Frage 1
Frage
Which command will show all client association history?
Antworten
-
A. Aruba-6000# show mobile trail current (ip address)
-
B. Aruba-6000# show ip mobile trail (ip address)
-
C. Aruba-6000# show ap client status (mac address)
-
D. Aruba-6000# show current client ip (ip address)
Frage 2
Frage
Which Aruba controllers are able to provide IEEE 802.3af POE? (Choose all the correct answers.)
Antworten
-
A. 3200
-
B. 620
-
C. 650
-
D. 6000
Frage 3
Frage
The screen captures above show the 802.1X authentication profile and AAA profile settings
for a VAP.
If machine authentication fails and user authentication fails, which role will be assigned?
Frage 4
Frage
Which of the following charts are available for selection in Spectrum Dashboard for AP125?
Frage 5
Frage
A user connected to a Captive Portal VAP successfully. When the user opens their browser
and tries to access their homepage, they get redirected as expected to another URL on the
Aruba Controller. However, they see an error message that web authentication has been
disabled. What might be a cause of this?
Antworten
-
A. The Captive portal profile has not been assigned to the initial role
-
B. The Captive portal profile has not been assigned to the AAA profile
-
C. A server group has not been assigned to the captive portal profile
-
D. An initial role has not been assigned to the AAA profile
Frage 6
Frage
Which describe "roles" as used on Aruba Mobility Controllers? (Choose all the correct answers.)
Antworten
-
A. Roles are assigned to users.
-
B. Roles are applied to interfaces.
-
C. Policies are built from roles.
-
D. A user can belong to only one role at a time.
Frage 7
Frage
Refer to the above screen capture. By default, which switch's internal database will be used for user authentication?
Frage 8
Frage
What are aliases used for?
Antworten
-
A. improve performance
-
B. simplify the configuration process
-
C. Tie IP addresses to ports
-
D. assign rules to policies
Frage 9
Frage
Where are Aruba Vendor Specific Attributes (VSA) programmed?
Frage 10
Frage
An Aruba based network has a Master and three local controllers. No APs terminate on the Master controller. IDS is desired, so the administrator wants to install the "RFProtect license."
On which controller should the license be installed?
Antworten
-
A. master controller since it performs the IDS analysis
-
B. the local controllers since the APs terminate there
-
C. all of the controllers
-
D. this isn't the correct license for this purpose
Frage 11
Frage
In an Aruba based system, the L3 mobility tunnel exists between the home agent and
which other element?
Antworten
-
A. the default gateway
-
B. the remote AP
-
C. the foreign agent
-
D. the mobile node
Frage 12
Frage
A customer has a remote AP deployment, where each remote AP has an IPSEC VPN tunnel with L2TP to the controller. 1 of the remote APs is stuck in the user table and hasn't yet transitioned to the AP active table in the controller. The customer suspects that the AP is not setting up its VPN connection successfully. Which of the following commands might be useful in troubleshooting this? Select all that apply.
Antworten
-
A. Logging level debugging security process localdb
-
B. Logging level debugging security process l2tp
-
C. Logging level debugging security process dot1x
-
D. Logging level debugging security process crypto
Frage 13
Frage
What is the maximum number of campus APs supported by a 620 controller?
Frage 14
Frage
The permanent licenses on the controller will be deleted with the use of which command?
Frage 15
Frage
View the Server group and User Roles screen shots above.
A user associated to an SSID with 802.1x using this server group. Radius NY returned a
standard radius attribute of filter-Id with a value of employee. What Role will the user
get?
Antworten
-
A. The User will get the Emp Role
-
B. The user will get the 802.1x authentication default Role
-
C. The User will get the employee Role
-
D. The User will get the Employee Role
-
E. The User will get the initial Role
Frage 16
Frage
Which of the statements below are TRUE regarding ARM's Spectrum Load Balancing feature? (Choose all correct answers)
Frage 17
Frage
Which of the following licenses are consumed by RAP?
Antworten
-
A. AP license
-
B. PEF-NG license
-
C. PEF-V license
-
D. No license required
Frage 18
Frage
The Aruba Policy Enforcement Firewall (PEF) module supports source network address translation (src-nat).
Which is a common use of this statement in an Aruba configuration?
Antworten
-
A. provide a single source IP address for users in a role
-
B. redirect Captive Portal HTTP sessions
-
C. redirect Access Points to another Aruba controller
-
D. provide IP addresses to clients
Frage 19
Frage
When configuring ports in the configuration wizard, which of the following are not options for configuration?
Antworten
-
A. Inter-VLAN routing
-
B. Source NAT
-
C. Trusted
-
D. LACP
Frage 20
Frage
In the above screen capture, the administrator notes that the "Save As" and "Apply" buttons are grayed out and have no action.
What is the cause of the problem?
Antworten
-
A. attempting to make changes on a Master Switch
-
B. attempting changes on a Local Switch
-
C. does not have administrative rights to perform these actions
-
D. does not have the correct software license
Frage 21
Frage
View the Server group screenshot above
A company has provisioned the same VAP, AAA and SSID profiles at both its Miami and NY offices. This Server Group is applied for 802.1x authentication at both locations. The user's credentials are only found in the Miami Radius server Radius Miami. There is no Radius synchronization. What happens when the user attempts to authenticate?
Antworten
-
A. The controller recognizes the users Domain and sends the authentication request directly to Radius Miami.
-
B. The request is initially sent to RadiusNY1 then RadiusNY1 redirects, the controller, to send the authentication request to Radius Miami
-
C. RadiusNY1 receives the request and returns a deny. No other action is taken.
-
D. RadiusNY1 receives the request and returns a deny. The authentications request will then be sent to Aruba Certified Mobility Professional 6.1.
Frage 22
Frage
View the Server group and User Roles screen shots above.
A user associated to an SSID with 802.1x using this server group. RadiusNY returned a standard radius attribute of filter-Id with a value of employee. The user was placed in the guest Role. What statements below are correct?
Antworten
-
A. The user was placed in the 802.1x authentication default Role guest
-
B. The user was placed in the initial Role guest
-
C. Role derivation failed because roles are case sensitive
-
D. Role derivation failed because the incorrect operation “value-of” was used
-
E. 802.1x authentication failed so the user was automatically placed in the guest Role
Frage 23
Frage
Refer to the following configuration segment for this item.
Ip access-list session a new one
user network 10.1.1.0 255.255.255.0 any permit
user host 10.1.1.1 any deny user any any permit
Based on the above Aruba Mobility Controller configuration segment, which statements best describe this policy? (Choose all the correct answers.)
Antworten
-
A. The rule user host 10.1.1.1 any deny is redundant because of the implicit deny all at the end.
-
B. The rule user network 10.1.1.0 255.255.255.0 any permit is redundant because of the user any any permit at the end.
-
C. The two rules user network 10.1.1.0 255.255.255.0 any permit and user host 10.1.1.1 any deny need to be re-sequenced.
-
D. This list is fine as is.
Frage 24
Frage
Which match condition can be used by a server derivation rule?
Antworten
-
A. greater than
-
B. less than
-
C. inverse of
-
D. contains
Frage 25
Frage
When configuring a server group containing 3 servers, a customer chooses 'fail through mode'.
What other feature has to be enabled on the controller for this to work?
Frage 26
Frage
What do you need to generate a feature license key for an Aruba controller?
Antworten
-
A. controller's MAC address and the feature description
-
B. controller's MAC address and the certificate number
-
C. controller's Serial Number and the feature description
-
D. controller's Serial Number and the certificate number
Frage 27
Frage
Which may be applied directly to an interface? (Choose all the correct answers.)
Antworten
-
A. Access List (ACL)
-
B. Firewall Policy
-
C. Roles
-
D. RF Plan Map
Frage 28
Frage
When a user first associates to the WLAN, what role are they given?
Frage 29
Frage
What new firewall action was added specifically for use with Aruba's Content Security Service?
VisualRF supports import of floor plans from:
Antworten
-
A. dst-nat
-
B. dual-nat
-
C. route dst-nat
-
D. redirect to tunnel
Frage 30
Frage
What Wizards can be used to create a new AP Group?
Frage 31
Frage
A customer has configured a 3000 controller with the following commands:
Vlan 55
Vlan 56
Vlan 57
Interface gigabitethernet 1/0
switchport mode trunk
switchport trunk native vlan 55
switchport trunk allowed vlan 55-57
Which of the following sentences best describes this port?
Antworten
-
A. All traffic in vlan 55 will be dropped and all traffic in vlan 56 and 57 will be trunked with and 802.1Q tag
-
B. All traffic in vlan 55, 56 and 57 will be trunked with an 802.1Q tag
-
C. All traffic in vlan 55 will be sent with an 802.1Q tag while vlan 56 and 57 traffic will be trunked untagged
-
D. All traffic in vlan 56 and 57 will be sent with an 802.1Q tag while vlan 55 traffic will be trunked untagged
Frage 32
Frage
What cannot be configured from the Initial Configuration wizards?
Frage 33
Frage
Refer to the following configuration segment for this item.
netdestination "internal"
no invert
network 172.16.43.0 255.255.255.0 position 1
range 172.16.11.0 172.16.11.16 position 2
ip access-list session "My-Policy"
alias "user" alias "internal" service_any permit queue low
A user frame is evaluated against this access-list with the following attributes:
Source IP: 172.17.49.3 Destination IP: 10.100.86.37 Destination Port: 80
Referring to the above file segment, how will the frame be handled by this access-list?
Antworten
-
A. The frame will be dropped because of the implicit deny all at the end of the netdestination definition.
-
B. The frame will be dropped because of the implicit deny all at the end of the access list.
-
C. The frame will be forwarded because of the implicit permit all at the end of the access list.
-
D. The frame will be passed because there is no service specified in the access list.
-
E. The frame will be dropped because there is no service specified in the access list.
Frage 34
Frage
The Aruba controller's Command Line Interface can be accessed from WITHIN the browser based Web User Interface using which method?
Antworten
-
A. It's not possible to access the CLI from within the WebUI
-
B. Embedded Telnet client
-
C. Java based SSH client
-
D. Proprietary serial over Ethernet client
Frage 35
Frage
An Aruba controller can be configured to support which CLI based remote access methods?
Antworten
-
A. RSH
-
B. Telnet
-
C. SSH
-
D. Telnet and SSH
-
E. SSH and RSH
Frage 36
Frage
By default, which CLI based remote access method is enabled on Aruba controllers?
Antworten
-
A. rsh
-
B. Telnet
-
C. SSH
-
D. Telnet and SSH
-
E. Telnet, SSH and rsh
Frage 37
Frage
Masters communicate configuration information with locals using which tunnel type?
Frage 38
Frage
In all unmodified default AAA profiles, in which default initial role is the user placed?
Antworten
-
A. trusted-ap
-
B. guest
-
C. pre-guest
-
D. logon
Frage 39
Frage
Which tunnel protocol is used between controllers to support L2 mobility in an Aruba environment?
Antworten
-
A. Basic IP
-
B. GRE
-
C. IPinIP
-
D. Mobile IP
-
E. None of the above
Frage 40
Frage
How does the ARM's Band Steering feature encourage 5GHz capable clients to move/connect to the 5GHz radios of Aruba APs?
Antworten
-
A. ARM “hides” the 2.4GHz radios from 5GHz capable clients
-
B. ARM utilizes third party software on the wireless clients
-
C. Current Wi-Fi chipset firmware supports this by default
-
D. It's not possible the move clients to 5GHz radios when they can see both 2.4 and 5GHz APs
Frage 41
Frage
What type of license is required on the Aruba S3500 for tunneled node operation?
Antworten
-
A. PEF-NG
-
B. No license is required
-
C. Tunneled node license for each wired AP
-
D. Tunneled node license for each S3500
Frage 42
Frage
ip access-list session anewone
user network 10.1.1.0 255.255.255.0 any permit
user host 10.1.1.1 any deny
user any any permit
Referring to the above portion of a Mobility Controller configuration file, what can you conclude?
(Choose all of the correct answers.)
Antworten
-
A. This is a session firewall policy.
-
B. This is an extended Access Control List (ACL).
-
C. Any traffic going to destination 10.1.1.1 will be denied.
-
D. Any traffic going to destination 10.2.2.2 will be denied.
-
E. Any traffic going to destination 172.16.100.100 will be permitted.
Frage 43
Frage
Which method is NOT supported to provision an Aruba thin AP?
Frage 44
Frage
Which of the following APs do not support dual radio operations?
(Choose all the correct answers.)
Antworten
-
A. RAP - 5
-
B. AP 125
-
C. AP 120
-
D. AP 124
Frage 45
Frage
When roaming, by default which device will decide when to handoff / move to another AP?
Antworten
-
A. Aruba AP
-
B. Aruba controller
-
C. Client PC
-
D. Radius Server
-
E. Router
Frage 46
Frage
Referring to the above screen capture, if an administrator desires to change a specific AP into an AM without assigning the AP to a new group, which menus could be used?
Antworten
-
A. Network > Controller
-
B. Wireless > AP Configuration
-
C. Wireless > AP Installation
-
D. Advanced Services > Wireless
-
E. Advanced Services > All Profiles
Frage 47
Frage
Which log type should be enabled to troubleshoot IPSec authentication issues on Aruba Controllers?
Antworten
-
A. Security Logs
-
B. Management Logs
-
C. Wireless Logs
-
D. IDS Logs
Frage 48
Frage
Referring to the above screen capture, on which switch can you create a vlan?
Frage 49
Frage
In a campus environment, where are encryption keys sent or stored when users roam from AP to AP on the same controller using 802.1X?
Antworten
-
A. sent to the new AP via GRE
-
B. sent to the new AP vía IPSec
-
C. stored on the controller
-
D. stored on the RADIUS server
Frage 50
Frage
What is the best practice regarding licensing for a backup master to support Master Redundancy?
Antworten
-
A. Backup master only requires the AP license
-
B. License limits should be the same on primary master and backup Master
-
C. Licenses are pushed from the primary to the backup Master along with the configuration
-
D. Backup Master does not require licenses to support master redundancy
Frage 51
Frage
The screen captures above show the 802.1X authentication profile and AAA profile settings
for a VAP.
If machine authentication passes and user authentication passes, which role will be assigned?
Antworten
-
A. employee
-
B. guest
-
C. contractor
-
D. logon
-
E. you can't tell
Frage 52
Frage
What additional fields must be configured in the configuration wizard if the controller role is selected as a local instead of a standalone controller?
Antworten
-
A. The Local's SNMPv3 user name and password
-
B. The Master IP address
-
C. The Local's loopback address
-
D. The IPSec PSK for Master/Local communication
Frage 53
Frage
ip access-list session anewone
user network 10.1.1.0 255.255.255.0 any permit
user any any permit
host 10.1.1.1 host 10.2.2.2 any deny
A user sends a frame with the following attributes:
Source IP: 10.1.1.1 Destination IP: 10.2.2.2 Destination Port: 25
Based on the above Mobility Controller configuration file segment, what will this policy do
with the user frame?
Antworten
-
A. The frame is discarded because of the implicit deny all at the end of the policy.
-
B. The frame is discarded because of the statement: user host 10.1.1.1 host 10.2.2.2 deny.
-
C. The frame is accepted because of the statement: user any any permit.
-
D. The frame is accepted because of the statement: user network 10.1.1.0
-
E. This is not a valid policy.
Frage 54
Frage
Which of the following statements allows a user to initiate an HTTP session to other devices?
Antworten
-
A. any alias internal-nets svc-dns permit
-
B. user any svc-http permit
-
C. user user svc-http permit
-
D. any any svc-http permit
Frage 55
Frage
When creating a firewall policy, which of the following parameters are required? (Choose all the correct answers.)
Antworten
-
A. Destination
-
B. Service
-
C. Source
-
D. Log
-
E. Action
Frage 56
Frage
As an admin/root user, what other types of role-based management users can be created on Aruba controllers?
(Choose all the correct answers)
Antworten
-
A. Auditing-compliance user
-
B. Read only user
-
C. Location-api-management user
-
D. Guest provisioning user
Frage 57
Frage
The above diagram has one master and three local controllers.
All controllers are configured with the wireless user VLAN 201. A wireless user associates
with AP 1. Only L2 mobility is enabled.
Which elements will know about this association? (Choose all of the correct answers.)
Antworten
-
A. Local 1
-
B. Local 2
-
C. Local 3
-
D. Master
Frage 58
Frage
Which profiles are required in an AP Group to enable an SSID with VLAN 1, WPA2 and LMSIP?
Antworten
-
A. Virtual-ap ap mesh-radio-profile ap system profile
-
B. Wlan ssid-profile ap-system-profile virtual-ap profile
-
C. Virtual-ap profile ap-system profile aaa profile
-
D. 802.1X authentication profile wlan ssid-profile virtual-ap profile
Frage 59
Frage
The network administrator wishes to terminate the VPN encryption on the Aruba controller.
When writing a firewall rule to accomplish the task of automatically moving the VPN traffic for the wireless clients from a third party VPN concentrator to an Aruba controller, which action needs to be configured in the rule?
Antworten
-
A. redirect to ESI group
-
B. source NAT
-
C. destination NAT
-
D. redirect to tunnel
Frage 60
Frage
Which is an Aruba specific DSA that can be used in a user derivation rule?
Frage 61
Frage
The reusable wizards are accessible in which one of the following ways?
Antworten
-
A. On startup through the CLI
-
B. Through the CLI, after the initial CLI wizard has been completed
-
C. In the Web UI under maintenance.
-
D. In the Web UI under configuration.
Frage 62
Frage
Which of the following APs support remote AP operation?
Antworten
-
A. AP 105
-
B. AP 125
-
C. RAP2
-
D. All of the above
Frage 63
Frage
Referring to the above screen capture, on which switch can you modify APs to enable ARM?
Frage 64
Frage
Which of the following statement is true of the Spectrum Mode?
Antworten
-
A. No licenses are required to run an AP in Spectrum mode
-
B. Spectrum mode can only be configured for one AP at a time
-
C. An AP can be in spectrum mode for both 2.4 and 5G bands at the same time
-
D. Spectrum Mode is configured under Spectrum Profile
Frage 65
Frage
Which types of encryption will an Aruba access point perform on traffic sent through a Campus AP Virtual AP (VAP) profile in Tunnel forwarding mode?
Antworten
-
A. TKIP & AES
-
B. WEP & TKIP
-
C. WEP & AES
-
D. WEP, TKIP, & AES
-
E. None of the above
Frage 66
Frage
When are the system-defined default roles added to the configuration on the controller?
Antworten
-
A. when the controller is first booted
-
B. when an RF Proctect license is added to the controller
-
C. when created manually
-
D. when a PEF-NG license is added to the controller
Frage 67
Frage
Which of the following could be used to set a user's post-authentication role or VLAN association? (Choose all the correct answers.)
Antworten
-
A. AAA default role for authentication method
-
B. Server Derivation Rule
-
C. Vendor Specific Attributes
-
D. AP Derivation Rule
Frage 68
Frage
What are the Airtime Allocation Policy options for Airtime Performance Protection?
Antworten
-
A. Default Access
-
B. Priority Access
-
C. Fair Access
-
D. Preferred Access
-
E. Distributed Access
Frage 69
Frage
What is the function of Band Steering?
Antworten
-
A. Balancing clients across APs on different channels within the same band
-
B. Encourages clients, 5GHz capable, to connect on the 5GHz spectrum
-
C. Coordinate access to the same channel across multiple APs
-
D. Enables selection of 20 vs. 40 MHz mode of operation per band
-
E. Enables acceptable coverage index on both the “b/g” and “a” spectrums
Frage 70
Frage
Which settings can be modified directly from a local controller? (Choose all correct
Frage 71
Frage
Review the following truncated output from an Aruba controller for this item.
(Example) #show rights logon
Derived Role = 'logon'
Up BW:No Limit Down BW:No Limit
L2TP Pool = default-l2tp-pool
PPTP Pool = default-pptp-pool
Periodic reauthentication: Disabled
ACL Number = 1/0
Max Sessions = 65535
Based on the above output from an Aruba controller, an unauthenticated user assigned to
the logon role attempts to start an http session to IP address 172.16.43.170.
What will happen?
Antworten
-
A. the user's traffic will be passed to the IP address because of the policy statement: user any svc-http dst-nat 8080
-
B. the user's traffic will be passed to the IP address because of the policy statement: user any svc-https dst-nat 8081
-
C. the user's traffic will be passed to the IP address because of the policy statement: user any svc-http-proxy1 dst-nat 8088
-
D. the user will not reach the IP address because of the policy statement: user any svc-http dst-nat 8080
-
E. the user will not reach the IP address because of the implicit deny any any at the end of the policy.
Frage 72
Frage
Which actions does ARM (Adaptive Radio Management) perform? (Choose all correct answers.)
Antworten
-
A. allows controllers to provision the AP Radio type
-
B. allows controllers to provision the best channel for APs
-
C. allows controllers to provision the best power setting for APs
-
D. attempts to Self Heal in case of an AP failure
Frage 73
Frage
When you create a WLAN SSID in the WLAN/LAN wizard what AP group is it automatically added to?
Antworten
-
A. The air-monitors group
-
B. The first configured AP group
-
C. The Default AP group
-
D. It is only added to the 'All Profiles' section
Frage 74
Frage
In the diagram provided for this question, the wireless user's laptop is associated with an Aruba AP's Virtual AP profile in tunnel forwarding mode.
When the client transmits, where will the 802.11 headers be removed?
Frage 75
Frage
As a user moves through the authentication process, which of the following is not used in a derivation rule?
Antworten
-
A. MAC address
-
B. OS version
-
C. SSID
-
D. Radius attribute
Frage 76
Frage
A campus AP has been provisioned with a VAP in bridge forwarding and standard operation modes. Which of the following authentication types are supported?
Antworten
-
A. 802.1X authentication
-
B. Open System authentication
-
C. Machine authentication
-
D. Captive portal authentication
Frage 77
Frage
The Aruba Policy Enforcement Firewall (PEF) module supports destination network address translation (dst-nat).
Which is a common use of this statement in an Aruba configuration?
Antworten
-
A. source the IP addresses of users to specific IP address
-
B. redirect HTTP sessions to Captive Portal
-
C. redirect Access Points to another Aruba controller
-
D. provide a telnet connection to the controller
Frage 78
Frage
Which netdestination aliases are built into the controller? (Choose all the correct answers.)
Antworten
-
A. mswitch
-
B. any
-
C. user
-
D. guest
Frage 79
Frage
What are the PEF-NG license limits based on?
Frage 80
Frage
Which statement is true about the Content Security License?
Antworten
-
A. Applied to the master controller
-
B. Applied to all the controllers in the network
-
C. It is based on number of users
-
D. It is based on number of APs
Frage 81
Frage
Aruba access points are logically connected to controllers using which protocol?
Antworten
-
A. 802.1q
-
B. LWAPP
-
C. PPTP
-
D. GRE
Frage 82
Frage
The configuration wizard enables which of the following controller clock configurations?
Frage 83
Frage
Which of the following controllers has an integrated single radio AP?
Antworten
-
A. 3200
-
B. 620
-
C. 650
-
D. 651
Frage 84
Frage
Which access point models support concurrent operations in both the “b/g” band as well as the “a” band?
(Choose all the correct answers.)
Antworten
-
A. RAP2
-
B. AP-120
-
C. AP-105
-
D. AP-125
-
E. AP-135
Frage 85
Frage
By default, how long will an AP scan a single channel when ARM is enabled?
Antworten
-
A. 80 milliseconds
-
B. 90 milliseconds
-
C. 100 milliseconds
-
D. 110 milliseconds
Frage 86
Frage
Referring to the above screen capture, on which switch can you add an administrative user and assign a switch management role?
Frage 87
Frage
Which of the following metrics does the ARM feature use to calculate the optimal channel and power level for Access Points? (Choose all correct answers)
Antworten
-
A. RF Spectrum Index
-
B. Priority Index
-
C. Interference Index
-
D. Coverage Index
Frage 88
Frage
A customer forgot all passwords for a controller. What method could you use to reset the passwords?
Antworten
-
A. Telnet to the controller and login to the password recovery account
-
B. SSH to the controller and login to the password recovery account
-
C. Connect directly to the serial console and login to the password recovery account
-
D. Interrupt the boot process at CP-boot and select password recovery
-
E. Open the controller and press the reset switch
Frage 89
Frage
Other than a user role, what attribute can be applied to a user with a derivation rule?
Antworten
-
A. SSID
-
B. MAC
-
C. VLAN
-
D. IP Address
Frage 90
Frage
Where in the network can Aruba controllers be deployed?
Antworten
-
A. access
-
B. distribution
-
C. core
-
D. all of the above