TEST BORRADO, QUIZÁS LE INTERESE: TEST LAB UNIVERSITY
COMENTARIOS |
ESTADÍSTICAS |
RÉCORDS
|
|---|
REALIZAR TEST
|
Título del Test:
TEST LAB UNIVERSITY Descripción: TEST CHEMICAL Autor:
Fecha de Creación: 10/12/2024 Categoría: Cine y TV Número Preguntas: 117 |
COMPARTE EL TEST
Comentar
No hay ningún comentario sobre este test.
Temario:
|
The customer needs a network hardware refresh to replace an aging Aruba 5406R core switch pair using
spanning tree configuration with Aruba CX 8360-32YC switches.
What is the benefit of VSX clustering with the new solution? stacked data-plane faster MSTP converge processing dual Aruba AP LAN port connectivity for PoE redundancy dual control plane provides better resiliency. How is Multicast Transmission Optimization implemented in an HPE Aruba wireless network? The optimal rate for sending multicast frames is based on the highest broadcast rate across all associated clients When this option is enabled the minimum default rate for multicast traffic is set to 12 Mbps for 5 GHz The optimal rate for sending multicast frames is based on the lowest broadcast rate across all associated clients. The optimal rate for sending multicast frames is based on the lowest unicast rate across all associated clients. A company has deployed 200 AP-635 access points. To take advantage of the 6 GHz band, the administrator has attempted to configure a new WPA3-OWE SSID in Central but is not working as expected. What would be the correct action to fix the issue? Change the SSID to WPA3-Enterprise (CNSA) Change the SSID to WPA3-Personal Change the SSID to WPA3-Enhanced Open Change the SSID to WPA3-Enterprise (CCM). Your customer has an Aruba CX 6200F VSF stack with two switches. A third member (JL726A) needs to be added to the VSF configuration. What e the configuration that enables the new devices to join the VSF? On the new switch issue: vsf member 1 link 1 1/1/50 link 2 1/1/49 vsf renumber-to-3 On the new switch issue: vsf member 3 type jl726a vsf member 3 stack join type jl726a vsf member 1 type jl726a link 1 3/1/50 link 2 3/1/49 . The administrator notices that wired guest users that have exceeded their bandwidth limit are not being disconnected Access Tracker in ClearPass indicates a disconnect CoA message is being sent to the AOSCX switch. An administrator has performed the following configuration What is the most likely cause of this issue? Change of Authorization has not been globally enabled on the switch The SSL certificate for CPPM has not been added as a trust point on the switch There is a mismatch between the RADIUS secret on the switch and CPPM. There is a time difference between the switch and the ClearPass Policy Manager. You need to drop excessive broadcast traffic on an ingress port on an ArubaOS-CX switch. What is the best feature to use for this task? Rate limiting DWRR queuing Strict queuing QoS shaping. You need to have different routing-table requirements with Aruba CX 6300 VSF configuration. Assuming the correct layer-2 VLAN already exists how would you create a new OSPF configuration for a separate routing table? Create a new OSPF area, and attach VRF name Create a new OSPF process ID with vrf name Attach a new OSFP process ID with a custom routing table Attach OSPF process ID in the VRF configuration. When setting up an Aruba CX VSX pair, which information does the Inter-Switch Link Protocol configuration use in the configuration created? hello interval is disabled by default hello interval is based on the value set by dead interval hello interval is 1s by default hello interval 100ms by default. A customer is using a legacy application that communicates at layer-2. The customer would like to keep this application working across the campus which is connected via layer-3. The legacy devices are connected to Aruba CX 6300 switches throughout the campus. Generic Routing Encapsulation (GRE) EVPN-VXLAN Ethernet over IP (EolP) Static VXLAN. What is the best practice for handling voice traffic with dynamic segmentation on AOS-CX switches? Switch authentication and local forwarding of the voice traffic Switch authentication and user-based tunneling of the voice traffic Central authentication and port-based tunneling of the voice traffic Controller authentication and port-based tunneling of all traffic. What is true regarding 802.11k? It extends radio measurements to define mechanisms for wireless network management of stations It reduces roaming delay by pre-authenticating clients with multiple target APs before a client roams to an AP It provides mechanisms for APs and clients to dynamically measure the available radio resources It considers several metrics before it determines if a client should be steered to the 5GHz band, including client RSSI. Your customer is having issues with Wi-Fi 6 clients staying connected to poor-performing APs when a higher throughput APs are closer. Which technology should you implement Clearpass ClientMatch Airmatch ARM. On AOS10 Gateways, which device persona is only available when configuring a Gateway- only group? Edge Mobility Branch VPN Concentrator. For the Aruba CX 6400 switch, what does virtual output queueing (VOQ) implement that is different from most typical campus switches? large ingress packet buffers large egress packet buffers per port ASICs VSX. A company recently deployed new Aruba Access Points at different branch offices Wireless 802.1X authentication will be against a RADIUS server in the cloud. The security team is concerned that the traffic between the AP and the RADIUS server will be exposed. What is the appropriate solution for this scenario? Enable EAP-TLS on all wireless devices Configure RadSec on the AP and Aruba Central Enable EAP-TTLS on all wireless devices Configure RadSec on the AP and the RADIUS server. Which standard supported by some Aruba APs can enable a customer to accurately locate wireless client devices within a few meters? 802.11mc 802.11W 802.11k 802.11r. A system engineer needs to preconfigure several Aruba CX 6300 switches that will be sent to a remote office An untrained local field technician will do the rollout of the switches and the mounting of several AP- 515s and AP-575S. Cables running to the APs are not labeled. The VLANs are already preconfigured to VLAN 100 (mgmt), VLAN 200 (clients), and VLAN 300 (guests) What is the correct configuration to ensure that APs will work properly? port-access lld´-group IAP-Group seq 10 match sys-desc AP-515 seq 20 match sys-desc AP-575 port-access role IAP-Role description ARUBA AP poe-priority high trust-mode dscp vlan trunk native 100 vlan trunk allow allow 100,200,300 enable port-access device-profile IAP-Profile associate role IAP-Role associate lldp-group IAP-Group port-access lld´-group IAP-Group seq 10 match sys-desc AP-515 seq 20 match sys-desc AP-575 port-access role IAP-Role description ARUBA AP poe-priority high trust-mode dscp vlan trunk native 100 vlan trunk allow allow 100,200,300 port-access device-profile IAP-Profile associate role IAP-Role associate lldp-group IAP-Group no shutdown port-access lld´-group IAP-Group seq 10 match sys-desc AP-515 seq 20 match sys-desc AP-575 port-access role IAP-Role description ARUBA AP poe-priority high trust-mode dscp vlan trunk native 100 vlan trunk allow allow 200,300 port-access device-profile IAP-Profile enable associate role IAP-Role associate lldp-group IAP-Group port-access lld´-group IAP-Group seq 10 match sys-desc AP-515 seq 20 match sys-desc AP-575 port-access role IAP-Role description ARUBA AP poe-priority high trust-mode dscp vlan trunk native 100 vlan trunk allow allow 100,200,300 port-access device-profile IAP-Profile enable associate role IAP-Role associate lldp-group IAP-Group . A customer wants to provide wired security as close to the source as possible The wired security must meet the following requirements: -allow ping from the IT management VLAN to the user VLAN -deny ping sourcing from the user VLAN to the IT management VLAN The customer is using Aruba CX 6300s What is the correct way to implement these requirements? Apply an outbound ACL on the user VLAN allowing temp echo-reply traffic toward the IT management VLAN Apply an inbound ACL on the user VLAN allowing icmp echo-reply traffic toward the IT management VLAN Apply an inbound ACL on the user VLAN denying icmp echo traffic toward the IT management VLAN Apply an outbound ACL on the user VLAN denying icmp echo traffic toward the IT management VLAN. A customer is using Aruba Cloud Guest, but visitors keep complaining that the captive portal page keeps coming up after devices go to sleep. Which solution should be enabled to deal with this issue? MAC Caching under the user-role MAC Caching under the splash page Wireless Caching under the splash page MAC Caching under the WLAN. A company deployed Dynamic Segmentation with their CX switches and Gateways After performing a security audit on their network, they discovered that the tunnels built between the CX switch and the Aruba Gateway are not encrypted. The company is concerned that bad actors could try to insert spoofed messages on the Gateway to disrupt communications or obtain information about the network. Which action must the administrator perform to address this situation? Enable Secure Mode Enhanced Enable Enhanced security Enable Enhanced PAPI security Enable GRE security. Your Aruba CX 6300 VSF stack has OSPF adjacency over SVI 10 with LAG 1 to a neighboring device The following configuration was created on the switch: vlan 20,30,40 ! interace vlan 20 ip address 10.10.20.1/24 ! interface vlan 30 ip address 10.10.30.1/24 ! interface vlan 40 ip address 10.10.40.1/24 vlan 20,30,40 ospf passive interface vlan 20,30,40 ip ospf passive router ospf 1 area 0 passive-interface vlan 20.30.40 router ospf 1 area 0 redistribute local. What steps are part of the Key Management workflow when a wireless device is roaming from AP1 to AP2? (Select two.) AP1 will cache the client's information and send it to the Key Management service The Key Management service receives from AirMatch a list of all AP2's neighbors The Key Management service receives a list of all AP1 s neighbors from AirMatch The Key Management service then generates R1 keys for AP2's neighbors A client associates and authenticates with the AP2 after roaming from AP1. A client is connecting to 802.1X SSID that has been configured in tunnel mode with the default AP-group settings. After receiving Access-Accept from the RADIUS server, the Aruba Gateway will send Access-Accept to the AP through which tunnel? IPsec tunnel GRE tunnel PAR tunnel Split tunnel. A customer has a site with 200 AP-515 access points 75 AP-565 access points installed. The customer is rolling out new mobile phones with Wi-Fi-calling. 802.1X is in use for authentication What should be enabled to ensure the best roaming experience? 802.1X 802.11r 802.11w 802.1h. You are doing tests in your lab and with the following equipment specifications AP1 has a radio that generates a 20 dBm signal AP2 has a radio that generates a 8 dBm signal AP1 has an antenna with a gain of 7 dBI. AP2 has an antenna with a gain of 12 dBI. The antenna cable for AP1 has a 3 dB loss The antenna cable forAP2 has a 3 dB loss. What would be the calculated Equivalent Isotropic Radiated Power (EIRP) for AP1? 2dBm 8 dBm 22 dBm 24 dBm. Which feature allows the device to remain operational when a remote link failure occurs between a Gateway cluster and a RADIUS server that is either in the cloud or a datacenter? MAC caching MAC Authentication Authentication survivability Opportunistic key caching. When setting up an Aruba CX VSX pair, which information does the Inter-Switch Link Protocol configuration use in the configuration created? RPVST+ UDLD MAC tables QSVI. With the Aruba CX 6200 24G switch with uplinks or 1/1/25 and 1/1/26, how do you protect client ports from forming layer-2 loops? int 1/1/1-1/1/24, loop-protect int 1/1/1-1/1/28. loop-protect int 1/1/1-1/1/28. loop-guard int 1/1/1-1/1/24. loop-guard. In an ArubaOS 10 architecture using an AP and a gateway, what happens when a client attempts to join the network and the WLAN is configured with OWE? Authentication information is not exchanged The Gateway will not respond No encryption is applied RADIUS protocol is utilized. By default, Best Effort is higher priority than which priority traffic type? All queues Background Internet Control Network Control. You are are doing tests in your lab and with the following equipment specifications: AP1 has a radio that generates a 16 dBm signal. AP2 has a radio that generates a 13 dBm signal. AP1 has an antenna with a gain of 8 dBi. AP2 has an antenna with a gain of 12 dBi. The antenna cable for AP1 has a 4 dB loss. The antenna cable for AP2 has a 3 dB loss. What would be the calculated Equivalent Isotropic Radiated Power (EIRP) for AP1? -9 dBm 20 dBm 40 dBm 15 dBm. What is used to retrieve data stored in a Management Information Base (MIS)? SNMPv3 DSCP TLV CDP. You need to ensure that voice traffic sent through an ArubaOS-CX switch arrives with minimal latency. What is the best scheduling technology to use for this task? Strict queuing Rate limiting QoS shaping DWRR queuing. You are helping an onsite network technician bring up an Aruba 9004 gateway with ZTP for a branch office The technician was to plug in any port for the ZTP process to start Thirty minutes after the gateway was plugged in new users started to complain they were no longer able to get to the internet. One user who reported the issue stated their IP address is 172.16 0.81 However, the branch office network is supposed to be on 10.231 81.0/24. What should the technician do to alleviate the issue and get the ZTP process started correctly? Turn off the DHCP scope on the gateway, and set DNS correctly on the gateway to reach Aruba Activate Move the cable on the gateway from port G0/0/1 to port G0/0/0 Move the cable on the gateway to G0/0/1. and add the device's MAC and Serial number in Central Factory default and reboot the gateway to restart the process. A customer is using stacked Aruba CX 6200 and CX 6300 switches for access and a VSX pair of Aruba CX 8325 as a collapsed core 802 1X is implemented for authentication. Due to the lack of cabling, some unmanaged switches are still in use Sometimes devices behind these switches cause network outages The switch should send a warning to the helpdesk when the problem occurs You have been asked to implement an effective solution to the problem. What is the solution for this? Configure spanning tree on the Aruba CX 8325 switches Set the trap-option Configure loop protection on all edge ports of the Aruba CX 6200 and CX 6300 switches No trap option is needed Configure loop protection on all edge ports of the Aruba CX 6200 and CX 6300 switches Set up the trap-option Configure spanning tree on the Aruba CX 6200 and CX 6300 switches No trap option is needed. With the Aruba CX switch configuration, what is the first-hop protocol feature that is used for VSX L3 gateway as per Aruba recommendation? Active Gateway Active-Active VRRP SVI with vsx-sync VRRP. How do you allow a new VLAN 100 between VSX pair inter-switch-link 256 for port 1/45 and 2/45? vlan trunk allowed 100 for ports 1/45 and 1/46 vlan trunk add 100 in LAG256 vlan trunk allowed 100 in LAG256 vlan trunk add 100 in MLAG256. Your Director of Security asks you to assign AOS-CX switch management roles to new employees based on their specific job requirements. After the configuration was complete, it was noted that a user assigned with the auditors role did not have the appropriate level of access on the switch. The user was not allowed to perform firmware upgrades and a privilege level of 15 was not assigned to their role. Which default management role should have been assigned for the user? sysadmin sysops administrators config. What is one advantage of using OCSP vs CRLs for certificate validation? reduces latency between the time a certificate is revoked and validation reflects this status less complex to implement higher availability for certificate validation supports longer certificate validity periods. Your customer is having connectivity issues with a newly-deployed Microbranch group The access points in this group are online in Aruba Central, but no VPN tunnels are forming. What is the most likely cause of this issue? There is a time difference between the AP and the gateways The gateways should have NTP added The SSL certificate on the gateway used to encrypt the connection has not been added to the APs trust list There may be a firewall blocking GRE tunneling between the AP and the gateway The gateway group is running in automatic cluster mode and should be in manual cluster mode. You are doing tests in your lab and with the following equipment specifications AP1 has a radio that generates a 10 dBm signal AP2 has a radio that generates a 11 dBm signal AP1 has an antenna with a gain of 9 dBi AP2 has an antenna with a gain of 12 dBi. The antenna cable for AP1 has a 2 dB loss The antenna cable for AP2 has a 3 dB loss What would be the calculated Equivalent Isotropic Radiated Power (EIRP) for AP1? 26 dBm 30 dBm 17 dBm -12 dBm. Describe the difference between Class of Service (CoS) and Differentiated Services Code Point (DSCP) CoS has much finer granularity than DSCP CoS is only contained in VLAN Tag fields DSCP is in the IP Header and preserved throughout the IP packet flow They are similar and can be used interchangeably CoS is only used to determine CLASS of traffic DSCP is only used to differentiate between different Classes. Refer to the exhibit. With Core-1. what is the default value for config-revision? 0 1 1-0 0-0. Using Aruba best practices what should be enabled for visitor networks where encryption is needed but authentication is not required? Wi-Fi Protected Access 3 Enterprise Opportunistic Wireless Encryption Wired Equivalent Privacy Open Network Access. What is an Aruba-recommended best practice for hardening that only applies to Aruba CX 6300 series switches with dedicated management ports? Implement a control plane ACL to limit access to approved IPs and/or subnets Manually enable Enhanced Security Mode from a console session Disable all management services on the default VRF Create a dedicated management VRF, and assign the management port to it. A customer is using a legacy application that communicates at layer-2. The customer would like to keep this application working to a remote site connected via layer-3 All legacy devices are connected to a dedicated Aruba CX 6200 switch at each site. What technology on the Aruba CX 6200 could be used to meet this requirement? Inclusive Multicast Ethernet Tag (IMET) Ethernet over IP (EolP) Generic Routing Encapsulation (GRE) Static VXLAN. When configuring UBT on a switch what will happen when a gateway role is not specified? when a gateway role is not specified? The switch will put the client on the access VLAN The gateway will assign a default role to the client The switch will assign the default deny role to the client. The gateway will send back the deny role to the client. A network engineer recently identified that a wired device connected to a CX Switch is misbehaving on the network To address this issue, a new ClearPass policy has been put in place to prevent this device from connecting to the network again. Which steps need to be implemented to allow ClearPass to perform a CoA and change the access for this wired device? (Select two.) Confirm that NTP is configured on the switch and ClearPass Configure dynamic authorization on the switch. Bounce the switchport Use Dynamic Segmentation Configure dynamic authorization on the switchport. A large retail client is looking to generate a rich set of contextual data based on the location information of wireless clients in their stores. Which standard uses Round Trip Time (RTT) and Fine Time Measurements (FTM) to calculate the distance a client is from an AP? 802.11ah 802.11mc 802.11be 802.11V. Your manufacturing client is deploying two hundred wireless IP cameras and fifty headless scanners in their warehouse. These new devices do not support 802.1X authentication. How can HPE Aruba enhance security for these new IP cameras in this environment? Use MPSK Local to automatically provide unique pre-shared Keys for devices. Aruba ClearPass performs the 802.1X authentication and installs a certificate MPSK provides for each device in the WLAN to have its own unique pre-shared Key. MPSK Local will allow the cameras to share a rey and the scanners to share a different. What is a primary benefit of BSS coloring? BSS color tags improve performance by allowing APS on the same channel to be farther apart BSS color tags improve security by identifying rogue APS and tagging them as threats. BSS color tags are applied on the wireless controllers and can reduce the threshold for interference BSS color tags are applied to WI-Fi channels and can reduce the threshold tor interference. you need to have different routing-table requirements With Aruba CX 6300 VSF configuration. Assuming the correct layer-2 VLAN already exists, how would you create a new SVI for a separate routing table? create a new VLAN, and attach the VRF to it. Create a new routing table, and attach VLANS to it Create a new SVI and use attach command Create a new VLAN. and attach the routing table to it. A new network design is being considered to minimize client latency in a high-density environment. The design needs to do this by eliminating contention overhead by dedicating subcarriers to clients. Which technology is the best match for this use case? OFDMA MU-MIMO QWMM Channel Bonding. A company has deployed 200 AP-635 access points. To but is not working as expected What would be the correct action to fix the issue? Change the SSID to WPA3-Enhanced Open Change the SSID to WPA3-Enterprise (CCM). Change the SSID to WPA3-Personal Change the SSID to WPA3-Enterpnse (CNSA). For an Aruba AOS10 AP in mixed mode, which factors can be used to determine the forwarding role assigned to a client? (Select two.) Client IP address 802.1X authentication result Client MAC address Client SSID Client VLAN. With Access-1, What needs to be identically configured With MSTP to load-balance VLANS? Spanning-tree bpdu-guard setting Spanning-tree instance vlan mapppjng spanning-tree Cist mapping Spanning-tree root-guard setting. What are the requirements to ensure that WMM is working effectively'? (Select two) The APs and the controller are Wi-Fi CERTIFIED for WMM which is enabled All APs need to be from the AP-5xx series and AP-6xx series which are Wi-Fi CERTIFIED 6. The Client must be Wi-Fi CERTIFIED for WMM and configured for WMM marking The Aruba AOS10 APs installed have to be converted to controlled mode The AP needs to be connected via a tagged VLAN to the wired port. A customer is concerned about me unprotected traffic between an AOS-CX switch and a gateway, running on AOS1O. What is a feasible option to protect this traffic? Implement an IPSec tunnel to protect PAPI between the AOS-CX switches and the gateway Implement an MD5 HMAC function lo protect PAPI between the AOS-CX switches and the gateway Implement a GRE tunnel to protect PAPI between the AOS-CX switches and the gateway no action is needed, an RSA certificate already encrypts the traffic. You are working on a network where the customer has a dedicated router with redundant Internet connections Tor outbound high-importance real-time audio streams from their datacenter All of this traffic. originates from a single subnet uses a unique range of UDP ports is required to be routed to the dedicated router All other traffic should route normally The SVI for the subnet containing the servers originating the traffic is located on the core routing switch in the datacenter. What should be configured? Configure a new OSPF area including both the core routing switch and the dedicated router Configure a BGP link between the core routing switch and the dedicated router and route filtering. Configure Policy Based Routing (PBR) on the core routing switch for the VRF with the servers' SVI Configure a dedicated VRF on the core routing switch and make the dedicated router the default route. You are configuring Policy Based Routing (PBR) for a subnet that will be used to test a new default route for your network Traffic originating from 10.2.250.0/24 should use a new default route to 10.1.1.253. Other non-default routes for this subnet should not be affected by this change. What are two parts of the solution for these requirements? (Select two.) pbr-action-list def_route_test default-nexthop 10.1.1.253/24 class ip test_subnet 10 match any 10.2.250.0/24 any policy def_route_test_policy 10 class ip test_subnet action pbr def_route_test interface vlan 100 ip address 10.2.250.0/24 apply policy pbr_test routed in class ip test_subnet 10 match any 10.2.250.0 255.255.255.0 any policy def_route_test_policy 10 class ip ip_test_subnet action pbr def_route_test interface vlan 100 ip address 10.2.250.0/24 apply policy pbr_test routed out pbr-action-list def_route_test default-nexthop 10.1.1.253 interface null pbr-action-list def_route_test nexthop 10.1.1.253 interface null. Your customer is complaining of weak Wi-Fi coverage in their office. They mention that the office on the other side of the hall has much better signal. What is the likely cause of this issue The AP is a remote access point The AP is using a directional antenna. The AP is an outdoor access point. The AP is configured in Mesh mode. Your customer is interested in hearing more about how roles can help keep consistent policy enforcement in a distributed overlay fabric. How would you explain this concept to them' Group Based Policy ID is applied on egress VTEP after device authentication and policy is enforced on ingress VTEP Role-based policies are tied to IP addresses which have an advantage over IP-based policies and role names are sent between VTEPs Group Based Policy ID is applied on ingress VTEP after device authentication and policy is enforced on egress VTEP Role-based policies enhance User Based Tunneling across the campus network and the policy traffic is protected with iPsec. With the Aruba CX 6000 24G switch with uplinks of 1/1/25 and what does the switch do when a client port detects a loop and the do-not-disable parameter is used? Port status will be validated once status is cleared An event log message is created. The network analytics engine is triggered. Port status led blinks in amber with 100hz. What is a primary benefit of BSS coloring? BSS color tags improve performance by allowing clients on the same channel to share airtime. BSS color tags are applied to client devices and can reduce the threshold for interference BSS color tags are applied to Wi-Fi channels and can reduce the threshold for interference BSS color tags improve security by identifying rogue APs and removing them from the network. With the Aruba CX switch configuration, what is the Active Gateway feature that is used for and is unique to VSX configuration? VRRP and Active gateway are mutually exclusive on a VLAN VRID is set automatically as SVI vlan id VRIDs need to be non-overlapping with VRRP VRRP and Active Gateway can be configured on a single VLAN for interoperability. Your manufacturing client is having installers deploy seventy headless scanners and fifty IP cameras in their warehouse These new devices do not support 802 1X authentication. How can HPE Aruba reduce the IT administration overhead associated with this deployment while maintaining a secure environment using MPSK? Have the installers generate keys with ClearPass Self Service Registration. Have the MPSK gateway derive the unique pre-shared keys based on the MAC OUI Use MPSK Local to automatically provide unique pre-shared keys for devices MPSK Local will allow the cameras to share a key and the scanners to share a different key. You must ensure the HPEAruba network you are configuring for a client is capable of plug- and-play provisioning of access points. What enables this capability? UCC Service LLDP-MED SRTP CSMA. Which statements regarding OSPFv2 route redistribution are true for Aruba OS CX switches? (Select two.) The "redistribute connected" command will redistribute all connected routes for the switch including local loopback addresses The "redistribute ospf" command will redistribute routes from all OSPF V2 and V3 processes The "redistribute static route-map connected-routes" command will redistribute all static routes without a matching deny in the route map "connected-routes". The "redistribute connected" command will redistribute all connected routes for the switch except local loopback addresses The "redistribute static route-map connected-routes" command will redistribute all static routes with a matching permit in the route map "connected-routes-. In AOS 10. which session-based ACL below will only allow ping from any wired station to wireless clients but will not allow ping from wireless clients to wired stations"? The wired host ingress traffic arrives on a trusted port. ip access-list session pingFromWired any user any permit ip access-list session pingFromWired user any svc-icmp deny any any svc-icmp permit ip access-list session pingFromWired any any svc-icmp permit user any svc-icmp deny ip access-list session pingFromWired any any svc-icmp deny any user svc-icmp permit. With the Aruba CX 6100 48G switch with uplinks of 1/1/47 and 1/1/48. how do you automate the process of resuming the port operational state once a loop on a client port is cleared? Configure int 1/1/1-1/1/52 loop-protect disable timer Configure global loop-protect disable timer. Configure int 1/1/1-1/1/46 loop-protect re-enable-timer Configure global loop-protect re-enable-timer. What are two advantages of splitting a larger OSPF area into a number of smaller areas? (Select two ) It extends the LSDB It increases stability it simplifies the configuration It reduces processing overhead It reduces the total number of LSAs. You are deploying Aruba CX 6300's with the customers requirement to only allow one (1) VoIP phone and one (1) device. The following local role gets assigned to the phone port-access rote VoIP device-traffic-class voice. What set of commands best fits this requirement? interface 1/1/1 aaa authentication port-access client-limit 2 aaa authentication port-access auth-mode client-mode interface 1/1/1 aaa authentication port-access auth-mode multi-domain interface 1/1/1 aaa authentication port-access client-limit multi-domain 2 aaa authentication port-access auth-mode multi-domain interface 1/1/1 aaa authentication port-access client-limit 1. A customer wants to enable wired authentication across all their CX switches One of the requirements is that the switch must be able to authenticate a single computer connected through a VoIP phone. Which feature should be enabled to support this requirement? Multi-Domain Authentication Device-Based Mode MAC Authentication Multi-Auth Mode. Which component is used by the Aruba Network Analytics Engine (NAE)? JSON-based scripts Lisp-based agents Ruby-based scripts Current State Database. Your customer has four (4) Aruba 7200 Series Gateways and two (2) 7000 Series Gateways. The customer wants to form a cluster with these Gateways. What design consideration would prevent you from using all of those Gateways? Multiple versions between Gateways in the same cluster profile are not allowed AOS 10.x. A heterogeneous cluster is not supported in AOS 10.x. The AP load should be lowest value of worst-case scenario load A combination of 7200 series and 7000 series gateways supports up to 4 nodes. What is enabled by LLDP-MED? (Select two.) Voice VLANs can be automatically configured for VoIP phones APs can request power as needed from PoE-enabled switch ports iSCSl client devices can request to have flow control enabled GVRP VLAN information can be used to dynamically add VLANs to a trunk iSCSl client devices can set the required MTU setting for the port. Which statement best describes QoS? Determining which traffic passes specified quality metrics Scoring traffic based on the quality of the contents Identifying specific traffic for special treatment Identifying the quality of the connection. you are implementing ClearPass Policy Manager with EAP-TLS for authenticating all corporate-owned devices. What are two possible solutions to the problem of deploying client certificates to corporate MacBooks that are joined to a Windows domain? (Select two.) ClearPass OnBoard Windows Server PKl and a GPO Apple Configurator and a GPO ClearPass OnGuard Mobile Device Manager. You are building a configuration in Central that will be used for a standardized network design for small sites for your company, you want to use GUI configuration for gateways and Aps, while template configuration for switches. You need to align with Aruba best practices. Which set of actions will satisfy these requirements? Create one group in Central for switches a second group for APs. and a third group for gateways. Create a unique site for each location, and assign devices to the appropriate site. Create one group in Central for switches and a second group for APs and gateways. Create a unique site for each location, and assign devices to the appropriate site Create a single group in Central. Create a unique site for each location, and assign devices to the appropriate site. Create a single group in Central. Create a unique site for each type of device, and assign devices to the appropriate site. You are setting up a customer's 15 headless loT devices that do not support 802.1X. What should you use? Multiple Pre-Shared Keys (MPSK) Local Clearpass with WPA3-PSK Clearpass with WPA3-AES Multiple Pre-Shared Keys (MPSK) with WPA3-AES. You are troubleshooting an issue with a pair of Aruba CX 8360 switches configured with VSX Each switch has multiple VRFs. You need to find the IP address of a particular client device with a known MAC address You run the "show arp" command on the primary switch in the pair but do not find a matching entry for the client MAC address. The client device is connected to an Aruba CX 6100 switch by VSX LAG. Which action can be used to find the IP address successfully? Run the following command on the CX 6100 Switch: show mac-address-table Run the following command on the VSX primary switch: show arp all-vrfs Run the following command on the VSX primary switch: show mac-address-table Run the following command on the CX 6100 Switch: show arp all-vrfs. Your customer has asked you to assign a switch management role for a new user The customer requires the user role to only have Web Ul access to the System > Log page and only have access to the GET method for REST API for the /logs/event resource Which default AOS-CX user role meets these requirements? administrators auditors sysops operators. Two AOS-CX switches are configured with VSX at the the Access-Aggregation layer where servers attach to them An SVI interface is configured for VLAN 10 and serves as the default gateway for VLAN 10. The ISL link between the switches fails, but the keepalive interface functions. Active gateway has been configured on the VSX switches. What is correct about access from the servers to the Core? (Select two.) Server 1 can access the core layer via the keepalrve link Server 2 can access the core layer via the keepalive link Server 2 cannot access the core layer. Server 1 can access the core layer via both uplinks Server 1 and Server 2 can communicate with each other via the core layer Server 1 can access the core layer on only one uplink. You are deploying a bonded 40 MHz wide channel. What is the difference in the noise floor perceived by a client using this bonded channel as compared to an unbonded 20MHz wide channel? 2dB 3dB 8dB 4dB. Which method is used to onboard a new UXI in an existing environment with 802 1X authentication? (The sensor has no cellular connection) Use the UXI app on your smartphone and connect the UXI via Bluetooth Use the Aruba installer app on your smartphone to scan the barcode Connect the new UXI from an already installed one and adjust the initial configuration Use the CLI via the serial cable and adjust the initial configuration. Which feature supported by SNMPv3 provides an advantage over SNMPv2c? Transport Community strings GetBulk Encryption. You need to create a keepalive network between two Aruba CX 8325 switches for VSX configuration How should you establish the keepalive connection? SVI, VLAN trunk allowed all on ISL in default VRF routed port in custom VRF loopback 0 and OSPF area 0 in default VRF SVI, VLAN trunk allowed all on ISL in custom VRF. With the Aruba CX switch configuration, what is the Active Gateway feature that is used for and is unique to VSX configuration? Sixteen different VMACs are supported total as shared Active Gateway can once MSTP instances are created for VLAN load sharing Sixteen different VMACS are supported for each IPV4 and IPV6 stack simultaneously copied over the ISL link for an optimized path. your customer has asked you to assign a switch management role for a new user The customer requires the user role to View switch configuration information and have access to the PUT and POST methods for REST API. Which default AOS-CX user role meets these requirements? administrators auditors sysops helpdesk. Due to a shipping error, five (5) Aruba AP-515's and one (1) Aruba CX 6300 were sent directly to your new branch office You have configured a new group persona for the new branch office devices in Central, but you do not know their MAC addresses or serial numbers The office manager is instructed via text message on their smartphone to onboard all the new hardware into Aruba Central What application must the office manager use on their phone to complete this task? Aruba Onboard App Aruba Central App Aruba CX Mobile App Aruba installer App. A network administrator is troubleshooting some issues guest users are having when connecting and authenticating to the network The access switches are AOS-CX switches. What command should the administrator use to examine information on which role the guest user has been assigned? show aaa authentication port-access interface all client-status show port-access captiveportal profile show port-access role diag-dump captiveportal client verbose. How is Dynamic Multicast Optimization (DMO) implemented in an HPE Aruba wireless network? DMO is configured individually tor each SSID in use in the network. The AP uses OOS to provide equal air time for multicast traffic DMO is configured globally for each SSID in use in the network The controller converts multicast streams into unicast streams. Which statements regarding Aruba NAE agents are true? (Select two ) A single NAE script can be used by multiple NAE agents NAE agents are active at all times NAE agents will never consume more than 10% of switch processor resources NAE scripts must be reviewed and signed by Aruba before being used A single NAE agent can be used by multiple NAE scripts. A customer wants to deploy a Gateway and take advantage of all the SD-WAN features. Which persona role option should be selected? ArubaOS 10 Branch ArubaOS 10 VPN Concentrator ArubaOS 10 Wireless ArubaOS 10 Mobility. A network administrator is attempting to troubleshoot a connectivity issue between a group of users and a particular server The administrator needs to examine the packets over a period of time from their desktop; however, the administrator is not directly connected to the AOS-CX switch involved with the traffic flow. What statements are correct regarding the ERSPAN session that needs to be established on an AOS-CX switch'? (Select two ) On the source AOS-CX switch, the destination specified is the switch to which the administrator's desktop is connected The encapsulation protocol used is GRE. The encapsulation protocol used is VXLAN The encapsulation protocol is UDP On the source AOS-CX switch, the destination specified is the administrators desktop. A company recently upgraded its campus switching infrastructure with Aruba 6300 CX switches. They have implemented 802.1X authentication on edge ports where laptop and loT devices typically connect An administrator has noticed that for PoE devices the pons are delivering the maximum wattage instead of what the device actually needs Upon connecting the loT devices, the devices request their specific required wattage through information exchange. Concerned about this waste of electricity, what should the administrator implement to solve this problem? Enable AAA authentication to exempt LLDP and/or CDP information Globally enable the QoS trust setting for LLDP and/or CDP Create device profiles with the correct power definitions Implement a classifier policy with the correct power definitions. With Aruba CX 6300. how do you configure ip address 10.10.10.1 for the interface in default state for interface 1/1/1? int 1/1/1. switching, ip address 10 10 10 1/24 int 1/1/1. no switching, ip address 10 10 10.1/24 int 1/1/1. ip address 10.10.10.1/24 int 1/1/1, routing, ip address 10.10.10 1/24. A customer is looking Tor a wireless authentication solution for all of their loT devices that meet the following requirements - The wireless traffic between the IoT devices and the Access Points must be encrypted - Unique passphrase per device - Use fingerprint information to perform role-based access Which solutions will address the customer's requirements? (Select two.) MPSK and an internal RADIUS server MPSK Local with MAC Authentication ClearPass Policy Manager MPSK Local with EAP-TLS Local User Derivation Rules. Your customer currently has two (2) 5406 modular switches with MSTP configured as their core switches. You are proposing a new solution. What would you explain regarding the Aruba CX VSX switch pair when the Primary VSX node is replaced and the system MAC is replaced? VSX will select the MAC address from a node that is the lower ID. Configure vMAC on the Primary VSX node under VSX to retain MAC after hardware replacement. VSX will select the MAC address from a node that is a higher ID During the initial VSX configuration, the system-mac is assigned with a fixed MAC based on VSX ID. Which statements are true about VSX LAG? (Select two.) The total number of configured links may not exceed 8 for the pair or 4 per switch Outgoing traffic is switched to a port based on a hashing algorithm which may be either switch in the pair LAG traffic is passed over VSX ISL links only while upgrading firmware on the switch pair Outgoing traffic is preferentially switched to local members of the LAG Up to 255 VSX lags can be configured on all 83xx and 84xx model switches. What is an OSPF transit network? a network that uses tunnels to connect two areas a special network that connects two different areas a network on which a router discovers at least one neighbor a network that connects to a different routing protocol. What does the 802.3bz standard describe? 2.5Gb and 5Gb Ethernet ports 60 W and 90W PoE AP directed roaming between APs 60 GHz P2P Wi-Fi. Your Director of Security asks you to assign AOS-CX switch management roles to new employees based on their specific job requirements After the configuration was complete, it was noted that a user assigned with the administrators role did not have the appropriate level of access on the switch. The user was not limited to viewing nonsensitive configuration information and a level of 1 was not assigned to their role. Which default management role should have been assigned for the user? sysadmin operators helpdesk config. A customer just upgraded aggregation layer switches and noticed traffic dropping for 120 seconds after the aggregation layer came online again. What is the best way to avoid having this traffic dropped given the topology below? Configure the linkup delay timer to 240 seconds to double the amount of lime for the initial phase to sync Configure the linkup delay timer to exclude LAGS 101 and 102, which will allow time for routing adjacencies to form and to learn upstream routes Configure the linkup delay timer to include LAGs 101 and 102, which will allow time for routing adjacencies lo form and to learn upstream routes Configure the linkup delay timer to 120 seconds, which will allow the right amount of time for the initial phase to sync. Which statements are true regarding a VXLAN implementation on Aruba Switches? (Select two.) MTU size must be increased beyond the default VNIs encapsulate and decapsulate VXLAN traffic VTEPs encapsulate and decapsulate VXLAN traffic They are only available for datacenter switches (CX 8k, 9k,10k) All Aruba CX switches support VXLAN. Which Aruba AP mode is sending captured RF data to Aruba Central for waterfall plot? Hybrid Mode Air Monitor Spectrum Monitor Dual Mode. A customer has a large number of food-producing machines All machines are connected via Aruba CX6200 switches in VLANs 100,110, and 120 Several external technicians are maintaining this special equipment What are the correct commands to ensure that no rogue DHCP server will impact the network? dhcpv4-snooping enable no dhcpv4-snooping option 82 dhcpv4-snooping vlan 100-120 vlan 100 name cornflakes vlan 110 name commill vlan 120 name packaging interface lag 1 no shutdown description Uplink-to-Core vlan trunks native 1 vlan trunks allowed all lacp mode active dhcpv4-snooping trust dhcpv4-snooping enable no dhcpv4-snooping option 82 vlan 100 name cornflakes dhcpv4-snooping vlan 110 name commill dhcpv4-snooping vlan 120 name packaging dhcpv4-snooping interface lag 1 no shutdown description Uplink-to-Core vlan trunks native 1 vlan trunks allowed all dhcpv4-snooping trust dhcpv4-snooping all vlans no dhcpv4-snooping option 82 interface lag 1 no shutdown description Uplink-to-Core vlan trunks native 1 vlan trunks allowed all dhcpv4-snooping trust dhcpv4-snooping no dhcpv4-snooping option 82 vlan 100 name cornflakes dhcpv4-snooping vlan 110 name commill dhcpv4-snooping vlan 120 name packaging dhcpv4-snooping interface lag 1 no shutdown description Uplink-to-Core vlan trunks native 1 vlan trunks allowed all dhcpv4-snooping trust. You are configuring an SVI on an Aruba CX switch that needs to have the following characteristics: VLANID = 25 IPv4 address 10 105 43 1 with mask 255 255 255.0 IPv6 address fd00:5708::f02d:4df6 with a 64 bit prefix length member of VRF eng VRF eng and VLAN 25 have not yet been created Which command lists will satisfy the requirements with the least number of commands? vrf eng vlan 25 interface vlan 25 ip address 10.105.43.1 255.255.25.0 ipv6 address fd00:5708::f02d:d4f6/64 vrf attach eng interface vlan 25 vrf attach eng ip address 10.105.43.1 255.255.25.0 ipv6 address fd00:5708::f02d:d4f6/64 interface vlan 25 vrf attach eng ip address 10.105.43.1/24 ipv6 address fd00:5708::f02d:d4f6/64 vrf eng vlan 25 interface vlan 25 ip address 10.105.43.1/24 ipv6 address fd00:5708::f02d:d4f6/64 vrf attach eng . Match the solution components of NetConductor (Options may be used more than once or not at all.) Client Insights Cloud Auth The Fabric Wizard Policy Manger . Match the topics of an AOS10 Tunneled mode setup between an AP and a Gateway. (Options may be used more than once or not at all.) Authenticator Negotiate IPSEC Phase 1 Negotiate IPSEC Phase 2 RADIUS proxy. Match the terms below to their characteristics (Options may be used more than once or not at all.) Broadcast IP Directed Broadcast Multicast Unicast . Match each PoE power class to Its corresponding 802.3 standard. (Options may he used more than once or not at all) 802.3at 802.3bt 802.3af . List the firewall role derivation flow in the correct order. Authentication default role-Initial role assinged-Server derived role-User derived role Server_derived_role Authentication_default_role Initiation_role_assigned User_derived_role. What is the order of operations tor Key Management service for a wireless client roaming from AP1 to AP2? Cache the client's information Client associates and authenticates to AP1 Generate Parwise Master Key keys for AP1'S Neighbors Get AP1 neighbor AP list Share Parwise Master key along with VLAN and User Role to target APs Cache_the_client's_information Get_AP1_neighbor_AP_list Generate_Parwise_Master_Key_keys_for_AP1'S_Neighbors Client_associate_and_authenticates_to_AP1 Share_Parwise_Master_key_along_with_VLAN_and_User_Role_to_target_APs. Match the topics with the underlying technologies (Options may be used more than once or not at all.) EVPN-VXLAN User Based Tunneling (UBT) . List the WPA 4-Way Handshake functions in the correct order. Distributes an encrypted GTK to the client Exchanges messages for generating PTK Sets first initialization vector (IV) Proves knowledge of the PMK Exchanges_messages_for_generating_PTK Proves_knowledge_of_the_PMK Sets_first_initialization_vector_(IV) Distributes_an_encrypted_GTK_to_the_client. Match the appropriate QoS concept with its definition. (Options may be used more than once or not at all.) Best Effort Service Class of Service WMM Differentiated services . |
Denunciar Test