HPE6-A78 Practice Questions

A.  

Avoid using external manager authentication tor the Web UI.

B.  

Change the default 4343 port tor the web UI to TCP 443.

C.  

Install a CA-signed certificate to use for the Web UI server certificate.

D.  

Make sure to enable HTTPS for the Web UI and select the self-signed certificate Installed in the factory.

A.  

Deploy a Device Insight Collector at every site in the corporate WAN to reduce the impact on WAN links.

B.  

Make sure that Aruba devices trust the root CA certificate for the ClearPass Device Insight Analyzer's HTTPS certificate.

C.  

Configure remote mirroring on access layer Aruba switches, using Device Insight Analyzer as the destination IP.

D.  

For companies with multiple sites, deploy a pair of Device Insight Collectors at the HQ or the central data center.

A.  

A user fails 802.1X authentication. The client remains connected, but is assigned the "guest" role.

B.  

A user authenticates successfully with 802.1 X. and the RADIUS Access-Accept includes an Aruba-User-Role VSA set to "employeel.” The client’s role is "guest."

C.  

A user authenticates successfully with 802.1X. and the RADIUS Access-Accept includes an Aruba-User-Role VSA set to "employee." The client’s role is "guest."

D.  

A user authenticates successfully with 802.1X, and the RADIUS Access-Accept includes an Aruba-User-RoleVSA set to "employeel." The client's role is "employeel."

A.  

There is no need to locale the AP If you manually contain It.

B.  

This is a serious security event, so you should always contain the AP immediately regardless of your company's specific policies.

C.  

You should receive permission before containing an AP. as this action could have legal Implications.

D.  

For forensic purposes, you should copy out logs with relevant information, such as the time mat the AP was detected and the AP's MAC address.

E.  

There is no need to locate the AP If the Aruba solution is properly configured to automatically contain it.

A.  

MAC address d8:50:e6:f3;6d;a4; Client Classification Authorized; AP Classification, interfering

B.  

MAC address d8:50:e6 f3;6e;c5; Client Classification Interfering. AP Classification Neighbor

C.  

MAC address d8:50:e6:f3;6e;60; Client Classification Interfering. AP Classification Interfering

D.  

MAC address d8:50:e6:f3;TO;ab; Client Classification Interfering. AP Classification Rogue

A.  

file

B.  

console

C.  

buffer

D.  

syslog

A.  

EAP only

B.  

DHCP, DNS and RADIUS only

C.  

RADIUS only

D.  

DHCP, DNS, and EAP only

A.  

Opportunistic Wireless Encryption (OWE) and WPA3-Personal

B.  

Captive portal and WPA3-Personal

C.  

WPA3-Personal and MAC-Auth

D.  

Captive portal and Opportunistic Wireless Encryption (OWE) in transition mode

A.  

Hackers can use ARP to change their NIC's MAC address so they can impersonate legiti-mate users.

B.  

Hackers can exploit the fact that the port used for ARP must remain open and thereby gain remote access to another user's device.

C.  

A hacker can use ARP to claim ownership of a CA-signed certificate that actually belongs to another device.

D.  

A hacker can send gratuitous ARP messages with the default gateway IP to cause devices to redirect traffic to the hacker's MAC address.

A.  

A device uses Intermediate Certification Authorities (CAs) to enable it to trust root CAs that are different from the root CA that signed its own certificate.

B.  

A user must manually choose to trust intermediate and end-entity certificates, or those certificates must be installed on the device as trusted in advance.

C.  

Root Certification Authorities (CAs) primarily sign certificates, and Intermediate Certification Authorities (CAs) primarily validate signatures.

D.  

A user must manually choose to trust a root Certification Authority (CA) certificate, or the root CA certificate must be installed on the device as trusted.