New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

HPE6-A78 Aruba Certified Network Security Associate Exam Questions and Answers

Questions 4

What is one practice that can help you to maintain a digital chain or custody In your network?

Options:

A.

Enable packet capturing on Instant AP or Moodily Controller (MC) datepath on an ongoing basis

B.

Enable packet capturing on Instant AP or Mobility Controller (MC) control path on an ongoing basis.

C.

Ensure that all network infrastructure devices receive a valid clock using authenticated NTP

D.

Ensure that all network Infrastructure devices use RADIUS rather than TACACS+ to authenticate managers

Buy Now
Questions 5

You are deploying an Aruba Mobility Controller (MC). What is a best practice for setting up secure management access to the ArubaOS Web UP

Options:

A.

Avoid using external manager authentication tor the Web UI.

B.

Change the default 4343 port tor the web UI to TCP 443.

C.

Install a CA-signed certificate to use for the Web UI server certificate.

D.

Make sure to enable HTTPS for the Web UI and select the self-signed certificate Installed in the factory.

Buy Now
Questions 6

What correctly describes the Pairwise Master Key (PMK) in thee specified wireless security protocol?

Options:

A.

In WPA3-Enterprise, the PMK is unique per session and derived using Simultaneous Authentication of Equals.

B.

In WPA3-Personal, the PMK is unique per session and derived using Simultaneous Authentication of Equals.

C.

In WPA3-Personal, the PMK is derived directly from the passphrase and is the same tor every session.

D.

In WPA3-Personal, the PMK is the same for each session and is communicated to clients that authenticate

Buy Now
Questions 7

What distinguishes a Distributed Denial of Service (DDoS) attack from a traditional Denial or service attack (DoS)?

Options:

A.

A DDoS attack originates from external devices, while a DoS attack originates from internal devices

B.

A DDoS attack is launched from multiple devices, while a DoS attack is launched from a single device

C.

A DoS attack targets one server, a DDoS attack targets all the clients that use a server

D.

A DDoS attack targets multiple devices, while a DoS Is designed to Incapacitate only one device

Buy Now
Questions 8

What is a use case for Transport Layer Security (TLS)?

Options:

A.

to establish a framework for devices to determine when to trust other devices' certificates

B.

to enable a client and a server to establish secure communications for another protocol

C.

to enable two parties to asymmetrically encrypt and authenticate all data that passes be-tween them

D.

to provide a secure alternative to certificate authentication that is easier to implement

Buy Now
Questions 9

You are configuring ArubaOS-CX switches to tunnel client traffic to an Aruba Mobility Controller (MC). What should you do to enhance security for control channel communications between the switches and the MC?

Options:

A.

Create one UBT zone for control traffic and a second UBT zone for clients.

B.

Configure a long, random PAPI security key that matches on the switches and the MC.

C.

install certificates on the switches, and make sure that CPsec is enabled on the MC

D.

Make sure that the UBT client vlan is assigned to the interface on which the switches reach the MC and only that interface.

Buy Now
Questions 10

You are managing an Aruba Mobility Controller (MC). What is a reason for adding a "Log Settings" definition in the ArubaOS Diagnostics > System > Log Settings page?

Options:

A.

Configuring the Syslog server settings for the server to which the MC forwards logs for a particular category and level

B.

Configuring the MC to generate logs for a particular event category and level, but only for a specific user or AP.

C.

Configuring a filter that you can apply to a defined Syslog server in order to filter events by subcategory

D.

Configuring the log facility and log format that the MC will use for forwarding logs to all Syslog servers

Buy Now
Questions 11

What is a Key feature of me ArubaOS firewall?

Options:

A.

The firewall is stateful which means that n can track client sessions and automatically allow return traffic for permitted sessions

B.

The firewall Includes application layer gateways (ALGs). which it uses to filter Web traffic based on the reputation of the destination web site.

C.

The firewall examines all traffic at Layer 2 through Layer 4 and uses source IP addresses as the primary way to determine how to control traffic.

D.

The firewall is designed to fitter traffic primarily based on wireless 802.11 headers, making it ideal for mobility environments

Buy Now
Questions 12

What is one way that WPA3-Enterprise enhances security when compared to WPA2-Enterprise?

Options:

A.

WPA3-Enterprise implements the more secure simultaneous authentication of equals (SAE), while WPA2-Enterprise uses 802.1X.

B.

WPA3-Enterprise provides built-in mechanisms that can deploy user certificates to authorized end-user devices.

C.

WPA3-Enterprise uses Diffie-Hellman in order to authenticate clients, while WPA2-Enterprise uses 802.1X authentication.

D.

WPA3-Enterprise can operate in CNSA mode, which mandates that the 802.11 association uses secure algorithms.

Buy Now
Questions 13

The first exhibit shows roles on the MC, listed in alphabetic order. The second and third exhibits show the configuration for a WLAN to which a client connects. Which description of the role assigned to a user under various circumstances is correct?

Options:

A.

A user fails 802.1X authentication. The client remains connected, but is assigned the "guest" role.

B.

A user authenticates successfully with 802.1 X. and the RADIUS Access-Accept includes an Aruba-User-Role VSA set to "employeel.” The client’s role is "guest."

C.

A user authenticates successfully with 802.1X. and the RADIUS Access-Accept includes an Aruba-User-Role VSA set to "employee." The client’s role is "guest."

D.

A user authenticates successfully with 802.1X, and the RADIUS Access-Accept includes an Aruba-User-RoleVSA set to "employeel." The client's role is "employeel."

Buy Now
Questions 14

Refer to the exhibit.

This Aruba Mobility Controller (MC) should authenticate managers who access the Web Ul to ClearPass Policy Manager (CPPM) ClearPass admins have asked you to use RADIUS and explained that the MC should accept managers' roles in Aruba-Admin-Role VSAs

Which setting should you change to follow Aruba best security practices?

Options:

A.

Change the local user role to read-only

B.

Clear the MSCHAP check box

C.

Disable local authentication

D.

Change the default role to "guest-provisioning"

Buy Now
Questions 15

You have deployed a new Aruba Mobility Controller (MC) and campus APs (CAPs). One of the WLANs enforces 802.IX authentication lo Aruba ClearPass Policy Manager {CPPM) When you test connecting the client to the WLAN. the test falls You check Aruba ClearPass Access Tracker and cannot find a record of the authentication attempt You ping from the MC to CPPM. and the ping is successful.

What is a good next step for troubleshooting?

Options:

A.

Renew CPPM's RADIUS/EAP certificate

B.

Reset the user credentials

C.

Check CPPM Event viewer.

D.

Check connectivity between CPPM and a backend directory server

Buy Now
Questions 16

Refer to the exhibit.

This company has ArubaOS-Switches. The exhibit shows one access layer switch, Swllcn-2. as an example, but the campus actually has more switches. The company wants to slop any internal users from exploiting ARP

What Is the proper way to configure the switches to meet these requirements?

Options:

A.

On Switch-1, enable ARP protection globally, and enable ARP protection on ail VLANs.

B.

On Switch-2, make ports connected to employee devices trusted ports for ARP protection

C.

On Swltch-2, enable DHCP snooping globally and on VLAN 201 before enabling ARP protection

D.

On Swltch-2, configure static PP-to-MAC bindings for all end-user devices on the network

Buy Now
Questions 17

A company has an ArubaOS solution. The company wants to prevent users assigned to the "user_group1" role from using gaming and peer-to-peer applications.

What is the recommended approach for these requirements?

Options:

A.

Make sure DPI is enabled, and add application rules that deny gaming and peer-to-peer applications to the "user_groupr role.

B.

Create ALGs for the gaming and peer-to-peer applications, and deny the "user_group1" role on the ALGs.

C.

Add access control rules to the "user_group1" role, which deny HTTP/HTTPS traffic to IP addresses associated with gaming and peer-to-peer applications.

D.

Create service aliases for the TCP ports associated with gaming and peer-to-per applications, and use those aliases in access control rules for the "user_group" rules.

Buy Now
Questions 18

Your Aruba Mobility Master-based solution has detected a rogue AP Among other information the ArubaOS Detected Radios page lists this Information for the AP

SSID = PubllcWiFI

BSSID = a8M27 12 34:56

Match method = Exact match

Match type = Eth-GW-wired-Mac-Table

The security team asks you to explain why this AP is classified as a rogue. What should you explain?

Options:

A.

The AP Is connected to your LAN because It is transmitting wireless traffic with your network's default gateway's MAC address as a source MAC Because it does not belong to the company, it is a rogue

B.

The ap has a BSSID mat matches authorized client MAC addresses. This indicates that the AP is spoofing the MAC address to gam unauthorized access to your company's wireless services, so It is a rogue

C.

The AP has been detected as launching a DoS attack against your company's default gateway. This qualities it as a rogue which needs to be contained with wireless association frames immediately

D.

The AP is spoofing a routers MAC address as its BSSID. This indicates mat, even though WIP cannot determine whether the AP is connected to your LAN. it is a rogue.

Buy Now
Questions 19

Your Aruba Mobility Master-based solution has detected a suspected rogue AP. Among other information, the ArubaOS Detected Radios page lists this information for the AP:

SSID = PublicWiFi

BSSID = a8:bd:27:12:34:56

Match method = Plus one

Match method = Eth-Wired-Mac-Table

The security team asks you to explain why this AP is classified as a rogue. What should you explain?

Options:

A.

The AP has a BSSID that is close to your authorized APs' BSSIDs. This indicates that the AP might be spoofing the corporate SSID and attempting to lure clients to it, making the AP a suspected rogue.

B.

The AP is probably connected to your LAN because it has a BSSID that is close to a MAC address that has been detected in your LAN. Because it does not belong to the company, it is a suspected rogue.

C.

The AP has been detected using multiple MAC addresses. This indicates that the AP is spoofing its MAC address, which qualifies it as a suspected rogue.

D.

The AP is an AP that belongs to your solution. However, the ArubaOS has detected that it is behaving suspiciously. It might have been compromised, so it is classified as a suspected rogue.

Buy Now
Questions 20

Which attack is an example or social engineering?

Options:

A.

An email Is used to impersonate a Dank and trick users into entering their bank login information on a fake website page.

B.

A hacker eavesdrops on insecure communications, such as Remote Desktop Program (RDP). and discovers login credentials.

C.

A user visits a website and downloads a file that contains a worm, which sell-replicates throughout the network.

D.

An attack exploits an operating system vulnerability and locks out users until they pay the ransom.

Buy Now
Questions 21

Your company policies require you to encrypt logs between network infrastructure devices and Syslog servers. What should you do to meet these requirements on an ArubaOS-CX switch?

Options:

A.

Specify the Syslog server with the TLS option and make sure the switch has a valid certificate.

B.

Specify the Syslog server with the UDP option and then add an CPsec tunnel that selects Syslog.

C.

Specify a priv key with the Syslog settings that matches a priv key on the Syslog server.

D.

Set up RadSec and then enable Syslog as a protocol carried by the RadSec tunnel.

Buy Now
Questions 22

What is a guideline for deploying Aruba ClearPass Device Insight?

Options:

A.

Deploy a Device Insight Collector at every site in the corporate WAN to reduce the impact on WAN links.

B.

Make sure that Aruba devices trust the root CA certificate for the ClearPass Device Insight Analyzer's HTTPS certificate.

C.

Configure remote mirroring on access layer Aruba switches, using Device Insight Analyzer as the destination IP.

D.

For companies with multiple sites, deploy a pair of Device Insight Collectors at the HQ or the central data center.

Buy Now
Questions 23

Which is a use case for enabling Control Plane Policing on Aruba switches?

Options:

A.

to prevent unauthorized network devices from sending routing updates

B.

to prevent the switch from accepting routing updates from unauthorized users

C.

to encrypt traffic between tunneled node switches and Mobility Controllers (MCs)

D.

to mitigate Denial of Service (Dos) attacks on the switch

Buy Now
Questions 24

How can hackers implement a man-in-the-middle (MITM) attack against a wireless client?

Options:

A.

The hacker uses a combination of software and hardware to jam the RF band and prevent the client from connecting to any wireless networks.

B.

The hacker runs an NMap scan on the wireless client to find its MAC and IP address. The hacker then connects to another network and spoofs those addresses.

C.

The hacker connects a device to the same wireless network as the client and responds to the client’s ARP requests with the hacker device’s MAC address.

D.

The hacker uses spear-phishing to probe for the IP addresses that the client is attempting to reach. The hacker device then spoofs those IP addresses.

Buy Now
Questions 25

What is an example or phishing?

Options:

A.

An attacker sends TCP messages to many different ports to discover which ports are open.

B.

An attacker checks a user’s password by using trying millions of potential passwords.

C.

An attacker lures clients to connect to a software-based AP that is using a legitimate SSID.

D.

An attacker sends emails posing as a service team member to get users to disclose their passwords.

Buy Now
Questions 26

How can ARP be used to launch attacks?

Options:

A.

Hackers can use ARP to change their NIC's MAC address so they can impersonate legiti-mate users.

B.

Hackers can exploit the fact that the port used for ARP must remain open and thereby gain remote access to another user's device.

C.

A hacker can use ARP to claim ownership of a CA-signed certificate that actually belongs to another device.

D.

A hacker can send gratuitous ARP messages with the default gateway IP to cause devices to redirect traffic to the hacker's MAC address.

Buy Now
Questions 27

What is the purpose of an Enrollment over Secure Transport (EST) server?

Options:

A.

It acts as an intermediate Certification Authority (CA) that signs end-entity certificates.

B.

It helps admins to avoid expired certificates with less management effort.

C.

It provides a secure central repository for private keys associated with devices' digital certif-icates.

D.

It provides a more secure alternative to private CAs at less cost than a public CA.

Buy Now
Questions 28

What is one way that WPA3-PerSonal enhances security when compared to WPA2-Personal?

Options:

A.

WPA3-Perscn3i is more secure against password leaking Because all users nave their own username and password

B.

WPA3-Personai prevents eavesdropping on other users' wireless traffic by a user who knows the passphrase for the WLAN.

C.

WPA3-Personai is more resistant to passphrase cracking Because it requires passphrases to be at least 12 characters

D.

WPA3-Personal is more complicated to deploy because it requires a backend authentication server

Buy Now
Questions 29

What is a use case for tunneling traffic between an Aruba switch and an AruDa Mobility Controller (MC)?

Options:

A.

applying firewall policies and deep packet inspection to wired clients

B.

enhancing the security of communications from the access layer to the core with data encryption

C.

securing the network infrastructure control plane by creating a virtual out-of-band-management network

D.

simplifying network infrastructure management by using the MC to push configurations to the switches

Buy Now
Questions 30

What is a use case for implementing RadSec instead of RADIUS?

Options:

A.

A university wants to protect communications between the students' devices and the network access server.

B.

A corporation wants to implement EAP-TLS to authenticate wireless users at their main office.

C.

A school district wants to protect messages sent between RADIUS clients and servers over an untrusted network.

D.

A organization wants to strengthen the encryption used to protect RADIUS communications without increasing complexity.

Buy Now
Questions 31

Refer to the exhibit.

A diem is connected to an ArubaOS Mobility Controller. The exhibit snows all Tour firewall rules that apply to this diem

What correctly describes how the controller treats HTTPS packets to these two IP addresses, both of which are on the other side of the firewall

10.1 10.10

203.0.13.5

Options:

A.

It drops both of the packets

B.

It permits the packet to 10.1.10.10 and drops the packet to 203 0.13.5

C.

it permits both of the packets

D.

It drops the packet to 10.1.10.10 and permits the packet to 203.0.13.5.

Buy Now
Exam Code: HPE6-A78
Exam Name: Aruba Certified Network Security Associate Exam
Last Update: Dec 25, 2024
Questions: 106
HPE6-A78 pdf

HPE6-A78 PDF

$25.5  $84.99
HPE6-A78 Engine

HPE6-A78 Testing Engine

$30  $99.99
HPE6-A78 PDF + Engine

HPE6-A78 PDF + Testing Engine

$40.5  $134.99