HPE6-A78 PDF Exam Material 2022 Realistic HPE6-A78 Dumps Questions [Q17-Q40]

Share

HPE6-A78 PDF Exam Material 2022 Realistic HPE6-A78 Dumps Questions

Updated HP HPE6-A78 Dumps – PDF & Online Engine


HP HPE6-A78 Exam Syllabus Topics:

TopicDetails
Topic 1
  • Explain common security protocols and their use cases
  • Compare endpoint classifications methods
Topic 2
  • Identify and evaluate discovered endpoints
  • Describe common security threats
Topic 3
  • Explain attack stages and kill chain
  • Identify the difference between a threat and a vulnerability
Topic 4
  • Collect and monitor historical network pattern data
  • Describe firewall (PEF), dynamic segmentation, RBAC, AppRF
Topic 5
  • Describe and deploy basic user roles for wireless users
  • Define and deploy basic user roles for wired users
Topic 6
  • Compare and contrast wireless LAN methodologies
  • Describe user roles and policy enforcement

 

NEW QUESTION 17
You have detected a Rogue AP using the Security Dashboard Which two actions should you take in responding to this event? (Select two)

  • A. You should receive permission before containing an AP. as this action could have legal Implications.
  • B. There is no need to locate the AP If the Aruba solution is properly configured to automatically contain it.
  • C. This is a serious security event, so you should always contain the AP immediately regardless of your company's specific policies.
  • D. There is no need to locale the AP If you manually contain It.
  • E. For forensic purposes, you should copy out logs with relevant information, such as the time mat the AP was detected and the AP's MAC address.

Answer: C,E

 

NEW QUESTION 18
What is one way that WPA3-PerSonal enhances security when compared to WPA2-Personal?

  • A. WPA3-Personai is more resistant to passphrase cracking Because it requires passphrases to be at least 12 characters
  • B. WPA3-Personai prevents eavesdropping on other users' wireless traffic by a user who knows the passphrase for the WLAN.
  • C. WPA3-Perscn3i is more secure against password leaking Because all users nave their own username and password
  • D. WPA3-Personal is more complicated to deploy because it requires a backend authentication server

Answer: C

 

NEW QUESTION 19
What distinguishes a Distributed Denial of Service (DDoS) attack from a traditional Denial or service attack (DoS)?

  • A. A DDoS attack is launched from multiple devices, while a DoS attack is launched from a single device
  • B. A DDoS attack targets multiple devices, while a DoS Is designed to Incapacitate only one device
  • C. A DoS attack targets one server, a DDoS attack targets all the clients that use a server
  • D. A DDoS attack originates from external devices, while a DoS attack originates from internal devices

Answer: D

 

NEW QUESTION 20
What is an Authorized client as defined by ArubaOS Wireless Intrusion Prevention System (WIP)?

  • A. a client that is on the WIP whitelist.
  • B. a client that has a certificate issued by a trusted Certification Authority (CA)
  • C. a client that is not on the WIP blacklist
  • D. a client that has successfully authenticated to an authorized AP and passed encrypted traffic

Answer: D

 

NEW QUESTION 21
You have an Aruba Mobility Controller (MC). for which you are already using Aruba ClearPass Policy Manager (CPPM) to authenticate access to the Web Ul with usernames and passwords You now want to enable managers to use certificates to log in to the Web Ul CPPM will continue to act as the external server to check the names in managers' certificates and tell the MC the managers' correct rote in addition to enabling certificate authentication. what is a step that you should complete on the MC?

  • A. install all of the managers' certificates on the MC as OCSP Responder certificates
  • B. Create a local admin account mat uses certificates in the account, specify the correct trusted CA certificate and external authentication
  • C. Verify that the MC has the correct certificates, and add RadSec to the RADIUS server configuration for CPPM
  • D. Verify that the MC trusts CPPM's HTTPS certificate by uploading a trusted CA certificate Also, configure a CPPM username and password on the MC

Answer: C

 

NEW QUESTION 22
Refer to the exhibit.

This Aruba Mobility Controller (MC) should authenticate managers who access the Web Ul to ClearPass Policy Manager (CPPM) ClearPass admins have asked you to use RADIUS and explained that the MC should accept managers' roles in Aruba-Admin-Role VSAs Which setting should you change to follow Aruba best security practices?

  • A. Change the default role to "guest-provisioning"
  • B. Change the local user role to read-only
  • C. Disable local authentication
  • D. Clear the MSCHAP check box

Answer: A

 

NEW QUESTION 23
From which solution can ClearPass Policy Manager (CPPM) receive detailed information about client device type OS and status?

  • A. ClearPass Guest
  • B. ClearPass Onboard
  • C. ClearPass OnGuard
  • D. ClearPass Access Tracker

Answer: C

 

NEW QUESTION 24
What role does the Aruba ClearPass Device Insight Analyzer play in the Device Insight architecture?

  • A. It resides on-prem and provides the span port to which traffic is mirrored for deep analytics.
  • B. It resides on-prem and is responsible for running active SNMP and Nmap scans
  • C. It resides In the cloud and applies machine learning and supervised crowdsourcing to metadata sent by Collectors
  • D. It resides in the cloud and manages licensing and configuration for Collectors

Answer: C

 

NEW QUESTION 25
You have been instructed to look in the ArubaOS Security Dashboard's client list Your goal is to find clients mat belong to the company and have connected to devices that might belong to hackers Which client fits this description?

  • A. MAC address d8:50:e6:f3;6e;60; Client Classification Interfering. AP Classification Interfering
  • B. MAC address d8:50:e6 f3;6e;c5; Client Classification Interfering. AP Classification Neighbor
  • C. MAC address d8:50:e6:f3;TO;ab; Client Classification Interfering. AP Classification Rogue
  • D. MAC address d8:50:e6:f3;6d;a4; Client Classification Authorized; AP Classification, interfering

Answer: A

 

NEW QUESTION 26
You configure an ArubaOS-Switch to enforce 802.1X authentication with ClearPass Policy Manager (CPPM) denned as the RADIUS server Clients cannot authenticate You check Aruba ClearPass Access Tracker and cannot find a record of the authentication attempt.
What are two possible problems that have this symptom? (Select two)

  • A. CPPM does not have a network device defined for the switch's IP address.
  • B. Clients are configured to use a mismatched EAP method from the one In the CPPM service.
  • C. users are logging in with the wrong usernames and passwords or invalid certificates.
  • D. The RADIUS shared secret does not match between the switch and CPPM.
  • E. Clients are not configured to trust the root CA certificate for CPPM's RADIUS/EAP certificate.

Answer: C,E

 

NEW QUESTION 27
What is a use case for tunneling traffic between an Aruba switch and an AruDa Mobility Controller (MC)?

  • A. enhancing the security of communications from the access layer to the core with data encryption
  • B. securing the network infrastructure control plane by creating a virtual out-of-band-management network
  • C. applying firewall policies and deep packet inspection to wired clients
  • D. simplifying network infrastructure management by using the MC to push configurations to the switches

Answer: C

 

NEW QUESTION 28
You have been asked to rind logs related to port authentication on an ArubaOS-CX switch for events logged in the past several hours But. you are having trouble searching through the logs What is one approach that you can take to find the relevant logs?

  • A. Specify a logging facility that selects for "port-access" messages.
  • B. Configure a logging Tiller for the "port-access" category, and apply that filter globally.
  • C. Enable debugging for "portaccess" to move the relevant logs to a buffer.
  • D. Add the "-C and *-c port-access" options to the "show logging" command.

Answer: D

 

NEW QUESTION 29
How should admins deal with vulnerabilities that they find in their systems?

  • A. They should notify the security team as soon as possible that the network has already been breached.
  • B. They should classify the vulnerability as malware. a DoS attack or a phishing attack.
  • C. They should add the vulnerability to their Common Vulnerabilities and Exposures (CVE).
  • D. They should apply fixes, such as patches, to close the vulnerability before a hacker exploits it.

Answer: D

 

NEW QUESTION 30
How does the ArubaOS firewall determine which rules to apply to a specific client's traffic?

  • A. The firewall applies every rule that includes the dent's IP address as the source.
  • B. The firewall applies every rule that includes the client's IP address as the source or destination.
  • C. The firewall applies the rules in policies associated with the client's wlan
  • D. The firewall applies thee rules in policies associated with the client's user role.

Answer: A

 

NEW QUESTION 31
Refer to the exhibit.

You need to ensure that only management stations in subnet 192.168.1.0/24 can access the ArubaOS-Switches' CLI. Web Ul. and REST interfaces The company also wants to let managers use these stations to access other parts of the network What should you do?

  • A. Specify 192.168.1.0.255.255.255.0 as authorized IP manager address
  • B. Establish a Control Plane Policing class that selects traffic from 192.168 1.0/24.
  • C. Specify vlan 100 as the management vlan for the switches.
  • D. Configure the switch to listen for these protocols on OOBM only.

Answer: B

 

NEW QUESTION 32
You are deploying an Aruba Mobility Controller (MC). What is a best practice for setting up secure management access to the ArubaOS Web UP

  • A. Change the default 4343 port tor the web UI to TCP 443.
  • B. Install a CA-signed certificate to use for the Web UI server certificate.
  • C. Avoid using external manager authentication tor the Web UI.
  • D. Make sure to enable HTTPS for the Web UI and select the self-signed certificate Installed in the factory.

Answer: B

 

NEW QUESTION 33
You are managing an Aruba Mobility Controller (MC). What is a reason for adding a "Log Settings" definition in the ArubaOS Diagnostics > System > Log Settings page?

  • A. Configuring a filter that you can apply to a defined Syslog server in order to filter events by subcategory
  • B. Configuring the log facility and log format that the MC will use for forwarding logs to all Syslog servers
  • C. Configuring the Syslog server settings for the server to which the MC forwards logs for a particular category and level
  • D. Configuring the MC to generate logs for a particular event category and level, but only for a specific user or AP.

Answer: C

 

NEW QUESTION 34
Your Aruba Mobility Master-based solution has detected a rogue AP Among other information the ArubaOS Detected Radios page lists this Information for the AP SSID = PubllcWiFI BSSID = a8M27 12 34:56 Match method = Exact match Match type = Eth-GW-wired-Mac-Table The security team asks you to explain why this AP is classified as a rogue. What should you explain?

  • A. The AP has been detected as launching a DoS attack against your company's default gateway. This qualities it as a rogue which needs to be contained with wireless association frames immediately
  • B. The AP Is connected to your LAN because It is transmitting wireless traffic with your network's default gateway's MAC address as a source MAC Because it does not belong to the company, it is a rogue
  • C. The AP is spoofing a routers MAC address as its BSSID. This indicates mat, even though WIP cannot determine whether the AP is connected to your LAN. it is a rogue.
  • D. The ap has a BSSID mat matches authorized client MAC addresses. This indicates that the AP is spoofing the MAC address to gam unauthorized access to your company's wireless services, so It is a rogue

Answer: C

 

NEW QUESTION 35
Which correctly describes a way to deploy certificates to end-user devices?

  • A. in a Windows domain, domain group policy objects (GPOs) can automatically install computer, but not user certificates
  • B. ClearPass Onboard can help to deploy certificates to end-user devices, whether or not they are members of a Windows domain
  • C. ClearPass Device Insight can automatically discover end-user devices and deploy the proper certificates to them
  • D. ClearPass OnGuard can help to deploy certificates to end-user devices, whether or not they are members of a Windows domain

Answer: B

 

NEW QUESTION 36
What is one difference between EAP-Tunneled Layer security (EAP-TLS) and Protected EAP (PEAP)?

  • A. EAP-TLS begins with the establishment of a TLS tunnel, but PEAP does not use a TLS tunnel as part of Its process
  • B. EAP-TLS requires the supplicant to authenticate with a certificate, hut PEAP allows the supplicant to use a username and password.
  • C. EAP-TLS creates a TLS tunnel for transmitting user credentials securely while PEAP protects user credentials with TKIP encryption.
  • D. EAP-TLS creates a TLS tunnel for transmitting user credentials, while PEAP authenticates the server and supplicant during a TLS handshake.

Answer: B

 

NEW QUESTION 37
An ArubaOS-CX switch enforces 802.1X on a port. No fan-through options or port-access roles are configured on the port The 802 1X supplicant on a connected client has not yet completed authentication Which type of traffic does the authenticator accept from the client?

  • A. DHCP, DNS, and EAP only
  • B. EAP only
  • C. DHCP, DNS and RADIUS only
  • D. RADIUS only

Answer: B

 

NEW QUESTION 38
What is a benefit or using network aliases in ArubaOS firewall policies?

  • A. You can associate a reputation score with the network alias to create rules that filler traffic based on reputation rather than IP.
  • B. You can adjust the IP addresses in the aliases, and the rules using those aliases automatically update
  • C. You can use the aliases to conceal the true IP addresses of servers from potentially untrusted clients.
  • D. You can use the aliases to translate client IP addresses to other IP addresses on the other side of the firewall

Answer: A

 

NEW QUESTION 39
A company is deploying ArubaOS-CX switches to support 135 employees, which will tunnel client traffic to an Aruba Mobility Controller (MC) for the MC to apply firewall policies and deep packet inspection (DPI).
This MC will be dedicated to receiving traffic from the ArubaOS-CX switches.
What are the licensing requirements for the MC?

  • A. one AP license per-switch
  • B. one PEF license per-switch
  • C. one AP license per-switch. and one PEF license per-switch
  • D. one PEF license per-switch. and one WCC license per-switch

Answer: C

 

NEW QUESTION 40
......

HP HPE6-A78 Dumps PDF Are going to be The Best Score: https://dumpspdf.free4torrent.com/HPE6-A78-valid-dumps-torrent.html