Latest HP HPE6-A78 Actual Free Exam Questions & Community Discussion, Page 5

Question #61

Which is a correct description of a stage in the Lockheed Martin kill chain?

A. In the delivery stage, malware collects valuable data and delivers or exfilltrated it to the hacker.

B. In the exploitation and installation phases, malware creates a backdoor into the infected system for the hacker.

C. In the reconnaissance stage, the hacker assesses the impact of the attack and how much information was exfilltrated.

D. In the weaponization stage, which occurs after malware has been delivered to a system, the malware executes Its function.

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #62

What is the purpose of an Enrollment over Secure Transport (EST) server?

A. It provides a secure central repository for private keys associated with devices' digital certif-icates.

B. It provides a more secure alternative to private CAs at less cost than a public CA.

C. It helps admins to avoid expired certificates with less management effort.

D. It acts as an intermediate Certification Authority (CA) that signs end-entity certificates.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #63

Refer to the exhibit.
Device A is establishing an HTTPS session with the Arubapedia web sue using Chrome. The Arubapedia web server sends the certificate shown in the exhibit What does the browser do as part of vacating the web server certificate?

A. It uses the public key in the DigCen SHA2 Secure Server CA certificate to check the certificate's signature.

B. It uses the public key in the DigCert root CA certificate to check the certificate signature

C. It uses the private key in the Arubapedia web site's certificate to check that certificate's signature

D. It uses the private key in the DigiCert SHA2 Secure Server CA to check the certificate's signature.

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #64

Refer to the exhibit:
port-access role role1 vlan access 11
port-access role role2 vlan access 12
port-access role role3 vlan access 13
port-access role role4 vlan access 14
aaa authentication port-access dot1x authenticator
enable
interface 1/1/1
no shutdown
no routing
vlan access 1
aaa authentication port-access critical-role role1
aaa authentication port-access preauth-role role2
aaa authentication port-access auth-role role3
interface 1/1/2
no shutdown
no routing
vlan access 1
aaa authentication port-access critical-role role1
aaa authentication port-access preauth-role role2
aaa authentication port-access auth-role role3
The exhibit shows the configuration on an AOS-CX switch.
Client1 connects to port 1/1/1 and authenticates to HPE Aruba Networking ClearPass Policy Manager (CPPM). CPPM sends an Access-Accept with this VSA: Aruba-User-Role: role4.
Client2 connects to port 1/1/2 and does not attempt to authenticate.
To which roles are the users assigned?

A. Client1 = role4; Client2 = role1

B. Client1 = role4; Client2 = role2

C. Client1 = role3; Client2 = role1

D. Client1 = role3; Client2 = role2

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #65

A company has Aruba Mobility Controllers (MCs), Aruba campus APs, and ArubaOS-Switches. The company plans to use ClearPass Policy Manager (CPPM) to classify endpoints by type. This company is using only CPPM and no other ClearPass solutions.
The ClearPass admins tell you that they want to use HTTP User-Agent strings to help classify endpoints.
What should you do as a part of configuring the ArubaOS-Switches to support this requirement?

A. Connect the switches to CPPM's span ports, and set up mirroring of HTTP traffic on the switches.

B. Create remote mirrors that collect traffic on edge ports, and mirror it to CPPM's IP address.

C. Create a device fingerprinting policy that includes HTTP, and apply the policy to edge ports.

D. Configure CPPM as the sFlow collector, and make sure that sFlow is enabled on edge ports.

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #66

You are troubleshooting an authentication issue for Aruba switches that enforce 802 IX10 a cluster of Aruba ClearPass Policy Manager (CPPMs) You know that CPPM Is receiving and processing the authentication requests because the Aruba switches are showing Access-Rejects in their statistics However, you cannot find the record tor the Access-Rejects in CPPM Access Tracker What is something you can do to look for the records?

A. Click Edit in Access viewer and make sure that the correct servers are selected.

B. Make sure that CPPM cluster settings are configured to show Access-Rejects

C. Go to the CPPM Event Viewer, because this is where RADIUS Access Rejects are stored.

D. Verify that you are logged in to the CPPM Ul with read-write, not read-only, access

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #67

What is one practice that can help you to maintain a digital chain or custody In your network?

A. Ensure that all network infrastructure devices receive a valid clock using authenticated NTP

B. Enable packet capturing on Instant AP or Moodily Controller (MC) datepath on an ongoing basis

C. Ensure that all network Infrastructure devices use RADIUS rather than TACACS+ to authenticate managers

D. Enable packet capturing on Instant AP or Mobility Controller (MC) control path on an ongoing basis.

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #68

What is a vulnerability of an unauthenticated Dime-Heliman exchange?

A. A brute force attack can relatively quickly derive Diffie-Hellman private values if they are able to obtain public values

B. Diffie-Hellman with elliptic curve values is no longer considered secure in modem networks, based on NIST recommendations.

C. A hacker can replace the public values exchanged by the legitimate peers and launch an MITM attack.

D. Participants must agree on a passphrase in advance, which can limit the usefulness of Diffie- Hell man in practical contexts.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #69

What is one method for HPE Aruba Networking ClearPass Policy Manager (CPPM) to use DHCP to classify an endpoint?

A. It can respond to a client's DHCP Discover with different DHCP Offers and then analyze the responses to identify the client OS.

B. It can snoop DHCP traffic to register the clients' IP addresses. It then knows where to direct its HTTP requests to actively probe for information about the client.

C. It can alter the DHCP Offer to insert itself as a proxy gateway. It will then be inline in the traffic flow and can apply traffic analytics to classify clients.

D. It can determine information such as the endpoint OS from the order of options listed in Option 55 of a DHCP Discover packet.

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #70

A company is deploying AOS-CX switches to support 114 employees, which will tunnel client traffic to an HPE Aruba Networking Mobility Controller (MC) for the MC to apply firewall policies and deep packet inspection (DPI). This MC will be dedicated to receiving traffic from the AOS-CX switches.
What are the licensing requirements for the MC?

A. One PEF license per switch

B. One PEF license per switch, and one WCC license per switch

C. One AP license per switch

D. One AP license per switch, and one PEF license per switch

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #71

You have been asked to send RADIUS debug messages from an AOS-CX switch to a central SIEM server at 10.5.15.6. The server is already defined on the switch with this command:
logging 10.5.15.6
You enter this command:
debug radius all
What is the correct debug destination?

A. file

B. syslog

C. console

D. buffer

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #72

A client has accessed an HTTPS server at myhost1.example.com using Chrome. The server sends a certificate that includes these properties:
Subject name: myhost.example.com
SAN: DNS: myhost.example.com; DNS: myhost1.example.com
Extended Key Usage (EKU): Server authentication
Issuer: MyCA_Signing
The server also sends an intermediate CA certificate for MyCA_Signing, which is signed by MyCA. The client's Trusted CA Certificate list does not include the MyCA or MyCA_Signing certificates.
Which factor or factors prevent the client from trusting the certificate?

A. The client does not have the correct trusted CA certificates.

B. The certificate lacks the correct EKU.

C. The certificate lacks a valid SAN, and the client does not have the correct trusted CA certificates.

D. The certificate lacks a valid SAN.

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #73

You need to implement a WPA3-Enterprise network that can also support WPA2-Enterprise clients. What is a valid configuration for the WPA3-Enterprise WLAN?

A. CNSA mode enabled with 128-bit keys

B. CNSA mode disabled with 256-bit keys

C. CNSA mode disabled with 128-bit keys

D. CNSA mode enabled with 256-bit keys

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #74

You have configured a WLAN to use Enterprise security with the WPA3 version.
How does the WLAN handle encryption?

A. Traffic is encrypted with AES and keys derived from a PMK shared by all clients on the WLAN.

B. Traffic is encrypted with TKIP and keys derived from a unique PMK per client.

C. Traffic is encrypted with AES and keys derived from a unique PMK per client.

D. Traffic is encrypted with TKIP and keys derived from a PMK shared by all clients on the WLAN.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #75

The monitoring admin has asked you to set up an AOS-CX switch to meet these criteria:
Send logs to a SIEM Syslog server at 10.4.13.15 at the standard TCP port (514) Send a log for all events at the "warning" level or above; do not send logs with a lower level than "warning" The switch did not have any "logging" configuration on it. You then entered this command:
AOS-CX(config)# logging 10.4.13.15 tcp vrf default
What should you do to finish configuring to the requirements?

A. Add logging categories at the global level.

B. Ask for the Syslog password and configure it on the switch.

C. Configure logging as a debug destination.

D. Specify the "warning" severity level for the logging server.

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

HP HPE6-A78 Actual Free Exam Questions & Community Discussion

Download Free HP HPE6-A78 Demo