[2022] New HPE6-A78 exam dumps Use Updated HP Exam
Verified HPE6-A78 Dumps Q&As - HPE6-A78 Test Engine with Correct Answers
HP HPE6-A78 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
NEW QUESTION 17
What is one way that WPA3-PerSonal enhances security when compared to WPA2-Personal?
- A. WPA3-Personal is more complicated to deploy because it requires a backend authentication server
- B. WPA3-Perscn3i is more secure against password leaking Because all users nave their own username and password
- C. WPA3-Personai is more resistant to passphrase cracking Because it requires passphrases to be at least 12 characters
- D. WPA3-Personai prevents eavesdropping on other users' wireless traffic by a user who knows the passphrase for the WLAN.
Answer: B
NEW QUESTION 18
Refer to the exhibit.
You have set up a RADIUS server on an ArubaOS Mobility Controller (MC) when you created a WLAN named "MyEmployees .You now want to enable the MC to accept change of authorization (CoA) messages from this server for wireless sessions on this WLAN.
What Is a part of the setup on the MC?
- A. Enable the dynamic authorization setting in the "clearpass" authentication server settings.
- B. Install the root CA associated with the 10 5.5.5 server's certificate as a Trusted CA certificate.
- C. Configure a ClearPass username and password in the MyEmployees AAA profile.
- D. Create a dynamic authorization, or RFC 3576, server with the 10.5.5.5 address and correct shared secret.
Answer: B
NEW QUESTION 19
What is one way that Control Plane Security (CPsec) enhances security for me network?
- A. It prevents access from unauthorized IP addresses to critical services, such as SSH on Mobility Controllers (MCs).
- B. It prevents Denial of Service (DoS) attacks against Mobility Controllers' (MCs") control plane.
- C. It protects management traffic between APs and Mobility Controllers (MCs) from eavesdropping.
- D. It protects wireless clients' traffic tunneled between APs and Mobility Controllers, from eavesdropping
Answer: D
NEW QUESTION 20
You have detected a Rogue AP using the Security Dashboard Which two actions should you take in responding to this event? (Select two)
- A. There is no need to locale the AP If you manually contain It.
- B. You should receive permission before containing an AP. as this action could have legal Implications.
- C. For forensic purposes, you should copy out logs with relevant information, such as the time mat the AP was detected and the AP's MAC address.
- D. This is a serious security event, so you should always contain the AP immediately regardless of your company's specific policies.
- E. There is no need to locate the AP If the Aruba solution is properly configured to automatically contain it.
Answer: C,D
NEW QUESTION 21
Refer to the exhibit.
This Aruba Mobility Controller (MC) should authenticate managers who access the Web Ul to ClearPass Policy Manager (CPPM) ClearPass admins have asked you to use RADIUS and explained that the MC should accept managers' roles in Aruba-Admin-Role VSAs Which setting should you change to follow Aruba best security practices?
- A. Change the default role to "guest-provisioning"
- B. Clear the MSCHAP check box
- C. Disable local authentication
- D. Change the local user role to read-only
Answer: A
NEW QUESTION 22
You have been asked to rind logs related to port authentication on an ArubaOS-CX switch for events logged in the past several hours But. you are having trouble searching through the logs What is one approach that you can take to find the relevant logs?
- A. Enable debugging for "portaccess" to move the relevant logs to a buffer.
- B. Configure a logging Tiller for the "port-access" category, and apply that filter globally.
- C. Specify a logging facility that selects for "port-access" messages.
- D. Add the "-C and *-c port-access" options to the "show logging" command.
Answer: D
NEW QUESTION 23
What is one way a noneypot can be used to launch a man-in-the-middle (MITM) attack to wireless clients?
- A. it uses a combination or software and hardware to jam the RF band and prevent the client from connecting to any wireless networks
- B. it runs an NMap scan on the wireless client to And the clients MAC and IP address. The hacker then connects to another network and spoofs those addresses.
- C. it uses ARP poisoning to disconnect wireless clients from the legitimate wireless network and force clients to connect to the hacker's wireless network instead.
- D. it examines wireless clients' probes and broadcasts the SSlDs in the probes, so that wireless clients will connect to it automatically.
Answer: C
NEW QUESTION 24
What is one of the roles of the network access server (NAS) in the AAA framewonx?
- A. It negotiates with each user's device to determine which EAP method is used for authentication
- B. It authenticates legitimate users and uses policies to determine which resources each user is allowed to access.
- C. It enforces access to network services and sends accounting information to the AAA server
- D. It determines which resources authenticated users are allowed to access and monitors each users session
Answer: B
NEW QUESTION 25
What are the roles of 802.1X authenticators and authentication servers?
- A. The authenticator supports only EAP, while the authentication server supports only RADIUS.
- B. The authenticator stores the user account database, while the server stores access policies.
- C. The authenticator is a RADIUS client and the authentication server is a RADIUS server.
- D. The authenticator makes access decisions and the server communicates them to the supplicant.
Answer: D
NEW QUESTION 26
Your Aruba Mobility Master-based solution has detected a rogue AP Among other information the ArubaOS Detected Radios page lists this Information for the AP SSID = PubllcWiFI BSSID = a8M27 12 34:56 Match method = Exact match Match type = Eth-GW-wired-Mac-Table The security team asks you to explain why this AP is classified as a rogue. What should you explain?
- A. The AP is spoofing a routers MAC address as its BSSID. This indicates mat, even though WIP cannot determine whether the AP is connected to your LAN. it is a rogue.
- B. The ap has a BSSID mat matches authorized client MAC addresses. This indicates that the AP is spoofing the MAC address to gam unauthorized access to your company's wireless services, so It is a rogue
- C. The AP has been detected as launching a DoS attack against your company's default gateway. This qualities it as a rogue which needs to be contained with wireless association frames immediately
- D. The AP Is connected to your LAN because It is transmitting wireless traffic with your network's default gateway's MAC address as a source MAC Because it does not belong to the company, it is a rogue
Answer: A
NEW QUESTION 27
Refer to the exhibit.
You are deploying a new ArubaOS Mobility Controller (MC), which is enforcing authentication to Aruba ClearPass Policy Manager (CPPM). The authentication is not working correctly, and you find the error shown In the exhibit in the CPPM Event Viewer.
What should you check?
- A. that the MC has been added as a domain machine on the Active Directory domain with which CPPM is synchronized
- B. that the MC has valid admin credentials configured on it for logging into the CPPM
- C. that the snared secret configured for the CPPM authentication server matches the one defined for the device on CPPM
- D. that the IP address that the MC is using to reach CPPM matches the one defined for the device on CPPM
Answer: D
NEW QUESTION 28
Refer to the exhibit.
This company has ArubaOS-Switches. The exhibit shows one access layer switch, Swllcn-2. as an example, but the campus actually has more switches. The company wants to slop any internal users from exploiting ARP What Is the proper way to configure the switches to meet these requirements?
- A. On Switch-2, make ports connected to employee devices trusted ports for ARP protection
- B. On Swltch-2, configure static PP-to-MAC bindings for all end-user devices on the network
- C. On Switch-1, enable ARP protection globally, and enable ARP protection on ail VLANs.
- D. On Swltch-2, enable DHCP snooping globally and on VLAN 201 before enabling ARP protection
Answer: B
NEW QUESTION 29
How should admins deal with vulnerabilities that they find in their systems?
- A. They should classify the vulnerability as malware. a DoS attack or a phishing attack.
- B. They should apply fixes, such as patches, to close the vulnerability before a hacker exploits it.
- C. They should notify the security team as soon as possible that the network has already been breached.
- D. They should add the vulnerability to their Common Vulnerabilities and Exposures (CVE).
Answer: B
NEW QUESTION 30
What distinguishes a Distributed Denial of Service (DDoS) attack from a traditional Denial or service attack (DoS)?
- A. A DoS attack targets one server, a DDoS attack targets all the clients that use a server
- B. A DDoS attack originates from external devices, while a DoS attack originates from internal devices
- C. A DDoS attack is launched from multiple devices, while a DoS attack is launched from a single device
- D. A DDoS attack targets multiple devices, while a DoS Is designed to Incapacitate only one device
Answer: B
NEW QUESTION 31
You are deploying an Aruba Mobility Controller (MC). What is a best practice for setting up secure management access to the ArubaOS Web UP
- A. Change the default 4343 port tor the web UI to TCP 443.
- B. Install a CA-signed certificate to use for the Web UI server certificate.
- C. Make sure to enable HTTPS for the Web UI and select the self-signed certificate Installed in the factory.
- D. Avoid using external manager authentication tor the Web UI.
Answer: B
NEW QUESTION 32
You are troubleshooting an authentication issue for Aruba switches that enforce 802 IX10 a cluster of Aruba ClearPass Policy Manager (CPPMs) You know that CPPM Is receiving and processing the authentication requests because the Aruba switches are showing Access-Rejects in their statistics However, you cannot find the record tor the Access-Rejects in CPPM Access Tracker What is something you can do to look for the records?
- A. Make sure that CPPM cluster settings are configured to show Access-Rejects
- B. Verify that you are logged in to the CPPM Ul with read-write, not read-only, access
- C. Go to the CPPM Event Viewer, because this is where RADIUS Access Rejects are stored.
- D. Click Edit in Access viewer and make sure that the correct servers are selected.
Answer: A
NEW QUESTION 33
......
Pass Your HPE6-A78 Dumps as PDF Updated on 2022 With 62 Questions: https://www.dumpsquestion.com/HPE6-A78-exam-dumps-collection.html
HP HPE6-A78 Real Exam Questions and Answers FREE: https://drive.google.com/open?id=1LaRnPKXQ3W0JXUT6KhtC_uwICHj8cFD0