1. Home
  2. HP
  3. HPE6-A78

Aruba Certified Network Security Associate

Exam Details

  • Exam Code
    :HPE6-A78
  • Exam Name
    :Aruba Certified Network Security Associate
  • Certification
    :Aruba-ACNSA
  • Vendor
    :HP
  • Total Questions
    :60 Q&As
  • Last Updated
    :

HP Aruba-ACNSA HPE6-A78 Questions & Answers

  • Question 1:

    What is one way that Control Plane Security (CPsec) enhances security for me network?

    A. It protects wireless clients' traffic tunneled between APs and Mobility Controllers, from eavesdropping

    B. It prevents Denial of Service (DoS) attacks against Mobility Controllers' (MCs") control plane.

    C. It prevents access from unauthorized IP addresses to critical services, such as SSH on Mobility Controllers (MCs).

    D. It protects management traffic between APs and Mobility Controllers (MCs) from eavesdropping.

  • Question 2:

    What is a benefit of Opportunistic Wireless Encryption (OWE)?

    A. It allows both WPA2-capabie and WPA3-capable clients to authenticate to the same WPA-Personal WLAN

    B. It offers more control over who can connect to the wireless network when compared with WPA2Personal

    C. It allows anyone lo connect, but provides better protection against eavesdropping than a traditional open network

    D. It provides protection for wireless clients against both honeypot APs and man-in-the- middle (MUM) attacks

  • Question 3:

    What is a benefit or Protected Management Frames (PMF). sometimes called Management Frame Protection (MFP)?

    A. PMF helps to protect APs and MCs from unauthorized management access by hackers.

    B. PMF ensures trial traffic between APs and Mobility Controllers (MCs) is encrypted.

    C. PMF prevents hackers from capturing the traffic between APs and Mobility Controllers.

    D. PMF protects clients from DoS attacks based on forged de-authentication frames

  • Question 4:

    What is one way a noneypot can be used to launch a man-in-the-middle (MITM) attack to wireless clients?

    A. it uses a combination or software and hardware to jam the RF band and prevent the client from connecting to any wireless networks

    B. it runs an NMap scan on the wireless client to And the clients MAC and IP address. The hacker then connects to another network and spoofs those addresses.

    C. it examines wireless clients' probes and broadcasts the SSlDs in the probes, so that wireless clients will connect to it automatically.

    D. it uses ARP poisoning to disconnect wireless clients from the legitimate wireless network and force clients to connect to the hacker's wireless network instead.

  • Question 5:

    Refer to the exhibit.

    This company has ArubaOS-Switches. The exhibit shows one access layer switch, Swllcn-2. as an example, but the campus actually has more switches. The company wants to slop any internal users from exploiting ARP.

    What Is the proper way to configure the switches to meet these requirements?

    A. On Switch-1, enable ARP protection globally, and enable ARP protection on ail VLANs.

    B. On Switch-2, make ports connected to employee devices trusted ports for ARP protection

    C. On Swltch-2, enable DHCP snooping globally and on VLAN 201 before enabling ARP protection

    D. On Swltch-2, configure static PP-to-MAC bindings for all end-user devices on the network

  • Question 6:

    Refer to the exhibit, which shows the current network topology.

    You are deploying a new wireless solution with an Aruba Mobility Master (MM). Aruba Mobility Controllers (MCs). and campus APs (CAPs). The solution will Include a WLAN that uses Tunnel for the forwarding mode and Implements WPA3-Enterprise security.

    What is a guideline for setting up the vlan for wireless devices connected to the WLAN?

    A. Assign the WLAN to a single new VLAN which is dedicated to wireless users

    B. Use wireless user roles to assign the devices to different VLANs in the 100-150 range

    C. Assign the WLAN to a named VLAN which specified 100-150 as the range of IDs.

    D. Use wireless user roles to assign the devices to a range of new vlan IDs.

  • Question 7:

    What is a use case for tunneling traffic between an Aruba switch and an AruDa Mobility Controller (MC)?

    A. applying firewall policies and deep packet inspection to wired clients

    B. enhancing the security of communications from the access layer to the core with data encryption

    C. securing the network infrastructure control plane by creating a virtual out-of-band- management network

    D. simplifying network infrastructure management by using the MC to push configurations to the switches

  • Question 8:

    You configure an ArubaOS-Switch to enforce 802.1X authentication with ClearPass Policy Manager (CPPM) denned as the RADIUS server Clients cannot authenticate You check Aruba ClearPass Access Tracker and cannot find a record of the authentication attempt.

    What are two possible problems that have this symptom? (Select two)

    A. users are logging in with the wrong usernames and passwords or invalid certificates.

    B. Clients are configured to use a mismatched EAP method from the one In the CPPM service.

    C. The RADIUS shared secret does not match between the switch and CPPM.

    D. CPPM does not have a network device defined for the switch's IP address.

    E. Clients are not configured to trust the root CA certificate for CPPM's RADIUS/EAP certificate.

  • Question 9:

    An ArubaOS-CX switch enforces 802.1X on a port. No fan-through options or port-access roles are configured on the port The 802 1X supplicant on a connected client has not yet completed authentication.

    Which type of traffic does the authenticator accept from the client?

    A. EAP only

    B. DHCP, DNS and RADIUS only

    C. RADIUS only

    D. DHCP, DNS, and EAP only

  • Question 10:

    How does the ArubaOS firewall determine which rules to apply to a specific client's traffic?

    A. The firewall applies every rule that includes the dent's IP address as the source

    B. The firewall applies the rules in policies associated with the client's wlan

    C. The firewall applies thee rules in policies associated with the client's user role

    D. The firewall applies every rule that includes the client's IP address as the source or destination

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only HP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your HPE6-A78 exam preparations and HP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.