HPE6-A79 Online Practice Questions and Answers

A company plans to build a resort that includes a hotel with 1610 rooms, a casino, and a convention center. The company is interested in a mobility solution that provides scalability and a service-based approach, where they can rent the

WLAN infrastructure at the convention center to any customer (tenant) that hosts events at the resort.

The solution should provide:

Seamless roaming when users move from the hotel to the casino or the convention center

Simultaneous propagation of the resort and customer-owned SSIDs at the convention center

Null management access upon resort network infrastructure to the customers (tenants)

Configuration and monitor rights of rented SSIDs to the customers (tenants)

Which deployment meets the requirements?

A. Deploy an MM-MC infrastructure with multizone AP's, with one zone for tenant SSIDs.

B. Deploy IAPs along with AirWave, and deploy role-based management access control.

C. Deploy IAPs with zone based SSIDs and manage them with different central accounts.

D. Deploy an MM-MC infrastructure, and create different hierarchy groups for MCs and APs.

E. Deploy IAPs, and manage them with different central accounts.

Refer to the exhibits. Exhibit 1

Exhibit 2 Exhibit 3

Exhibit 4

A captive portal-based solution is deployed in a Mobility Master (MM) - Mobility Controller (MC) network. A wireless station connects to the network and attempts the authentication process. The outputs are shown in the exhibits. Which names correlate with the authentication and captive portal servers?

A. ClearPass.23 is the authentication server, and cp.mycompany.com is the captive portal server.

B. ClearPass.23 is the authentication server, and MC2 is the captive portal server.

C. Internal database in MC2 is the authentication server, and cp.mycompany.com is the captive portal server.

D. cp.mycompany.com is the authentication server, and ClearPass.23 is the captive portal server.

Refer to the exhibit.

A network administrator wants to configure an 802.1x supplicant for a wireless network that includes the following:

AES encryption EAP-MSCHAP v2-based user and machine authentication Validation of server certificate in Microsoft Windows 10

The network administrator creates a WLAN profile and selects the change connection settings option. Then the network administrator changes the security type to Microsoft: Protected EAP (PEAP), and enables user and machine authentication under Additional Settings.

What must the network administrator do next to accomplish the task?

A. Change default RC4 encryption for AES.

B. Enable user authentication under Settings

C. Change the security type to Microsoft: Smart Card or other certificate.

D. Enable server certificate validation under Settings.

A network administrator has updated the ArubaOS code of a standalone Mobility Controller (MC) that is used for User-Based Tunneling (UBT) to a newer early release. Ever since the MC seems to reject PAPI sessions from the switch with the 10.1.10.10 IP address. Also the controller's prompt is now followed by a star mark: "(MC_VA) [mynode] *#"

When opening a support ticket, an Aruba TAC engineer asks the administrator to gather the crash logs and if possible replicate UBT connection attempts from the switch while running packet captures of PAPI traffic on the controller and obtain the PCAP files. The administrator has a PC with Wireshark and TFTP server using the 10.0.20.20 IP address.

What commands must the administrator issue to accomplish these requests? (Choose two.)

A. Option A

B. Option B

C. Option C

D. Option D

E. Option E

A network administrator assists with the migration of a WLAN from a third-party vendor to Aruba in different locations throughout the country. In order to manage the solution from a central point, the network administrator decides to deploy redundant Mobility Masters (MMs) in a datacenter that are reachable through the Internet.

Since not all locations own public IP addresses, the security team is not able to configure strict firewall polices at the datacenter without disrupting some MM to Mobility Controller (MC) communications. They are also concerned about exposing the MMs to unauthorized inbound connection attempts.

What should the network administrator do to ensure the solution is functional and secure?

A. Deploy an MC at the datacenter as a VPN concentrator.

B. Block all inbound connections, and instruct the MM to initiate the connection to the MCs.

C. Block all ports to the MMs except UDP 500 and 4500.

D. Install a PEFV license, and configure firewall policies that protect the MM.

Refer to the exhibit.

A network administrator wants to allow contractors to access the WLAN named EmployeesNet. In order to restrict network access, the network administrator wants to assign this category of users to the contractor user role. To do this, the

network administrator configures ClearPass in a way that it returns the Aruba-User-Role with the contractor value.

When testing the solution, the network administrator receives the wrong role.

What should the network administrator do to assign the contractor role to contractor users without affecting any other role assignment?

A. Check the Download role from the CPPM option in the AAA profile.

B. Set contractor as the default role in the AAA profile.

C. Create Contractor firewall role in the M.

D. Create server deviation rules in the server group.

Refer to the exhibits.

A network administrator has fully deployed a WPA3 based WLAN with 802.1X authentication. Later he defined corp-employee as the default user-role for the 802.1X authentication method in the aaa profile. When testing the setup he realizes the client gets the "guest" role.

What is the reason "corp-employee" user role was not assigned?

A. The administrator forgot to map a dot1x profile to the corp-employee aaa profile.

B. The administrator forgot to enable PEFNG feature set on the Mobility Master.

C. MC 1 has not received the configuration from the mobility master yet.

D. The Mobility Master lacks MM-VA licenses; therefore, it shares partial configuration only.

Refer to the exhibit.

A network administrator has Mobility Master (MM) - Mobility Controller (MC) based network and has fully integrated the MCs with ClearPass for RADIUS-based AAA services. The administrator is testing different ways to run user role derivation.

Based on the show command output, what method has the administrator use for assigning the "corp" role to client with MAC xx:xx:xx:xx:xx:xx?

A. Dynamic Authorization using VSA attributes.

B. Dynamic Authorization using IETF attributes.

C. Server Derivation Rules using IETF attributes.

D. User Derivation Rules using the client's MAC.

Refer to the exhibit.

A network administrator has recently enabled WMM on the VAP's SSID profile and enabled UCC Skype4B ALG at the Mobility Master level. During testing, some voice and video conference calls were made, and it was concluded that the call quality has dramatically improved. However, end to end information isn't displayed in the call's details. Also, Skype4B app-sharing's performance is poor at times.

What must the administrator do next in order to enable end to end call visibility and QoS correction to app-sharing service?

A. Deploy the SDN API Software in the Skype4B Solution and point to the MM.

B. Increase the app-sharing DSCP value in the Skype4B ALG profile.

C. Enable UCC monitoring on the "default-controller" mgmt.-server profile.

D. Enable the App-sharing ALG profile at both MM and MD hierarchy levels.

Refer to the exhibit.

The network administrator must ensure that the configuration will force users to authenticate periodically every eight hours. Which configuration is required to effect this change?

A. Set the reauth-period to 28800 enable reauthentication in the dot1x profile.

B. Set the reauth-period to 28800 enable reauthentication in the AAA profile.

C. Set the reauth-period to 28800 enable reauthentication in both dot1x and AAA profile.

D. Set the reauth-period to 28800 in the dot1x profile and enable reauthentication in the AAA profile.