HP HPE6-A78 Real Exam Questions
The questions for HPE6-A78 were last updated at Nov 18,2024.
- Exam Code: HPE6-A78
- Exam Name: Aruba Certified Network Security Associate Exam
- Certification Provider: HP
- Latest update: Nov 18,2024
What is a guideline for creating certificate signing requests (CSRs) and deploying server Certificates on ArubaOS Mobility Controllers (MCs)?
- A . Create the CSR online using the MC Web Ul if your company requires you to archive the private key.
- B . if you create the CSR and public/private Keypair offline, create a matching private key online on the MC.
- C . Create the CSR and public/private keypair offline If you want to install the same certificate on multiple MCs.
- D . Generate the private key online, but the public key and CSR offline, to install the same certificate on multiple MCs.
How should admins deal with vulnerabilities that they find in their systems?
- A . They should apply fixes, such as patches, to close the vulnerability before a hacker exploits it.
- B . They should add the vulnerability to their Common Vulnerabilities and Exposures (CVE).
- C . They should classify the vulnerability as malware. a DoS attack or a phishing attack.
- D . They should notify the security team as soon as possible that the network has already been breached.
What is a guideline for managing local certificates on an ArubaOS-Switch?
- A . Before installing the local certificate, create a trust anchor (TA) profile with the root CA certificate for the certificate that you will install
- B . Install an Online Certificate Status Protocol (OCSP) certificate to simplify the process of
enrolling and re-enrolling for certificate - C . Generate the certificate signing request (CSR) with a program offline, then, install both the certificate and the private key on the switch in a single file.
- D . Create a self-signed certificate online on the switch because ArubaOS-Switches do not support CA-signed certificates.
Which correctly describes a way to deploy certificates to end-user devices?
- A . ClearPass Onboard can help to deploy certificates to end-user devices, whether or not they are members of a Windows domain
- B . ClearPass Device Insight can automatically discover end-user devices and deploy the proper certificates to them
- C . ClearPass OnGuard can help to deploy certificates to end-user devices, whether or not they are members of a Windows domain
- D . in a Windows domain, domain group policy objects (GPOs) can automatically install computer, but not user certificates
You have an Aruba Mobility Controller (MC). for which you are already using Aruba ClearPass Policy Manager (CPPM) to authenticate access to the Web Ul with usernames and passwords You now want to enable managers to use certificates to log in to the Web Ul CPPM will continue to act as the external server to check the names in managers’ certificates and tell the MC the managers’ correct rote in addition to enabling certificate authentication.
What is a step that you should complete on the MC?
- A . Verify that the MC has the correct certificates, and add RadSec to the RADIUS server configuration for CPPM
- B . install all of the managers’ certificates on the MC as OCSP Responder certificates
- C . Verify that the MC trusts CPPM’s HTTPS certificate by uploading a trusted CA certificate Also, configure a CPPM username and password on the MC
- D . Create a local admin account mat uses certificates in the account, specify the correct trusted CA certificate and external authentication
Your Aruba Mobility Master-based solution has detected a rogue AP Among other information the ArubaOS Detected Radios page lists this Information for the AP
SSID = PubllcWiFI
BSSID = a8M27 12 34:56
Match method = Exact match
Match type = Eth-GW-wired-Mac-Table
The security team asks you to explain why this AP is classified as a rogue .
What should you explain?
- A . The AP Is connected to your LAN because It is transmitting wireless traffic with your network’s default gateway’s MAC address as a source MAC Because it does not belong to the company, it is a rogue
- B . The ap has a BSSID mat matches authorized client MAC addresses. This indicates that the AP is spoofing the MAC address to gam unauthorized access to your company’s
wireless services, so It is a rogue - C . The AP has been detected as launching a DoS attack against your company’s default gateway. This qualities it as a rogue which needs to be contained with wireless association frames immediately
- D . The AP is spoofing a routers MAC address as its BSSID. This indicates mat, even though WIP cannot determine whether the AP is connected to your LAN. it is a rogue.