HP hpe6-a78 practice test

Aruba Certified Network Security Associate Exam

Last exam update: Dec 15 ,2024
Page 1 out of 4. Viewing questions 1-15 out of 60

Question 1

You are configuring ArubaOS-CX switches to tunnel client traffic to an Aruba Mobility Controller
(MC). What should you do to enhance security for control channel communications between the
switches and the MC?

  • A. Create one UBT zone for control traffic and a second UBT zone for clients.
  • B. Configure a long, random PAPI security key that matches on the switches and the MC.
  • C. install certificates on the switches, and make sure that CPsec is enabled on the MC
  • D. Make sure that the UBT client vlan is assigned to the interface on which the switches reach the MC and only that interface.
Mark Question:
Answer:

C


User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
Pyrokar
4 months, 1 week ago

A - only one zone for user and control traffic
B - correct
C - CPsec only on APs, not CX-switches
D. client vlan irrelevant


Question 2

You have been asked to rind logs related to port authentication on an ArubaOS-CX switch for events
logged in the past several hours But. you are having trouble searching through the logs What is one
approach that you can take to find the relevant logs?

  • A. Add the "-C and *-c port-access" options to the "show logging" command.
  • B. Configure a logging Tiller for the "port-access" category, and apply that filter globally.
  • C. Enable debugging for "portaccess" to move the relevant logs to a buffer.
  • D. Specify a logging facility that selects for "port-access" messages.
Mark Question:
Answer:

A


User Votes:
A 2 votes
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
Pyrokar
4 months, 1 week ago

A is correct


Question 3

What is a reason to set up a packet capture on an Aruba Mobility Controller (MC)?

  • A. The company wants to use ClearPass Policy Manager (CPPM) to profile devices and needs to receive HTTP User-Agent strings from the MC.
  • B. The security team believes that a wireless endpoint connected to the MC is launching an attack and wants to examine the traffic more closely.
  • C. You want the MC to analyze wireless clients' traffic at a lower level, so that the ArubaOS firewall can control the traffic I based on application.
  • D. You want the MC to analyze wireless clients' traffic at a lower level, so that the ArubaOS firewall can control Web traffic based on the destination URL.
Mark Question:
Answer:

C


User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

What is an example or phishing?

  • A. An attacker sends TCP messages to many different ports to discover which ports are open.
  • B. An attacker checks a user’s password by using trying millions of potential passwords.
  • C. An attacker lures clients to connect to a software-based AP that is using a legitimate SSID.
  • D. An attacker sends emails posing as a service team member to get users to disclose their passwords.
Mark Question:
Answer:

D


User Votes:
A
50%
B
50%
C
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

Refer to the exhibit.

You are deploying a new ArubaOS Mobility Controller (MC), which is enforcing authentication to
Aruba ClearPass Policy Manager (CPPM). The authentication is not working correctly, and you find
the error shown In the exhibit in the CPPM Event Viewer.
What should you check?

  • A. that the MC has been added as a domain machine on the Active Directory domain with which CPPM is synchronized
  • B. that the snared secret configured for the CPPM authentication server matches the one defined for the device on CPPM
  • C. that the IP address that the MC is using to reach CPPM matches the one defined for the device on CPPM
  • D. that the MC has valid admin credentials configured on it for logging into the CPPM
Mark Question:
Answer:

C


User Votes:
A
50%
B
50%
C 1 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

What is one way that Control Plane Security (CPsec) enhances security for me network?

  • A. It protects wireless clients' traffic tunneled between APs and Mobility Controllers, from eavesdropping
  • B. It prevents Denial of Service (DoS) attacks against Mobility Controllers' (MCs") control plane.
  • C. It prevents access from unauthorized IP addresses to critical services, such as SSH on Mobility Controllers (MCs).
  • D. It protects management traffic between APs and Mobility Controllers (MCs) from eavesdropping.
Mark Question:
Answer:

A


User Votes:
A
50%
B
50%
C
50%
D 2 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
felipe.mafra
5 months, 4 weeks ago

CPsec protects control traffic between APs and MCs with secure IPsec tunnels. As


Question 7

You are managing an Aruba Mobility Controller (MC). What is a reason for adding a "Log Settings"
definition in the ArubaOS Diagnostics > System > Log Settings page?

  • A. Configuring the Syslog server settings for the server to which the MC forwards logs for a particular category and level
  • B. Configuring the MC to generate logs for a particular event category and level, but only for a specific user or AP.
  • C. Configuring a filter that you can apply to a defined Syslog server in order to filter events by subcategory
  • D. Configuring the log facility and log format that the MC will use for forwarding logs to all Syslog servers
Mark Question:
Answer:

A


User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
Pyrokar
4 months, 1 week ago

Answer is B.
"Sometimes you might need to log or debug events on a particular user or AP. You can set up
this targeted logging in the Diagnostics > Logs > Log Settings page. Click the + icon."


Question 8

A company with 382 employees wants to deploy an open WLAN for guests. The company wants the
experience to be as follows:

The company also wants to provide encryption for the network for devices mat are capable, you
implement Tor the WLAN?
Which security options should

  • A. WPA3-Personal and MAC-Auth
  • B. Captive portal and WPA3-Personai
  • C. Captive portal and Opportunistic Wireless Encryption (OWE) in transition mode
  • D. Opportunistic Wireless Encryption (OWE) and WPA3-Personal
Mark Question:
Answer:

C


User Votes:
A
50%
B
50%
C 1 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Which is a correct description of a stage in the Lockheed Martin kill chain?

  • A. In the delivery stage, malware collects valuable data and delivers or exfilltrated it to the hacker.
  • B. In the reconnaissance stage, the hacker assesses the impact of the attack and how much information was exfilltrated.
  • C. In the weaponization stage, which occurs after malware has been delivered to a system, the malware executes Its function.
  • D. In the exploitation and installation phases, malware creates a backdoor into the infected system for the hacker.
Mark Question:
Answer:

B


User Votes:
A
50%
B
50%
C
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
felipe.mafra
5 months, 4 weeks ago

In the installation phase:

The malware creates a backdoor into the system through which the hacker can access the system.


Question 10

What is a Key feature of me ArubaOS firewall?

  • A. The firewall is stateful which means that n can track client sessions and automatically allow return traffic for permitted sessions
  • B. The firewall Includes application layer gateways (ALGs). which it uses to filter Web traffic based on the reputation of the destination web site.
  • C. The firewall examines all traffic at Layer 2 through Layer 4 and uses source IP addresses as the primary way to determine how to control traffic.
  • D. The firewall is designed to fitter traffic primarily based on wireless 802.11 headers, making it ideal for mobility environments
Mark Question:
Answer:

B


User Votes:
A 2 votes
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
felipe.mafra
5 months, 4 weeks ago

The ArubaOS firewall is stateful and role-based. By treating each client differently based on its role, the ArubaOS firewall can micro-segment traffic within the same VLAN.

Pyrokar
4 months, 1 week ago

A. correct
B. includes ALGs, but they have nothing to do with web site reputation
C. primary source for control are roles
D. can filter ethernet just as good


Question 11

What is symmetric encryption?

  • A. It simultaneously creates ciphertext and a same-size MAC.
  • B. It any form of encryption mat ensures that thee ciphertext Is the same length as the plaintext.
  • C. It uses the same key to encrypt plaintext as to decrypt ciphertext.
  • D. It uses a Key that is double the size of the message which it encrypts.
Mark Question:
Answer:

C


User Votes:
A
50%
B
50%
C 1 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

What is one way that WPA3-PerSonal enhances security when compared to WPA2-Personal?

  • A. WPA3-Perscn3i is more secure against password leaking Because all users nave their own username and password
  • B. WPA3-Personai prevents eavesdropping on other users' wireless traffic by a user who knows the passphrase for the WLAN.
  • C. WPA3-Personai is more resistant to passphrase cracking Because it requires passphrases to be at least 12 characters
  • D. WPA3-Personal is more complicated to deploy because it requires a backend authentication server
Mark Question:
Answer:

A


User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
Pyrokar
4 months, 1 week ago

Answer is B, simultaneous authentication of equals


Question 13

Refer to the exhibit, which shows the current network topology.

You are deploying a new wireless solution with an Aruba Mobility Master (MM). Aruba Mobility
Controllers (MCs). and campus APs (CAPs). The solution will Include a WLAN that uses Tunnel for the
forwarding mode and Implements WPA3-Enterprise security
What is a guideline for setting up the vlan for wireless devices connected to the WLAN?

  • A. Assign the WLAN to a single new VLAN which is dedicated to wireless users
  • B. Use wireless user roles to assign the devices to different VLANs in the 100-150 range
  • C. Assign the WLAN to a named VLAN which specified 100-150 as the range of IDs.
  • D. Use wireless user roles to assign the devices to a range of new vlan IDs.
Mark Question:
Answer:

B


User Votes:
A 1 votes
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
Pyrokar
4 months, 1 week ago

Answer is A, one VLAN for tunneled traffic to MC which enforces policies based on roles.


Question 14

What is one difference between EAP-Tunneled Layer security (EAP-TLS) and Protected EAP (PEAP)?

  • A. EAP-TLS creates a TLS tunnel for transmitting user credentials, while PEAP authenticates the server and supplicant during a TLS handshake.
  • B. EAP-TLS requires the supplicant to authenticate with a certificate, hut PEAP allows the supplicant to use a username and password.
  • C. EAP-TLS begins with the establishment of a TLS tunnel, but PEAP does not use a TLS tunnel as part of Its process
  • D. EAP-TLS creates a TLS tunnel for transmitting user credentials securely while PEAP protects user credentials with TKIP encryption.
Mark Question:
Answer:

B


User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

You are deploying an Aruba Mobility Controller (MC). What is a best practice for setting up secure
management access to the ArubaOS Web UP

  • A. Avoid using external manager authentication tor the Web UI.
  • B. Change the default 4343 port tor the web UI to TCP 443.
  • C. Install a CA-signed certificate to use for the Web UI server certificate.
  • D. Make sure to enable HTTPS for the Web UI and select the self-signed certificate Installed in the factory.
Mark Question:
Answer:

C


User Votes:
A
50%
B
50%
C 1 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2