HPE6-A78 Practice Exam Questions and Answers

A.  

Install this thumbprint on management stations to use as two-factor authentication along with manager usernames and passwords, this will ensure managers connect from valid stations

B.  

Copy the thumbprint to other Aruba switches to establish a consistent SSH Key for all switches this will enable managers to connect to the switches securely with less effort

C.  

When you first connect to the switch with SSH from a management station, make sure that the thumbprint matches to ensure that a man-in-t he-mid die (MITM) attack is not occurring

D.  

install this thumbprint on management stations the stations can then authenticate with the thumbprint instead of admins having to enter usernames and passwords.

A.  

A university wants to protect communications between the students' devices and the network access server.

B.  

A corporation wants to implement EAP-TLS to authenticate wireless users at their main office.

C.  

A school district wants to protect messages sent between RADIUS clients and servers over an untrusted network.

D.  

A organization wants to strengthen the encryption used to protect RADIUS communications without increasing complexity.

A.  

It authenticates legitimate users and uses policies to determine which resources each user is allowed to access.

B.  

It negotiates with each user's device to determine which EAP method is used for authentication

C.  

It enforces access to network services and sends accounting information to the AAA server

D.  

It determines which resources authenticated users are allowed to access and monitors each users session

A.  

Obtain downloadable user roles (DURs) from ClearPass.

B.  

Synchronize its clock with an NTP server that requires authentication.

C.  

Use RadSec for enforcing 802.1X authentication to ClearPass.

D.  

Use RADIUS for enforcing 802.1X authentication to ClearPass.

A.  

A user fails 802.1X authentication. The client remains connected, but is assigned the "guest" role.

B.  

A user authenticates successfully with 802.1 X. and the RADIUS Access-Accept includes an Aruba-User-Role VSA set to "employeel.” The client’s role is "guest."

C.  

A user authenticates successfully with 802.1X. and the RADIUS Access-Accept includes an Aruba-User-Role VSA set to "employee." The client’s role is "guest."

D.  

A user authenticates successfully with 802.1X, and the RADIUS Access-Accept includes an Aruba-User-RoleVSA set to "employeel." The client's role is "employeel."

A.  

one AP license per-switch

B.  

one PEF license per-switch

C.  

one PEF license per-switch. and one WCC license per-switch

D.  

one AP license per-switch. and one PEF license per-switch

A.  

Create the CSR online using the MC Web Ul if your company requires you to archive the private key.

B.  

if you create the CSR and public/private Keypair offline, create a matching private key online on the M

C.  

C.  

Create the CSR and public/private keypair offline If you want to install the same certificate on multiple MCs.

D.  

Generate the private key online, but the public key and CSR offline, to install the same certificate on multiple MCs.

A.  

The client has attempted 802 1X authentication, but the MC could not contact the authentication server

B.  

The client has attempted 802 1X authentication, but failed to maintain a reliable connection, leading to a timeout error

C.  

The client has passed 802 1X authentication, and the value in the Aruba-User-Role VSA matches a role on the MC

D.  

The client has passed 802 1X authentication and the authentication server did not send an Aruba-User-Role VSA

A.  

It helps parties to negotiate the keys and algorithms used to secure data before data transmission.

B.  

It makes encryption algorithms more secure by ensuring that same plaintext and key can produce different ciphertext.

C.  

It enables programs to convert easily-remembered passphrases to keys of a correct length.

D.  

It enables the conversion of asymmetric keys into keys that are suitable for symmetric encryption.

A.  

EAP-TLS creates a TLS tunnel for transmitting user credentials, while PEAP authenticates the server and supplicant during a TLS handshake.

B.  

EAP-TLS requires the supplicant to authenticate with a certificate, hut PEAP allows the supplicant to use a username and password.

C.  

EAP-TLS begins with the establishment of a TLS tunnel, but PEAP does not use a TLS tunnel as part of Its process

D.  

EAP-TLS creates a TLS tunnel for transmitting user credentials securely while PEAP protects user credentials with TKIP encryption.

A.  

MAC address d8:50:e6:f3;6d;a4; Client Classification Authorized; AP Classification, interfering

B.  

MAC address d8:50:e6 f3;6e;c5; Client Classification Interfering. AP Classification Neighbor

C.  

MAC address d8:50:e6:f3;6e;60; Client Classification Interfering. AP Classification Interfering

D.  

MAC address d8:50:e6:f3;TO;ab; Client Classification Interfering. AP Classification Rogue

A.  

which data should be routinely logged, where logs should be forwarded, and which logs should be archived

B.  

what are the first steps that a company can take to implement micro-segmentation in their environment

C.  

to which resources should various users be allowed access, based on their identity and the identity of their clients

D.  

which type of EAP method is most secure for authenticating wired and wireless users with 802.1

A.  

The firewall applies every rule that includes the dent's IP address as the source.

B.  

The firewall applies the rules in policies associated with the client's wlan

C.  

The firewall applies thee rules in policies associated with the client's user role.

D.  

The firewall applies every rule that includes the client's IP address as the source or destination.

A.  

It is best practice to implement automatic containment of unauthorized devices to eliminate the need to locate and remove them.

B.  

Wireless containment only works against unauthorized wireless devices that connect to your corporate LAN, so it does not offer protection against Interfering APs.

C.  

Your company should consider legal implications before you enable automatic containment or implement manual containment.

D.  

Because wireless containment has a lower risk of targeting legitimate neighbors than wired containment, it is recommended in most use cases.

A.  

Create a device fingerprinting policy that includes HTTP, and apply the policy to edge ports.

B.  

Create remote mirrors that collect traffic on edge ports, and mirror it to CPPM's IP address.

C.  

Configure CPPM as the sFlow collector, and make sure that sFlow is enabled on edge ports.

D.  

Connect the switches to CPPM's span ports, and set up mirroring of HTTP traffic on the switches.

A.  

Create a dynamic authorization, or RFC 3576, server with the 10.5.5.5 address and correct shared secret.

B.  

Install the root CA associated with the 10 5.5.5 server's certificate as a Trusted CA certificate.

C.  

Configure a ClearPass username and password in the MyEmployees AAA profile.

D.  

Enable the dynamic authorization setting in the "clearpass" authentication server settings.

A.  

Opportunistic Wireless Encryption (OWE) and WPA3-Personal

B.  

WPA3-Personal and MAC-Auth

C.  

Captive portal and Opportunistic Wireless Encryption (OWE) in transition mode

D.  

Captive portal and WPA3-Personal

A.  

WPA3-Enterprise implements the more secure simultaneous authentication of equals (SAE), while WPA2-Enterprise uses 802.1X.

B.  

WPA3-Enterprise provides built-in mechanisms that can deploy user certificates to authorized end-user devices.

C.  

WPA3-Enterprise uses Diffie-Hellman in order to authenticate clients, while WPA2-Enterprise uses 802.1X authentication.

D.  

WPA3-Enterprise can operate in CNSA mode, which mandates that the 802.11 association uses secure algorithms.

A.  

It could open a backdoor into the corporate LAN for unauthorized users.

B.  

It is running in a non-standard 802.11 mode and could effectively jam the wireless signal.

C.  

It is flooding the air with many wireless frames in a likely attempt at a DoS attack.

D.  

It could be attempting to conceal itself from detection by changing its BSSID and SSID frequently.

A.  

Verify that the MC has the correct certificates, and add RadSec to the RADIUS server configuration for CPPM

B.  

install all of the managers' certificates on the MC as OCSP Responder certificates

C.  

Verify that the MC trusts CPPM's HTTPS certificate by uploading a trusted CA certificate Also, configure a CPPM username and password on the MC

D.  

Create a local admin account mat uses certificates in the account, specify the correct trusted CA certificate and external authentication

A.  

An attacker sends TCP messages to many different ports to discover which ports are open.

B.  

An attacker checks a user’s password by using trying millions of potential passwords.

C.  

An attacker lures clients to connect to a software-based AP that is using a legitimate SSI

D.  

D.  

An attacker sends emails posing as a service team member to get users to disclose their passwords.

A.  

to establish a framework for devices to determine when to trust other devices' certificates

B.  

to enable a client and a server to establish secure communications for another protocol

C.  

to enable two parties to asymmetrically encrypt and authenticate all data that passes be-tween them

D.  

to provide a secure alternative to certificate authentication that is easier to implement

A.  

It uses the public key in the DigCen SHA2 Secure Server CA certificate to check the certificate's signature.

B.  

It uses the public key in the DigCert root CA certificate to check the certificate signature

C.  

It uses the private key in the DigiCert SHA2 Secure Server CA to check the certificate's signature.

D.  

It uses the private key in the Arubapedia web site's certificate to check that certificate's signature

A.  

It allows both WPA2-capabie and WPA3-capable clients to authenticate to the same WPA-Personal WLAN

B.  

It offers more control over who can connect to the wireless network when compared with WPA2-Personal

C.  

It allows anyone lo connect, but provides better protection against eavesdropping than a traditional open network

D.  

It provides protection for wireless clients against both honeypot APs and man-in-the-middle (MUM) attacks

A.  

It simultaneously creates ciphertext and a same-size MA

C.  

B.  

It any form of encryption mat ensures that thee ciphertext Is the same length as the plaintext.

C.  

It uses the same key to encrypt plaintext as to decrypt ciphertext.

D.  

It uses a Key that is double the size of the message which it encrypts.

A.  

the match method

B.  

the detecting devices

C.  

the match type

D.  

the confidence level

A.  

Create a TA profile on the ArubaOS-Switches with the root CA certificate for ClearPass's HTTPS certificate

B.  

Create device fingerprinting profiles on the ArubaOS-Switches that include SNMP. and apply the profiles to edge ports

C.  

Create remote mirrors on the ArubaOS-Swrtches that collect traffic on edge ports, and mirror it to CPPM's IP address.

D.  

Create SNMPv3 users on ArubaOS-CX switches, and make sure that the credentials match those configured on CPPM

A.  

ArubaOS-CX switches can use a combination of active and passive methods to assign roles to clients.

B.  

ArubaOS devices (controllers and lAPs) can use DHCP fingerprints to assign roles to clients.

C.  

ArubaOS devices can use a combination of DHCP fingerprints, HTTP User-Agent strings, and Nmap to construct endpoint profiles.

D.  

ArubaOS-Switches can use DHCP fingerprints to construct detailed endpoint profiles.

A.  

Airwave can provide more advanced authentication and access control services for the AmbaOS solution

B.  

Airwave retains information about the network for much longer periods than ArubaOS solution

C.  

Airwave is required to activate Wireless Intrusion Prevention (WIP) services on the ArubaOS solution

D.  

AirWave enables low level debugging on the devices across the ArubaOS solution

A.  

The authenticator stores the user account database, while the server stores access policies.

B.  

The authenticator supports only EAP, while the authentication server supports only RADIUS.

C.  

The authenticator is a RADIUS client and the authentication server is a RADIUS server.

D.  

The authenticator makes access decisions and the server communicates them to the supplicant.

A.  

On Switch-1, enable ARP protection globally, and enable ARP protection on ail VLANs.

B.  

On Switch-2, make ports connected to employee devices trusted ports for ARP protection

C.  

On Swltch-2, enable DHCP snooping globally and on VLAN 201 before enabling ARP protection

D.  

On Swltch-2, configure static PP-to-MAC bindings for all end-user devices on the network