Special Discount Limited Time 65% Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

HP HPE6-A78 Aruba Certified Network Security Associate Exam Exam Practice Test

Page: 1 / 6
Total 60 questions

Aruba Certified Network Security Associate Exam Questions and Answers

Question 1

Refer to the exhibit.

Device A is establishing an HTTPS session with the Arubapedia web sue using Chrome. The Arubapedia web server sends the certificate shown in the exhibit

What does the browser do as part of vacating the web server certificate?

Options:

A.

It uses the public key in the DigCen SHA2 Secure Server CA certificate to check the certificate's signature.

B.

It uses the public key in the DigCert root CA certificate to check the certificate signature

C.

It uses the private key in the DigiCert SHA2 Secure Server CA to check the certificate's signature.

D.

It uses the private key in the Arubapedia web site's certificate to check that certificate's signature

Question 2

You are configuring ArubaOS-CX switches to tunnel client traffic to an Aruba Mobility Controller (MC). What should you do to enhance security for control channel communications between the switches and the MC?

Options:

A.

Create one UBT zone for control traffic and a second UBT zone for clients.

B.

Configure a long, random PAPI security key that matches on the switches and the MC.

C.

install certificates on the switches, and make sure that CPsec is enabled on the MC

D.

Make sure that the UBT client vlan is assigned to the interface on which the switches reach the MC and only that interface.

Question 3

You are managing an Aruba Mobility Controller (MC). What is a reason for adding a "Log Settings" definition in the ArubaOS Diagnostics > System > Log Settings page?

Options:

A.

Configuring the Syslog server settings for the server to which the MC forwards logs for a particular category and level

B.

Configuring the MC to generate logs for a particular event category and level, but only for a specific user or AP.

C.

Configuring a filter that you can apply to a defined Syslog server in order to filter events by subcategory

D.

Configuring the log facility and log format that the MC will use for forwarding logs to all Syslog servers

Question 4

What is an Authorized client as defined by ArubaOS Wireless Intrusion Prevention System (WIP)?

Options:

A.

a client that has a certificate issued by a trusted Certification Authority (CA)

B.

a client that is not on the WIP blacklist

C.

a client that has successfully authenticated to an authorized AP and passed encrypted traffic

D.

a client that is on the WIP whitelist.

Question 5

Refer to the exhibit, which shows the current network topology.

You are deploying a new wireless solution with an Aruba Mobility Master (MM). Aruba Mobility Controllers (MCs). and campus APs (CAPs). The solution will Include a WLAN that uses Tunnel for the forwarding mode and Implements WPA3-Enterprise security

What is a guideline for setting up the vlan for wireless devices connected to the WLAN?

Options:

A.

Assign the WLAN to a single new VLAN which is dedicated to wireless users

B.

Use wireless user roles to assign the devices to different VLANs in the 100-150 range

C.

Assign the WLAN to a named VLAN which specified 100-150 as the range of IDs.

D.

Use wireless user roles to assign the devices to a range of new vlan IDs.

Question 6

What is one way that Control Plane Security (CPsec) enhances security for me network?

Options:

A.

It protects wireless clients' traffic tunneled between APs and Mobility Controllers, from eavesdropping

B.

It prevents Denial of Service (DoS) attacks against Mobility Controllers' (MCs") control plane.

C.

It prevents access from unauthorized IP addresses to critical services, such as SSH on Mobility Controllers (MCs).

D.

It protects management traffic between APs and Mobility Controllers (MCs) from eavesdropping.

Question 7

What role does the Aruba ClearPass Device Insight Analyzer play in the Device Insight architecture?

Options:

A.

It resides in the cloud and manages licensing and configuration for Collectors

B.

It resides on-prem and provides the span port to which traffic is mirrored for deep analytics.

C.

It resides on-prem and is responsible for running active SNMP and Nmap scans

D.

It resides In the cloud and applies machine learning and supervised crowdsourcing to metadata sent by Collectors

Question 8

A company has Aruba Mobility Controllers (MCs). Aruba campus APs. and ArubaOS-CX switches. The company plans to use ClearPass Policy Manager (CPPM) to classify endpoints by type The ClearPass admins tell you that they want to run Network scans as part of the solution

What should you do to configure the infrastructure to support the scans?

Options:

A.

Create a TA profile on the ArubaOS-Switches with the root CA certificate for ClearPass's HTTPS certificate

B.

Create device fingerprinting profiles on the ArubaOS-Switches that include SNMP. and apply the profiles to edge ports

C.

Create remote mirrors on the ArubaOS-Swrtches that collect traffic on edge ports, and mirror it to CPPM's IP address.

D.

Create SNMPv3 users on ArubaOS-CX switches, and make sure that the credentials match those configured on CPPM

Question 9

Refer to the exhibit.

A diem is connected to an ArubaOS Mobility Controller. The exhibit snows all Tour firewall rules that apply to this diem

What correctly describes how the controller treats HTTPS packets to these two IP addresses, both of which are on the other side of the firewall

10.1 10.10

203.0.13.5

Options:

A.

It drops both of the packets

B.

It permits the packet to 10.1.10.10 and drops the packet to 203 0.13.5

C.

it permits both of the packets

D.

It drops the packet to 10.1.10.10 and permits the packet to 203.0.13.5.

Page: 1 / 6
Total 60 questions