HP hpe6-a73 practice test
Aruba Certified Switching Professional
Question 1
Which statement is correct regarding ACLs and TCAM usage?
- A. Applying an ACL to a group of ports consumes the same resources as specific ACE entries
- B. Using object groups consumes the same resources as specific ACE entries
- C. Compression is automatically enabled for ASIC TCAMs on AOS-CX switches
- D. Applying an ACL to a group of VLANs consumes the same resources as specific ACE entries
Answer:
B
Question 2
What is correct regarding rate limiting and egress queue shaping on AOS-CX switches?
- A. Only a traffic rate and burst size can be defined for a queue
- B. Limits can be defined only for broadcast and multicast traffic
- C. Rate limiting and egress queue shaping can be used to restrict inbound traffic
- D. Rate limiting and egress queue shaping can be applied globally
Answer:
A
Explanation:
you could apply egress queue shaping to the high priority queues to prevent starvation of low
priority queues. Egress queue shaping allows you to apply a maximum bandwidth to a priority
queue, as well as a burst size. The port buffers excess traffic up to the burst size and sends the
buffered traffic at the max rate, smoothing out bursts while also preventing the high priority queue
from exceeding its maximum rate and starving out lower priority queues.
Question 3
A network administrator needs to replace an antiquated access layer solution with a modular
solution involving AOS-CX switches. The administrator wants to leverage virtual switching
technologies. The solution needs to support high-availability with dual-control planes.
Which solution should the administrator implement?
- A. AOS-CX 8325
- B. AOS-CX 6300
- C. AOS-CX 6400
- D. AOS-CX 8400
Answer:
C
Explanation:
Reference:
https://andovercg.com/datasheets/aruba-cx-8325-switch-series.pdf
Question 4
A company has implemented 802.1X authentication on AOS-CX access switches, where two
ClearPass
servers are used to implement AA
- A. Implement replay protection for AAA messages
- B. Define the account to implement downloadable user roles
- C. Speed up the AAA authentication process
- D. Define the account to implement change of authorization
Answer:
C
Explanation:
Radius service tracking locates the availability of the RADIUS service configured on the switch. It
helps to minimize the waiting period for new clients in the unauth-vid (Guest Vlan) when
authentication fails because of service is not available, as well as previously authenticated clients in
unauth-vid (Guest Vlan) when re-authentication fails because service is not available during the re-
authentication period. Note that this feature is disabled by default.
https://techhub.hpe.com/eginfolib/networking/docs/switches/WB/16-02/5200-1650_WB_ASG/content/ch04s04.html
Question 5
A company has an existing wireless solution involving Aruba APs and Mobility controllers running 8.4
code.
The solution leverages a third-party AAA solution. The company is replacing existing access switches
with AOS-CX 6300 and 6400 switches. The company wants to leverage the same security and firewall
policies for both wired and wireless traffic.
Which solution should the company implement?
- A. RADIUS dynamic authorization
- B. Downloadable user roles
- C. IPSec
- D. User-based tunneling
Answer:
D
Question 6
A network engineer is having a problem adding a custom-written script to an AOS-CX switch’s NAE
GUI. The script was written in Python and was successfully added on other AOS-CX switches. The
engineer examines the following items from the CLI of the switch:
What should the engineer perform to fix this issue?
- A. Install the script’s signature before installing the new script
- B. Ensure the engineer’s desktop and the AOS-CX switch are synchronized to the same NTP server
- C. Enable trust settings for the AOS-CX switch’s SSL certificate
- D. Remove a script that is no longer used before installing the new script
Answer:
D
Question 7
Which option correctly defines how to identify a VLAN as a voice VLAN on an AOS-CX switch?
- A. Switch(config)# port-access lldp-group <LLDP-group-name> Switch(config-lldp-group)# vlan <VLAN-ID>
- B. Switch(config)# port-access role <role-name> Switch(config-pa-role)# vlan access <VLAN-ID>
- C. Switch(config)# vlan <VLAN-ID> Switch(config-vlan-<VLAN-ID>)# voice
- D. Switch(config)# vlan <VLAN-ID> voice
Answer:
C
Question 8
An administrator will be replacing a campus switching infrastructure with AOS-CX switches that
support VSX capabilities. The campus involves a core, as well as multiple access layers. Which feature
should the
administrator implement to allow both VSX-capable core switches to process traffic sent to the
default gateway in the campus VLANs?
- A. VRF
- B. VRRP
- C. IP helper
- D. Active gateway
Answer:
D
Explanation:
Active gateway = both devices route/forward traffic VRRP = Active-standbye, only active member
routes/forwards traffic
Understand the Active Gateway principle In a VSX system, active gateway provides redundant default
gateway functionality for the end-hosts. The default gateway of the end-host is automatically
handled by both the VSX systems.
Question 9
What is correct regarding the tunneling of user traffic between AOS-CX switches and Aruba Mobility
Controllers (MCs)?
- A. Uses IPSec to protect the management and data traffic
- B. Uses IPSec to protect the management traffic
- C. Supports only port-based tunneling
- D. Uses the same management protocol as Aruba APs
Answer:
D
Explanation:
because both AP and Switch use PAPI . Moreover in AOS-CX switch currently not support port based
tunnel. AOS-CX switch only support User Based Tunnel (UBT)
Question 10
An administrator is implementing a multicast solution in a multi-VLAN network. Which statement is
true about the configuration of the switches in the network?
- A. IGMP snooping must be enabled on all interfaces on a switch to intelligently forward traffic
- B. IGMP requires join and leave messages to graft and prune multicast streams between switches
- C. IGMP must be enabled on all routed interfaces where multicast traffic will traverse
- D. IGMP must be enabled on all interfaces where multicast sources and receivers are connected
Answer:
C
Question 11
How is voice traffic prioritized correctly on AOS-CX switches?
- A. By defining device profiles with QOS settings
- B. By placing it in the strict priority queue
- C. By implementing voice VLANs
- D. By implementing weighted fair queueing (WFQ)
Answer:
B
Question 12
An administrator is replacing the current access switches with AOS-CX switches. The access layer
switches
must authenticate user and networking devices connecting to them. Some devices support no form
of
authentication, and some support 802.1X. Some ports have a VoIP phone and a PC connected to the
same
port, where the PC is connected to the data port of the phone and the phone’s LAN port is connected
to the switch.
Which statement is correct about this situation?
- A. 802.1X must be configured to work in fallback mode
- B. Device fingerprinting is required for authentication
- C. The client-limit setting for port access needs to be changed
- D. Device mode should be implemented
Answer:
C
Explanation:
fallback mode if for the radius part; client limit is for multiple authent on one port (ie phone + pc)
From doc :
aaa port-access authenticator <port-list> client-limit <1-32>
Used after executing aaa port-access authenticator <port-list> to convert authentication from port-
based to user-based. Specifies user-based 802.1X authentication and the maximum number of
802.1X-authenticated client sessions allowed on each of the ports in <port-list>. If a port currently
has no authenticated client sessions, the next authenticated client session the port accepts
determines the untagged VLAN membership to which the port is assigned during the session. If
another client session begins later on the same port while an earlier session is active, the later
session will be on the same untagged VLAN membership as the earlier session.
Question 13
Examine the network exhibit.
A company has a guest implementation for wireless and wired access. Wireless access is
implemented
through a third-party vendor. The company is concerned about wired guest traffic traversing the
same network as the employee traffic. The network administrator has established a GRE tunnel
between AOS-CX switches where guests are connected to a routing switch in the DMZ.
Which feature should the administrator implement to ensure that the guest traffic is tunneled to the
DMZ while the employee traffic is forwarded using OSPF?
- A. OSPF route maps using the “set metric” command
- B. Policy-based routing (PBR)
- C. User-based tunneling (UBT)
- D. Classifier policies
Answer:
B
Explanation:
Guest traffic can be routed with PBR to use GRE tunnels that terminate in the DMZ.
Question 14
An administrator has an AOS-CX switch configured with:
router ospf 1
area 0
area 1 stub no-summary
It is the only ABR for area 1. The switch has the appropriate adjacencies to routing switches in areas 0
and 1.
The current routes in each area are:
Area 0: 5 routes (LSA Type 1 and 2)
Area 1: 10 routes (LSA Type 1 and 2)
External routes: 2 (LSA Type 5)
Based on the above configuration, how many OSPF routes will routing switches see in Area 1?
- A. 15
- B. 6
- C. 11
- D. 12
Answer:
C
Question 15
A network administrator is managing a network that deploys a multicast service. The administrator
has
multiple streams successfully being routed by PIM-DM in the network. The administrator then adds a
new stream with a destination address of 239.0.0.1. However, clients who have not joined the
stream are receiving it.
What should the administrator do to fix this problem?
- A. Verify that IGMP is enabled between the switches connecting the multicast source and receivers
- B. Change the destination multicast address to 239.1.1.1
- C. Define the 239.0.0.1 stream on the rendezvous point (RP)
- D. Define the 239.0.0.1 stream on the PIM candidate bootstrap router
Answer:
B
Explanation:
MAC/IP overlap. 239.0.0.1 would be the same MAC for 224.0.0.1. 224.0.0.0/24 is always flooded
over every port.