HPE6-A78 Practice Questions

A.  

Set the aaa authentication login method for SSH to the "radius" server-group (with local as backup).

B.  

Configure a CPPM username and password that match a CPPM admin account.

C.  

Create port-access roles with the same names of the roles that CPPM will send in Aruba-Admin-Role VSAs.

D.  

Disable SSH on the default VRF and enable it on the mgmt VRF instead.

A.  

It protects wireless clients' traffic tunneled between APs and Mobility Controllers, from eavesdropping

B.  

It prevents Denial of Service (DoS) attacks against Mobility Controllers' (MCs") control plane.

C.  

It prevents access from unauthorized IP addresses to critical services, such as SSH on Mobility Controllers (MCs).

D.  

It protects management traffic between APs and Mobility Controllers (MCs) from eavesdropping.

A.  

TCP fingerprinting

B.  

SSH scans

C.  

WMI scans

D.  

SNMP scans

A.  

The authenticator stores the user account database, while the server stores access policies.

B.  

The authenticator supports only EAP, while the authentication server supports only RADIUS.

C.  

The authenticator is a RADIUS client and the authentication server is a RADIUS server.

D.  

The authenticator makes access decisions and the server communicates them to the supplicant.

A.  

CPPM can use Wireshark to actively probe devices, analyze their traffic patterns, and construct an endpoint profile.

B.  

CPPM can use SNMP to configure Aruba switches and mobility devices to mirror client traffic to CPPM for analysis.

C.  

CPPM can analyze settings such as TTL and time window size in endpoints' TCP traffic in order to fingerprint the OS.

D.  

CPPM can analyze settings such as TCP/UDP ports used for HTTP, DHCP, and DNS in endpoints' traffic to fingerprint the OS.

A.  

The firewall is stateful which means that n can track client sessions and automatically allow return traffic for permitted sessions

B.  

The firewall Includes application layer gateways (ALGs). which it uses to filter Web traffic based on the reputation of the destination web site.

C.  

The firewall examines all traffic at Layer 2 through Layer 4 and uses source IP addresses as the primary way to determine how to control traffic.

D.  

The firewall is designed to fitter traffic primarily based on wireless 802.11 headers, making it ideal for mobility environments

A.  

An email is used to impersonate a bank and trick users into entering their bank login information on a fake website page.

B.  

An attack exploits an operating system vulnerability and locks out users until they pay the ransom.

C.  

A hacker eavesdrops on insecure communications, such as Remote Desktop Protocol (RDP), and discovers login credentials.

D.  

A user visits a website and downloads a file that contains a worm, which self-replicates throughout the network.

A.  

Change the local user role to read-only

B.  

Clear the MSCHAP check box

C.  

Disable local authentication

D.  

Change the default role to "guest-provisioning"

A.  

Create datapath mirrors that use the CPPM's IP address as the destination.

B.  

Create an IF-MAP profile, which specifies credentials for an API admin account on CPPM.

C.  

Create control path mirrors to mirror HTTP traffic from clients to CPPM.

D.  

Create a firewall whitelist rule that permits HTTP and CPPM's IP address.

A.  

EAP-TLS creates a TLS tunnel for transmitting user credentials, while PEAP authenticates the server and supplicant during a TLS handshake.

B.  

EAP-TLS requires the supplicant to authenticate with a certificate, hut PEAP allows the supplicant to use a username and password.

C.  

EAP-TLS begins with the establishment of a TLS tunnel, but PEAP does not use a TLS tunnel as part of Its process

D.  

EAP-TLS creates a TLS tunnel for transmitting user credentials securely while PEAP protects user credentials with TKIP encryption.