HPE6-A78 Exam Dumps, HPE6-A78 Practice Test Questions [Q18-Q42]

4/5 - (1 vote)

HPE6-A78 Exam Dumps, HPE6-A78 Practice Test Questions

PDF (New 2022) Actual HP HPE6-A78 Exam Questions

HP HPE6-A78 Exam Syllabus Topics:

Topic	Details
Topic 1	Collect and monitor historical network pattern data Describe firewall (PEF), dynamic segmentation, RBAC, AppRF
Topic 2	Compare and contrast wireless LAN methodologies Describe user roles and policy enforcement
Topic 3	Explain social engineering and defense Describe PKI components
Topic 4	Identify and evaluate discovered endpoints Describe common security threats
Topic 5	Explain common security protocols and their use cases Compare endpoint classifications methods
Topic 6	Disable insecure protocols and follow best practices for implement secure management protocols such as SSH, HTTPS
Topic 7	Explain attack stages and kill chain Identify the difference between a threat and a vulnerability
Topic 8	View and acknowledge WIPS and WIDS, alarms Troubleshoot with access tracker
Topic 9	Describe and deploy basic user roles for wireless users Define and deploy basic user roles for wired users

NEW QUESTION 18
What is one way a noneypot can be used to launch a man-in-the-middle (MITM) attack to wireless clients?

it uses a combination or software and hardware to jam the RF band and prevent the client from connecting to any wireless networks

it runs an NMap scan on the wireless client to And the clients MAC and IP address. The hacker then connects to another network and spoofs those addresses.

it examines wireless clients’ probes and broadcasts the SSlDs in the probes, so that wireless clients will connect to it automatically.

it uses ARP poisoning to disconnect wireless clients from the legitimate wireless network and force clients to connect to the hacker’s wireless network instead.

NEW QUESTION 19
What is a correct guideline for the management protocols that you should use on ArubaOS-Switches?

Disable Telnet and use TFTP instead.

Disable SSH and use https instead.

Disable Telnet and use SSH instead

Disable HTTPS and use SSH instead

NEW QUESTION 20
You have an Aruba Mobility Controller (MC). for which you are already using Aruba ClearPass Policy Manager (CPPM) to authenticate access to the Web Ul with usernames and passwords You now want to enable managers to use certificates to log in to the Web Ul CPPM will continue to act as the external server to check the names in managers’ certificates and tell the MC the managers’ correct rote in addition to enabling certificate authentication. what is a step that you should complete on the MC?

Verify that the MC has the correct certificates, and add RadSec to the RADIUS server configuration for CPPM

install all of the managers’ certificates on the MC as OCSP Responder certificates

Verify that the MC trusts CPPM’s HTTPS certificate by uploading a trusted CA certificate Also, configure a CPPM username and password on the MC

Create a local admin account mat uses certificates in the account, specify the correct trusted CA certificate and external authentication

NEW QUESTION 21
Refer to the exhibit.

This Aruba Mobility Controller (MC) should authenticate managers who access the Web Ul to ClearPass Policy Manager (CPPM) ClearPass admins have asked you to use RADIUS and explained that the MC should accept managers’ roles in Aruba-Admin-Role VSAs Which setting should you change to follow Aruba best security practices?

Change the local user role to read-only

Clear the MSCHAP check box

Disable local authentication

Change the default role to “guest-provisioning”

NEW QUESTION 22
Refer to the exhibit.

You need to ensure that only management stations in subnet 192.168.1.0/24 can access the ArubaOS-Switches’ CLI. Web Ul. and REST interfaces The company also wants to let managers use these stations to access other parts of the network What should you do?

Establish a Control Plane Policing class that selects traffic from 192.168 1.0/24.

Specify 192.168.1.0.255.255.255.0 as authorized IP manager address

Configure the switch to listen for these protocols on OOBM only.

Specify vlan 100 as the management vlan for the switches.

NEW QUESTION 23
Your Aruba Mobility Master-based solution has detected a rogue AP Among other information the ArubaOS Detected Radios page lists this Information for the AP SSID = PubllcWiFI BSSID = a8M27 12 34:56 Match method = Exact match Match type = Eth-GW-wired-Mac-Table The security team asks you to explain why this AP is classified as a rogue. What should you explain?

The AP Is connected to your LAN because It is transmitting wireless traffic with your network’s default gateway’s MAC address as a source MAC Because it does not belong to the company, it is a rogue

The ap has a BSSID mat matches authorized client MAC addresses. This indicates that the AP is spoofing the MAC address to gam unauthorized access to your company’s wireless services, so It is a rogue

The AP has been detected as launching a DoS attack against your company’s default gateway. This qualities it as a rogue which needs to be contained with wireless association frames immediately

The AP is spoofing a routers MAC address as its BSSID. This indicates mat, even though WIP cannot determine whether the AP is connected to your LAN. it is a rogue.

NEW QUESTION 24
How does the ArubaOS firewall determine which rules to apply to a specific client’s traffic?

The firewall applies every rule that includes the dent’s IP address as the source.

The firewall applies the rules in policies associated with the client’s wlan

The firewall applies thee rules in policies associated with the client’s user role.

The firewall applies every rule that includes the client’s IP address as the source or destination.

NEW QUESTION 25
What distinguishes a Distributed Denial of Service (DDoS) attack from a traditional Denial or service attack (DoS)?

A DDoS attack originates from external devices, while a DoS attack originates from internal devices

A DDoS attack is launched from multiple devices, while a DoS attack is launched from a single device

A DoS attack targets one server, a DDoS attack targets all the clients that use a server

A DDoS attack targets multiple devices, while a DoS Is designed to Incapacitate only one device

NEW QUESTION 26
A company is deploying ArubaOS-CX switches to support 135 employees, which will tunnel client traffic to an Aruba Mobility Controller (MC) for the MC to apply firewall policies and deep packet inspection (DPI).
This MC will be dedicated to receiving traffic from the ArubaOS-CX switches.
What are the licensing requirements for the MC?

one AP license per-switch

one PEF license per-switch

one PEF license per-switch. and one WCC license per-switch

one AP license per-switch. and one PEF license per-switch

NEW QUESTION 27
An ArubaOS-CX switch enforces 802.1X on a port. No fan-through options or port-access roles are configured on the port The 802 1X supplicant on a connected client has not yet completed authentication Which type of traffic does the authenticator accept from the client?

EAP only

DHCP, DNS and RADIUS only

RADIUS only

DHCP, DNS, and EAP only

NEW QUESTION 28
What are some functions of an AruDaOS user role?

The role determines which authentication methods the user must pass to gain network access

The role determines which firewall policies and bandwidth contract apply to the clients traffic

The role determines which wireless networks (SSiDs) a user is permitted to access

The role determines which control plane ACL rules apply to the client’s traffic

NEW QUESTION 29
You have deployed a new Aruba Mobility Controller (MC) and campus APs (CAPs). One of the WLANs enforces 802.IX authentication lo Aruba ClearPass Policy Manager {CPPM) When you test connecting the client to the WLAN. the test falls You check Aruba ClearPass Access Tracker and cannot find a record of the authentication attempt You ping from the MC to CPPM. and the ping is successful.
What is a good next step for troubleshooting?

Renew CPPM’s RADIUS/EAP certificate

Reset the user credentials

Check CPPM Event viewer.

Check connectivity between CPPM and a backend directory server

NEW QUESTION 30
What is a benefit of deploying Aruba ClearPass Device insight?

Highly accurate endpoint classification for environments with many devices types, including Internet of Things (loT)

visibility into devices’ 802.1X supplicant settings and automated certificate deployment

Agent-based analysts of devices’ security settings and health status, with the ability to implement quarantining

Simpler troubleshooting of ClearPass solutions across an environment with multiple ClearPass Policy Managers

NEW QUESTION 31
What is one difference between EAP-Tunneled Layer security (EAP-TLS) and Protected EAP (PEAP)?

EAP-TLS creates a TLS tunnel for transmitting user credentials, while PEAP authenticates the server and supplicant during a TLS handshake.

EAP-TLS requires the supplicant to authenticate with a certificate, hut PEAP allows the supplicant to use a username and password.

EAP-TLS begins with the establishment of a TLS tunnel, but PEAP does not use a TLS tunnel as part of Its process

EAP-TLS creates a TLS tunnel for transmitting user credentials securely while PEAP protects user credentials with TKIP encryption.

NEW QUESTION 32
What is one practice that can help you to maintain a digital chain or custody In your network?

Enable packet capturing on Instant AP or Moodily Controller (MC) datepath on an ongoing basis

Enable packet capturing on Instant AP or Mobility Controller (MC) control path on an ongoing basis.

Ensure that all network infrastructure devices receive a valid clock using authenticated NTP

Ensure that all network Infrastructure devices use RADIUS rather than TACACS+ to authenticate managers

NEW QUESTION 33
You need to deploy an Aruba instant AP where users can physically reach It. What are two recommended options for enhancing security for management access to the AP? (Select two )

Disable Its console ports

Place a Tamper Evident Label (TELS) over its console port

Disable the Web Ul.

Configure WPA3-Enterpnse security on the AP

install a CA-signed certificate

NEW QUESTION 34
You have been asked to rind logs related to port authentication on an ArubaOS-CX switch for events logged in the past several hours But. you are having trouble searching through the logs What is one approach that you can take to find the relevant logs?

Add the “-C and *-c port-access” options to the “show logging” command.

Configure a logging Tiller for the “port-access” category, and apply that filter globally.

Enable debugging for “portaccess” to move the relevant logs to a buffer.

Specify a logging facility that selects for “port-access” messages.

NEW QUESTION 35
You are deploying an Aruba Mobility Controller (MC). What is a best practice for setting up secure management access to the ArubaOS Web UP

Avoid using external manager authentication tor the Web UI.

Change the default 4343 port tor the web UI to TCP 443.

Install a CA-signed certificate to use for the Web UI server certificate.

Make sure to enable HTTPS for the Web UI and select the self-signed certificate Installed in the factory.

NEW QUESTION 36
You are troubleshooting an authentication issue for Aruba switches that enforce 802 IX10 a cluster of Aruba ClearPass Policy Manager (CPPMs) You know that CPPM Is receiving and processing the authentication requests because the Aruba switches are showing Access-Rejects in their statistics However, you cannot find the record tor the Access-Rejects in CPPM Access Tracker What is something you can do to look for the records?

Make sure that CPPM cluster settings are configured to show Access-Rejects

Verify that you are logged in to the CPPM Ul with read-write, not read-only, access

Click Edit in Access viewer and make sure that the correct servers are selected.

Go to the CPPM Event Viewer, because this is where RADIUS Access Rejects are stored.

NEW QUESTION 37
A company with 382 employees wants to deploy an open WLAN for guests. The company wants the experience to be as follows:

The company also wants to provide encryption for the network for devices mat are capable, you implement Tor the WLAN?
Which security options should

WPA3-Personal and MAC-Auth

Captive portal and WPA3-Personai

Captive portal and Opportunistic Wireless Encryption (OWE) in transition mode

Opportunistic Wireless Encryption (OWE) and WPA3-Personal

NEW QUESTION 38
Refer to the exhibit.

You have set up a RADIUS server on an ArubaOS Mobility Controller (MC) when you created a WLAN named “MyEmployees .You now want to enable the MC to accept change of authorization (CoA) messages from this server for wireless sessions on this WLAN.
What Is a part of the setup on the MC?

Create a dynamic authorization, or RFC 3576, server with the 10.5.5.5 address and correct shared secret.

Install the root CA associated with the 10 5.5.5 server’s certificate as a Trusted CA certificate.

Configure a ClearPass username and password in the MyEmployees AAA profile.

Enable the dynamic authorization setting in the “clearpass” authentication server settings.

NEW QUESTION 39
Which attack is an example or social engineering?

An email Is used to impersonate a Dank and trick users into entering their bank login information on a fake website page.

A hacker eavesdrops on insecure communications, such as Remote Desktop Program (RDP). and discovers login credentials.

A user visits a website and downloads a file that contains a worm, which sell-replicates throughout the network.

An attack exploits an operating system vulnerability and locks out users until they pay the ransom.

NEW QUESTION 40
What role does the Aruba ClearPass Device Insight Analyzer play in the Device Insight architecture?

It resides in the cloud and manages licensing and configuration for Collectors

It resides on-prem and provides the span port to which traffic is mirrored for deep analytics.

It resides on-prem and is responsible for running active SNMP and Nmap scans

It resides In the cloud and applies machine learning and supervised crowdsourcing to metadata sent by Collectors

NEW QUESTION 41
What is a guideline for managing local certificates on an ArubaOS-Switch?

Before installing the local certificate, create a trust anchor (TA) profile with the root CA certificate for the certificate that you will install

Install an Online Certificate Status Protocol (OCSP) certificate to simplify the process of enrolling and re-enrolling for certificate

Generate the certificate signing request (CSR) with a program offline, then, install both the certificate and the private key on the switch in a single file.

Create a self-signed certificate online on the switch because ArubaOS-Switches do not support CA-signed certificates.

Updated Apr-2022 Pass HPE6-A78 Exam – Real Practice Test Questions: https://www.prepawaypdf.com/HP/HPE6-A78-practice-exam-dumps.html

HP HPE6-A78 Exam Syllabus Topics:

Related posts:

admin

You might also like

Leave a Reply Cancel reply