You are troubleshooting a network issue on a VSX cluster. The network was functioning properly yesterday but today the network operations center is receiving alerts. On one of the two VSX members, a ‘show interface brief’ indicated that all VSX LAGs are “down by feature”.
What could be the cause of this condition?
ALAGs were disabled because a split-brain condition was detected.
BBoth VSX members are configurated as Primary.
CVSX has detected a firmware version mismatch.
DVSX-sync is not enabled on the cluster.
A customer is experiencing problems with BGP on their AOS-CX network. The users cannot access specific resources on the network, even though they have been assigned the appropriate roles and permissions.
What is the most likely cause of the problem?
AThe HPE Aruba Networking ClearPass configuration is incorrect.
BThe GBP tags are not being applied correctly to the user’s traffic.
CThe GBP database is corrupted.
DThe users are not being assigned the correct GBP classes.
You are configuring an HPE Aruba Networking gateway cluster with AOS-10. What is true about gateway functionality? (Choose two.)
APAPI traffic is traversing through an IPSEC tunnel.
BLACP is not supported when manually provisioning gateways.
CMultiversioning between AP and gateways is not supported.
DAOS-10 only supports high-value client session synchronization for the first failover.
EUser traffic in tunneled mode is encrypted per default.
An OSPF router has learned a path to an external network by both an E1 and E2 advertisement, both routes having the same path cost.
Which path will the router prefer?
ABoth routes will be suppressed until the path conflict has been resolved.
BThe router will use both paths equally my means of ECMP.
CThe router will prefer the E1 path.
DThe router will prefer the E2 path.
You are configuring an SSID that is using 802.1X as a security mechanism. What is the reason for using WPA3-Enterprise (CCM-128) when deploying Wi-Fi 6 networks?
AWPA3-Enterprise (CCM-128) is also called WPA3-Enterprise Transition Mode. It will allow WPA2 clients to connect.
BWPA3-Enterprise (CCM-128) is also called WPA3-Enterprise Compatibility Mode. It will allow WPA2 clients to connect.
CWPA3-Enterprise (CCM-128) is also called WPA3-Enterprise Only Mode. There is no support for WPA2 clients.
DWPA3-Enterprise (CCM-128) is also called WPA3-Enterprise 192-bit mode. It is WPA3 only and enforces specific EAP certificate ciphers.
An IT administrator wants to set up an HPE Aruba Networking User Experience Insight (UXI) sensor. During the initiation process, the administrator sees that the color of the LED is orange.
What does the orange LED mean?
AThe sensor needs multi-rate port but this port is only standard 1G port
BThe sensor is still booting
CThe sensor cannot connect to the UXI cloud
DThis is a G6E UXI sensor and does not have enough PoE power
A hospital is using a multicast configuration on its network in a separate VLAN for the televisions in each room. Which feature prevents unwanted multicast on switches where it is not needed?
AIGMP snooping
BIGMP static-group
CIGMP disabled on unneeded switches
DIGMP protocol
What is the best practice for using Dynamic Segmentation?
AUse UBT to create isolated networks for specific types of devices.
BUse a combination of role-based access and overlay technologies to create a layered security approach
CUse LUR to assign roles to devices based on their location and DUR to assign roles to devices based on their user identity.
DUse Dynamic Segmentation only on devices that are connected to the network via Wi-Fi.
A client installed 655 APs in a project to upgrade the network in a large public venue. The customer states that they are having issues with the integration with the new sensor system (Bluetooth) that will help the facilities team monitor when the venue is in the use.
What could be the issue?
AAP-655 does not have Bluetooth radio
Bthroughput
CPoE
DBluetooth needs an advanced AP license.
Which tables are synchronized between a pair of CX 10000 switches in a VSX cluster? (Choose two.)
Alink Layer Discovery Protocol (LLDP)
BDynamic Host Control Protocol (DHCP)
CAddress Resolution Protocol (ARP)
DIP Routing
EBGP Neighbors
A network administrator wants to collect dumps for traffic sources or destined to a specific IP address. What is the simplest diagnostic command or commands on AOS-CX switches to accomplish this?
A gateway cluster with AOS-10 is managed by HPE Aruba Networking Central. In a failover, what is the expected behavior of the client traffic?
AClient traffic is disrupted during the AP bootstrap.
BClient state synchronization is supported on each failover.
CClient IPv4 multicast session failover is not supported.
DClient state synchronization is supported on the first failover.
An administrator is monitoring third-party WLAN transmitters in HPE Aruba Networking Central and some of them are classified as rogue and suspected rogue.
How are suspected rogues classified when using the default classification method for the rule “Suspected AP On-Prem” in HPE Aruba Networking Central?
Asignal level = “-65 dbM” AND WLAN classification = “On-Prem”
Bsignal level = “-65 dbM” AND WLAN classification = “On-Interfering”
Csignal level = “-50 dbM” AND WLAN classification = “On-Interfering”
Which issue may be causing the new door locks on the APs to not work?
AAT power to the AP is too much.
BBT power to the AP is too much.
CAF power to the AP is not enough.
DAT power to the AP is not enough.
Ever since a recent firewall change at your WAN/Internet edge, the BGP state in your VSX pair has not returned to Established.
What should you check to restore BGP functionality at this site?
ARestart the routing service so that BGP auto-discovers its neighbors.
BConfirm that appropriate TCP ports are still allowed.
CRestart NAT service for the BGP interface.
DConfirm that BGP Peer AS has not changed.
Which minimal configurations must be completed for MSTP to work correctly? (Choose two.)
AMSTP region
Bbridge priority number
Crevision number
DMSTP enabled interfaces
Ecreating MSTP instances
A pair of CX 8325 series switches is configured in a VSX cluster. Which function is executed on both VSX members during normal operation?
Areplies to ARP requests with the cluster vMAC
Broutes PIM and PIM-DR
Crelays DHCP requests or servers DHCP offer
Dperiodically sends gratuitous ARP and broadcast hello packets
A Python developer was able to read but could not modify the VLAN database on an AOS-CX switch through the REST API.
Which settings should the developer check first? (Choose two.)
AHTTPS settings
BSNMP settings
CSSH settings
Dcookie settings
EREST API settings
A customer wants to deploy IoT security devices that are PoE-powered. Due to its criticality, it is required that those devices remain active, even during a switch software upgrade.
What is a valid solution to meet customer requirements?
Aa VSX pair of switches for redundancy
Bpower-over-ethernet priority
Cpower-over-ethernet always-on
Dpower-over-ethernet quick-poe
You are configuring an HPE Aruba Networking Gateway Cluster with AOS-10. What is true about 802.1X functionality in combination with gateways? (Choose two.)
AUsers on L3-connected gateways need to perform a full authentication after re-associated on the AP.
BThe UDG remains fixed on L2-connected gateways but not on L3-connected gateways.
CRegardless of using gateways, the CoA message is always sent to the APs.
DThe gateways are used as a RADIUS proxy, while the AP is the authenticator.
EThe gateways act as RADIUS Proxy only in Tunneled and Bridged Mode.
Which is a best practice for configuring GBP?
AConfigure GBP classes to have a destination role that is different from the associated user role.
BUse static user roles (SUR) to configure GBP.
CConfigure GBP classes to have a destination role that is the same as the associated user role.
DUse downloadable user roles (DUR) to configure GBP.
A user cannot connect to the wired network using 802.1X with EAP-TLS. The user’s device is configured correctly and the user has a valid certificate. The RADIUS server logs show that the user is authenticating successfully.
What could be the reason for this issue?
AThere is an issue with the switch interface configuration.
BThe user’s device is not using the correct certificate authority.
CThe switch is not configured to use EAP-TLS.
DThe RADIUS server is not configured to use EAP-TLS.
You are configuring an SSID that is using PSK as a security mechanism. Why should you use WPA3-Personal with WPA3 Transition Mode disabled?
AWPA3-Personal with Transition Mode disabled is mandatory for 5 GHz-enabled networks.
BWPA3-Personal with Transition Mode disabled is optional for 6 GHz-enabled networks as there is a built-in fallback to 5 GHz mode with WPA2.
CWPA3-Personal with Transition Mode disabled is mandatory for 6 GHz-enabled networks.
DWPA3-Personal with Transition Mode disabled should be used to prevent legacy clients from connecting to the network.
What is the maximum number of interfaces that can be active in the same LACP link on AOS-CX access layer switches?
A16
B8
C2
D4
A client uses HPE Aruba Networking Central to manage and monitor wired and wireless networks. What are two advanced options in HPE Aruba Networking Central to troubleshoot wireless performance? (Choose two.)
Preview
