リリースHP HPE6-A78更新された問題PDF [Q19-Q40]

リリースHP HPE6-A78更新された問題PDF

HPE6-A78問題集と練習テスト（62試験問題)

HP HPE6-A78試験は、ネットワークセキュリティのスキルと知識を検証したい個人を対象とした認定試験です。この試験は、Aruba Networksのセキュリティソリューションを設計、実装、管理する責任を持つネットワークセキュリティ専門家を対象としています。この認定プログラムはHPによって提供され、個人のネットワークセキュリティにおける専門知識を認定するものです。

 

質問 # 19
Which correctly describes a way to deploy certificates to end-user devices?

• A. in a Windows domain, domain group policy objects (GPOs) can automatically install computer, but not user certificates
• B. ClearPass OnGuard can help to deploy certificates to end-user devices, whether or not they are members of a Windows domain
• C. ClearPass Onboard can help to deploy certificates to end-user devices, whether or not they are members of a Windows domain
• D. ClearPass Device Insight can automatically discover end-user devices and deploy the proper certificates to them

正解：C

質問 # 20
How does the ArubaOS firewall determine which rules to apply to a specific client's traffic?

• A. The firewall applies thee rules in policies associated with the client's user role.
• B. The firewall applies the rules in policies associated with the client's wlan
• C. The firewall applies every rule that includes the dent's IP address as the source.
• D. The firewall applies every rule that includes the client's IP address as the source or destination.

正解：C

質問 # 21
What is one of the roles of the network access server (NAS) in the AAA framewonx?

• A. It enforces access to network services and sends accounting information to the AAA server
• B. It determines which resources authenticated users are allowed to access and monitors each users session
• C. It authenticates legitimate users and uses policies to determine which resources each user is allowed to access.
• D. It negotiates with each user's device to determine which EAP method is used for authentication

正解：C

質問 # 22
Refer to the exhibit.

You are deploying a new ArubaOS Mobility Controller (MC), which is enforcing authentication to Aruba ClearPass Policy Manager (CPPM). The authentication is not working correctly, and you find the error shown In the exhibit in the CPPM Event Viewer.
What should you check?

• A. that the IP address that the MC is using to reach CPPM matches the one defined for the device on CPPM
• B. that the MC has been added as a domain machine on the Active Directory domain with which CPPM is synchronized
• C. that the MC has valid admin credentials configured on it for logging into the CPPM
• D. that the snared secret configured for the CPPM authentication server matches the one defined for the device on CPPM

正解：A

質問 # 23
What is one way a noneypot can be used to launch a man-in-the-middle (MITM) attack to wireless clients?

• A. it uses a combination or software and hardware to jam the RF band and prevent the client from connecting to any wireless networks
• B. it examines wireless clients' probes and broadcasts the SSlDs in the probes, so that wireless clients will connect to it automatically.
• C. it uses ARP poisoning to disconnect wireless clients from the legitimate wireless network and force clients to connect to the hacker's wireless network instead.
• D. it runs an NMap scan on the wireless client to And the clients MAC and IP address. The hacker then connects to another network and spoofs those addresses.

正解：C

質問 # 24
What correctly describes the Pairwise Master Key (PMK) in thee specified wireless security protocol?

• A. In WPA3-Enterprise, the PMK is unique per session and derived using Simultaneous Authentication of Equals.
• B. In WPA3-Personal, the PMK is unique per session and derived using Simultaneous Authentication of Equals.
• C. In WPA3-Personal, the PMK is derived directly from the passphrase and is the same tor every session.
• D. In WPA3-Personal, the PMK is the same for each session and is communicated to clients that authenticate

正解：A

質問 # 25
You are troubleshooting an authentication issue for Aruba switches that enforce 802 IX10 a cluster of Aruba ClearPass Policy Manager (CPPMs) You know that CPPM Is receiving and processing the authentication requests because the Aruba switches are showing Access-Rejects in their statistics However, you cannot find the record tor the Access-Rejects in CPPM Access Tracker What is something you can do to look for the records?

• A. Verify that you are logged in to the CPPM Ul with read-write, not read-only, access
• B. Make sure that CPPM cluster settings are configured to show Access-Rejects
• C. Click Edit in Access viewer and make sure that the correct servers are selected.
• D. Go to the CPPM Event Viewer, because this is where RADIUS Access Rejects are stored.

正解：B

質問 # 26
What is one way that WPA3-PerSonal enhances security when compared to WPA2-Personal?

• A. WPA3-Personai is more resistant to passphrase cracking Because it requires passphrases to be at least 12 characters
• B. WPA3-Personal is more complicated to deploy because it requires a backend authentication server
• C. WPA3-Personai prevents eavesdropping on other users' wireless traffic by a user who knows the passphrase for the WLAN.
• D. WPA3-Perscn3i is more secure against password leaking Because all users nave their own username and password

正解：D

質問 # 27
You configure an ArubaOS-Switch to enforce 802.1X authentication with ClearPass Policy Manager (CPPM) denned as the RADIUS server Clients cannot authenticate You check Aruba ClearPass Access Tracker and cannot find a record of the authentication attempt.
What are two possible problems that have this symptom? (Select two)

• A. users are logging in with the wrong usernames and passwords or invalid certificates.
• B. Clients are configured to use a mismatched EAP method from the one In the CPPM service.
• C. Clients are not configured to trust the root CA certificate for CPPM's RADIUS/EAP certificate.
• D. CPPM does not have a network device defined for the switch's IP address.
• E. The RADIUS shared secret does not match between the switch and CPPM.

正解：A、C

質問 # 28
Refer to the exhibit.

You need to ensure that only management stations in subnet 192.168.1.0/24 can access the ArubaOS-Switches' CLI. Web Ul. and REST interfaces The company also wants to let managers use these stations to access other parts of the network What should you do?

• A. Configure the switch to listen for these protocols on OOBM only.
• B. Specify vlan 100 as the management vlan for the switches.
• C. Establish a Control Plane Policing class that selects traffic from 192.168 1.0/24.
• D. Specify 192.168.1.0.255.255.255.0 as authorized IP manager address

正解：C

質問 # 29
What is a vulnerability of an unauthenticated Dime-Heliman exchange?

• A. A hacker can replace the public values exchanged by the legitimate peers and launch an MITM attack.
• B. Participants must agree on a passphrase in advance, which can limit the usefulness of Diffie- Hell man in practical contexts.
• C. A brute force attack can relatively quickly derive Diffie-Hellman private values if they are able to obtain public values
• D. Diffie-Hellman with elliptic curve values is no longer considered secure in modem networks, based on NIST recommendations.

正解：A

質問 # 30
What is a guideline for creating certificate signing requests (CSRs) and deploying server Certificates on ArubaOS Mobility Controllers (MCs)?

• A. if you create the CSR and public/private Keypair offline, create a matching private key online on the MC.
• B. Generate the private key online, but the public key and CSR offline, to install the same certificate on multiple MCs.
• C. Create the CSR online using the MC Web Ul if your company requires you to archive the private key.
• D. Create the CSR and public/private keypair offline If you want to install the same certificate on multiple MCs.

正解：C

質問 # 31
Your Aruba Mobility Master-based solution has detected a rogue AP Among other information the ArubaOS Detected Radios page lists this Information for the AP SSID = PubllcWiFI BSSID = a8M27 12 34:56 Match method = Exact match Match type = Eth-GW-wired-Mac-Table The security team asks you to explain why this AP is classified as a rogue. What should you explain?

• A. The AP is spoofing a routers MAC address as its BSSID. This indicates mat, even though WIP cannot determine whether the AP is connected to your LAN. it is a rogue.
• B. The AP Is connected to your LAN because It is transmitting wireless traffic with your network's default gateway's MAC address as a source MAC Because it does not belong to the company, it is a rogue
• C. The ap has a BSSID mat matches authorized client MAC addresses. This indicates that the AP is spoofing the MAC address to gam unauthorized access to your company's wireless services, so It is a rogue
• D. The AP has been detected as launching a DoS attack against your company's default gateway. This qualities it as a rogue which needs to be contained with wireless association frames immediately

正解：A

質問 # 32
You are managing an Aruba Mobility Controller (MC). What is a reason for adding a "Log Settings" definition in the ArubaOS Diagnostics > System > Log Settings page?

• A. Configuring the MC to generate logs for a particular event category and level, but only for a specific user or AP.
• B. Configuring the log facility and log format that the MC will use for forwarding logs to all Syslog servers
• C. Configuring a filter that you can apply to a defined Syslog server in order to filter events by subcategory
• D. Configuring the Syslog server settings for the server to which the MC forwards logs for a particular category and level

正解：D

質問 # 33
Refer to the exhibit.

This Aruba Mobility Controller (MC) should authenticate managers who access the Web Ul to ClearPass Policy Manager (CPPM) ClearPass admins have asked you to use RADIUS and explained that the MC should accept managers' roles in Aruba-Admin-Role VSAs Which setting should you change to follow Aruba best security practices?

• A. Change the default role to "guest-provisioning"
• B. Change the local user role to read-only
• C. Disable local authentication
• D. Clear the MSCHAP check box

正解：A

質問 # 34
A company has Aruba Mobility Controllers (MCs). Aruba campus APs. and ArubaOS-CX switches. The company plans to use ClearPass Policy Manager (CPPM) to classify endpoints by type The ClearPass admins tell you that they want to run Network scans as part of the solution What should you do to configure the infrastructure to support the scans?

• A. Create a TA profile on the ArubaOS-Switches with the root CA certificate for ClearPass's HTTPS certificate
• B. Create device fingerprinting profiles on the ArubaOS-Switches that include SNMP. and apply the profiles to edge ports
• C. Create remote mirrors on the ArubaOS-Swrtches that collect traffic on edge ports, and mirror it to CPPM's IP address.
• D. Create SNMPv3 users on ArubaOS-CX switches, and make sure that the credentials match those configured on CPPM

正解：B

質問 # 35
An ArubaOS-CX switch enforces 802.1X on a port. No fan-through options or port-access roles are configured on the port The 802 1X supplicant on a connected client has not yet completed authentication Which type of traffic does the authenticator accept from the client?

• A. RADIUS only
• B. DHCP, DNS and RADIUS only
• C. DHCP, DNS, and EAP only
• D. EAP only

正解：D

質問 # 36
From which solution can ClearPass Policy Manager (CPPM) receive detailed information about client device type OS and status?

• A. ClearPass Guest
• B. ClearPass Access Tracker
• C. ClearPass OnGuard
• D. ClearPass Onboard

正解：C

質問 # 37
What is a benefit or Protected Management Frames (PMF). sometimes called Management Frame Protection (MFP)?

• A. PMF prevents hackers from capturing the traffic between APs and Mobility Controllers.
• B. PMF ensures trial traffic between APs and Mobility Controllers (MCs) is encrypted.
• C. PMF protects clients from DoS attacks based on forged de-authentication frames
• D. PMF helps to protect APs and MCs from unauthorized management access by hackers.

正解：D

質問 # 38
You are configuring ArubaOS-CX switches to tunnel client traffic to an Aruba Mobility Controller (MC).
What should you do to enhance security for control channel communications between the switches and the MC?

• A. Configure a long, random PAPI security key that matches on the switches and the MC.
• B. Create one UBT zone for control traffic and a second UBT zone for clients.
• C. Make sure that the UBT client vlan is assigned to the interface on which the switches reach the MC and only that interface.
• D. install certificates on the switches, and make sure that CPsec is enabled on the MC

正解：D

質問 # 39
A company has an Aruba solution with a Mobility Master (MM) Mobility Controllers (MCs) and campus Aps.
What is one benefit of adding Aruba Airwave from the perspective of forensics?

• A. Airwave can provide more advanced authentication and access control services for the AmbaOS solution
• B. AirWave enables low level debugging on the devices across the ArubaOS solution
• C. Airwave retains information about the network for much longer periods than ArubaOS solution
• D. Airwave is required to activate Wireless Intrusion Prevention (WIP) services on the ArubaOS solution

正解：D

質問 # 40
......

HPE6-A78試験問題集合格させるのは更新されたのは2024年年最新の認証済み試験問題：https://www.jpntest.com/shiken/HPE6-A78-mondaishu