HPE6-A78 Online Practice Questions and Answers

Refer to the exhibit.

A diem is connected to an ArubaOS Mobility Controller. The exhibit snows all Tour firewall rules that apply to this diem

What correctly describes how the controller treats HTTPS packets to these two IP addresses, both of which are on the other side of the firewall?

10.1 10.10

203.0.13.5

A. It drops both of the packets

B. It permits the packet to 10.1.10.10 and drops the packet to 203 0.13.5

C. it permits both of the packets

D. It drops the packet to 10.1.10.10 and permits the packet to 203.0.13.5.

You are configuring ArubaOS-CX switches to tunnel client traffic to an Aruba Mobility Controller (MC). What should you do to enhance security for control channel communications between the switches and the MC?

A. Create one UBT zone for control traffic and a second UBT zone for clients.

B. Configure a long, random PAPI security key that matches on the switches and the MC.

C. install certificates on the switches, and make sure that CPsec is enabled on the MC

D. Make sure that the UBT client vlan is assigned to the interface on which the switches reach the MC and only that interface.

What is a Key feature of me ArubaOS firewall?

A. The firewall is stateful which means that n can track client sessions and automatically allow return traffic for permitted sessions

B. The firewall Includes application layer gateways (ALGs). which it uses to filter Web traffic based on the reputation of the destination web site.

C. The firewall examines all traffic at Layer 2 through Layer 4 and uses source IP addresses as the primary way to determine how to control traffic.

D. The firewall is designed to fitter traffic primarily based on wireless 802.11 headers, making it ideal for mobility environments

Which correctly describes a way to deploy certificates to end-user devices?

A. ClearPass Onboard can help to deploy certificates to end-user devices, whether or not they are members of a Windows domain

B. ClearPass Device Insight can automatically discover end-user devices and deploy the proper certificates to them

C. ClearPass OnGuard can help to deploy certificates to end-user devices, whether or not they are members of a Windows domain

D. in a Windows domain, domain group policy objects (GPOs) can automatically install computer, but not user certificates

A company has an ArubaOS controller-based solution with a WPA3-Enterprise WLAN. which authenticates wireless clients to Aruba ClearPass Policy Manager (CPPM). The company has decided to use digital certificates for authentication A user's Windows domain computer has had certificates installed on it However, the Networks and Connections window shows that authentication has tailed for the user. The Mobility Controllers (MC's) RADIUS events show that it is receiving Access-Rejects for the authentication attempt.

What is one place that you can you look for deeper insight into why this authentication attempt is failing?

A. the reports generated by Aruba ClearPass Insight

B. the RADIUS events within the CPPM Event Viewer

C. the Alerts tab in the authentication record in CPPM Access Tracker

D. the packets captured on the MC control plane destined to UDP 1812

What is one of the roles of the network access server (NAS) in the AAA framewonx?

A. It authenticates legitimate users and uses policies to determine which resources each user is allowed to access.

B. It negotiates with each user's device to determine which EAP method is used for authentication

C. It enforces access to network services and sends accounting information to the AAA server

D. It determines which resources authenticated users are allowed to access and monitors each users

session

What is one practice that can help you to maintain a digital chain or custody In your network?

A. Enable packet capturing on Instant AP or Moodily Controller (MC) datepath on an ongoing basis

B. Enable packet capturing on Instant AP or Mobility Controller (MC) control path on an ongoing basis.

C. Ensure that all network infrastructure devices receive a valid clock using authenticated NTP

D. Ensure that all network Infrastructure devices use RADIUS rather than TACACS+ to authenticate managers

What role does the Aruba ClearPass Device Insight Analyzer play in the Device Insight architecture?

A. It resides in the cloud and manages licensing and configuration for Collectors

B. It resides on-prem and provides the span port to which traffic is mirrored for deep analytics.

C. It resides on-prem and is responsible for running active SNMP and Nmap scans

D. It resides In the cloud and applies machine learning and supervised crowdsourcing to metadata sent by Collectors

What is a use case for tunneling traffic between an Aruba switch and an AruDa Mobility Controller (MC)?

A. applying firewall policies and deep packet inspection to wired clients

B. enhancing the security of communications from the access layer to the core with data encryption

C. securing the network infrastructure control plane by creating a virtual out-of-band- management network

D. simplifying network infrastructure management by using the MC to push configurations to the switches

Refer to the exhibit.

This company has ArubaOS-Switches. The exhibit shows one access layer switch, Swllcn-2. as an example, but the campus actually has more switches. The company wants to slop any internal users from exploiting ARP.

What Is the proper way to configure the switches to meet these requirements?

A. On Switch-1, enable ARP protection globally, and enable ARP protection on ail VLANs.

B. On Switch-2, make ports connected to employee devices trusted ports for ARP protection

C. On Swltch-2, enable DHCP snooping globally and on VLAN 201 before enabling ARP protection

D. On Swltch-2, configure static PP-to-MAC bindings for all end-user devices on the network