HPE6-A48 Online Practice Questions and Answers

Refer to the exhibits.

Exhibit 1

Exhibit 2 A network administrator adds a new Mobility Controller (MC) to the production Mobility Master (MM) and deploys APs that start broadcasting the employees SSID in the West wing of the building. Suddenly, the employed report client disconnects. When accessing the MM the network administrator notices that the MC is unreachable, then proceeds to access the MC's console and obtains the outputs shown in the exhibits.

What should the network administrator do next to solve the current problem?

A. Decommission the MC from the MM, and add it again.

B. Open a TAC case, and send the output of tar crash.

C. Verify the license pools in the MM.

D. Kill two zombie processes, then reboot the MC.

Refer to the exhibit.

A 7008 Branch Office Controller (BOC) is deployed in a remote office behind a core router. This core router does not support 802.1q encapsulation. The Mobility Controller (MC) is the gateway for two tunneling mode SSIDs, as shown in the exhibit.

Which two different configuration options ensure that wireless users are able to reach the branch network through the router? (Select two.)

A. Configure all ports of the BOC as access ports on the controller VLAN, and change the gateway of clients to the core router IP.

B. Configure the uplink of the BOC as an access port on the controller VLAN, and enable NAT for the SSID VLANs.

C. Configure the uplink of the BOC as a trunk port, tagging the controller and the SSID VLANs, and enable NAT for the SSID VLANs.

D. Configure the uplink of the BOC as an access port on the controller VLAN, and add static router in the router for the SSID VLAN subnets.

E. Configure the uplink of the BOC as a trunk port that permits the controller and the SSID VLANs. The controller VLAN must be native.

A customer with a multi-controller network upgrades the ArubaOS from 6.4 to 8. The customer's clients must be able to move between different locations of the campus without disconnecting their applications, when roaming or if there are Mobility Controller (MC) failures. The customer also wants to have full control of the users, and be able to change their session properties from a RADIUS server.

Which steps must the network consultant include in the implementation plan to meet these requirements?

A. 1. Create a controller cluster profile that contains the management and VRRP IP addresses of each member.

2.

Apply the profile to all MCs in the cluster.

3.

Confirm that the cluster is L2 connected.

B. 1. Configure a VRRP instance for all MCs

2.

Create a controller cluster profile that contains the management IP and VIP addresses of each MC.

3.

Apply the profile to all MCs in the cluster.

4.

Confirm that the cluster is L2 connected.

C. 1. Configure a VRRP instance for each MC.

2.

Create a controller cluster profile that contains the management IP of each member.

3.

Apply the profile to all MCs in the cluster.

4.

Confirm that the cluster is L3 connected.

D. 1. Create a controller cluster profile that contains the management and VRRP IP addresses of each member.

2.

Apply the profile to the cluster leader.

3.

Confirm that the cluster is L2 connected.

Refer to the exhibit.

A network administrator wants to allow contractors to access the WLAN named EmployeesNet. In order to restrict network access, the network administrator wants to assign this category of users to the contractor firewall role.

To do this, the network administrator configures ClearPass in a way that it returns the Aruba-User-Role VSA with the contractor value. When testing the solution the network administrator receives the wrong role.

What should the network administrator do to assign the contractor role to contractor users without affecting any other role assignment?

A. Set contractor as the default role in the AAA profile.

B. Create the contractor firewall role in the MC.

C. Create server derivation rules in the server group.

D. Check the Download role from the CPPM option in the AAA profile.

Refer to the exhibit.

A network administrator deploys a Mobility Master (MM)-Mobility Controller (MC) solution in the headquarters. The network administrator prepares the wired side of the network with the proper VLAN, DHCP settings, and routing services to ensure that APs can reach the MCs.

The network administrator connects two APs in different IP segments and waits for 20 minutes, but SSIDs are advertised in one of the APs only. The engineer logs into the MC console and sees the output shown in the exhibit.

What is the reason that the AP20 is not broadcasting SSIDs?

A. IPSec traffic is being blocked.

B. IKE traffic is being dropped.

C. PAPI traffic is being blocked.

D. GRE traffic is being blocked.

Refer to the exhibit.

A network administrator deploys a new Mobility Master (MM)-Mobility Controller (MC) network. To test the solution, the network administrator accessess some of the AP consoles and statistically provisions them. However, these APs do not propagate the configured SSIDs. The network administrator looks at the logs and sees the output shown in the exhibit.

Which actions must the network administrator take to solve the problem?

A. Reprovision one of the APs with a different name, and add new entries with the proper group in the whitelist.

B. Reprovision the AP with a different group, and modify the name of one AP in the whitelist.

C. Create another AP group in the MC's configuration and reprovision one AP with a different group.

D. Reprovision one of the APs with a different name, and modify the name of one AP in the whitelist.

Refer to the exhibit.

A network administrator is in charge of a wired and wireless Aruba network where access control is needed for both connection methods. For the wired solution, the network administrator wants the users authentication to be performed at the switches, while tunneling their traffic to MC1 whenever possible for firewall policy enforcement. The network administrator configures and tests ClearPass as the RADIUS server in the switches.

Which switch configuration scripts should the network administrator use next to achieve this goal?

A. tunneled-node-server controller-ip 10.19.10.100 backup-controller-ip 10.20.10.100 mode role-based aaa authentication port-access eap-radius aaa port-access authenticator 1-22 aaa port-access authenticator active

B. tunneled-node-server controller-ip 10.20.10.100 backup-controller-ip 10.19.10.100 mode port-based aaa authentication port-access eap-radius aaa port-access authenticator 1-22 aaa port-access authenticator active

C. tunneled-node-server controller-ip 10.20.10.100 backup-controller-ip 10.19.10.100 aaa authentication port-access eap-radius aaa port-access authenticator 1-22 aaa port-access authenticator active

D. tunneled-node-server controller-ip 10.19.10.100 backup-controller-ip 10.20.10.100 aaa authentication port-access eap-radius aaa port-access authenticator 1-22 aaa port-access authenticator active

Refer to the exhibit.

A network administrator receives a call from a contractor that was recently given wireless access to the network. The user reports that the response time is slow and suggests there might be a problem with the WLAN. The network administrator checks RF performance in AirWave to find the user and sees the output shown in the exhibit.

What can the network administrator conclude after analyzing the data?

A. Client health and CNR are high, therefore, it is unlikely the client is experiencing an RF-related issue.

B. Goodput is low in relation to connection speed, which suggests a channel with high utilization, another channel should be used.

C. Client health and SNR are high but usage is low; therefore, there might be packet drops.

D. Client health is low, which suggests that there are packet drops and collisions in the RF environment.

A network administrator deplos a guest solution over WiFi and creates a corp_guest role for this purpose. The network administrator must configure the solution with a custom policy that permits visitors to get an IP address, perform DNS resolutions, and get internet access while blocking any attempt to reach internal resources at the 10.0.0.0/8 network. The solution should prevent visitors from acting as rogue DHCP servers, then blacklist and log the attempt if this ever happens.

Which setup meets these requirements?

A. netdestination corporate_network network 10.0.0.0 255.0.0.0 ip access-list session corp_guests user any udp 68 deny log blacklist any any svc-dhcp permit user alias coroporate_network deny user any any permit user-role Corp_guest access-list session corp_guests

B. netdestination corporate_network network 10.0.0.0 255.0.0.0 ip access-list session corp_guests any any udp 68 deny log blacklist any any svc-dhcp permit user alias coroporate_network deny user any any permit user-role Corp_guest access-list session corp_guests

C. netdestination corporate_network network 10.0.0.0 255.0.0.0 ip access-list session corp_guests user any udp 67 deny log blacklist any any svc-dhcp permit user alias coroporate_network deny user any any permit user-role Corp_guest access-list session corp_guests

D. netdestination corporate_network network 10.0.0.0 255.0.0.0 ip access-list session corp_guests any any udp 67 deny log blacklist any any svc-dhcp permit user alias coroporate_network deny user any any permit user-role Corp_guest access-list session corp_guests

Refer to the exhibit.

A network administrator deploys a new WLAN named Corp-Network. The security suite is WPA2 with 802.1X. A new ClearPass server is used as the authentication server. Connection attempts to this WLAN are rejected, and no trace of the attempt is seen in the ClearPass Policy Manager Access Tracker. However, the network administrator is able to see the logs shown in the exhibit.

What must the network administrator do to solve the problem?

A. Add the correct network device IP address in ClearPass.

B. Change the ClearPass server IP address in the MC.

C. Fix the RADIUS shared secret in the MC.

D. Disable machine authentication in the MC and client PC.