HP HPE6-A78 Online Practice Questions and Exam Preparation

HP HPE6-A78 Online Questions & Answers

• Question 71:

  Refer to the exhibit, which shows the settings on the company's MCs. -- Mobility Controller Dashboard General Admin AirWave CPSec Certificates Configuration WLANsv Control Plane Security Roles and PoliciesEnable CP Sec Access PointsEnable auto cert provisioning: You have deployed about 100 new Aruba 335-APs. What is required for the APs to become managed?

  A. installing CA-signed certificates on the APs
  B. installing self-signed certificates on the APs
  C. approving the APs as authorized APs on the AP whitelist
  D. configuring a PAPI key that matches on the APs and MCs
  C. approving the APs as authorized APs on the AP whitelist

• Question 72:

  Which is a use case for enabling Control Plane Policing on Aruba switches?

  A. to prevent unauthorized network devices from sending routing updates
  B. to prevent the switch from accepting routing updates from unauthorized users
  C. to encrypt traffic between tunneled node switches and Mobility Controllers (MCs)
  D. to mitigate Denial of Service (Dos) attacks on the switch
  D. to mitigate Denial of Service (Dos) attacks on the switch

• Question 73:

  Refer to the exhibit.

  

  You need to ensure that only management stations in subnet 192.168.1.0/24 can access the ArubaOS-Switches' CLI. Web Ul. and REST interfaces The company also wants to let managers use these stations to access other parts of the network What should you do?

  A. Establish a Control Plane Policing class that selects traffic from 192.168 1.0/24.
  B. Specify 192.168.1.0.255.255.255.0 as authorized IP manager address
  C. Configure the switch to listen for these protocols on OOBM only.
  D. Specify vlan 100 as the management vlan for the switches.
  B. Specify 192.168.1.0.255.255.255.0 as authorized IP manager address

• Question 74:

  What is one difference between EAP-Tunneled Layer security (EAP-TLS) and Protected EAP (PEAP)?

  A. EAP-TLS creates a TLS tunnel for transmitting user credentials, while PEAP authenticates the server and supplicant during a TLS handshake.
  B. EAP-TLS requires the supplicant to authenticate with a certificate, hut PEAP allows the supplicant to use a username and password.
  C. EAP-TLS begins with the establishment of a TLS tunnel, but PEAP does not use a TLS tunnel as part of Its process
  D. EAP-TLS creates a TLS tunnel for transmitting user credentials securely while PEAP protects user credentials with TKIP encryption.
  B. EAP-TLS requires the supplicant to authenticate with a certificate, hut PEAP allows the supplicant to use a username and password.

• Question 75:

  What does the NIST model for digital forensics define?

  A. how to define access control policies that will properly protect a company's most sensitive data and digital resources
  B. how to properly collect, examine, and analyze logs and other data, in order to use it as evidence in a security investigation
  C. which types of architecture and security policies are best equipped to help companies establish a Zero Trust Network (ZTN)
  D. which data encryption and authentication algorithms are suitable for enterprise networks in a world that is moving toward quantum computing
  B. how to properly collect, examine, and analyze logs and other data, in order to use it as evidence in a security investigation

• Question 76:

  You are deploying a new wireless solution with an HPE Aruba Networking Mobility Master (MM), Mobility Controllers (MCs), and campus APs (CAPs). The solution will include a WLAN that uses Tunnel for the forwarding mode and WPA3Enterprise for the security option.

  You have decided to assign the WLAN to VLAN 301, a new VLAN. A pair of core routing switches will act as the default router for wireless user traffic.

  Which links need to carry VLAN 301?

  A. Only links on the path between APs and the core routing switches
  B. Only links on the path between APs and the MC
  C. All links in the campus LAN to ensure seamless roaming
  D. Only links between MC ports and the core routing switches
  D. Only links between MC ports and the core routing switches

• Question 77:

  What is a use case for Transport Layer Security (TLS)?

  A. to establish a framework for devices to determine when to trust other devices' certificates
  B. to enable a client and a server to establish secure communications for another protocol
  C. to enable two parties to asymmetrically encrypt and authenticate all data that passes be- tween them
  D. to provide a secure alternative to certificate authentication that is easier to implement
  B. to enable a client and a server to establish secure communications for another protocol

• Question 78:

  Your Aruba Mobility Master-based solution has detected a rogue AP Among other information the ArubaOS Detected Radios page lists this Information for the AP SSID = PubllcWiFI BSSID = a8M27 12 34:56 Match method = Exact match Match type = Eth-GW-wired-Mac-Table The security team asks you to explain why this AP is classified as a rogue. What should you explain?

  A. The AP Is connected to your LAN because It is transmitting wireless traffic with your network's default gateway's MAC address as a source MAC Because it does not belong to the company, it is a rogue
  B. The ap has a BSSID mat matches authorized client MAC addresses. This indicates that the AP is spoofing the MAC address to gam unauthorized access to your company's wireless services, so It is a rogue
  C. The AP has been detected as launching a DoS attack against your company's default gateway. This qualities it as a rogue which needs to be contained with wireless association frames immediately
  D. The AP is spoofing a routers MAC address as its BSSID. This indicates mat, even though WIP cannot determine whether the AP is connected to your LAN. it is a rogue.
  A. The AP Is connected to your LAN because It is transmitting wireless traffic with your network's default gateway's MAC address as a source MAC Because it does not belong to the company, it is a rogue

• Question 79:

  A company with 465 employees wants to deploy an open WLAN for guests. The company wants the experience to be as follows:

  Guests select the WLAN and connect without having to enter a password. Guests are redirected to a welcome web page and log in.The company also wants to provide encryption for the network for devices that are capable. Which security options should you implement for the WLAN?

  A. Opportunistic Wireless Encryption (OWE) and WPA3-Personal
  B. Captive portal and WPA3-Personal
  C. WPA3-Personal and MAC-Auth
  D. Captive portal and Opportunistic Wireless Encryption (OWE) in transition mode
  D. Captive portal and Opportunistic Wireless Encryption (OWE) in transition mode

• Question 80:

  What distinguishes a Distributed Denial of Service (DDoS) attack from a traditional Denial of Service (DoS) attack?

  A. A DDoS attack originates from external devices, while a DoS attack originates from internal devices.
  B. A DoS attack targets one server; a DDoS attack targets all the clients that use a server.
  C. A DDoS attack targets multiple devices, while a DoS is designed to incapacitate only one device.
  D. A DDoS attack is launched from multiple devices, while a DoS attack is launched from a single device.
  D. A DDoS attack is launched from multiple devices, while a DoS attack is launched from a single device.