Summer Special Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 713PS592

HPE6-A78 Aruba Certified Network Security Associate Exam Questions and Answers

Questions 4

How does the ArubaOS firewall determine which rules to apply to a specific client's traffic?

Options:

A.

The firewall applies every rule that includes the dent's IP address as the source.

B.

The firewall applies the rules in policies associated with the client's wlan

C.

The firewall applies thee rules in policies associated with the client's user role.

D.

The firewall applies every rule that includes the client's IP address as the source or destination.

Buy Now
Questions 5

HPE6-A78 Question 5

An admin has created a WLAN that uses the settings shown in the exhibits (and has not otherwise adjusted the settings in the AAA profile) A client connects to the WLAN Under which circumstances will a client receive the default role assignment?

Options:

A.

The client has attempted 802 1X authentication, but the MC could not contact the authentication server

B.

The client has attempted 802 1X authentication, but failed to maintain a reliable connection, leading to a timeout error

C.

The client has passed 802 1X authentication, and the value in the Aruba-User-Role VSA matches a role on the MC

D.

The client has passed 802 1X authentication and the authentication server did not send an Aruba-User-Role VSA

Buy Now
Questions 6

What are some functions of an AruDaOS user role?

Options:

A.

The role determines which authentication methods the user must pass to gain network access

B.

The role determines which firewall policies and bandwidth contract apply to the clients traffic

C.

The role determines which wireless networks (SSiDs) a user is permitted to access

D.

The role determines which control plane ACL rules apply to the client's traffic

Buy Now
Questions 7

A company is deploying ArubaOS-CX switches to support 135 employees, which will tunnel client traffic to an Aruba Mobility Controller (MC) for the MC to apply firewall policies and deep packet inspection (DPI). This MC will be dedicated to receiving traffic from the ArubaOS-CX switches.

What are the licensing requirements for the MC?

Options:

A.

one AP license per-switch

B.

one PEF license per-switch

C.

one PEF license per-switch. and one WCC license per-switch

D.

one AP license per-switch. and one PEF license per-switch

Buy Now
Questions 8

What is a reason to set up a packet capture on an Aruba Mobility Controller (MC)?

Options:

A.

The company wants to use ClearPass Policy Manager (CPPM) to profile devices and needs to receive HTTP User-Agent strings from the MC.

B.

The security team believes that a wireless endpoint connected to the MC is launching an attack and wants to examine the traffic more closely.

C.

You want the MC to analyze wireless clients' traffic at a lower level, so that the ArubaOS firewall can control the traffic I based on application.

D.

You want the MC to analyze wireless clients' traffic at a lower level, so that the ArubaOS firewall can control Web traffic based on the destination URL.

Buy Now
Questions 9

Which is a correct description of a stage in the Lockheed Martin kill chain?

Options:

A.

In the delivery stage, malware collects valuable data and delivers or exfilltrated it to the hacker.

B.

In the reconnaissance stage, the hacker assesses the impact of the attack and how much information was exfilltrated.

C.

In the weaponization stage, which occurs after malware has been delivered to a system, the malware executes Its function.

D.

In the exploitation and installation phases, malware creates a backdoor into the infected system for the hacker.

Buy Now
Questions 10

What is a benefit or using network aliases in ArubaOS firewall policies?

Options:

A.

You can associate a reputation score with the network alias to create rules that filler traffic based on reputation rather than IP.

B.

You can use the aliases to translate client IP addresses to other IP addresses on the other side of the firewall

C.

You can adjust the IP addresses in the aliases, and the rules using those aliases automatically update

D.

You can use the aliases to conceal the true IP addresses of servers from potentially untrusted clients.

Buy Now
Questions 11

Device A is contacting https://arubapedia.arubanetworks.com. The web server sends a certificate chain. What does the browser do as part of validating the web server certificate?

Options:

A.

It makes sure that the key in the certificate matches the key that DeviceA uses for HTTPS.

B.

It makes sure the certificate has a DNS SAN that matches arubapedia.arubanetworks.com

C.

It makes sure that the public key in the certificate matches DeviceA's private HTTPS key.

D.

It makes sure that the public key in the certificate matches a private key stored on DeviceA.

Buy Now
Questions 12

What does the NIST model for digital forensics define?

Options:

A.

how to define access control policies that will properly protect a company's most sensitive data and digital resources

B.

how to properly collect, examine, and analyze logs and other data, in order to use it as evidence in a security investigation

C.

which types of architecture and security policies are best equipped to help companies establish a Zero Trust Network (ZTN)

D.

which data encryption and authentication algorithms are suitable for enterprise networks in a world that is moving toward quantum computing

Buy Now
Questions 13

You have been instructed to look in the ArubaOS Security Dashboard's client list Your goal is to find clients mat belong to the company and have connected to devices that might belong to hackers

Which client fits this description?

Options:

A.

MAC address d8:50:e6:f3;6d;a4; Client Classification Authorized; AP Classification, interfering

B.

MAC address d8:50:e6 f3;6e;c5; Client Classification Interfering. AP Classification Neighbor

C.

MAC address d8:50:e6:f3;6e;60; Client Classification Interfering. AP Classification Interfering

D.

MAC address d8:50:e6:f3;TO;ab; Client Classification Interfering. AP Classification Rogue

Buy Now
Questions 14

What are the roles of 802.1X authenticators and authentication servers?

Options:

A.

The authenticator stores the user account database, while the server stores access policies.

B.

The authenticator supports only EAP, while the authentication server supports only RADIUS.

C.

The authenticator is a RADIUS client and the authentication server is a RADIUS server.

D.

The authenticator makes access decisions and the server communicates them to the supplicant.

Buy Now
Questions 15

You are managing an Aruba Mobility Controller (MC). What is a reason for adding a "Log Settings" definition in the ArubaOS Diagnostics > System > Log Settings page?

Options:

A.

Configuring the Syslog server settings for the server to which the MC forwards logs for a particular category and level

B.

Configuring the MC to generate logs for a particular event category and level, but only for a specific user or AP.

C.

Configuring a filter that you can apply to a defined Syslog server in order to filter events by subcategory

D.

Configuring the log facility and log format that the MC will use for forwarding logs to all Syslog servers

Buy Now
Questions 16

HPE6-A78 Question 16

What is one thing can you determine from the exhibits?

Options:

A.

CPPM originally assigned the client to a role for non-profiled devices. It sent a CoA to the authenticator after it categorized the device.

B.

CPPM sent a CoA message to the client to prompt the client to submit information that CPPM can use to profile it.

C.

CPPM was never able to determine a device category for this device, so you need to check settings in the network infrastructure to ensure they support CPPM's endpoint classification.

D.

CPPM first assigned the client to a role based on the user's identity. Then, it discovered that the client had an invalid category, so it sent a CoA to blacklist the client.

Buy Now
Questions 17

Refer to the exhibit.

HPE6-A78 Question 17

A diem is connected to an ArubaOS Mobility Controller. The exhibit snows all Tour firewall rules that apply to this diem

What correctly describes how the controller treats HTTPS packets to these two IP addresses, both of which are on the other side of the firewall

10.1 10.10

203.0.13.5

Options:

A.

It drops both of the packets

B.

It permits the packet to 10.1.10.10 and drops the packet to 203 0.13.5

C.

it permits both of the packets

D.

It drops the packet to 10.1.10.10 and permits the packet to 203.0.13.5.

Buy Now
Questions 18

What is a consideration for implementing wireless containment in response to unauthorized devices discovered by ArubaOS Wireless Intrusion Detection (WIP)?

Options:

A.

It is best practice to implement automatic containment of unauthorized devices to eliminate the need to locate and remove them.

B.

Wireless containment only works against unauthorized wireless devices that connect to your corporate LAN, so it does not offer protection against Interfering APs.

C.

Your company should consider legal implications before you enable automatic containment or implement manual containment.

D.

Because wireless containment has a lower risk of targeting legitimate neighbors than wired containment, it is recommended in most use cases.

Buy Now
Questions 19

What purpose does an initialization vector (IV) serve for encryption?

Options:

A.

It helps parties to negotiate the keys and algorithms used to secure data before data transmission.

B.

It makes encryption algorithms more secure by ensuring that same plaintext and key can produce different ciphertext.

C.

It enables programs to convert easily-remembered passphrases to keys of a correct length.

D.

It enables the conversion of asymmetric keys into keys that are suitable for symmetric encryption.

Buy Now
Questions 20

You have a network with ArubaOS-Switches for which Aruba ClearPass Policy Manager (CPPM) is acting as a TACACS+ server to authenticate managers. CPPM assigns the admins a TACACS+ privilege level, either manager or operator. You are now adding ArubaOS-CX switches to the network. ClearPass admins want to use the same CPPM service and policies to authenticate managers on the new switches.

What should you explain?

Options:

A.

This approach cannot work because the ArubaOS-CX switches do not accept standard TACACS+ privilege levels.

B.

This approach cannot work because the ArubaOS-CX switches do not support TACACS+.

C.

This approach will work, but will need to be adjusted later if you want to assign managers to the default auditors group.

D.

This approach will work to assign admins to the default "administrators" group, but not to the default "operators" group.

Buy Now
Questions 21

HPE6-A78 Question 21

What is another setting that you must configure on the switch to meet these requirements?

Options:

A.

Set the aaa authentication login method for SSH to the "radius" server-group (with local as backup).

B.

Configure a CPPM username and password that match a CPPM admin account.

C.

Create port-access roles with the same names of the roles that CPPM will send in Aruba-Admin-Role VSAs.

D.

Disable SSH on the default VRF and enable it on the mgmt VRF instead.

Buy Now
Questions 22

A company has an ArubaOS controller-based solution with a WPA3-Enterprise WLAN. which authenticates wireless clients to Aruba ClearPass Policy Manager (CPPM). The company has decided to use digital certificates for authentication A user's Windows domain computer has had certificates installed on it However, the Networks and Connections window shows that authentication has tailed for the user. The Mobility Controllers (MC's) RADIUS events show that it is receiving Access-Rejects for the authentication attempt.

What is one place that you can you look for deeper insight into why this authentication attempt is failing?

Options:

A.

the reports generated by Aruba ClearPass Insight

B.

the RADIUS events within the CPPM Event Viewer

C.

the Alerts tab in the authentication record in CPPM Access Tracker

D.

the packets captured on the MC control plane destined to UDP 1812

Buy Now
Questions 23

What is a guideline for creating certificate signing requests (CSRs) and deploying server Certificates on ArubaOS Mobility Controllers (MCs)?

Options:

A.

Create the CSR online using the MC Web Ul if your company requires you to archive the private key.

B.

if you create the CSR and public/private Keypair offline, create a matching private key online on the MC.

C.

Create the CSR and public/private keypair offline If you want to install the same certificate on multiple MCs.

D.

Generate the private key online, but the public key and CSR offline, to install the same certificate on multiple MCs.

Buy Now
Questions 24

You need to set up Aruba network infrastructure devices for management with SNMP. The SNMP server has this SNMPv3 user configured on it: username: airwave auth algorithm: sha auth key: fyluqp18@S!9a priv algorithm: aes priv key: 761oxaiaoeu19&

What correctly describes the setup on the infrastructure device?

Options:

A.

You must configure a user with the same name and keys, but can choose algorithms that meet the device's needs.

B.

You must configure the "airwave" server as an authorized user. Then, configure a separate user for this device with its own keys.

C.

You must configure a user with the same name and algorithms, but the keys should be unique to this device.

D.

You must configure a user with exactly the same name, algorithms, and keys.

Buy Now
Questions 25

What is one of the policies that a company should define for digital forensics?

Options:

A.

which data should be routinely logged, where logs should be forwarded, and which logs should be archived

B.

what are the first steps that a company can take to implement micro-segmentation in their environment

C.

to which resources should various users be allowed access, based on their identity and the identity of their clients

D.

which type of EAP method is most secure for authenticating wired and wireless users with 802.1

Buy Now
Questions 26

What is social engineering?

Options:

A.

Hackers use Artificial Intelligence (Al) to mimic a user’s online behavior so they can infiltrate a network and launch an attack.

B.

Hackers use employees to circumvent network security and gather the information they need to launch an attack.

C.

Hackers intercept traffic between two users, eavesdrop on their messages, and pretend to be one or both users.

D.

Hackers spoof the source IP address in their communications so they appear to be a legitimate user.

Buy Now
Questions 27

How can hackers implement a man-in-the-middle (MITM) attack against a wireless client?

Options:

A.

The hacker uses a combination of software and hardware to jam the RF band and prevent the client from connecting to any wireless networks.

B.

The hacker runs an NMap scan on the wireless client to find its MAC and IP address. The hacker then connects to another network and spoofs those addresses.

C.

The hacker connects a device to the same wireless network as the client and responds to the client’s ARP requests with the hacker device’s MAC address.

D.

The hacker uses spear-phishing to probe for the IP addresses that the client is attempting to reach. The hacker device then spoofs those IP addresses.

Buy Now
Questions 28

You have an Aruba Mobility Controller (MC). for which you are already using Aruba ClearPass Policy Manager (CPPM) to authenticate access to the Web Ul with usernames and passwords You now want to enable managers to use certificates to log in to the Web Ul CPPM will continue to act as the external server to check the names in managers' certificates and tell the MC the managers' correct rote

in addition to enabling certificate authentication. what is a step that you should complete on the MC?

Options:

A.

Verify that the MC has the correct certificates, and add RadSec to the RADIUS server configuration for CPPM

B.

install all of the managers' certificates on the MC as OCSP Responder certificates

C.

Verify that the MC trusts CPPM's HTTPS certificate by uploading a trusted CA certificate Also, configure a CPPM username and password on the MC

D.

Create a local admin account mat uses certificates in the account, specify the correct trusted CA certificate and external authentication

Buy Now
Questions 29

What is a correct use case for using the specified certificate file format?

Options:

A.

using a PKCS7 file to install a certificate plus and its private key on a device

B.

using a PKCS12 file to install a certificate plus its private key on a device

C.

using a PEM file to install a binary encoded certificate on a device

D.

using a PKCS7 file to install a binary encoded private key on a device

Buy Now
Questions 30

Which correctly describes a way to deploy certificates to end-user devices?

Options:

A.

ClearPass Onboard can help to deploy certificates to end-user devices, whether or not they are members of a Windows domain

B.

ClearPass Device Insight can automatically discover end-user devices and deploy the proper certificates to them

C.

ClearPass OnGuard can help to deploy certificates to end-user devices, whether or not they are members of a Windows domain

D.

in a Windows domain, domain group policy objects (GPOs) can automatically install computer, but not user certificates

Buy Now
Questions 31

Two wireless clients, client 1 and client 2, are connected to an ArubaOS Mobility Controller. Subnet 10.1.10.10/24 is a network of servers on the other side of the ArubaOS firewall. The exhibit shows all three firewall rules that apply to these clients.

HPE6-A78 Question 31

Which traffic is permitted?

Options:

A.

an HTTPS request from client 1 to 10.1.10.10 and an HTTPS response from 10.1.10.10 to client 1

B.

an HTTPS request from client 1 to 10.1.10.10 and an HTTPS request from 10.1.10.11 to client 1

C.

an HTTPS request from 10.1.10.10 to client 1 and an HTTPS re-sponse from client 1 to 10.1.10.10

D.

an HTTPS request from client 1 to client 2 and an HTTPS request from client 2 to client 1

Buy Now
Exam Code: HPE6-A78
Exam Name: Aruba Certified Network Security Associate Exam
Last Update: Jun 14, 2024
Questions: 106

PDF + Testing Engine

$66.4  $165.99

Testing Engine

$46  $114.99
buy now HPE6-A78 testing engine

PDF (Q&A)

$42  $104.99
buy now HPE6-A78 pdf