HP hpe6-a78 practice test
Aruba Certified Network Security Associate Exam
Last exam update: Apr 11 ,2024
Question 1
You are configuring ArubaOS-CX switches to tunnel client traffic to an Aruba Mobility Controller
(MC). What should you do to enhance security for control channel communications between the
switches and the MC?
- A. Create one UBT zone for control traffic and a second UBT zone for clients.
- B. Configure a long, random PAPI security key that matches on the switches and the MC.
- C. install certificates on the switches, and make sure that CPsec is enabled on the MC
- D. Make sure that the UBT client vlan is assigned to the interface on which the switches reach the MC and only that interface.
Answer:
C
Question 2
You have been asked to rind logs related to port authentication on an ArubaOS-CX switch for events
logged in the past several hours But. you are having trouble searching through the logs What is one
approach that you can take to find the relevant logs?
- A. Add the "-C and *-c port-access" options to the "show logging" command.
- B. Configure a logging Tiller for the "port-access" category, and apply that filter globally.
- C. Enable debugging for "portaccess" to move the relevant logs to a buffer.
- D. Specify a logging facility that selects for "port-access" messages.
Answer:
A
Question 3
What is a reason to set up a packet capture on an Aruba Mobility Controller (MC)?
- A. The company wants to use ClearPass Policy Manager (CPPM) to profile devices and needs to receive HTTP User-Agent strings from the MC.
- B. The security team believes that a wireless endpoint connected to the MC is launching an attack and wants to examine the traffic more closely.
- C. You want the MC to analyze wireless clients' traffic at a lower level, so that the ArubaOS firewall can control the traffic I based on application.
- D. You want the MC to analyze wireless clients' traffic at a lower level, so that the ArubaOS firewall can control Web traffic based on the destination URL.
Answer:
C
Question 4
What is an example or phishing?
- A. An attacker sends TCP messages to many different ports to discover which ports are open.
- B. An attacker checks a user’s password by using trying millions of potential passwords.
- C. An attacker lures clients to connect to a software-based AP that is using a legitimate SSID.
- D. An attacker sends emails posing as a service team member to get users to disclose their passwords.
Answer:
D
Question 5
Refer to the exhibit.
You are deploying a new ArubaOS Mobility Controller (MC), which is enforcing authentication to
Aruba ClearPass Policy Manager (CPPM). The authentication is not working correctly, and you find
the error shown In the exhibit in the CPPM Event Viewer.
What should you check?
- A. that the MC has been added as a domain machine on the Active Directory domain with which CPPM is synchronized
- B. that the snared secret configured for the CPPM authentication server matches the one defined for the device on CPPM
- C. that the IP address that the MC is using to reach CPPM matches the one defined for the device on CPPM
- D. that the MC has valid admin credentials configured on it for logging into the CPPM
Answer:
C
Question 6
What is one way that Control Plane Security (CPsec) enhances security for me network?
- A. It protects wireless clients' traffic tunneled between APs and Mobility Controllers, from eavesdropping
- B. It prevents Denial of Service (DoS) attacks against Mobility Controllers' (MCs") control plane.
- C. It prevents access from unauthorized IP addresses to critical services, such as SSH on Mobility Controllers (MCs).
- D. It protects management traffic between APs and Mobility Controllers (MCs) from eavesdropping.
Answer:
A
Question 7
You are managing an Aruba Mobility Controller (MC). What is a reason for adding a "Log Settings"
definition in the ArubaOS Diagnostics > System > Log Settings page?
- A. Configuring the Syslog server settings for the server to which the MC forwards logs for a particular category and level
- B. Configuring the MC to generate logs for a particular event category and level, but only for a specific user or AP.
- C. Configuring a filter that you can apply to a defined Syslog server in order to filter events by subcategory
- D. Configuring the log facility and log format that the MC will use for forwarding logs to all Syslog servers
Answer:
A
Question 8
A company with 382 employees wants to deploy an open WLAN for guests. The company wants the
experience to be as follows:
The company also wants to provide encryption for the network for devices mat are capable, you
implement Tor the WLAN?
Which security options should
- A. WPA3-Personal and MAC-Auth
- B. Captive portal and WPA3-Personai
- C. Captive portal and Opportunistic Wireless Encryption (OWE) in transition mode
- D. Opportunistic Wireless Encryption (OWE) and WPA3-Personal
Answer:
C
Question 9
Which is a correct description of a stage in the Lockheed Martin kill chain?
- A. In the delivery stage, malware collects valuable data and delivers or exfilltrated it to the hacker.
- B. In the reconnaissance stage, the hacker assesses the impact of the attack and how much information was exfilltrated.
- C. In the weaponization stage, which occurs after malware has been delivered to a system, the malware executes Its function.
- D. In the exploitation and installation phases, malware creates a backdoor into the infected system for the hacker.
Answer:
B
Question 10
What is a Key feature of me ArubaOS firewall?
- A. The firewall is stateful which means that n can track client sessions and automatically allow return traffic for permitted sessions
- B. The firewall Includes application layer gateways (ALGs). which it uses to filter Web traffic based on the reputation of the destination web site.
- C. The firewall examines all traffic at Layer 2 through Layer 4 and uses source IP addresses as the primary way to determine how to control traffic.
- D. The firewall is designed to fitter traffic primarily based on wireless 802.11 headers, making it ideal for mobility environments
Answer:
B
Question 11
What is symmetric encryption?
- A. It simultaneously creates ciphertext and a same-size MAC.
- B. It any form of encryption mat ensures that thee ciphertext Is the same length as the plaintext.
- C. It uses the same key to encrypt plaintext as to decrypt ciphertext.
- D. It uses a Key that is double the size of the message which it encrypts.
Answer:
C
Question 12
What is one way that WPA3-PerSonal enhances security when compared to WPA2-Personal?
- A. WPA3-Perscn3i is more secure against password leaking Because all users nave their own username and password
- B. WPA3-Personai prevents eavesdropping on other users' wireless traffic by a user who knows the passphrase for the WLAN.
- C. WPA3-Personai is more resistant to passphrase cracking Because it requires passphrases to be at least 12 characters
- D. WPA3-Personal is more complicated to deploy because it requires a backend authentication server
Answer:
A
Question 13
Refer to the exhibit, which shows the current network topology.
You are deploying a new wireless solution with an Aruba Mobility Master (MM). Aruba Mobility
Controllers (MCs). and campus APs (CAPs). The solution will Include a WLAN that uses Tunnel for the
forwarding mode and Implements WPA3-Enterprise security
What is a guideline for setting up the vlan for wireless devices connected to the WLAN?
- A. Assign the WLAN to a single new VLAN which is dedicated to wireless users
- B. Use wireless user roles to assign the devices to different VLANs in the 100-150 range
- C. Assign the WLAN to a named VLAN which specified 100-150 as the range of IDs.
- D. Use wireless user roles to assign the devices to a range of new vlan IDs.
Answer:
B
Question 14
What is one difference between EAP-Tunneled Layer security (EAP-TLS) and Protected EAP (PEAP)?
- A. EAP-TLS creates a TLS tunnel for transmitting user credentials, while PEAP authenticates the server and supplicant during a TLS handshake.
- B. EAP-TLS requires the supplicant to authenticate with a certificate, hut PEAP allows the supplicant to use a username and password.
- C. EAP-TLS begins with the establishment of a TLS tunnel, but PEAP does not use a TLS tunnel as part of Its process
- D. EAP-TLS creates a TLS tunnel for transmitting user credentials securely while PEAP protects user credentials with TKIP encryption.
Answer:
B
Question 15
You are deploying an Aruba Mobility Controller (MC). What is a best practice for setting up secure
management access to the ArubaOS Web UP
- A. Avoid using external manager authentication tor the Web UI.
- B. Change the default 4343 port tor the web UI to TCP 443.
- C. Install a CA-signed certificate to use for the Web UI server certificate.
- D. Make sure to enable HTTPS for the Web UI and select the self-signed certificate Installed in the factory.
Answer:
C