HPE6-A78 Online Practice Questions and Answers

Refer to the exhibit.

You are deploying a new ArubaOS Mobility Controller (MC), which is enforcing authentication to Aruba ClearPass Policy Manager (CPPM). The authentication is not working correctly, and you find the error shown In the exhibit in the CPPM Event Viewer.

What should you check?

A. that the MC has been added as a domain machine on the Active Directory domain with which CPPM is synchronized

B. that the snared secret configured for the CPPM authentication server matches the one defined for the device on CPPM

C. that the IP address that the MC is using to reach CPPM matches the one defined for the device on CPPM

D. that the MC has valid admin credentials configured on it for logging into the CPPM

What is a difference between radius and TACACS+?

A. RADIUS combines the authentication and authorization process while TACACS+ separates them.

B. RADIUS uses TCP for Its connection protocol, while TACACS+ uses UDP tor its connection protocol.

C. RADIUS encrypts the complete packet, white TACACS+ only offers partial encryption.

D. RADIUS uses Attribute Value Pairs (AVPs) in its messages, while TACACS+ does not use them.

You have been instructed to look in the ArubaOS Security Dashboard's client list Your goal is to find clients mat belong to the company and have connected to devices that might belong to hackers.

Which client fits this description?

A. MAC address d8:50:e6:f3;6d;a4; Client Classification Authorized; AP Classification, interfering

B. MAC address d8:50:e6 f3;6e;c5; Client Classification Interfering. AP Classification Neighbor

C. MAC address d8:50:e6:f3;6e;60; Client Classification Interfering. AP Classification Interfering

D. MAC address d8:50:e6:f3;TO;ab; Client Classification Interfering. AP Classification Rogue

Which attack is an example or social engineering?

A. An email Is used to impersonate a Dank and trick users into entering their bank login information on a fake website page.

B. A hacker eavesdrops on insecure communications, such as Remote Desktop Program (RDP). and discovers login credentials.

C. A user visits a website and downloads a file that contains a worm, which sell-replicates throughout the network.

D. An attack exploits an operating system vulnerability and locks out users until they pay the ransom.

What is symmetric encryption?

A. It simultaneously creates ciphertext and a same-size MAC.

B. It any form of encryption mat ensures that thee ciphertext Is the same length as the plaintext.

C. It uses the same key to encrypt plaintext as to decrypt ciphertext.

D. It uses a Key that is double the size of the message which it encrypts.

You are deploying an Aruba Mobility Controller (MC). What is a best practice for setting up secure management access to the ArubaOS Web UP?

A. Avoid using external manager authentication tor the Web UI.

B. Change the default 4343 port tor the web UI to TCP 443.

C. Install a CA-signed certificate to use for the Web UI server certificate.

D. Make sure to enable HTTPS for the Web UI and select the self-signed certificate Installed in the factory.

What correctly describes the Pairwise Master Key (PMK) in thee specified wireless security protocol?

A. In WPA3-Enterprise, the PMK is unique per session and derived using Simultaneous Authentication of Equals.

B. In WPA3-Personal, the PMK is unique per session and derived using Simultaneous Authentication of Equals.

C. In WPA3-Personal, the PMK is derived directly from the passphrase and is the same tor every session.

D. In WPA3-Personal, the PMK is the same for each session and is communicated to clients that authenticate

What is one difference between EAP-Tunneled Layer security (EAP-TLS) and Protected EAP (PEAP)?

A. EAP-TLS creates a TLS tunnel for transmitting user credentials, while PEAP authenticates the server and supplicant during a TLS handshake.

B. EAP-TLS requires the supplicant to authenticate with a certificate, hut PEAP allows the supplicant to use a username and password.

C. EAP-TLS begins with the establishment of a TLS tunnel, but PEAP does not use a TLS tunnel as part of Its process

D. EAP-TLS creates a TLS tunnel for transmitting user credentials securely while PEAP protects user

credentials with TKIP encryption.

Refer to the exhibit.

This Aruba Mobility Controller (MC) should authenticate managers who access the Web Ul to ClearPass Policy Manager (CPPM) ClearPass admins have asked you to use RADIUS and explained that the MC should accept managers' roles in Aruba-Admin-Role VSAs

Which setting should you change to follow Aruba best security practices?

A. Change the local user role to read-only

B. Clear the MSCHAP check box

C. Disable local authentication

D. Change the default role to "guest-provisioning"

How does the ArubaOS firewall determine which rules to apply to a specific client's traffic?

A. The firewall applies every rule that includes the dent's IP address as the source

B. The firewall applies the rules in policies associated with the client's wlan

C. The firewall applies thee rules in policies associated with the client's user role

D. The firewall applies every rule that includes the client's IP address as the source or destination

You configure an ArubaOS-Switch to enforce 802.1X authentication with ClearPass Policy Manager (CPPM) denned as the RADIUS server Clients cannot authenticate You check Aruba ClearPass Access Tracker and cannot find a record of the authentication attempt.

What are two possible problems that have this symptom? (Select two)

A. users are logging in with the wrong usernames and passwords or invalid certificates.

B. Clients are configured to use a mismatched EAP method from the one In the CPPM service.

C. The RADIUS shared secret does not match between the switch and CPPM.

D. CPPM does not have a network device defined for the switch's IP address.

E. Clients are not configured to trust the root CA certificate for CPPM's RADIUS/EAP certificate.

Refer to the exhibit, which shows the current network topology.

You are deploying a new wireless solution with an Aruba Mobility Master (MM). Aruba Mobility Controllers (MCs). and campus APs (CAPs). The solution will Include a WLAN that uses Tunnel for the forwarding mode and Implements WPA3-Enterprise security.

What is a guideline for setting up the vlan for wireless devices connected to the WLAN?

A. Assign the WLAN to a single new VLAN which is dedicated to wireless users

B. Use wireless user roles to assign the devices to different VLANs in the 100-150 range

C. Assign the WLAN to a named VLAN which specified 100-150 as the range of IDs.

D. Use wireless user roles to assign the devices to a range of new vlan IDs.

What is a benefit or Protected Management Frames (PMF). sometimes called Management Frame Protection (MFP)?

A. PMF helps to protect APs and MCs from unauthorized management access by hackers.

B. PMF ensures trial traffic between APs and Mobility Controllers (MCs) is encrypted.

C. PMF prevents hackers from capturing the traffic between APs and Mobility Controllers.

D. PMF protects clients from DoS attacks based on forged de-authentication frames

What is a benefit of Opportunistic Wireless Encryption (OWE)?

A. It allows both WPA2-capabie and WPA3-capable clients to authenticate to the same WPA-Personal WLAN

B. It offers more control over who can connect to the wireless network when compared with WPA2Personal

C. It allows anyone lo connect, but provides better protection against eavesdropping than a traditional open network

D. It provides protection for wireless clients against both honeypot APs and man-in-the- middle (MUM) attacks

What is one way that Control Plane Security (CPsec) enhances security for me network?

A. It protects wireless clients' traffic tunneled between APs and Mobility Controllers, from eavesdropping

B. It prevents Denial of Service (DoS) attacks against Mobility Controllers' (MCs") control plane.

C. It prevents access from unauthorized IP addresses to critical services, such as SSH on Mobility Controllers (MCs).

D. It protects management traffic between APs and Mobility Controllers (MCs) from eavesdropping.