Get New 2022 Valid Practice To your HPE6-A78 Exam (Updated 62 Questions) [Q11-Q35]

Get New 2022 Valid Practice To your HPE6-A78 Exam (Updated 62 Questions)

Aruba ACNSA HPE6-A78 Exam Practice Test Questions Dumps Bundle!

NEW QUESTION 11
An ArubaOS-CX switch enforces 802.1X on a port. No fan-through options or port-access roles are configured on the port The 802 1X supplicant on a connected client has not yet completed authentication Which type of traffic does the authenticator accept from the client?

• A. RADIUS only
• B. DHCP, DNS, and EAP only
• C. EAP only
• D. DHCP, DNS and RADIUS only

Answer: C

 

NEW QUESTION 12
You are managing an Aruba Mobility Controller (MC). What is a reason for adding a "Log Settings" definition in the ArubaOS Diagnostics > System > Log Settings page?

• A. Configuring the log facility and log format that the MC will use for forwarding logs to all Syslog servers
• B. Configuring a filter that you can apply to a defined Syslog server in order to filter events by subcategory
• C. Configuring the Syslog server settings for the server to which the MC forwards logs for a particular category and level
• D. Configuring the MC to generate logs for a particular event category and level, but only for a specific user or AP.

Answer: C

 

NEW QUESTION 13
You have an Aruba Mobility Controller (MC). for which you are already using Aruba ClearPass Policy Manager (CPPM) to authenticate access to the Web Ul with usernames and passwords You now want to enable managers to use certificates to log in to the Web Ul CPPM will continue to act as the external server to check the names in managers' certificates and tell the MC the managers' correct rote in addition to enabling certificate authentication. what is a step that you should complete on the MC?

• A. Verify that the MC trusts CPPM's HTTPS certificate by uploading a trusted CA certificate Also, configure a CPPM username and password on the MC
• B. Verify that the MC has the correct certificates, and add RadSec to the RADIUS server configuration for CPPM
• C. install all of the managers' certificates on the MC as OCSP Responder certificates
• D. Create a local admin account mat uses certificates in the account, specify the correct trusted CA certificate and external authentication

Answer: B

 

NEW QUESTION 14
What is a benefit of deploying Aruba ClearPass Device insight?

• A. Simpler troubleshooting of ClearPass solutions across an environment with multiple ClearPass Policy Managers
• B. Agent-based analysts of devices' security settings and health status, with the ability to implement quarantining
• C. Highly accurate endpoint classification for environments with many devices types, including Internet of Things (loT)
• D. visibility into devices' 802.1X supplicant settings and automated certificate deployment

Answer: D

 

NEW QUESTION 15
Refer to the exhibit.

This Aruba Mobility Controller (MC) should authenticate managers who access the Web Ul to ClearPass Policy Manager (CPPM) ClearPass admins have asked you to use RADIUS and explained that the MC should accept managers' roles in Aruba-Admin-Role VSAs Which setting should you change to follow Aruba best security practices?

• A. Clear the MSCHAP check box
• B. Change the default role to "guest-provisioning"
• C. Disable local authentication
• D. Change the local user role to read-only

Answer: B

 

NEW QUESTION 16
You have been asked to rind logs related to port authentication on an ArubaOS-CX switch for events logged in the past several hours But. you are having trouble searching through the logs What is one approach that you can take to find the relevant logs?

• A. Configure a logging Tiller for the "port-access" category, and apply that filter globally.
• B. Specify a logging facility that selects for "port-access" messages.
• C. Add the "-C and *-c port-access" options to the "show logging" command.
• D. Enable debugging for "portaccess" to move the relevant logs to a buffer.

Answer: C

 

NEW QUESTION 17
You are troubleshooting an authentication issue for Aruba switches that enforce 802 IX10 a cluster of Aruba ClearPass Policy Manager (CPPMs) You know that CPPM Is receiving and processing the authentication requests because the Aruba switches are showing Access-Rejects in their statistics However, you cannot find the record tor the Access-Rejects in CPPM Access Tracker What is something you can do to look for the records?

• A. Verify that you are logged in to the CPPM Ul with read-write, not read-only, access
• B. Make sure that CPPM cluster settings are configured to show Access-Rejects
• C. Go to the CPPM Event Viewer, because this is where RADIUS Access Rejects are stored.
• D. Click Edit in Access viewer and make sure that the correct servers are selected.

Answer: B

 

NEW QUESTION 18
What is an Authorized client as defined by ArubaOS Wireless Intrusion Prevention System (WIP)?

• A. a client that has a certificate issued by a trusted Certification Authority (CA)
• B. a client that is on the WIP whitelist.
• C. a client that is not on the WIP blacklist
• D. a client that has successfully authenticated to an authorized AP and passed encrypted traffic

Answer: D

 

NEW QUESTION 19
What is a correct guideline for the management protocols that you should use on ArubaOS-Switches?

• A. Disable Telnet and use TFTP instead.
• B. Disable HTTPS and use SSH instead
• C. Disable Telnet and use SSH instead
• D. Disable SSH and use https instead.

Answer: D

 

NEW QUESTION 20
You need to deploy an Aruba instant AP where users can physically reach It. What are two recommended options for enhancing security for management access to the AP? (Select two )

• A. install a CA-signed certificate
• B. Configure WPA3-Enterpnse security on the AP
• C. Disable the Web Ul.
• D. Disable Its console ports
• E. Place a Tamper Evident Label (TELS) over its console port

Answer: A,E

 

NEW QUESTION 21
Refer to the exhibit, which shows the current network topology.

You are deploying a new wireless solution with an Aruba Mobility Master (MM). Aruba Mobility Controllers (MCs). and campus APs (CAPs). The solution will Include a WLAN that uses Tunnel for the forwarding mode and Implements WPA3-Enterprise security What is a guideline for setting up the vlan for wireless devices connected to the WLAN?

• A. Assign the WLAN to a single new VLAN which is dedicated to wireless users
• B. Use wireless user roles to assign the devices to a range of new vlan IDs.
• C. Assign the WLAN to a named VLAN which specified 100-150 as the range of IDs.
• D. Use wireless user roles to assign the devices to different VLANs in the 100-150 range

Answer: D

 

NEW QUESTION 22
What is one way a noneypot can be used to launch a man-in-the-middle (MITM) attack to wireless clients?

• A. it examines wireless clients' probes and broadcasts the SSlDs in the probes, so that wireless clients will connect to it automatically.
• B. it uses a combination or software and hardware to jam the RF band and prevent the client from connecting to any wireless networks
• C. it runs an NMap scan on the wireless client to And the clients MAC and IP address. The hacker then connects to another network and spoofs those addresses.
• D. it uses ARP poisoning to disconnect wireless clients from the legitimate wireless network and force clients to connect to the hacker's wireless network instead.

Answer: D

 

NEW QUESTION 23
Refer to the exhibit.

A diem is connected to an ArubaOS Mobility Controller. The exhibit snows all Tour firewall rules that apply to this diem What correctly describes how the controller treats HTTPS packets to these two IP addresses, both of which are on the other side of the firewall
10.1 10.10
203.0.13.5

• A. it permits both of the packets
• B. It permits the packet to 10.1.10.10 and drops the packet to 203 0.13.5
• C. It drops both of the packets
• D. It drops the packet to 10.1.10.10 and permits the packet to 203.0.13.5.

Answer: A

 

NEW QUESTION 24
What is an example or phishing?

• A. An attacker lures clients to connect to a software-based AP that is using a legitimate SSID.
• B. An attacker sends TCP messages to many different ports to discover which ports are open.
• C. An attacker checks a user's password by using trying millions of potential passwords.
• D. An attacker sends emails posing as a service team member to get users to disclose their passwords.

Answer: D

 

NEW QUESTION 25
Refer to the exhibit.

You are deploying a new ArubaOS Mobility Controller (MC), which is enforcing authentication to Aruba ClearPass Policy Manager (CPPM). The authentication is not working correctly, and you find the error shown In the exhibit in the CPPM Event Viewer.
What should you check?

• A. that the MC has been added as a domain machine on the Active Directory domain with which CPPM is synchronized
• B. that the IP address that the MC is using to reach CPPM matches the one defined for the device on CPPM
• C. that the MC has valid admin credentials configured on it for logging into the CPPM
• D. that the snared secret configured for the CPPM authentication server matches the one defined for the device on CPPM

Answer: B

 

NEW QUESTION 26
What are some functions of an AruDaOS user role?

• A. The role determines which control plane ACL rules apply to the client's traffic
• B. The role determines which authentication methods the user must pass to gain network access
• C. The role determines which firewall policies and bandwidth contract apply to the clients traffic
• D. The role determines which wireless networks (SSiDs) a user is permitted to access

Answer: B

 

NEW QUESTION 27
Refer to the exhibit.

You have set up a RADIUS server on an ArubaOS Mobility Controller (MC) when you created a WLAN named "MyEmployees .You now want to enable the MC to accept change of authorization (CoA) messages from this server for wireless sessions on this WLAN.
What Is a part of the setup on the MC?

• A. Install the root CA associated with the 10 5.5.5 server's certificate as a Trusted CA certificate.
• B. Configure a ClearPass username and password in the MyEmployees AAA profile.
• C. Enable the dynamic authorization setting in the "clearpass" authentication server settings.
• D. Create a dynamic authorization, or RFC 3576, server with the 10.5.5.5 address and correct shared secret.

Answer: A

 

NEW QUESTION 28
Refer to the exhibit.

How can you use the thumbprint?

• A. When you first connect to the switch with SSH from a management station, make sure that the thumbprint matches to ensure that a man-in-t he-mid die (MITM) attack is not occurring
• B. Copy the thumbprint to other Aruba switches to establish a consistent SSH Key for all switches this will enable managers to connect to the switches securely with less effort
• C. install this thumbprint on management stations the stations can then authenticate with the thumbprint instead of admins having to enter usernames and passwords.
• D. Install this thumbprint on management stations to use as two-factor authentication along with manager usernames and passwords, this will ensure managers connect from valid stations

Answer: A

 

NEW QUESTION 29
What distinguishes a Distributed Denial of Service (DDoS) attack from a traditional Denial or service attack (DoS)?

• A. A DDoS attack is launched from multiple devices, while a DoS attack is launched from a single device
• B. A DDoS attack originates from external devices, while a DoS attack originates from internal devices
• C. A DDoS attack targets multiple devices, while a DoS Is designed to Incapacitate only one device
• D. A DoS attack targets one server, a DDoS attack targets all the clients that use a server

Answer: B

 

NEW QUESTION 30
A company is deploying ArubaOS-CX switches to support 135 employees, which will tunnel client traffic to an Aruba Mobility Controller (MC) for the MC to apply firewall policies and deep packet inspection (DPI).
This MC will be dedicated to receiving traffic from the ArubaOS-CX switches.
What are the licensing requirements for the MC?

• A. one PEF license per-switch. and one WCC license per-switch
• B. one PEF license per-switch
• C. one AP license per-switch
• D. one AP license per-switch. and one PEF license per-switch

Answer: D

 

NEW QUESTION 31
Which attack is an example or social engineering?

• A. An email Is used to impersonate a Dank and trick users into entering their bank login information on a fake website page.
• B. A user visits a website and downloads a file that contains a worm, which sell-replicates throughout the network.
• C. An attack exploits an operating system vulnerability and locks out users until they pay the ransom.
• D. A hacker eavesdrops on insecure communications, such as Remote Desktop Program (RDP). and discovers login credentials.

Answer: A

 

NEW QUESTION 32
What is one of the roles of the network access server (NAS) in the AAA framewonx?

• A. It authenticates legitimate users and uses policies to determine which resources each user is allowed to access.
• B. It negotiates with each user's device to determine which EAP method is used for authentication
• C. It determines which resources authenticated users are allowed to access and monitors each users session
• D. It enforces access to network services and sends accounting information to the AAA server

Answer: A

 

NEW QUESTION 33
What role does the Aruba ClearPass Device Insight Analyzer play in the Device Insight architecture?

• A. It resides on-prem and provides the span port to which traffic is mirrored for deep analytics.
• B. It resides in the cloud and manages licensing and configuration for Collectors
• C. It resides In the cloud and applies machine learning and supervised crowdsourcing to metadata sent by Collectors
• D. It resides on-prem and is responsible for running active SNMP and Nmap scans

Answer: C

 

NEW QUESTION 34
You have been instructed to look in the ArubaOS Security Dashboard's client list Your goal is to find clients mat belong to the company and have connected to devices that might belong to hackers Which client fits this description?

• A. MAC address d8:50:e6 f3;6e;c5; Client Classification Interfering. AP Classification Neighbor
• B. MAC address d8:50:e6:f3;6e;60; Client Classification Interfering. AP Classification Interfering
• C. MAC address d8:50:e6:f3;TO;ab; Client Classification Interfering. AP Classification Rogue
• D. MAC address d8:50:e6:f3;6d;a4; Client Classification Authorized; AP Classification, interfering

Answer: B

 

NEW QUESTION 35
......

HP HPE6-A78 Exam Syllabus Topics:

Topic	Details
Topic 1	View and acknowledge WIPS and WIDS, alarms Troubleshoot with access tracker
Topic 2	Disable insecure protocols and follow best practices for implement secure management protocols such as SSH, HTTPS
Topic 3	Collect and monitor historical network pattern data Describe firewall (PEF), dynamic segmentation, RBAC, AppRF
Topic 4	Compare and contrast wired LAN methodologies Explain the purpose and methods of a packet capture
Topic 5	Identify and evaluate discovered endpoints Describe common security threats
Topic 6	Explain attack stages and kill chain Identify the difference between a threat and a vulnerability
Topic 7	Compare and contrast wireless LAN methodologies Describe user roles and policy enforcement

 

Fully Updated Dumps PDF - Latest HPE6-A78 Exam Questions and Answers: https://www.torrentvalid.com/HPE6-A78-valid-braindumps-torrent.html

Updated HPE6-A78 PDF for the HPE6-A78 Tests Free Updated Today: https://drive.google.com/open?id=1dcfyUBSvWmH6JxVhfc6YO03uD0gAjSvB