HP HPE6-A78 Online Practice Questions and Exam Preparation

HP HPE6-A78 Online Questions & Answers

• Question 91:

  How can ARP be used to launch attacks?

  A. Hackers can use ARP to change their NIC's MAC address so they can impersonate legiti-mate users.
  B. Hackers can exploit the fact that the port used for ARP must remain open and thereby gain remote access to another user's device.
  C. A hacker can use ARP to claim ownership of a CA-signed certificate that actually belongs to another device.
  D. A hacker can send gratuitous ARP messages with the default gateway IP to cause devices to redirect traffic to the hacker's MAC address.
  D. A hacker can send gratuitous ARP messages with the default gateway IP to cause devices to redirect traffic to the hacker's MAC address.

• Question 92:

  An organization has HPE Aruba Networking infrastructure, including AOS-CX switches and an AOS-8 mobility infrastructure with Mobility Controllers (MCs) and APs. Clients receive certificates from ClearPass Onboard. The infrastructure devices authenticate clients to ClearPass Policy Manager (CPPM). The company wants to start profiling clients to take their device type into account in their access rights.

  What is a role that CPPM should play in this plan?

  A. Assigning clients to their device categories
  B. Helping to forward profiling information to the component responsible for profiling
  C. Accepting and enforcing CoA messages
  D. Enforcing access control decisions
  A. Assigning clients to their device categories

• Question 93:

  The first exhibit shows roles on the MC, listed in alphabetic order. The second and third exhibits show the configuration for a WLAN to which a client connects. Which description of the role assigned to a user under various circumstances is correct?

  

  A. A user fails 802.1X authentication. The client remains connected, but is assigned the "guest" role.
  B. A user authenticates successfully with 802.1 X. and the RADIUS Access-Accept includes an Aruba-User-Role VSA set to "employeel." The client's role is "guest."
  C. A user authenticates successfully with 802.1X. and the RADIUS Access-Accept includes an Aruba-User-Role VSA set to "employee." The client's role is "guest."
  D. A user authenticates successfully with 802.1X, and the RADIUS Access-Accept includes an Aruba-User-RoleVSA set to "employeel." The client's role is "employeel."
  D. A user authenticates successfully with 802.1X, and the RADIUS Access-Accept includes an Aruba-User-RoleVSA set to "employeel." The client's role is "employeel."

• Question 94:

  What correctly describes the Pairwise Master Key (PMK) in thee specified wireless security protocol?

  A. In WPA3-Enterprise, the PMK is unique per session and derived using Simultaneous Authentication of Equals.
  B. In WPA3-Personal, the PMK is unique per session and derived using Simultaneous Authentication of Equals.
  C. In WPA3-Personal, the PMK is derived directly from the passphrase and is the same tor every session.
  D. In WPA3-Personal, the PMK is the same for each session and is communicated to clients that authenticate
  A. In WPA3-Enterprise, the PMK is unique per session and derived using Simultaneous Authentication of Equals.

• Question 95:

  What is a correct use case for using the specified certificate file format?

  A. using a PKCS7 file to install a certificate plus and its private key on a device
  B. using a PKCS12 file to install a certificate plus its private key on a device
  C. using a PEM file to install a binary encoded certificate on a device
  D. using a PKCS7 file to install a binary encoded private key on a device
  B. using a PKCS12 file to install a certificate plus its private key on a device

• Question 96:

  A company has added a new user group. Users in the group try to connect to the WLAN and receive errors that the connection has no Internet access. The users cannot reach any resources. The first exhibit shows the record for one of the users who cannot connect. The second exhibit shows the role to which the ArubaOS device assigned the user's client.

  What is a likely problem?

  A. The ArubaOS device has a server derivation rule configured on it that has overridden the role sent by CPPM.
  B. The ArubaOS device does not have the correct RADIUS dictionaries installed on it to under-stand the Aruba-User-Role VSA.
  C. The role name that CPPM is sending does not match the role name configured on the Aru-baOS device.
  D. The clients rejected the server authentication on their side because they do not have the root CA for CPPM's RADIUS/EAP certificate.
  C. The role name that CPPM is sending does not match the role name configured on the Aru-baOS device.

• Question 97:

  You have been asked to rind logs related to port authentication on an ArubaOS-CX switch for events logged in the past several hours But. you are having trouble searching through the logs What is one approach that you can take to find the relevant logs?

  A. Add the "-C and *-c port-access" options to the "show logging" command.
  B. Configure a logging Tiller for the "port-access" category, and apply that filter globally.
  C. Enable debugging for "portaccess" to move the relevant logs to a buffer.
  D. Specify a logging facility that selects for "port-access" messages.
  B. Configure a logging Tiller for the "port-access" category, and apply that filter globally.

• Question 98:

  What is a benefit of Opportunistic Wireless Encryption (OWE)?

  A. It allows both WPA2-capable and WPA3-capable clients to authenticate to the same WPA-Personal WLAN.
  B. It offers more control over who can connect to the wireless network when compared with WPA2-Personal.
  C. It allows anyone to connect, but provides better protection against eavesdropping than a traditional open network.
  D. It provides protection for wireless clients against both honeypot APs and man-in-the- middle (MITM) attacks.
  C. It allows anyone to connect, but provides better protection against eavesdropping than a traditional open network.

• Question 99:

  You have been asked to send RADIUS debug messages from an AOS-CX switch to a central SIEM server at 10.5.15.6. The server is already defined on the switch with this command:

  logging 10.5.15.6

  You enter this command:

  debug radius all

  What is the correct debug destination?

  A. file
  B. console
  C. buffer
  D. syslog
  D. syslog

• Question 100:

  What is a guideline for managing local certificates on AOS-CX switches?

  A. Understand that the switch must use the same certificate for all usages, such as its HTTPS server and RadSec client.
  B. Create a self-signed certificate online on the switch because AOS-CX switches do not support CA-signed certificates.
  C. Before installing the local certificate, create a trust anchor (TA) profile with the root CA certificate for the certificate that you will install.
  D. Install an Online Certificate Status Protocol (OCSP) certificate to simplify the process of enrolling and re-enrolling for certificates.
  C. Before installing the local certificate, create a trust anchor (TA) profile with the root CA certificate for the certificate that you will install.