Your Aruba CX 6300 VSF stack has OSPF adjacency over SVI 10 with LAG 1 to a neighboring device.
The following configuration was created on the switch:
A)
B)
C)
D)
- A . Option A
- B . Option B
- C . Option C
- D . Option D
C
Explanation:
The correct configuration for OSPF adjacency over SVI 10 with LAG 1 to a neighboring device is shown in Option C.
The configuration includes the following steps:
* Create a VLAN 10 and assign it a name and an IP address.
* Create a LAG 1 and assign it a name and a mode of dynamic or static.
* Add member ports to LAG 1 and enable the LAG interface.
* Assign VLAN 10 as the untagged VLAN for LAG 1.
* Enable OSPF on the switch and assign it a router ID.
* Create an OSPF area 0 and add SVI 10 as an interface in that area.
Option A is incorrect because it does not enable OSPF on the switch or create an OSPF area. Option B is incorrect because it assigns VLAN 10 as the tagged VLAN for LAG 1, which is not compatible with SVI 10.
Option D is incorrect because it does not add member ports to LAG 1 or enable the LAG interface.
References:
https://techhub.hpe.com/eginfolib/Aruba/OS-CX_10.04/5200-6692/GUID-BD3E0A5F-FE4C-4B9B-BE1D-FE7D
https://techhub.hpe.com/eginfolib/Aruba/OS-CX_10.04/5200-6692/GUID-BD3E0A5F-FE4C-4B9B-BE1D-FE7D
The customer needs a network hardware refresh to replace an aging Aruba 5406R core switch pair using spanning tree configuration with Aruba CX 8360-32YC switches.
What is the benefit of VSX clustering with the new solution?
- A . stacked data-plane
- B . faster MSTP converge processing
- C . dual Aruba AP LAN port connectivity for PoE redundancy
- D . dual control plane provides better resiliency
D
Explanation:
VSX clustering is a feature that allows two Aruba CX switches to operate as a single logical device, providing high availability, scalability, and simplified management.
VSX clustering has several benefits over spanning tree configuration, such as:
* Dual control plane provides better resiliency. Unlike stacking, where switches share a single control plane, VSX switches have independent control planes that synchronize their states over an inter-switch link (ISL). This means that if one switch fails or reboots, the other switch can continue to operate without affecting traffic flows or network services.
* Active-active forwarding provides better performance. Unlike spanning tree, where some links are blocked to prevent loops, VSX switches use all available links for forwarding traffic, providing load balancing and increased bandwidth utilization.
* Multichassis LAG provides better redundancy. Unlike single-chassis LAG, where all member ports belong to one switch, VSX switches can form multichassis LAGs with downstream or upstream devices, where member ports are distributed across both switches. This provides link redundancy and seamless failover in case of switch or port failure.
References: https://www.arubanetworks.com/assets/tg/TG_VSX.pdf
You need to ensure that voice traffic sent through an ArubaOS-CX switch arrives with minimal latency What is the best scheduling technology to use for this task ? (Select two.)
- A . Voice VLANs can be automatically configured for VoIP phones
- B . APs can request power as needed from PoE-enabled switch ports
- C . iSCSl client devices can request to have flow control enabled
- D . GVRP VLAN information can be used to dynamically add VLANs to a trunk
- E . iSCSl client devices can set the required MTU setting for the port.
A B
Explanation:
These are two benefits enabled by LLDP-MED (Link Layer Discovery Protocol – Media Endpoint Discovery).
LLDP-MED is an extension of LLDP that provides additional capabilities for network devices such as VoIP phones and APs. One of the capabilities is to automatically configure voice VLANs for VoIP
phones, which allows them to be placed in a separate VLAN from data devices and receive QoS and security policies.
Another capability is to request power as needed from PoE-enabled switch ports, which allows APs to
adjust their power consumption and performance based on the available power budget. The other
options are incorrect because they are either not enabled by LLDP-MED or not related to LLDP-MED.
References:
https://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/wlan-qos/lldp-me
https://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/wlan-rf/poe.htm
A company deployed Dynamic Segmentation with their CX switches and Gateways After performing a security audit on their network, they discovered that the tunnels built between the CX switch and the Aruba Gateway are not encrypted. The company is concerned that bad actors could try to insert spoofed messages on the Gateway to disrupt communications or obtain information about the network.
Which action must the administrator perform to address this situation?
- A . Enable Secure Mode Enhanced
- B . Enable Enhanced security
- C . Enable Enhanced PAPI security
- D . Enable GRE security
What is true regarding 802.11k?
- A . It extends radio measurements to define mechanisms for wireless network management of stations
- B . It reduces roaming delay by pre-authenticating clients with multiple target APs before a client roams to an AP
- C . It provides mechanisms for APs and clients to dynamically measure the available radio resources.
- D . It considers several metrics before it determines if a client should be steered to the 5GHz band, including client RSSI
What is an Aruba-recommended best practice for hardening that only applies to Aruba CX 6300 series switches with dedicated management ports?
- A . Implement a control plane ACL to limit access to approved IPs and/or subnets
- B . Manually enable Enhanced Security Mode from a console session.
- C . Disable all management services on the default VRF.
- D . Create a dedicated management VRF, and assign the management port to it.
D
Explanation:
This is an Aruba-recommended best practice for hardening that only applies to Aruba CX 6300 series switches with dedicated management ports. A dedicated management port is a physical port that is used exclusively for out-of-band management access to the switch. A dedicated management VRF is a virtual routing and forwarding instance that isolates the management traffic from other traffic on the switch. By creating a dedicated management VRF and assigning the management port to it, the administrator can enhance the security and performance of the management access to the switch. The other options are incorrect because they either do not apply to switches with dedicated management ports or do not follow Aruba-recommended best practices.
References:
https://www.arubanetworks.com/assets/ds/DS_AOS-CX.pdf
https://www.arubanetworks.com/assets/tg/TB_ArubaCX_Switching.pdf
A customer is using stacked Aruba CX 6200 and CX 6300 switches for access and a VSX pair of Aruba CX 8325 as a collapsed core 802 1X is implemented for authentication. Due to the lack of cabling, some unmanaged switches are still in use Sometimes devices behind these switches cause network outages The switch should send a warning to the helpdesk when the problem occurs You have been asked to implement an effective solution to the problem.
What is the solution for this?
- A . Configure spanning tree on the Aruba CX 8325 switches Set the trap-option
- B . Configure loop protection on all edge ports of the Aruba CX 6200 and CX 6300 switches No trap option is needed
- C . Configure loop protection on all edge ports of the Aruba CX 6200 and CX 6300 switches Set up the trap-option
- D . Configure spanning tree on the Aruba CX 6200 and CX 6300 switches No trap option is needed
C
Explanation:
This is the correct solution to the problem of devices behind unmanaged switches causing network outages due to loops. Loop protection is a feature that allows an Aruba CX switch to detect and prevent loops by sending loop protection packets on each port, LAG, or VLAN on which loop protection is enabled. If a loop protection packet is received by the same switch that sent it, it indicates a loop exists and an action is taken based on the configuration. Loop protection should be configured on all edge ports of the Aruba CX 6200 and CX 6300 switches, which are the ports that connect to end devices or unmanaged switches. The trap-option should be set up to send a warning to the helpdesk when a loop is detected. The other options are incorrect because they either do not configure loop protection or do not set up the trap-option.
References:
https://www.arubanetworks.com/techdocs/AOS-CX/10.05/HTML/5200-7540/GUID-99A8B276-0DA3-4458-AF
https://www.arubanetworks.com/techdocs/AOS-CX/10.05/HTML/5200-7540/GUID-D8613BDE-CD21-4B83-85
Which feature supported by SNMPv3 provides an advantage over SNMPv2c?
- A . Transport mapping
- B . Community strings
- C . GetBulk
- D . Encryption
D
Explanation:
Encryption is a feature supported by SNMPv3 that provides an advantage over SNMPv2c. Encryption protects the confidentiality and integrity of SNMP messages by encrypting them with a secret key.
SNMPv2c does not support encryption and relies on community strings for authentication and authorization, which are transmitted in clear text and can be easily intercepted or spoofed. Transport mapping, community strings, and GetBulk are features that are common to both SNMPv2c and SNMPv3.
References:
https://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/snmp/snmp.htm
https://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/snmp/snmpv3.htm
You are configuring Policy Based Routing (PBR) for a subnet that will be used to test a new default route for your network Traffic originating from 10.2.250.0/24 should use a new default route to 10.1.1.253. Other non-default routes for this subnet should not be affected by this change.
What are two parts of the solution for these requirements? (Select two.)
A)
B)
C)
D)
E)
- A . Option A
- B . Option B
- C . Option C
- D . Option D
- E . Option E
Two AOS-CX switches are configured with VSX at the the Access-Aggregation layer where servers attach to them An SVI interface is configured for VLAN 10 and serves as the default gateway for VLAN 10. The ISL link between the switches fails, but the keepalive interface functions. Active gateway has been configured on the VSX switches.
What is correct about access from the servers to the Core? (Select two.)
- A . Server 1 can access the core layer via the keepalrve link
- B . Server 2 can access the core layer via the keepalive link
- C . Server 2 cannot access the core layer.
- D . Server 1 can access the core layer via both uplinks
- E . Server 1 and Server 2 can communicate with each other via the core layer
- F . Server 1 can access the core layer on only one uplink
D E
Explanation:
These are the correct statements about access from the servers to the Core when the ISL link between the switches fails, but the keepalive interface functions. Server 1 can access the core layer via both uplinks because it is connected to VSX-A, which is still active for VLAN 10. Server 2 can also access the core layer via its uplink to VSX-B, which is still active for VLAN 10 because of Active Gateway feature. Server 1 and Server 2 can communicate with each other via the core layer because they are in the same VLAN and subnet, and their traffic can be routed through the core switches. The other statements are incorrect because they either describe scenarios that are not possible or not relevant to the question.
References: https://www.arubanetworks.com/techdocs/AOS-CX/10.04/HTML/5200-6728/bk01-
What is an OSPF transit network?
- A . a network that uses tunnels to connect two areas
- B . a special network that connects two different areas
- C . a network on which a router discovers at least one neighbor
- D . a network that connects to a different routing protocol
C
Explanation:
Which Aruba AP mode is sending captured RF data to Aruba Central for waterfall plot?
- A . Hybrid Mode
- B . Air Monitor
- C . Spectrum Monitor
- D . Dual Mode
C
Explanation:
Spectrum Monitor is an Aruba AP mode that is sending captured RF data to Aruba Central for waterfall plot.
Spectrum Monitor is a mode that allows an AP to scan all channels in both 2.4 GHz and 5 GHz bands and collect information about the RF environment, such as interference sources, noise floor, channel utilization, etc. The AP then sends this data to Aruba Central, which is a cloud-based network management platform that can display the data in various formats, including waterfall plot. Waterfall plot is a graphical representation of the RF spectrum over time, showing the frequency, amplitude, and duration of RF signals. The other options are incorrect because they are either not AP modes or not sending RF data to Aruba Central.
References:
https://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/1-overview/spect
https://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/1-overview/water
https://www.arubanetworks.com/products/network-management-operations/aruba-central/
You need to create a keepalive network between two Aruba CX 8325 switches for VSX configuration How should you establish the keepalive connection?
- A . SVI, VLAN trunk allowed all on ISL in default VRF
- B . routed port in custom VRF
- C . loopback 0 and OSPF area 0 in default VRF
- D . SVI, VLAN trunk allowed all on ISL in custom VRF
B
Explanation:
To establish a keepalive connection between two Aruba CX 8325 switches for VSX configuration, you need to use a routed port in custom VRF. A routed port is a physical port that acts as a layer 3 interface and does not belong to any VLAN. A custom VRF is a virtual routing and forwarding instance that provides logical separation of routing tables. By using a routed port in custom VRF, you can isolate the keepalive traffic from other traffic and prevent routing loops or conflicts. The other options are incorrect because they either do not use a routed port or do not use a custom VRF.
References:
https://www.arubanetworks.com/techdocs/AOS-CX/10.04/HTML/5200-6728/bk01-ch07.html
https://www.arubanetworks.com/techdocs/AOS-CX/10.04/HTML/5200-6728/bk01-ch02.html
Which method is used to onboard a new UXI in an existing environment with 802 1X authentication? (The sensor has no cellular connection)
- A . Use the UXI app on your smartphone and connect the UXI via Bluetooth
- B . Use the Aruba installer app on your smartphone to scan the barcode
- C . Connect the new UXI from an already installed one and adjust the initial configuration.
- D . Use the CLI via the serial cable and adjust the initial configuration.
How is Multicast Transmission Optimization implemented in an HPE Aruba wireless network?
- A . "The optimal rate for sending multicast frames is based on the highest broadcast rate across all associated clients
- B . When this option is enabled the minimum default rate for multicast traffic is set to 12 Mbps for 5 GHz
- C . The optimal rate for sending multicast frames is based on the lowest broadcast rate across all associated clients.
- D . The optimal rate for sending multicast frames is based on the lowest unicast rate across all associated clients.
You need lo have different routing-table requirements with Aruba CX 6300 VSF configuration Assuming the correct layer-2 VLAN already exists how would you create a new OSPF configuration for a separate routing table?
- A . Create a new OSPF area, and attach VRF name.
- B . Create a new OSPF process ID with vrf name.
- C . Attach a new OSFP process ID with a custom routing table
- D . Attach OSPF process ID in the VRF configuration.
B
Explanation:
To create a new OSPF configuration for a separate routing table, you need to create a new OSPF process ID with vrf name. This will create a new OSPF instance that is associated with the specified VRF and its routing table. The other options are incorrect because they either do not create a new OSPF instance or do not associate it with a VRF.
References:
https://www.arubanetworks.com/techdocs/AOS-CX/10.04/HTML/5200-6728/bk01-ch02.html
https://www.arubanetworks.com/techdocs/AOS-CX/10.04/HTML/5200-6728/bk01-ch03.html
A customer has a large number of food-producing machines
* All machines are connected via Aruba CX6200 switches in VLANs 100.110. and 120
* Several external technicians are maintaining this special equipment
What are the correct commands to ensure that no rogue DHCP server will impact the network?
A)
B)
C)
D)
- A . Option A
- B . Option B
- C . Option C
- D . Option D
A
Explanation:
Option A shows the correct commands to ensure that no rogue DHCP server will impact the network.
The commands include the following steps:
* Enable DHCP snooping on the switch. DHCP snooping is a feature that prevents rogue DHCP servers from offering IP addresses to clients by filtering DHCP messages based on trusted and untrusted ports1.
* Configure VLANs 100, 110, and 120 as DHCP snooping VLANs. This means that DHCP snooping will be applied to these VLANs and any untrusted DHCP messages received on these VLANs will be dropped1.
* Configure LAG 1 as a trusted port for DHCP snooping. This means that any DHCP messages received on LAG 1 will be allowed and not filtered by DHCP snooping. LAG 1 is assumed to be connected to a legitimate DHCP server or a router that relays DHCP requests to a legitimate DHCP server1.
Option B is incorrect because it does not enable DHCP snooping on the switch or configure VLANs 100, 110, and 120 as DHCP snooping VLANs. Option C is incorrect because it does not configure LAG 1 as a trusted port for DHCP snooping. Option D is incorrect because it does not enable DHCP snooping on the switch or configure LAG 1 as a trusted port for DHCP snooping.
References: 1 https://techhub.hpe.com/eginfolib/Aruba/OS-CX_10.04/5200-6692/GUID-BD3E0A5F-FE4C-4B9B-BE1D-FE7
In an ArubaOS 10 architecture using an AP and a gateway, what happens when a client attempts to join the network and the WLAN is configured with OWE?
- A . Authentication information is not exchanged
- B . The Gateway will not respond.
- C . No encryption is applied.
- D . RADIUS protocol is utilized.
A
Explanation:
This is the correct statement about what happens when a client attempts to join the network and the WLAN is configured with OWE (Opportunistic Wireless Encryption). OWE is a standard that provides encryption for open networks without requiring any authentication or credentials from the client or the network. OWE uses a Diffie-Hellman key exchange mechanism to establish a secure session between the client and the AP without exchanging any authentication information. The other options are incorrect because they either describe scenarios that require authentication or encryption methods that are not used by OWE.
References:
https://www.arubanetworks.com/assets/wp/WP_WiFi6.pdf
https://www.arubanetworks.com/assets/ds/DS_AP510Series.pdf
Describe the difference between Class of Service (CoS) and Differentiated Services Code Point (DSCP).
- A . CoS is only used to determine CLASS of traffic DSCP is only used to differentiate between different Classes.
- B . CoS is only contained in VLAN Tag fields DSCP is in the IP Header and preserved throughout the IP packet flow
- C . They are similar and can be used interchangeably.
- D . CoS has much finer granularity than DSCP
B
Explanation:
CoS and DSCP are both methods of marking packets for quality of service (QoS) purposes. QoS is a mechanism that allows network devices to prioritize and differentiate traffic based on certain criteria, such as application type, source, destination, etc. CoS stands for Class of Service and is a 3-bit field in the 802.1Q VLAN tag header. CoS can only be used on Ethernet frames that have a VLAN tag, and it can only be preserved within a single VLAN domain. DSCP stands for Differentiated Services Code Point and is a 6-bit field in the IP header. DSCP can be used on any IP packet, regardless of the underlying layer 2 technology, and it can be preserved throughout the IP packet flow, unless it is modified by intermediate devices.
References:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos/configuration/15-mt/qos-15-mt-book/qos-overview.html
https://www.cisco.com/c/en/us/support/docs/lan-switching/8021q/17056-741-4.html
https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-packet-marking/10103-dscpvalues.html
A customer is using a legacy application that communicates at layer-2. The customer would like to keep this application working across the campus which is connected via layer-3. The legacy devices are connected to Aruba CX 6300 switches throughout the campus.
Which technology minimizes flooding so the legacy application can work efficiently?
- A . Generic Routing Encapsulation (GRE)
- B . EVPN-VXLAN
- C . Ethernet over IP (EolP)
- D . Static VXLAN
B
Explanation:
EVPN-VXLAN is a technology that allows layer-2 communication across layer-3 networks by using Ethernet VPN (EVPN) as a control plane and Virtual Extensible LAN (VXLAN) as a data plane3. EVPN-VXLAN can be used to support legacy applications that communicate at layer-2 across different campuses or data centers that are connected via layer-3. EVPN-VXLAN minimizes flooding by using BGP to distribute MAC addresses and IP addresses of hosts across different VXLAN segments3. EVPN-VXLAN also provides benefits such as loop prevention, load balancing, mobility, and scalability3.
References: https://www.arubanetworks.com/assets/tg/TG_EVPN_VXLAN.pdf
A network engineer recently identified that a wired device connected to a CX Switch is misbehaving on the network To address this issue, a new ClearPass policy has been put in place to prevent this device from connecting to the network again.
Which steps need to be implemented to allow ClearPass to perform a CoA and change the access for this wired device? (Select two.)
- A . Confirm that NTP is configured on the switch and ClearPass
- B . Configure dynamic authorization on the switch.
- C . Bounce the switchport
- D . Use Dynamic Segmentation.
- E . Configure dynamic authorization on the switchport
A B
Explanation:
To allow ClearPass to perform a CoA and change the access for a wired device, the following steps need to be implemented:
* Confirm that NTP is configured on the switch and ClearPass. NTP is required to synchronize the time between the switch and ClearPass, which is essential for CoA messages to be processed correctly1.
* Configure dynamic authorization on the switch. Dynamic authorization is a feature that enables the switch to accept CoA messages from a RADIUS server and apply them to existing sessions2. Dynamic authorization can be enabled globally or per port on the switch2.
* Optionally, configure dynamic authorization on the switchport. This step is not required, but it can provide more granular control over which ports can accept CoA messages from a RADIUS server2. Bouncing the switchport or using Dynamic Segmentation are not necessary steps for allowing ClearPass to perform a CoA and change the access for a wired device.
References:
1 https://www.arubanetworks.com/techdocs/ClearPass/6.7/Aruba_DeployGd_HTML/Content/Aruba%20Controlle
2 https://www.arubanetworks.com/techdocs/AOS-CX/10.04/HTML/5200-6692/GUID-BD3E0A5F-FE4C-4B9B-B
You are doing tests in your lab and with the following equipment specifications
* AP1 has a radio that generates a 10 dBm signal
* AP2 has a radio that generates a 11 dBm signal
* AP1 has an antenna with a gain of 9 dBi
* AP2 has an antenna with a gain of 12 dBi.
* The antenna cable for AP1 has a 2 dB loss
* The antenna cable for AP2 has a 3 dB loss
What would be the calculated Equivalent Isotropic Radiated Power (EIRP) for APT?
- A . 26 dBm
- B . 30 dBm
- C . 17 dBm
- D . -12 dBm
C
Explanation:
EIRP = Transmitter power + Antenna gain – Cable loss
EIRP for AP1 = 10 dBm + 9 dBi – 2 dB = 17 dBm
A system engineer needs to preconfigure several Aruba CX 6300 switches that will be sent to a remote office An untrained local field technician will do the rollout of the switches and the mounting of several AP-515s and AP-575S. Cables running to theAPs are not labeled.
The VLANs are already preconfigured to VLAN 100 (mgmt), VLAN 200 (clients), and VLAN 300 (guests).
What is the correct configuration to ensure that APs will work properly?
A)
B)
C)
- A . Option A
- B . Option B
- C . Option C
C
Explanation:
Option C is the correct configuration to ensure that APs will work properly. It uses the ap command to configure a port profile for APs with VLAN 100 as the native VLAN and VLAN 200 and 300 as tagged VLANs. It also enables LLDP on the ports to discover the APs and assign them to the port profile automatically. The other options are incorrect because they either do not use the ap command, do not enable LLDP, or do not configure the VLANs correctly.
References:
https://www.arubanetworks.com/techdocs/AOS-CX_10_08/UG/bk01-ch02.html
https://www.arubanetworks.com/techdocs/AOS-CX_10_08/UG/bk01-ch03.html
In AOS 10. which session-based ACL below will only allow ping from any wired station to wireless clients but will not allow ping from wireless clients to wired stations"? The wired host ingress traffic arrives on a trusted port.
- A . ip access-list session pingFromWired any user any permit
- B . ip access-list session pingFromWired user any svc-icmp deny any any svc-icmp permit
- C . ip access-list session pingFromWired any any svc-icmp permit user any svc-icmp deny
- D . ip access-list session pingFromWired any any svc-icmp deny any user svc-icmp permit
D
Explanation:
A new network design is being considered to minimize client latency in a high-density environment. The design needs to do this by eliminating contention overhead by dedicating subcamers to clients.
Which technology is the best match for this use case?
- A . OFDMA
- B . MU-MIMO
- C . QWMM
- D . Channel Bonding
A
Explanation:
OFDMA (Orthogonal Frequency Division Multiple Access) is a technology that can minimize client latency in a high-density environment by eliminating contention overhead by dedicating subcarriers to clients. OFDMA allows multiple clients to transmit simultaneously on different subcarriers within the same channel, reducing contention and increasing efficiency. MU-MIMO (Multi-User Multiple Input Multiple Output) is a technology that allows multiple clients to transmit simultaneously on different spatial streams within the same channel, but it does not eliminate contention overhead.
QWMM (Quality of Service Wireless Multimedia) is a technology that prioritizes traffic based on four access categories, but it does not eliminate contention overhead. Channel Bonding is a technology that combines two adjacent channels into one wider channel, increasing bandwidth but not eliminating contention overhead.
References:
https://www.arubanetworks.com/assets/ds/DS_AP510Series.pdf
https://www.arubanetworks.com/assets/wp/WP_WiFi6.pdf
What is a primary benefit of BSS coloring?
- A . BSS color tags improve performance by allowing clients on the same channel to share airtime.
- B . BSS color tags are applied to client devices and can reduce the threshold for interference
- C . BSS color tags are applied to Wi-Fi channels and can reduce the threshold for interference
- D . BSS color tags improve security by identifying rogue APs and removing them from the network.
Your manufacturing client is having installers deploy seventy headless scanners and fifty IP cameras in their warehouse These new devices do not support 802 1X authentication.
How can HPE Aruba reduce the IT administration overhead associated with this deployment while maintaining a secure environment using MPSK?
- A . Have the installers generate keys with ClearPass Self Service Registration.
- B . Have the MPSK gateway derive the unique pre-shared keys based on the MAC OUI.
- C . Use MPSK Local to automatically provide unique pre-shared keys for devices.
- D . MPSK Local will allow the cameras to share a key and the scanners to share a different key
D
Explanation:
What is the order of operations tor Key Management service for a wireless client roaming from AP1 to AP2?
Explanation:
https://www.arubanetworks.com/techdocs/Instant_85_WebHelp/Content/instant-ug/wlan-ssid-conf/conf-fast-roa
When setting up an Aruba CX VSX pair, which information does the Inter-Switch Link Protocol configuration use in the configuration created?
- A . QSVI
- B . MAC tables
- C . UDLD
- D . RPVST+
C
Explanation:
UDLD (Unidirectional Link Detection) is the information that the Inter-Switch Link Protocol configuration uses in the configuration created for Aruba CX VSX pair inter-switch-link. UDLD is a protocol that detects unidirectional links between switches and prevents loops or black holes in the network. UDLD is enabled by default on all ports that are part of the inter-switch-link between VSX peers. The other options are incorrect because they are either not related to inter-switch-link or not supported by Aruba CX VSX.
References:
https://www.arubanetworks.com/techdocs/AOS-CX/10.04/HTML/5200-6728/bk01-ch07.html
https://www.arubanetworks.com/techdocs/AOS-CX/10.04/HTML/5200-6728/bk01-ch02.html
Select the Aruba stacking technology matching each option (Options may be used more than once or not at all.)
Explanation:
a) Support up to 10 devices per stack -> VSF
b) Support two devices per stack -> VSX
c) Individual ISL links up to 400G are supported -> VSX
d) individual ISL links up to 50G are supported -> VSF
e) A maximum aggregate ISL bandwidth of 200G is supported -> VSF
References: 1 https://www.arubanetworks.com/techdocs/AOS-CX/10.04/HTML/5200-6728/GUID-2E425DAE-EC54-4313-9D
Review the exhibit.
You are troubleshooting an issue with a 10 102.39 0/24 subnet which is also VLAN 1000 used Tor wireless clients on a pair of Aruba CX 8360 switches The subnet SVI is configured on the 8360 pair, and the DHCP server is a Microsoft Windows Server 2022 Standard with an IP address of 10 200 1.100. The 10.102.250.0/24 subnet is used for switch management.
A large number of DHCP requests are failing You are observing sporadic DHCP behavior across clients
attached to the CX 6100 switch.
Which action may help fix the issue?
A)
B)
C)
D)
- A . Option A
- B . Option B
- C . Option C
- D . Option D
C
Explanation:
Option B is the correct action that may help fix the issue of sporadic DHCP behavior across clients attached to the CX 6100 switch. Option B enables DHCP relay on VLAN 1000 interface on Core-1 switch, which allows DHCP requests from clients in VLAN 1000 to be forwarded to the DHCP server in a different subnet (10.200.1.100). Without DHCP relay, clients in VLAN 1000 cannot obtain IP addresses from the DHCP server because they are in different broadcast domains. The other options are incorrect because they either do not enable DHCP relay or do not configure it correctly.
References:
https://www.arubanetworks.com/techdocs/AOS-CX/10.04/HTML/5200-6728/bk01-ch02.html
https://www.arubanetworks.com/techdocs/AOS-CX/10.04/HTML/5200-6728/bk01-ch03.html
The administrator notices that wired guest users that have exceeded their bandwidth limit are not being disconnected Access Tracker in ClearPass indicates a disconnect CoA message is being sent to the AOS-CX switch.
An administrator has performed the following configuration
What is the most likely cause of this issue?
- A . Change of Authorization has not been globally enabled on the switch
- B . The SSL certificate for CPPM has not been added as a trust point on the switch
- C . There is a mismatch between the RADIUS secret on the switch and CPPM.
- D . There is a time difference between the switch and the ClearPass Policy Manager
You are helping an onsite network technician bring up an Aruba 9004 gateway with ZTP for a branch office The technician was to plug in any port for the ZTP process to start Thirty minutes after the gateway was plugged in new users started to complain they were no longer able to get to the internet. One user who reported the issue stated their IP address is 172.16 0.81 However, the branch office network is supposed to be on 10.231 81.0/24.
What should the technician do to alleviate the issue and get the ZTP process started correctly?
- A . Turn off the DHCP scope on the gateway, and set DNS correctly on the gateway to reach Aruba Activate
- B . Move the cable on the gateway from port G0/0V1 tc port GO 0.0
- C . Move the cable on the gateway to G0/0/1. and add the device’s MAC and Serial number in Central
- D . Factory default and reboot the gateway to restart the process.
Your Director of Security asks you to assign AOS-CX switch management roles to new employees based on their specific job requirements After the configuration was complete, it was noted that a user assigned with the administrators role did not have the appropriate level of access on the switch.
The user was not limited to viewing nonsensitive configuration information and a level of 1 was not assigned to their role.
Which default management role should have been assigned for the user?
- A . sysadmin
- B . operators
- C . helpdesk
- D . config
A company recently deployed new Aruba Access Points at different branch offices Wireless 802.1X authentication will be against a RADIUS server in the cloud. The security team is concerned that the traffic between the AP and the RADIUS server will be exposed..
What is the appropriate solution for this scenario?
- A . Enable EAP-TLS on all wireless devices
- B . Configure RadSec on the AP and Aruba Central.
- C . Enable EAP-TTLS on all wireless devices.
- D . Configure RadSec on the AP and the RADIUS server
D
Explanation:
This is the appropriate solution for this scenario where wireless 802.1X authentication will be against a RADIUS server in the cloud and the security team is concerned that the traffic between the AP and the RADIUS server will be exposed. RadSec, also known as RADIUS over TLS, is a protocol that provides encryption and authentication for RADIUS traffic over TCP and TLS. RadSec can be configured on both the AP and the RADIUS server to establish a secure tunnel for exchanging RADIUS packets. The other options are incorrect because they either do not provide encryption or authentication for RADIUS traffic or do not involve RadSec.
References:
https://www.securew2.com/blog/what-is-radsec/
https://www.cloudradius.com/radsec-vs-radius/
You are deploying a bonded 40 MHz wide channel.
What is the difference in the noise floor perceived by a client using this bonded channel as compared to an unbonded 20MHz wide channel?
- A . 2dB
- B . 3dB
- C . 8dB
- D . 4dB
B
Explanation:
The difference in the noise floor perceived by a client using a bonded 40 MHz wide channel as compared to an unbonded 20 MHz wide channel is 3 dB. The noise floor is the level of background noise in a given frequency band. When two adjacent channels are bonded, the noise floor increases by 3 dB because the bandwidth is doubled and more noise is captured. The other options are incorrect because they do not reflect the correct relationship between bandwidth and noise floor.
References:
https://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/wlan-rf/rf-fundam
https://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/wlan-rf/channel-b
Using Aruba best practices what should be enabled for visitor networks where encryption is needed but authentication is not required?
- A . Wi-Fi Protected Access 3 Enterprise
- B . Opportunistic Wireless Encryption
- C . Wired Equivalent Privacy
- D . Open Network Access
B
Explanation:
Opportunistic Wireless Encryption (OWE) is a feature that provides encryption for open wireless networks without requiring authentication. OWE uses an enhanced version of the 4-way handshake to establish a pairwise key between the client and the AP, which is then used to encrypt the wireless traffic using WPA2 or WPA3 protocols. OWE can be used for visitor networks where encryption is needed but authentication is not required.
References: https://www.arubanetworks.com/assets/tg/TG_OWE.pdf
Describe the difference between Class of Service (CoS) and Differentiated Services Code Point (DSCP).
- A . CoS has much finer granularity than DSCP
- B . CoS is only contained in VLAN Tag fields DSCP is in the IP Header and preserved throughout the IP packet flow
- C . They are similar and can be used interchangeably.
- D . CoS is only used to determine CLASS of traffic DSCP is only used to differentiate between different Classes.
B
Explanation:
CoS and DSCP are both methods of marking packets for quality of service (QoS) purposes. QoS is a mechanism that allows network devices to prioritize and differentiate traffic based on certain criteria, such as application type, source, destination, etc. CoS stands for Class of Service and is a 3-bit field in the 802.1Q VLAN tag header. CoS can only be used on Ethernet frames that have a VLAN tag, and it can only be preserved within a single VLAN domain. DSCP stands for Differentiated Services Code Point and is a 6-bit field in the IP header. DSCP can be used on any IP packet, regardless of the underlying layer 2 technology, and it can be preserved throughout the IP packet flow, unless it is modified by intermediate devices.
References:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos/configuration/15-mt/qos-15-mt-book/qos-overview.html
https://www.cisco.com/c/en/us/support/docs/lan-switching/8021q/17056-741-4.html
https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-packet-marking/10103-dscpvalues.html
You are configuring an SVI on an Aruba CX switch that needs to have the following characteristics:
* VLANID = 25
. IPv4 address 10 105 43 1 with mask 255 255 255.0
* IPv6 address fd00:5708::f02d:4df6 with a 64 bit prefix length
* member of VRF eng
* VRF eng and VLAN 25 have not yet been created
Which command lists will satisfy the requirements with the least number of commands?
A)
B)
C)
D)
- A . Option A
- B . Option B
- C . Option C
- D . Option D
Due to a shipping error, five (5) Aruba AP-515S and one (1) Aruba CX 6300 were sent directly to your new branch office You have configured a new group persona for the new branch office devices in Central, but you do not know their MAC addresses or serial numbers The office manager is instructed via text message on their smartphone to onboard all the new hardware into Aruba Central.
What application must the office manager use on their phone to complete this task?
- A . Aruba Onboard App
- B . Aruba Central App
- C . Aruba CX Mobile App
- D . Aruba installer App