HPE6-A78 Online Practice Questions and Answers

Refer to the exhibit.

You are deploying a new ArubaOS Mobility Controller (MC), which is enforcing authentication to Aruba ClearPass Policy Manager (CPPM). The authentication is not working correctly, and you find the error shown In the exhibit in the CPPM Event Viewer.

What should you check?

A. that the MC has been added as a domain machine on the Active Directory domain with which CPPM is synchronized

B. that the snared secret configured for the CPPM authentication server matches the one defined for the device on CPPM

C. that the IP address that the MC is using to reach CPPM matches the one defined for the device on CPPM

D. that the MC has valid admin credentials configured on it for logging into the CPPM

Refer to the exhibit.

How can you use the thumbprint?

A. Install this thumbprint on management stations to use as two-factor authentication along with manager usernames and passwords, this will ensure managers connect from valid stations

B. Copy the thumbprint to other Aruba switches to establish a consistent SSH Key for all switches this will enable managers to connect to the switches securely with less effort

C. When you first connect to the switch with SSH from a management station, make sure that the thumbprint matches to ensure that a man-in-t he-mid die (MITM) attack is not occurring

D. install this thumbprint on management stations the stations can then authenticate with the thumbprint instead of admins having to enter usernames and passwords.

You are troubleshooting an authentication issue for Aruba switches that enforce 802 IX10 a cluster of Aruba ClearPass Policy Manager (CPPMs) You know that CPPM Is receiving and processing the authentication requests because the Aruba switches are showing Access-Rejects in their statistics However, you cannot find the record tor the Access- Rejects in CPPM Access Tracker.

What is something you can do to look for the records?

A. Make sure that CPPM cluster settings are configured to show Access-Rejects

B. Verify that you are logged in to the CPPM Ul with read-write, not read-only, access

C. Click Edit in Access viewer and make sure that the correct servers are selected.

D. Go to the CPPM Event Viewer, because this is where RADIUS Access Rejects are stored.

You need to deploy an Aruba instant AP where users can physically reach It. What are two recommended options for enhancing security for management access to the AP? (Select two )

A. Disable Its console ports

B. Place a Tamper Evident Label (TELS) over its console port

C. Disable the Web Ul.

D. Configure WPA3-Enterpnse security on the AP

E. install a CA-signed certificate

What is an example or phishing?

A. An attacker sends TCP messages to many different ports to discover which ports are open.

B. An attacker checks a user's password by using trying millions of potential passwords.

C. An attacker lures clients to connect to a software-based AP that is using a legitimate SSID.

D. An attacker sends emails posing as a service team member to get users to disclose their passwords.

What correctly describes the Pairwise Master Key (PMK) in thee specified wireless security protocol?

A. In WPA3-Enterprise, the PMK is unique per session and derived using Simultaneous Authentication of Equals.

B. In WPA3-Personal, the PMK is unique per session and derived using Simultaneous Authentication of Equals.

C. In WPA3-Personal, the PMK is derived directly from the passphrase and is the same tor every session.

D. In WPA3-Personal, the PMK is the same for each session and is communicated to clients that authenticate

What is a guideline for managing local certificates on an ArubaOS-Switch?

A. Before installing the local certificate, create a trust anchor (TA) profile with the root CA certificate for the certificate that you will install

B. Install an Online Certificate Status Protocol (OCSP) certificate to simplify the process of enrolling and re-enrolling for certificate

C. Generate the certificate signing request (CSR) with a program offline, then, install both the certificate and the private key on the switch in a single file.

D. Create a self-signed certificate online on the switch because ArubaOS-Switches do not support CA-signed certificates.

Refer to the exhibit.

You have set up a RADIUS server on an ArubaOS Mobility Controller (MC) when you created a WLAN named "MyEmployees .You now want to enable the MC to accept change of authorization (CoA) messages from this server for wireless sessions on this WLAN.

What Is a part of the setup on the MC?

A. Create a dynamic authorization, or RFC 3576, server with the 10.5.5.5 address and correct shared secret.

B. Install the root CA associated with the 10 5.5.5 server's certificate as a Trusted CA certificate.

C. Configure a ClearPass username and password in the MyEmployees AAA profile.

D. Enable the dynamic authorization setting in the "clearpass" authentication server settings.

What is a use case for tunneling traffic between an Aruba switch and an AruDa Mobility Controller (MC)?

A. applying firewall policies and deep packet inspection to wired clients

B. enhancing the security of communications from the access layer to the core with data encryption

C. securing the network infrastructure control plane by creating a virtual out-of-band- management network

D. simplifying network infrastructure management by using the MC to push configurations to the switches

What is one way that Control Plane Security (CPsec) enhances security for me network?

A. It protects wireless clients' traffic tunneled between APs and Mobility Controllers, from eavesdropping

B. It prevents Denial of Service (DoS) attacks against Mobility Controllers' (MCs") control plane.

C. It prevents access from unauthorized IP addresses to critical services, such as SSH on Mobility Controllers (MCs).

D. It protects management traffic between APs and Mobility Controllers (MCs) from eavesdropping.