HP HPE6-A78 Practice Exams
Last updated on Apr 07,2025- Exam Code: HPE6-A78
- Exam Name: Aruba Certified Network Security Associate Exam
- Certification Provider: HP
- Latest update: Apr 07,2025
You have detected a Rogue AP using the Security Dashboard Which two actions should you take in responding to this event? (Select two)
- A . There is no need to locale the AP If you manually contain It.
- B . This is a serious security event, so you should always contain the AP immediately regardless of your company’s specific policies.
- C . You should receive permission before containing an AP. as this action could have legal Implications.
- D . For forensic purposes, you should copy out logs with relevant information, such as the time mat the AP was detected and the AP’s MAC address.
- E . There is no need to locate the AP If the Aruba solution is properly configured to automatically contain it.
What is a guideline for managing local certificates on an ArubaOS-Switch?
- A . Before installing the local certificate, create a trust anchor (TA) profile with the root CA certificate for the certificate that you will install
- B . Install an Online Certificate Status Protocol (OCSP) certificate to simplify the process of
enrolling and re-enrolling for certificate - C . Generate the certificate signing request (CSR) with a program offline, then, install both the certificate and the private key on the switch in a single file.
- D . Create a self-signed certificate online on the switch because ArubaOS-Switches do not support CA-signed certificates.
What is a benefit or using network aliases in ArubaOS firewall policies?
- A . You can associate a reputation score with the network alias to create rules that filler traffic based on reputation rather than IP.
- B . You can use the aliases to translate client IP addresses to other IP addresses on the other side of the firewall
- C . You can adjust the IP addresses in the aliases, and the rules using those aliases automatically update
- D . You can use the aliases to conceal the true IP addresses of servers from potentially untrusted clients.
You have been asked to rind logs related to port authentication on an ArubaOS-CX switch for events logged in the past several hours But. you are having trouble searching through the logs.
What is one approach that you can take to find the relevant logs?
- A . Add the "-C and *-c port-access" options to the "show logging" command.
- B . Configure a logging Tiller for the "port-access" category, and apply that filter globally.
- C . Enable debugging for "portaccess" to move the relevant logs to a buffer.
- D . Specify a logging facility that selects for "port-access" messages.
Refer to the exhibit.
You are deploying a new ArubaOS Mobility Controller (MC), which is enforcing authentication to Aruba ClearPass Policy Manager (CPPM). The authentication is not working correctly, and you find the error shown In the exhibit in the CPPM Event Viewer.
What should you check?
- A . that the MC has been added as a domain machine on the Active Directory domain with which CPPM is synchronized
- B . that the snared secret configured for the CPPM authentication server matches the one defined for the device on CPPM
- C . that the IP address that the MC is using to reach CPPM matches the one defined for the device on CPPM
- D . that the MC has valid admin credentials configured on it for logging into the CPPM
How should admins deal with vulnerabilities that they find in their systems?
- A . They should apply fixes, such as patches, to close the vulnerability before a hacker exploits it.
- B . They should add the vulnerability to their Common Vulnerabilities and Exposures (CVE).
- C . They should classify the vulnerability as malware. a DoS attack or a phishing attack.
- D . They should notify the security team as soon as possible that the network has already been breached.
CORRECT TEXT
What is a use case for tunneling traffic between an Aruba switch and an AruDa Mobility Controller (MC)?
- A . applying firewall policies and deep packet inspection to wired clients
- B . enhancing the security of communications from the access layer to the core with data encryption
- C . securing the network infrastructure control plane by creating a virtual out-of-band-management network
- D . simplifying network infrastructure management by using the MC to push configurations to the switches
What is symmetric encryption?
- A . It simultaneously creates ciphertext and a same-size MAC.
- B . It any form of encryption mat ensures that thee ciphertext Is the same length as the plaintext.
- C . It uses the same key to encrypt plaintext as to decrypt ciphertext.
- D . It uses a Key that is double the size of the message which it encrypts.
Which correctly describes a way to deploy certificates to end-user devices?
- A . ClearPass Onboard can help to deploy certificates to end-user devices, whether or not they are members of a Windows domain
- B . ClearPass Device Insight can automatically discover end-user devices and deploy the proper certificates to them
- C . ClearPass OnGuard can help to deploy certificates to end-user devices, whether or not they are members of a Windows domain
- D . in a Windows domain, domain group policy objects (GPOs) can automatically install computer, but not user certificates
What is a guideline for creating certificate signing requests (CSRs) and deploying server Certificates on ArubaOS Mobility Controllers (MCs)?
- A . Create the CSR online using the MC Web Ul if your company requires you to archive the private key.
- B . if you create the CSR and public/private Keypair offline, create a matching private key online on the MC.
- C . Create the CSR and public/private keypair offline If you want to install the same certificate on multiple MCs.
- D . Generate the private key online, but the public key and CSR offline, to install the same certificate on multiple MCs.