to deploy certificates to end-user devices, whether or not they are members of a Windows domain

B.

ClearPass Device Insight can automatically discover end-user devices and deploy the proper certificates to them

C.

ClearPass OnGuard can help to deploy certificates to end-user devices, whether or not they are members of a Windows domain

D.

in a Windows domain, domain group policy objects (GPOs) can automatically install computer, but not user certificates

Question 45

You have detected a Rogue AP using the Security Dashboard Which two actions should you take in responding to this event? (Select two)

Options:

A.

There is no need to locale the AP If you manually contain It.

B.

This is a serious security event, so you should always contain the AP immediately regardless of your company's specific policies.

C.

You should receive permission before containing an AP. as this action could have legal Implications.

D.

For forensic purposes, you should copy out logs with relevant information, such as the time mat the AP was detected and the AP's MAC address.

E.

There is no need to locate the AP If the Aruba solution is properly configured to automatically contain it.

Question 46

Refer to the exhibit.

A diem is connected to an ArubaOS Mobility Controller. The exhibit snows all Tour firewall rules that apply to this diem

What correctly describes how the controller treats HTTPS packets to these two IP addresses, both of which are on the other side of the firewall

10.1 10.10

203.0.13.5

Options:

A.

It drops both of the packets

B.

It permits the packet to 10.1.10.10 and drops the packet to 203 0.13.5

C.

it permits both of the packets

D.

It drops the packet to 10.1.10.10 and permits the packet to 203.0.13.5.

Question 47

Refer to the exhibit:

port-access role role1 vlan access 11

port-access role role2 vlan access 12

port-access role role3 vlan access 13

port-access role role4 vlan access 14

aaa authentication port-access dot1x authenticator

enable

interface 1/1/1

no shutdown

no routing

vlan access 1

aaa authentication port-access critical-role role1

aaa authentication port-access preauth-role role2

aaa authentication port-access auth-role role3

interface 1/1/2

no shutdown

no routing

vlan access 1

aaa authentication port-access critical-role role1

aaa authentication port-access preauth-role role2

aaa authentication port-access auth-role role3

The exhibit shows the configuration on an AOS-CX switch.

    Client1 connects to port 1/1/1 and authenticates to HPE Aruba Networking ClearPass Policy Manager (CPPM). CPPM sends an Access-Accept with this VSA: Aruba-User-Role: role4.

    Client2 connects to port 1/1/2 and does not attempt to authenticate.To which roles are the users assigned?

Options:

A.

Client1 = role3; Client2 = role2

B.

Client1 = role4; Client2 = role1

C.

Client1 = role4; Client2 = role2

D.

Client1 = role3; Client2 = role1

Question 48

You are checking the Security Dashboard in the Web UI for your AOS solution and see that Wireless Intrusion Prevention (WIP) has discovered a rogue radio operating in ad hoc mode with open security. What correctly describes a threat that the radio could pose?

Options:

A.

It could be attempting to conceal itself from detection by changing its BSSID and SSID frequently.

B.

It could open a backdoor into the corporate LAN for unauthorized users.

C.

It is running in a non-standard 802.11 mode and could effectively jam the wireless signal.

D.

It is flooding the air with many wireless frames in a likely attempt at a DoS attack.

Question 49

A client is connected to a Mobility Controller (MC). These firewall rules apply to this client’s role:

ipv4 any any svc-dhcp permit

ipv4 user 10.5.5.20 svc-dns permit

ipv4 user 10.1.5.0 255.255.255.0 https permit

ipv4 user 10.1.0.0 255.255.0.0 https deny_opt

ipv4 user any any permit

What correctly describes how the controller treats HTTPS packets to these two IP addresses, both of which are on the other side of the firewall:

10.1.20.1

10.5.5.20

Options:

A.

Both packets are denied.

B.

The first packet is permitted, and the second is denied.

C.

Both packets are permitted.

D.

The first packet is denied, and the second is permitted.

Question 50

A company is deploying AOS-CX switches to support 114 employees, which will tunnel client traffic to an HPE Aruba Networking Mobility Controller (MC) for the MC to apply firewall policies and deep packet inspection (DPI). This MC will be dedicated to receiving traffic from the AOS-CX switches.

What are the licensing requirements for the MC?

Options:

A.

One PEF license per switch

B.

One PEF license per switch, and one WCC license per switch

C.

One AP license per switch

D.

One AP license per switch, and one PEF license per switch

Page: 1 / 13
Total 167 questions