You are configuring ArubaOS-CX switches to tunnel client traffic to an Aruba Mobility Controller (MC). What should you do to enhance security for control channel communications between the switches and the MC?
A.
Create one UBT zone for control traffic and a second UBT zone for clients.
B.
Configure a long, random PAPI security key that matches on the switches and the MC.
C.
install certificates on the switches, and make sure that CPsec is enabled on the MC
D.
Make sure that the UBT client vlan is assigned to the interface on which the switches reach the MC and only that interface.
Answer:
C
User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
0/ 1000
Pyrokar
4 months, 1 week ago
A - only one zone for user and control traffic B - correct C - CPsec only on APs, not CX-switches D. client vlan irrelevant
Question 2
You have been asked to rind logs related to port authentication on an ArubaOS-CX switch for events logged in the past several hours But. you are having trouble searching through the logs What is one approach that you can take to find the relevant logs?
A.
Add the "-C and *-c port-access" options to the "show logging" command.
B.
Configure a logging Tiller for the "port-access" category, and apply that filter globally.
C.
Enable debugging for "portaccess" to move the relevant logs to a buffer.
D.
Specify a logging facility that selects for "port-access" messages.
Answer:
A
User Votes:
A 2 votes
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Pyrokar
4 months, 1 week ago
A is correct
Question 3
What is a reason to set up a packet capture on an Aruba Mobility Controller (MC)?
A.
The company wants to use ClearPass Policy Manager (CPPM) to profile devices and needs to receive HTTP User-Agent strings from the MC.
B.
The security team believes that a wireless endpoint connected to the MC is launching an attack and wants to examine the traffic more closely.
C.
You want the MC to analyze wireless clients' traffic at a lower level, so that the ArubaOS firewall can control the traffic I based on application.
D.
You want the MC to analyze wireless clients' traffic at a lower level, so that the ArubaOS firewall can control Web traffic based on the destination URL.
Answer:
C
User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
0/ 1000
Question 4
What is an example or phishing?
A.
An attacker sends TCP messages to many different ports to discover which ports are open.
B.
An attacker checks a user’s password by using trying millions of potential passwords.
C.
An attacker lures clients to connect to a software-based AP that is using a legitimate SSID.
D.
An attacker sends emails posing as a service team member to get users to disclose their passwords.
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D 1 votes
50%
Discussions
0/ 1000
Question 5
Refer to the exhibit.
You are deploying a new ArubaOS Mobility Controller (MC), which is enforcing authentication to Aruba ClearPass Policy Manager (CPPM). The authentication is not working correctly, and you find the error shown In the exhibit in the CPPM Event Viewer. What should you check?
A.
that the MC has been added as a domain machine on the Active Directory domain with which CPPM is synchronized
B.
that the snared secret configured for the CPPM authentication server matches the one defined for the device on CPPM
C.
that the IP address that the MC is using to reach CPPM matches the one defined for the device on CPPM
D.
that the MC has valid admin credentials configured on it for logging into the CPPM
Answer:
C
User Votes:
A
50%
B
50%
C 1 votes
50%
D
50%
Discussions
0/ 1000
Question 6
What is one way that Control Plane Security (CPsec) enhances security for me network?
A.
It protects wireless clients' traffic tunneled between APs and Mobility Controllers, from eavesdropping
B.
It prevents Denial of Service (DoS) attacks against Mobility Controllers' (MCs") control plane.
C.
It prevents access from unauthorized IP addresses to critical services, such as SSH on Mobility Controllers (MCs).
D.
It protects management traffic between APs and Mobility Controllers (MCs) from eavesdropping.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D 2 votes
50%
Discussions
0/ 1000
felipe.mafra
5 months, 4 weeks ago
CPsec protects control traffic between APs and MCs with secure IPsec tunnels. As
Question 7
You are managing an Aruba Mobility Controller (MC). What is a reason for adding a "Log Settings" definition in the ArubaOS Diagnostics > System > Log Settings page?
A.
Configuring the Syslog server settings for the server to which the MC forwards logs for a particular category and level
B.
Configuring the MC to generate logs for a particular event category and level, but only for a specific user or AP.
C.
Configuring a filter that you can apply to a defined Syslog server in order to filter events by subcategory
D.
Configuring the log facility and log format that the MC will use for forwarding logs to all Syslog servers
Answer:
A
User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
0/ 1000
Pyrokar
4 months, 1 week ago
Answer is B. "Sometimes you might need to log or debug events on a particular user or AP. You can set up this targeted logging in the Diagnostics > Logs > Log Settings page. Click the + icon."
Question 8
A company with 382 employees wants to deploy an open WLAN for guests. The company wants the experience to be as follows:
The company also wants to provide encryption for the network for devices mat are capable, you implement Tor the WLAN? Which security options should
A.
WPA3-Personal and MAC-Auth
B.
Captive portal and WPA3-Personai
C.
Captive portal and Opportunistic Wireless Encryption (OWE) in transition mode
D.
Opportunistic Wireless Encryption (OWE) and WPA3-Personal
Answer:
C
User Votes:
A
50%
B
50%
C 1 votes
50%
D
50%
Discussions
0/ 1000
Question 9
Which is a correct description of a stage in the Lockheed Martin kill chain?
A.
In the delivery stage, malware collects valuable data and delivers or exfilltrated it to the hacker.
B.
In the reconnaissance stage, the hacker assesses the impact of the attack and how much information was exfilltrated.
C.
In the weaponization stage, which occurs after malware has been delivered to a system, the malware executes Its function.
D.
In the exploitation and installation phases, malware creates a backdoor into the infected system for the hacker.
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D 1 votes
50%
Discussions
0/ 1000
felipe.mafra
5 months, 4 weeks ago
In the installation phase:
The malware creates a backdoor into the system through which the hacker can access the system.
Question 10
What is a Key feature of me ArubaOS firewall?
A.
The firewall is stateful which means that n can track client sessions and automatically allow return traffic for permitted sessions
B.
The firewall Includes application layer gateways (ALGs). which it uses to filter Web traffic based on the reputation of the destination web site.
C.
The firewall examines all traffic at Layer 2 through Layer 4 and uses source IP addresses as the primary way to determine how to control traffic.
D.
The firewall is designed to fitter traffic primarily based on wireless 802.11 headers, making it ideal for mobility environments
Answer:
B
User Votes:
A 2 votes
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
felipe.mafra
5 months, 4 weeks ago
The ArubaOS firewall is stateful and role-based. By treating each client differently based on its role, the ArubaOS firewall can micro-segment traffic within the same VLAN.
Pyrokar
4 months, 1 week ago
A. correct B. includes ALGs, but they have nothing to do with web site reputation C. primary source for control are roles D. can filter ethernet just as good
Question 11
What is symmetric encryption?
A.
It simultaneously creates ciphertext and a same-size MAC.
B.
It any form of encryption mat ensures that thee ciphertext Is the same length as the plaintext.
C.
It uses the same key to encrypt plaintext as to decrypt ciphertext.
D.
It uses a Key that is double the size of the message which it encrypts.
Answer:
C
User Votes:
A
50%
B
50%
C 1 votes
50%
D
50%
Discussions
0/ 1000
Question 12
What is one way that WPA3-PerSonal enhances security when compared to WPA2-Personal?
A.
WPA3-Perscn3i is more secure against password leaking Because all users nave their own username and password
B.
WPA3-Personai prevents eavesdropping on other users' wireless traffic by a user who knows the passphrase for the WLAN.
C.
WPA3-Personai is more resistant to passphrase cracking Because it requires passphrases to be at least 12 characters
D.
WPA3-Personal is more complicated to deploy because it requires a backend authentication server
Answer:
A
User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
0/ 1000
Pyrokar
4 months, 1 week ago
Answer is B, simultaneous authentication of equals
Question 13
Refer to the exhibit, which shows the current network topology.
You are deploying a new wireless solution with an Aruba Mobility Master (MM). Aruba Mobility Controllers (MCs). and campus APs (CAPs). The solution will Include a WLAN that uses Tunnel for the forwarding mode and Implements WPA3-Enterprise security What is a guideline for setting up the vlan for wireless devices connected to the WLAN?
A.
Assign the WLAN to a single new VLAN which is dedicated to wireless users
B.
Use wireless user roles to assign the devices to different VLANs in the 100-150 range
C.
Assign the WLAN to a named VLAN which specified 100-150 as the range of IDs.
D.
Use wireless user roles to assign the devices to a range of new vlan IDs.
Answer:
B
User Votes:
A 1 votes
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Pyrokar
4 months, 1 week ago
Answer is A, one VLAN for tunneled traffic to MC which enforces policies based on roles.
Question 14
What is one difference between EAP-Tunneled Layer security (EAP-TLS) and Protected EAP (PEAP)?
A.
EAP-TLS creates a TLS tunnel for transmitting user credentials, while PEAP authenticates the server and supplicant during a TLS handshake.
B.
EAP-TLS requires the supplicant to authenticate with a certificate, hut PEAP allows the supplicant to use a username and password.
C.
EAP-TLS begins with the establishment of a TLS tunnel, but PEAP does not use a TLS tunnel as part of Its process
D.
EAP-TLS creates a TLS tunnel for transmitting user credentials securely while PEAP protects user credentials with TKIP encryption.
Answer:
B
User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
0/ 1000
Question 15
You are deploying an Aruba Mobility Controller (MC). What is a best practice for setting up secure management access to the ArubaOS Web UP
A.
Avoid using external manager authentication tor the Web UI.
B.
Change the default 4343 port tor the web UI to TCP 443.
C.
Install a CA-signed certificate to use for the Web UI server certificate.
D.
Make sure to enable HTTPS for the Web UI and select the self-signed certificate Installed in the factory.
A - only one zone for user and control traffic
B - correct
C - CPsec only on APs, not CX-switches
D. client vlan irrelevant