Latest update Lead4Pass HPE6-A78 dumps contain 60 latest exam questions and answers covering actual Aruba Certified Network Security Associate certification exam questions.
Download the latest HPE6-A78 dumps: https://www.leads4pass.com/hpe6-a78.html, use Lead4Pass to provide PDF and VCE study tools to help you study the complete exam questions efficiently and guarantee 100% success in passing the exam.
Read some of the latest HP HPE6-A78 exam questions and answers online:
| Number of exam questions | Exam name | Exam code |
| 15 | Aruba Certified Network Security Associate | HPE6-A78 |
Question 1:
You have an Aruba Mobility Controller (MC). for which you are already using Aruba ClearPass Policy Manager (CPPM) to authenticate access to the Web Ul with usernames and passwords You now want to enable managers to use certificates to log in to the Web Ul CPPM will continue to act as the external server to check the names in managers\’ certificates and tell the MC the managers\’ correct rote in addition to enabling certificate authentication.
What is a step that you should complete on the MC?
A. Verify that the MC has the correct certificates, and add RadSec to the RADIUS server configuration for CPPM
B. install all of the managers\’ certificates on the MC as OCSP Responder certificates
C. Verify that the MC trusts CPPM\’s HTTPS certificate by uploading a trusted CA certificate Also, configure a CPPM username and password on the MC
D. Create a local admin account mat uses certificates in the account, specify the correct trusted CA certificate and external authentication
Correct Answer: A
Question 2:
What is one of the roles of the network access server (NAS) in the AAA framework?
A. It authenticates legitimate users and uses policies to determine which resources each user is allowed to access.
B. It negotiates with each user\’s device to determine which EAP method is used for authentication
C. It enforces access to network services and sends accounting information to the AAA server
D. It determines which resources authenticated users are allowed to access and monitors each users
session
Correct Answer: A
Question 3:
What is a benefit or Protected Management Frame (PMF)? sometimes called Management Frame Protection (MFP)?
A. PMF helps to protect APs and MCs from unauthorized management access by hackers.
B. PMF ensures trial traffic between APs and Mobility Controllers (MCs) is encrypted.
C. PMF prevents hackers from capturing the traffic between APs and Mobility Controllers.
D. PMF protects clients from DoS attacks based on forged de-authentication frames
Correct Answer: A
Question 4:
What is a guideline for managing local certificates on an ArubaOS-Switch?
A. Before installing the local certificate, create a trust anchor (TA) profile with the root CA certificate for the certificate that you will install
B. Install an Online Certificate Status Protocol (OCSP) certificate to simplify the process of enrolling and re-enrolling for a certificate
C. Generate the certificate signing request (CSR) with a program offline, then, install both the certificate and the private key on the switch in a single file.
D. Create a self-signed certificate online on the switch because ArubaOS-Switches do not support CA-signed certificates.
Correct Answer: C
Question 5:
Refer to the exhibit.
This Aruba Mobility Controller (MC) should authenticate managers who access the Web Ul to ClearPass Policy Manager (CPPM) ClearPass admins have asked you to use RADIUS and explained that the MC should accept managers\’ roles in Aruba-Admin-Role VSAs
Which setting should you change to follow Aruba’s best security practices?
A. Change the local user role to read-only
B. Clear the MSCHAP check box
C. Disable local authentication
D. Change the default role to “guest-provisioning”
Correct Answer: D
Question 6:
Refer to the exhibit.
You have set up a RADIUS server on an ArubaOS Mobility Controller (MC) when you created a WLAN named “MyEmployees.You now want to enable the MC to accept change of authorization (CoA) messages from this server for wireless sessions on this WLAN.
What Is a part of the setup on the MC?
A. Create a dynamic authorization, or RFC 3576, server with the 10.5.5.5 address and correct shared secret.
B. Install the root CA associated with the 10 5.5.5 server\’s certificate as a Trusted CA certificate.
C. Configure a ClearPass username and password in the MyEmployees AAA profile.
D. Enable the dynamic authorization setting in the “clearpass” authentication server settings.
Correct Answer: B
Question 7:
You are configuring ArubaOS-CX switches to tunnel client traffic to an Aruba Mobility Controller (MC). What should you do to enhance security for control channel communications between the switches and the MC?
A. Create one UBT zone for control traffic and a second UBT zone for clients.
B. Configure a long, random PAPI security key that matches the switches and the MC.
C. install certificates on the switches, and make sure that IPsec is enabled on the MC
D. Make sure that the UBT client VLAN is assigned to the interface on which the switches reach the MC and only that interface.
Correct Answer: C
Question 8:
What is the correct guideline for the management protocols that you should use on ArubaOS- Switches?
A. Disable Telnet and use TFTP instead.
B. Disable SSH and use HTTPS instead.
C. Disable Telnet and use SSH instead
D. Disable HTTPS and use SSH instead
Correct Answer: B
Question 9:
You have been asked to rind logs related to port authentication on an ArubaOS-CX switch for events logged in the past several hours. you are having trouble searching through the logs. What is one approach that you can take to find the relevant logs?
A. Add the “-C and *-c port-access” options to the “show logging” command.
B. Configure a logging Tiller for the “port-access” category, and apply that filter globally.
C. Enable debugging for “portaccess” to move the relevant logs to a buffer.
D. Specify a logging facility that selects “port-access” messages.
Correct Answer: A
Question 10:
What is the benefit of deploying Aruba ClearPass Device insight?
A. Highly accurate endpoint classification for environments with many devices types, including Internet of Things (loT)
B. visibility into devices\’ 802.1X supplicant settings and automated certificate deployment
C. Agent-based analysts of devices\’ security settings and health status, with the ability to implement quarantining
D. Simpler troubleshooting of ClearPass solutions across an environment with multiple ClearPass Policy Managers
Correct Answer: B
Question 11:
Which is a correct description of a stage in the Lockheed Martin kill chain?
A. In the delivery stage, the malware collects valuable data and delivers or exfiltrated it to the hacker.
B. In the reconnaissance stage, the hacker assesses the impact of the attack and how much information was exfiltrated.
C. In the weaponization stage, which occurs after malware has been delivered to a system, the malware executes Its function.
D. In the exploitation and installation phases, the malware creates a backdoor into the infected system for the hacker.
Correct Answer: B
Question 12:
Refer to the exhibit.
A diem is connected to an ArubaOS Mobility Controller. The exhibit snows all Tour firewall rules that apply to this Diem
What correctly describes how the controller treats HTTPS packets to these two IP addresses, both of which are on the other side of the firewall?
10.1 10.10
203.0.13.5
A. It drops both the packets
B. It permits the packet to 10.1.10.10 and drops the packet to 203 0.13.5
C. it permits both the packets
D. It drops the packet to 10.1.10.10 and permits the packet to 203.0.13.5.
Correct Answer: C
Question 13:
What is one way a honeypot can be used to launch a man-in-the-middle (MITM) attack on wireless clients?
A. it uses a combination of software and hardware to jam the RF band and prevent the client from connecting to any wireless networks
B. it runs an NMap scan on the wireless client And the client’s MAC and IP address. The hacker then connects to another network and spoofs those addresses.
C. it examines wireless clients\’ probes and broadcasts the SSlDs in the probes so that wireless clients will connect to them automatically.
D. it uses ARP poisoning to disconnect wireless clients from the legitimate wireless network and force clients to connect to the hacker\’s wireless network instead.
Correct Answer: D
Question 14:
You have been instructed to look in the ArubaOS Security Dashboard\’s client list Your goal is to find clients may belong to the company and have connected to devices that might belong to hackers.
Which client fits this description?
A. MAC address d8:50:e6:f3;6d;a4; Client Classification Authorized; AP Classification, interfering
B. MAC address d8:50:e6 f3;6e;c5; Client Classification Interfering. AP Classification Neighbor
C. MAC address d8:50:e6:f3;6e;60; Client Classification Interfering. AP Classification Interfering
D. MAC address d8:50:e6:f3; TO; ab; Client Classification Interfering. AP Classification Rogue
Correct Answer: C
Question 15:
What is the benefit or using network aliases in ArubaOS firewall policies?
A. You can associate a reputation score with the network alias to create rules that filler traffic based on reputation rather than IP.
B. You can use the aliases to translate client IP addresses to other IP addresses on the other side of the firewall
C. You can adjust the IP addresses in the aliases, and the rules using those aliases automatically update
D. You can use the aliases to conceal the true IP addresses of servers from potentially untrusted clients.
Correct Answer: A
…
Lead4Pass HPE6-A78 dumps is the latest Aruba Certified Network Security Associate certification exam material. It has been verified by a team of experts and is true and effective. Download
HPE6-A78 dumps: https://www.leads4pass.com/hpe6-a78.html, prepare for 2023 to help you pass the exam easily.