HP HPE6-A78 - HPE Network Security Associate Exam
Page: 2 / 12
Total 60 questions
Question #6 (Topic: Exam A)
A company is deploying AOS-CX switches to support 722 employees, which will tunnel client traffic to an HPE Aruba Networking Mobility Controller (MC) for the MC to apply firewall policies and deep packet inspection (DPI). This MC will be dedicated to receiving traffic from the AOS-CX switches.
What are the licensing requirements for the MC?
What are the licensing requirements for the MC?
A. one PEF license per-switch
B. one AP license per-switch
C. one PEF license per-switch, and one WCC license per-switch
D. one AP license per-switch, and one PEF license per-switch
Answer: A
Question #7 (Topic: Exam A)
A client has accessed an HTTPS server at myhost1.example.com using Chrome. The server sends a certificate that includes these properties:
* Subject name: myhost1.example.com
* SAN: DNS: myhost.example.com
* Extended Key Usage (EKU): Server authentication
* Issuer: MyCA_Signing
The server also sends an intermediate CA certificate for MyCA_Signing which is signed by MyCA. The client’s Trusted CA Certificate list includes MyCA but not MyCA_Issuing.
Which factor or factors prevent the client from trusting the certificate?
* Subject name: myhost1.example.com
* SAN: DNS: myhost.example.com
* Extended Key Usage (EKU): Server authentication
* Issuer: MyCA_Signing
The server also sends an intermediate CA certificate for MyCA_Signing which is signed by MyCA. The client’s Trusted CA Certificate list includes MyCA but not MyCA_Issuing.
Which factor or factors prevent the client from trusting the certificate?
A. The certificate lacks a valid SAN.
B. The client does not have the correct trusted CA certificates.
C. The certificate lacks the correct EKU.
D. The certificate lacks a valid SAN, and the client does not have the correct trusted CA certificates.
Answer: D
Question #8 (Topic: Exam A)
You have been instructed to look in the ArubaOS Security Dashboard's client list. Your goal is to find clients that belong to the company and have connected to devices that might belong to hackers.
Which client fits this description?
Which client fits this description?
A. MAC address: d8:50:e6:f3:6e:c5; Client Classification: Interfering; AP Classification: Neighbor
B. MAC address: d8:50:e6:f3:70:ab; Client Classification: Interfering; AP Classification: Rogue
C. MAC address: d8:50:e6:f3:6d:a4; Client Classification: Authorized; AP Classification: Rogue
D. MAC address: d8:50:e6:f3:6e:60; Client Classification: Interfering; AP Classification: Authorized
Answer: C
Question #9 (Topic: Exam A)
What is an example of active endpoint classification?
A. WMI scans
B. DHCP fingerprinting
C. MAC OUI based classification
D. TCP fingerprinting
Answer: A
Question #10 (Topic: Exam A)
What is one practice that can help you to maintain a digital chain of custody in your network?
A. Enable packet capturing on Instant AP or Mobility Controller (MC) controlpath on an ongoing basis.
B. Enable packet capturing on Instant AP or Mobility Controller (MC) datapath on an ongoing basis.
C. Ensure that all network infrastructure devices receive a valid clock using authenticated NTP.
D. Ensure that all network infrastructure devices use RADIUS rather than TACACS+ to authenticate managers.
Answer: C
