Your AOS solution has detected a rogue AP with Wireless Intrusion Prevention (WIP).
Which information about the detected radio can best help you to locate the rogue device?
Athe match type
Bthe match method
Cthe detecting devices
Dthe confidence level
0
Question 2
Investigate
0
Question 3
Analyze
0
Question 4
Analyze
0
Question 5
Investigate
0
That's the end of the Preview
This exam has 60 community-verified practice questions. Create a free account to access all questions, comments, and explanations.
You have deployed a new HPE Aruba Networking Mobility Controller (MC) and campus APs (CAPs). One of the WLANs enforces 802.1X authentication to HPE Aruba Networking ClearPass Policy Manager (CPPM). When you test connecting the client to the WLAN, the test fails. You check ClearPass Access Tracker and cannot find a record of the authentication attempt. You ping from the MC to CPPM, and the ping is successful.
What is a good next step for troubleshooting?
ACheck connectivity between CPPM and a backend directory server.
BCheck CPPM Event Viewer.
CRenew CPPM’s RADIUS/EAP certificate.
DReset the user credentials.
Which actions do hackers often take after compromising the first system in a network?
AThey use tools like Nmap to collect information about the devices on the network, including IP addresses and OS types.
BThey use rootkits and jailbreaks to scan the network and collect information about IP addresses and open ports.
CThey use vertical privilege elevation, which means that they attempt to trick more users into exposing their passwords.
DThey remain on the system that they first targeted in order to avoid detection, as the original target is almost always the valuable system.
What is a benefit of Opportunistic Wireless Encryption (OWE)?
AIt allows anyone to connect, but provides better protection against eavesdropping than a traditional open network.
BIt offers more control over who can connect to the wireless network when compared with WPA2-Personal.
CIt allows both WPA2-capable and WPA3-capable clients to authenticate to the same WPA-Personal WLAN.
DIt provides protection for wireless clients against both honeypot APs and man-in-the-middle (MITM) attacks.
What does the NIST model for digital forensics define?
Awhich data encryption and authentication algorithms are suitable for enterprise networks in a world that is moving toward quantum computing
Bhow to define access control policies that will properly protect a company’s most sensitive data and digital resources
Cwhich types of architecture and security policies are best equipped to help companies establish a Zero Trust Network (ZTN)
Dhow to properly collect, examine, and analyze logs and other data, in order to use it as evidence in a security investigation
Question 6
Protect and Defend
0
Question 7
Analyze
Question 8
Investigate
Question 9
Investigate
Question 10
Protect and Defend
Question 11
Protect and Defend
Question 12
Protect and Defend
Question 13
Protect and Defend
Question 14
Analyze
Question 15
Analyze
Question 16
Analyze
Question 17
Investigate
Question 18
Investigate
Question 19
Investigate
Question 20
Analyze
Question 21
Protect and Defend
Question 22
Investigate
Question 23
Protect and Defend
Question 24
Analyze
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
You have been asked to send RADIUS debug messages from an AOS-CX switch to a central SIEM server at 10.5.15.6. The server is already defined on the switch with this command: logging 10.5.6.12
You enter this command: debug radius all
What is the correct debug destination?
Abuffer
Bconsole
Cfile
Dsyslog
Which is a correct description of a stage in the Lockheed Martin kill chain?
AIn the exploitation and installation phases, malware creates a backdoor into the infected system for the hacker.
BIn the delivery stage, malware collects valuable data and delivers or exfiltrates it to the hacker.
CIn the reconnaissance stage, the hacker assesses the impact of the attack and how much information was exfiltrated.
DIn the weaponization stage, which occurs after malware has been delivered to a system, the malware executes its function.
You have been asked to find logs related to port authentication on an AOS-CX switch for events logged in the past several hours. But you are having trouble searching through the logs.
What is one approach that you can take to find the relevant logs?
AEnable debugging for "portaccess" to move the relevant logs to a buffer.
BSpecify a logging facility that selects for "port-access" messages.
CAdd the "-r" and "-c port-access" options to the "show logging" command.
DConfigure a logging filter for the "port-access" category, and apply that filter globally.
What is a reason to set up a packet capture on an HPE Aruba Networking Mobility Controller (MC)?
AYou want the MC to analyze wireless clients' traffic at a lower level, so that the AOS firewall can control Web traffic based on the destination URL.
BThe company wants to use HPE Aruba Networking ClearPass Policy Manager (CPPM) to profile devices and needs to receive HTTP User-Agent strings from the MC.
CYou want the MC to analyze wireless clients' traffic at a lower level, so that the AOS firewall can control the traffic based on application.
DThe security team believes that a wireless endpoint connected to the MC is launching an attack and wants to examine the traffic more closely.
What is a use case for implementing RadSec instead of RADIUS?
AA corporation wants to implement EAP-TLS to authenticate wireless users at their main office.
BA university wants to protect communications between the students' devices and the network access server.
CA organization wants to strengthen the encryption used to protect RADIUS communications without increasing complexity.
DA school district wants to protect messages sent between RADIUS clients and servers over an untrusted network.
What is one of the policies that a company should define for digital forensics?
Ato which resources should various users be allowed access, based on their identity and the identity of their clients
Bwhat are the first steps that a company can take to implement micro-segmentation in their environment
Cwhich data should be routinely logged, where logs should be forwarded, and which logs should be archived
Dwhich type of EAP method is most secure for authenticating wired and wireless users with 802.1X
Which scenario requires an AOS-CX switch to use a certificate of its own?
Aenabling the switch to use RADIUS for enforcing 802.1X authentication with PEAP
Benabling the switch to use RadSec for enforcing 802.1X authentication with EAP-TLS
Cenabling the switch to use RADIUS for enforcing 802.1X authentication with EAP-TLS
Denabling the switch to retrieve Downloadable User Roles (DURs) from HPE Aruba Networking ClearPass
Refer to the exhibit, which shows the settings on the company’s MCs.
You have deployed about 100 new HPE Aruba Networking 335 APs.
What is required for the APs to become managed?
Aapproving the APs as authorized APs on the AP whitelist
Binstalling self-signed certificates on the Aps
Cconfiguring a PAPI key that matches on the APs and MCs
Dinstalling CA-signed certificates on the Aps
What are some functions of an AOS user role?
AThe role determines which wireless networks (SSIDs) a user is permitted to access.
BThe role determines which control plane ACL rules apply to the client's traffic.
CThe role determines which firewall policies and bandwidth contract apply to the client’s traffic.
DThe role determines which authentication methods the user must pass to gain network access.
A company has HPE Aruba Networking Mobility Controllers (MCs), HPE Aruba Networking campus APs, and AOS-CX switches. The company plans to use HPE Aruba Networking ClearPass Policy Manager (CPPM) to classify endpoints by type. The company is contemplating the use of ClearPass’s TCP fingerprinting capabilities.
What is a consideration for using those capabilities?
ATCP fingerprinting of wireless endpoints requires a third-party Mobility Device Management (MDM) solution.
BAOS-CX switches do not offer the support necessary for CPPM to use TCP fingerprinting on wired endpoints.
CYou will need to mirror traffic to one of CPPM’s span ports from a device such as a core routing switch.
DClearPass admins will need to provide the credentials of an API admin account to configure on HPE Aruba Networking devices.
What is social engineering?
AHackers use employees to circumvent network security and gather the information they need to launch an attack.
BHackers use Artificial Intelligence (AI) to mimic a user's online behavior so they can infiltrate a network and launch an attack.
CHackers spoof the source IP address in their communications so they appear to be a legitimate user.
DHackers intercept traffic between two users, eavesdrop on their messages, and pretend to be one or both users.
You are troubleshooting an authentication issue for HPE Aruba Networking switches that enforce 802.1 X to a cluster of HPE Aruba Networking ClearPass Policy Manager (CPPMs). You know that CPPM is receiving and processing the authentication requests because the Aruba switches are showing Access-Rejects in their statistics. However, you cannot find the record for the Access-Rejects in CPPM Access Tracker.
What is something you can do to look for the records?
AVerify that you are logged in to the CPPM UI with read-write, not read-only, access.
BClick Edit in Access Viewer and make sure that the correct servers are selected.
CGo to the CPPM Event Viewer, because this is where RADIUS Access Rejects are stored.
DMake sure that CPPM cluster settings are configured to show Access-Rejects.
Refer to the exhibit.
A company has an HPE Aruba Networking Instant AP cluster. A Windows 10 client is attempting to connect a WLAN that enforces WPA3-Enterprise with authentication to HPE Aruba Networking ClearPass Policy Manager (CPPM). CPPM is configured to require EAP-TLS. The client authentication fails. In the record for this client's authentication attempt on CPPM, you see this alert.
What is one thing that you check to resolve this issue?
Awhether EAP-TLS is enabled in the SSID Profile settings for the WLAN on the IAP cluster
Bwhether EAP-TLS is enabled in the AAA Profile settings for the WLAN on the IAP cluster
Cwhether the client has a valid certificate installed on it to let it support EAP-TLS
A company has HPE Aruba Networking Mobility Controllers (MCs), campus APs, and AOS-CX switches. The company plans to use HPE Aruba Networking ClearPass Policy Manager (CPPM) to classify endpoints by type. The HPE Aruba Networking ClearPass admins tell you that they want to run Network scans as part of the solution.
What should you do to configure the infrastructure to support the scans?
ACreate remote mirrors on the AOS-CX switches that collect traffic on edge ports, and mirror it to CPPM’s IP address.
BCreate device fingerprinting profiles on the AOS-CX switches that include SNMP, and apply the profiles to edge ports.
CCreate SNMPv3 users on the AOS-CX switches, and make sure that the credentials match those configured on CPPM.
DCreate a TA profile on the AOS-CX switches with the root CA certificate for HPE Aruba Networking ClearPass’s HTTPS certificate.
An AOS-CX switch enforces 802.1X on a port. No fail-through options or port-access roles are configured on the port. The 802.1X supplicant on a connected client has not yet completed authentication.
Which type of traffic does the authenticator accept from the client?
AEAP only
BDHCP, DNS, and RADIUS only
CRADIUS only
DDHCP, DNS, and EAP only
A customer has an HPE Aruba Networking network infrastructure. The customer is looking for a solution that can classify many different types of devices, including IoT devices.
What can you offer?
AHPE Aruba Networking ClearPass OnGuard
BHPE Aruba Networking ClearPass Device Insight
CHPE Aruba Networking Mobility Conductor
DHPE Aruba Networking ClearPass Onboard
A company has an A\OS controller-based solution with a WPA3-Enterprise WLAN, which authenticates wireless clients to HPE Aruba Networking ClearPass Policy Manager (CPPM). The company has decided to use digital certificates for authentication. A user’s Windows domain computer has had certificates installed on it. However, the Networks and Connections window shows that authentication has failed for the user. The Mobility Controller’s (MC’s) RADIUS events show that it is receiving Access-Rejects for the authentication attempt.
What is one place that you can you look for deeper insight into why this authentication attempt is failing?
Athe reports generated by HPE Aruba Networking ClearPass Insight
Bthe RADIUS events within the CPPM Event Viewer
Cthe Alerts tab in the authentication record in CPPM Access Tracker
Dthe packets captured on the MC controlplane destined to UDP 1812
What is one method for HPE Aruba Networking ClearPass Policy (CPPM) to use DHCP to classify an endpoint?
AIt can alter the DHCP Offer to insert itself as a proxy gateway. It will then be inline in the traffic flow and can apply traffic analytics to classify clients.
BIt can snoop DHCP traffic to register the clients’ IP addresses. It then knows where to direct its HTTP requests to actively probe for information about the client.
CIt can respond to a client’s DHCP Discover with different DHCP Offers and then analyze the responses to identify the client OS.
DIt can determine information such as the endpoint OS from the order of options listed in Option 55 of a DHCP Discover packet.
You are deploying a new wireless solution with an HPE Aruba Networking Mobility Master (MM), Mobility Controllers (MCs), and campus APs (CAPs). The solution will include a WLAN that uses Tunnel for the forwarding mode and WPA3-Enterprise for the security option.
You have decided to assign the WLAN to VLAN 301, a new VLAN. A pair of core routing switches will act as the default router for wireless user traffic.
Which links need to carry VLAN 301?
Aonly links on the path between APs and the core routing switches
Bonly links between MC ports and the core routing switches
Call links in the campus LAN to ensure seamless roaming
