A is correct
HP hpe6-a78 practice test
Aruba Certified Network Security Associate Exam
Question 1
You are configuring ArubaOS-CX switches to tunnel client traffic to an Aruba Mobility Controller
(MC). What should you do to enhance security for control channel communications between the
switches and the MC?
- A. Create one UBT zone for control traffic and a second UBT zone for clients.
- B. Configure a long, random PAPI security key that matches on the switches and the MC.
- C. install certificates on the switches, and make sure that CPsec is enabled on the MC
- D. Make sure that the UBT client vlan is assigned to the interface on which the switches reach the MC and only that interface.
Answer:
C
Discussions
0
/ 1000
Question 2
You have been asked to rind logs related to port authentication on an ArubaOS-CX switch for events
logged in the past several hours But. you are having trouble searching through the logs What is one
approach that you can take to find the relevant logs?
- A. Add the "-C and *-c port-access" options to the "show logging" command.
- B. Configure a logging Tiller for the "port-access" category, and apply that filter globally.
- C. Enable debugging for "portaccess" to move the relevant logs to a buffer.
- D. Specify a logging facility that selects for "port-access" messages.
Answer:
A
Discussions
0
/ 1000
1 year ago
Question 3
What is a reason to set up a packet capture on an Aruba Mobility Controller (MC)?
- A. The company wants to use ClearPass Policy Manager (CPPM) to profile devices and needs to receive HTTP User-Agent strings from the MC.
- B. The security team believes that a wireless endpoint connected to the MC is launching an attack and wants to examine the traffic more closely.
- C. You want the MC to analyze wireless clients' traffic at a lower level, so that the ArubaOS firewall can control the traffic I based on application.
- D. You want the MC to analyze wireless clients' traffic at a lower level, so that the ArubaOS firewall can control Web traffic based on the destination URL.
Answer:
C
Discussions
0
/ 1000
Question 4
What is an example or phishing?
- A. An attacker sends TCP messages to many different ports to discover which ports are open.
- B. An attacker checks a user’s password by using trying millions of potential passwords.
- C. An attacker lures clients to connect to a software-based AP that is using a legitimate SSID.
- D. An attacker sends emails posing as a service team member to get users to disclose their passwords.
Answer:
D
Discussions
0
/ 1000
Question 5
Refer to the exhibit.
You are deploying a new ArubaOS Mobility Controller (MC), which is enforcing authentication to
Aruba ClearPass Policy Manager (CPPM). The authentication is not working correctly, and you find
the error shown In the exhibit in the CPPM Event Viewer.
What should you check?
- A. that the MC has been added as a domain machine on the Active Directory domain with which CPPM is synchronized
- B. that the snared secret configured for the CPPM authentication server matches the one defined for the device on CPPM
- C. that the IP address that the MC is using to reach CPPM matches the one defined for the device on CPPM
- D. that the MC has valid admin credentials configured on it for logging into the CPPM
Answer:
C
Discussions
0
/ 1000
2 months ago
Correct must be B) - C cant be correct, because: if the IP isnt correct, we cant see anything in CPPM, because it cant reach it..
Question 6
What is one way that Control Plane Security (CPsec) enhances security for me network?
- A. It protects wireless clients' traffic tunneled between APs and Mobility Controllers, from eavesdropping
- B. It prevents Denial of Service (DoS) attacks against Mobility Controllers' (MCs") control plane.
- C. It prevents access from unauthorized IP addresses to critical services, such as SSH on Mobility Controllers (MCs).
- D. It protects management traffic between APs and Mobility Controllers (MCs) from eavesdropping.
Answer:
A
Discussions
0
/ 1000
1 year, 2 months ago
CPsec protects control traffic between APs and MCs with secure IPsec tunnels. As
2 months ago
Im not quite sure, but i think its D) It protects management traffic between APs and Mobility Controllers (MCs) from eavesdropping.
2 weeks, 1 day ago
CPsec (Control Plane Security) is an Aruba-specific feature that provides encryption and authentication for control traffic (not data traffic) between:
Aruba Access Points (APs)
Mobility Controllers (MCs)
Question 7
You are managing an Aruba Mobility Controller (MC). What is a reason for adding a "Log Settings"
definition in the ArubaOS Diagnostics > System > Log Settings page?
- A. Configuring the Syslog server settings for the server to which the MC forwards logs for a particular category and level
- B. Configuring the MC to generate logs for a particular event category and level, but only for a specific user or AP.
- C. Configuring a filter that you can apply to a defined Syslog server in order to filter events by subcategory
- D. Configuring the log facility and log format that the MC will use for forwarding logs to all Syslog servers
Answer:
A
Discussions
0
/ 1000
1 year ago
Answer is B.
"Sometimes you might need to log or debug events on a particular user or AP. You can set up
this targeted logging in the Diagnostics > Logs > Log Settings page. Click the + icon."
2 months ago
B. Configuring the MC to generate logs for a particular event category and level, but only for a specific user or AP.
2 months ago
Sorry, i was wrong. Configuring the MC to generate logs for a particular event category and level, but only for a specific user or AP. is NOT right!
Question 8
A company with 382 employees wants to deploy an open WLAN for guests. The company wants the
experience to be as follows:
The company also wants to provide encryption for the network for devices mat are capable, you
implement Tor the WLAN?
Which security options should
- A. WPA3-Personal and MAC-Auth
- B. Captive portal and WPA3-Personai
- C. Captive portal and Opportunistic Wireless Encryption (OWE) in transition mode
- D. Opportunistic Wireless Encryption (OWE) and WPA3-Personal
Answer:
C
Discussions
0
/ 1000
Question 9
Which is a correct description of a stage in the Lockheed Martin kill chain?
- A. In the delivery stage, malware collects valuable data and delivers or exfilltrated it to the hacker.
- B. In the reconnaissance stage, the hacker assesses the impact of the attack and how much information was exfilltrated.
- C. In the weaponization stage, which occurs after malware has been delivered to a system, the malware executes Its function.
- D. In the exploitation and installation phases, malware creates a backdoor into the infected system for the hacker.
Answer:
B
Discussions
0
/ 1000
1 year, 2 months ago
In the installation phase:
The malware creates a backdoor into the system through which the hacker can access the system.
2 months ago
D. In the exploitation and installation phases, malware creates a backdoor into the infected system for the hacker.
2 weeks, 1 day ago
Let’s break it down by stage of the Lockheed Martin Cyber Kill Chain:
Exploitation (Stage 4):
The delivered malware is triggered, usually by exploiting a system vulnerability.
Installation (Stage 5):
The malware installs a backdoor or other persistent mechanism to maintain access for the attacker.
Question 10
What is a Key feature of me ArubaOS firewall?
- A. The firewall is stateful which means that n can track client sessions and automatically allow return traffic for permitted sessions
- B. The firewall Includes application layer gateways (ALGs). which it uses to filter Web traffic based on the reputation of the destination web site.
- C. The firewall examines all traffic at Layer 2 through Layer 4 and uses source IP addresses as the primary way to determine how to control traffic.
- D. The firewall is designed to fitter traffic primarily based on wireless 802.11 headers, making it ideal for mobility environments
Answer:
B
Discussions
0
/ 1000
1 year, 2 months ago
The ArubaOS firewall is stateful and role-based. By treating each client differently based on its role, the ArubaOS firewall can micro-segment traffic within the same VLAN.
1 year ago
A. correct
B. includes ALGs, but they have nothing to do with web site reputation
C. primary source for control are roles
D. can filter ethernet just as good
2 weeks, 1 day ago
The firewall is stateful, meaning it tracks active sessions and automatically allows return traffic for connections that were initiated and permitted — such as allowing return packets for an outgoing web request.
And:
It enforces policies based on user roles, not just IP addresses or VLANs.
Question 11
What is symmetric encryption?
- A. It simultaneously creates ciphertext and a same-size MAC.
- B. It any form of encryption mat ensures that thee ciphertext Is the same length as the plaintext.
- C. It uses the same key to encrypt plaintext as to decrypt ciphertext.
- D. It uses a Key that is double the size of the message which it encrypts.
Answer:
C
Discussions
0
/ 1000
Question 12
What is one way that WPA3-PerSonal enhances security when compared to WPA2-Personal?
- A. WPA3-Perscn3i is more secure against password leaking Because all users nave their own username and password
- B. WPA3-Personai prevents eavesdropping on other users' wireless traffic by a user who knows the passphrase for the WLAN.
- C. WPA3-Personai is more resistant to passphrase cracking Because it requires passphrases to be at least 12 characters
- D. WPA3-Personal is more complicated to deploy because it requires a backend authentication server
Answer:
A
Discussions
0
/ 1000
1 year ago
Answer is B, simultaneous authentication of equals
Question 13
Refer to the exhibit, which shows the current network topology.
You are deploying a new wireless solution with an Aruba Mobility Master (MM). Aruba Mobility
Controllers (MCs). and campus APs (CAPs). The solution will Include a WLAN that uses Tunnel for the
forwarding mode and Implements WPA3-Enterprise security
What is a guideline for setting up the vlan for wireless devices connected to the WLAN?
- A. Assign the WLAN to a single new VLAN which is dedicated to wireless users
- B. Use wireless user roles to assign the devices to different VLANs in the 100-150 range
- C. Assign the WLAN to a named VLAN which specified 100-150 as the range of IDs.
- D. Use wireless user roles to assign the devices to a range of new vlan IDs.
Answer:
B
Discussions
0
/ 1000
1 year ago
Answer is A, one VLAN for tunneled traffic to MC which enforces policies based on roles.
2 months ago
I'm not quite sure, but i think it refers to the config for the MC and not for the switches.
So the correct answer is then: D) Use wireless user roles to assign the devices to a range of new vlan IDs. ?
Question 14
What is one difference between EAP-Tunneled Layer security (EAP-TLS) and Protected EAP (PEAP)?
- A. EAP-TLS creates a TLS tunnel for transmitting user credentials, while PEAP authenticates the server and supplicant during a TLS handshake.
- B. EAP-TLS requires the supplicant to authenticate with a certificate, hut PEAP allows the supplicant to use a username and password.
- C. EAP-TLS begins with the establishment of a TLS tunnel, but PEAP does not use a TLS tunnel as part of Its process
- D. EAP-TLS creates a TLS tunnel for transmitting user credentials securely while PEAP protects user credentials with TKIP encryption.
Answer:
B
Discussions
0
/ 1000
Question 15
You are deploying an Aruba Mobility Controller (MC). What is a best practice for setting up secure
management access to the ArubaOS Web UP
- A. Avoid using external manager authentication tor the Web UI.
- B. Change the default 4343 port tor the web UI to TCP 443.
- C. Install a CA-signed certificate to use for the Web UI server certificate.
- D. Make sure to enable HTTPS for the Web UI and select the self-signed certificate Installed in the factory.
Answer:
C
Discussions
0
/ 1000
A - only one zone for user and control traffic
B - correct
C - CPsec only on APs, not CX-switches
D. client vlan irrelevant
for ma is A
is possible to create two ubt zone where one is for control channel and asigned interface is mgmt vlan and other for client trafic
A is wrong. UBT zones do not exist as a separate control mechanism – this is not a recognized term or method for ensuring security.