Quizzzzzz

HPE07-01

1 / 70

A customer just upgraded aggregation layer switches and noticed traffic dropping for 120 seconds after the aggregation layer came online again. What is the best way to avoid having this traffic dropped given the topology below?

Configure the linkup delay timer to 240 seconds to double the amount of lime for the initial phase to sync

Configure the linkup delay timer to exclude LAGS 101 and 102, which will allow time for routing adjacencies to form and to learn upstream routes

Configure the linkup delay timer to include LAGs 101 and 102, which will allow time for routing adjacencies lo form and to learn upstream routes

Configure the linkup delay timer to 120 seconds, which will allow the right amount of time for the initial phase to sync

2 / 70

A customer is using a legacy application that communicates at layer-2. The customer would like to keep this application working to a remote site connected via layer-3 All legacy devices are connected to a dedicated Aruba CX 6200 switch at each site.

What technology on the Aruba CX 6200 could be used to meet this requirement?

Inclusive Multicast Ethernet Tag (IMET)

Ethernet over IP (EolP)

Generic Routing Encapsulation (GRE)

Static VXLAN

3 / 70

What are two advantages of splitting a larger OSPF area into a number of smaller areas? (Select two )

It extends the LSDB

It increases stability

it simplifies the configuration

It reduces processing overhead

It reduces the total number of LSAs

4 / 70

With the Aruba CX switch configuration, what is the first-hop protocol feature that is used for VSX L3 gateway as per Aruba recommendation?

Active Gateway

Active-Active VRRP

SVI with vsx-sync

VRRP

5 / 70

With Aruba CX 6300. How do you configure ip address 10.10.10.1 for the interface in default state for interface 1/1/1?

int 1/1/1; switching; ip address 10.10.10.1/24

int 1/1/1; no switching; ip address 10.10.10.1/24

int 1/1/1; ip address 10.10.10.1/24

int 1/1/1; routing; ip address 10.10.10.1/24

6 / 70

Review the exhibit

You are troubleshooting an issue with a 10.102.39.0/24 subnet which is also VLAN 1000 used Tor wireless clients on a pair of Aruba CX 8360 switches The subnet SVI is configured on the 8360 pair, and the DHCP server is a Microsoft Windows Server 2022 Standard with an IP address of 10.200.1.100. The 10.102.250.0/24 subnet is used for switch management. A large number of DHCP requests are failing You are observing sporadic DHCP behavior across clients attached to the CX 6100 switch.
Which action may help fix the issue?

Option A

Option B

Option C

Option D

7 / 70

Which statements regarding OSPFv2 route redistribution are true for Aruba OS CX switches?

(Select two.)

The "redistribute connected" command will redistribute all connected routes for the switch including local loopback addresses

The "redistribute ospf" command will redistribute routes from all OSPF V2 and V3 processes

The "redistribute static route-map connected-routes" command will redistribute all static routes without a matching deny in the route map "connected-routes".

The "redistribute connected" command will redistribute all connected routes for the switch except local loopback addresses.

The "redistribute static route-map connected-routes" command will redistribute all static routes with a matching permit in the route map "connected-routes"

8 / 70

A system engineer needs to preconfigure several Aruba CX 6300 switches that will be sent to a
remote office An untrained local field technician will do the rollout of the switches and the mounting
of several AP-515s and AP-575S. Cables running to theAPs are not labeled.
The VLANs are already preconfigured to VLAN 100 (mgmt), VLAN 200 (clients), and VLAN 300 (guests)
What is the correct configuration to ensure that APs will work properly?

A)

B)

C)

D)

Option A

Option B

Option C

Option D

9 / 70

You need to create a keepalive network between two Aruba CX 8325 switches for VSX configuration. How should you establish the keepalive connection?

SVI, VLAN trunk allowed all on ISL in default VRF

routed port in custom VRF

loopback 0 and OSPF area 0 in default VRF

SVI, VLAN trunk allowed all on ISL in custom VRF

10 / 70

What is an Aruba-recommended best practice for hardening that only applies to Aruba CX 6300 series switches with dedicated management ports?

Implement a control plane ACL to limit access to approved IPs and/or subnets

Manually enable Enhanced Security Mode from a console session

Disable all management services on the default VRF

Create a dedicated management VRF, and assign the management port to it

11 / 70

Refer to the exhibit

With Core-1. what is the default value for config-revision?

0

1

1-0

0.0

12 / 70

You are configuring Policy Based Routing (PBR) for a subnet that will be used to test a new default route for your network Traffic originating from 10.2.250.0/24 should use a new default route to 10.1.1.253. Other non-default routes for this subnet should not be affected by this change.
What are two parts of the solution for these requirements? (Select two.)
A)

B)

C)

D)

E)

Option A

Option B

Option C

Option D

Option E

13 / 70

The customer needs a network hardware refresh to replace an aging Aruba 5406R core switch pair using spanning tree configuration with Aruba CX 8360-32YC switches What is the benefit of VSX clustering with the new solution?

stacked data-plane

faster MSTP converge processing

dual Aruba AP LAN port connectivity for PoE redundancy

dual control plane provides better resiliency

14 / 70

What steps are part of the Key Management workflow when a wireless device is roaming from AP1 to AP2? (Select two.)

AP1 will cache the client's information and send it to the Key Management service

The Key Management service receives from AirMatch a list of all AP2's neighbors

The Key Management service receives a list of all AP1 s neighbors from AirMatch

The Key Management service then generates R1 keys for AP2's neighbors.

A client associates and authenticates with the AP2 after roaming from AP1

15 / 70

What is a primary benefit of BSS coloring?

BSS color tags improve performance by allowing APS on the same channel to be farther apart

BSS color tags improve security by identifying rogue APS and tagging them as threats

BSS color tags are applied on the wireless controllers and can reduce the threshold for interference

BSS color tags are applied to WI-Fi channels and can reduce the threshold tor interference

16 / 70

Refer to the exhibit

A company has deployed 200 AP-635 access points. To but is not working as expected

What would be the correct action to fix the issue?

Change the SSID to WPA3-Enhanced Open

Change the SSID to WPA3-Enterprise (CCM)

Change the SSID to WPA3-Personal

Change the SSID to WPA3-Enterpnse (CNSA)

17 / 70

What is true regarding 802.11k?

It extends radio measurements to define mechanisms for wireless network management of stations

It reduces roaming delay by pre-authenticating clients with multiple target APs before a client roams to an AP

It provides mechanisms for APs and clients to dynamically measure the available radio resources.

It considers several metrics before it determines if a client should be steered to the 5GHz band, including client RSSI

18 / 70

A new network design is being considered to minimize client latency in a high-density environment. The design needs to do this by eliminating contention overhead by dedicating subcarriers to clients.
Which technology is the best match for this use case?

OFDMA

MU-MIMO

QWMM

Channel Bonding

19 / 70

Refer to the image

Your customer is complaining of weak Wi-Fi coverage in their office. They mention that the office on the other side of the hall has much better signal What is the likely cause of this issue?

The AP is a remote access point

The AP is using a directional antenna

The AP is an outdoor access point

The AP is configured in Mesh mode

20 / 70

For an Aruba AOS-10 AP in mixed mode, which factors can be used to determine the forwarding role assigned to a client? (Select two.)

Client IP address

802.1X authentication result

Client MAC address

Client SSID

Client VLAN

21 / 70

A customer is looking for a wireless authentication solution for all of their loT devices that meet the following requirements
– The wireless traffic between the IoT devices and the Access Points must be encrypted
– Unique passphrase per device
– Use fingerprint information to perform role-based access
Which solutions will address the customer’s requirements? (Select two.)

MPSK and an internal RADIUS server

MPSK Local with MAC Authentication

ClearPass Policy Manager

MPSK Local with EAP-TLS

Local User Derivation Rules

22 / 70

Your customer is having issues with Wi-Fi 6 clients staying connected to poor-performing APs when a higher throughput APs are closer. Which technology should you implement?

Clearpass

ClientMatch

Airmatch

ARM

23 / 70

You are doing tests in your lab and with the following equipment specifications:
• AP1 has a radio that generates a 20 dBm signal
• AP2 has a radio that generates a 8 dBm signal
• AP1 has an antenna with a gain of 7 dBI.
• AP2 has an antenna with a gain of 12 dBI.
• The antenna cable for AP1 has a 3 dB loss
• The antenna cable forAP2 has a 3 dB loss.
What would be the calculated Equivalent Isotropic Radiated Power (EIRP) for AP1?

2 dBm

8 dBm

22 dBm

24 dBm

24 / 70

You are doing tests in your lab and with the following equipment specifications
• AP1 has a radio that generates a 10 dBm signal
• AP2 has a radio that generates a 11 dBm signal
• AP1 has an antenna with a gain of 9 dBi
• AP2 has an antenna with a gain of 12 dBi.
• The antenna cable for AP1 has a 2 dB loss
• The antenna cable for AP2 has a 3 dB loss
What would be the calculated Equivalent Isotropic Radiated Power (EIRP) for AP1?

26 dBm

30 dBm

17 dBm

-12 dBm

25 / 70

A customer is using Aruba Cloud Guest, but visitors keep complaining that the captive portal page keeps coming up after devices go to sleep Which solution should be enabled to deal with this issue?

MAC Caching under the splash page

MAC Caching under the user-role

Wireless Caching under the splash page

MAC Caching under the WLAN

26 / 70

You are are doing tests in your lab and with the following equipment specifications:
• AP1 has a radio that generates a 16 dBm signal.
• AP2 has a radio that generates a 13 dBm signal.
• AP1 has an antenna with a gain of 8 dBi.
• AP2 has an antenna with a gain of 12 dBi. The antenna cable for AP1 has a 4 dB loss. The
antenna cable for AP2 has a 3 dB loss.
What would be the calculated Equivalent Isotropic Radiated Power (EIRP) for AP1?

-9 dBm

20 dBm

40 dBm

15 dBm

27 / 70

In an ArubaOS 10 architecture using an AP and a gateway, what happens when a client attempts to join the network and the WLAN is configured with OWE?

Authentication information is not exchanged

The Gateway will not respond

No encryption is applied

RADIUS protocol is utilized

28 / 70

You are deploying a bonded 40 MHz wide channel What is the difference in the noise floor perceived by a client using this bonded channel as compared to an unbonded 20MHz wide channel?

2 dB

3 dB

8 dB

4 dB

29 / 70

Which standard supported by some Aruba APs can enable a customer to accurately locate wireless client devices within a few meters?

802.11mc

802.11w

802.11k

802.11r

30 / 70

A large retail client is looking to generate a rich set of contextual data based on the location information of wireless clients in their stores Which standard uses Round Trip Time (RTT) and Fine Time Measurements (FTM) to calculate the distance a client is from an AP?

802.11ah

802.11mc

802.11be

802.11v

31 / 70

You are setting up a customer’s 15 headless loT devices that do not support 802.1X. What should you use?

Multiple Pre-Shared Keys (MPSK) Local

Clearpass with WPA3-PSK

Clearpass with WPA3-AES

Multiple Pre-Shared Keys (MPSK) with WPA3-AES

32 / 70

A customer has a site with 200 AP-515 access points 75AP-565 access points installed. The customer is rolling out new mobile phones with Wi-Fi-calling. 802.1X is in use for authentication What should be enabled to ensure the best roaming experience?

802.1X

802.11r

802.11w

802.11h

33 / 70

Your manufacturing client is deploying two hundred wireless IP cameras and fifty headless scanners in their warehouse. These new devices do not support 802.1X authentication.

How can HPE Aruba enhance security for these new IP cameras in this environment?

Use MPSK Local to automatically provide unique pre-shared Keys for devices.

Aruba ClearPass performs the 802.1X authentication and installs a certificate.

MPSK provides for each device in the WLAN to have its own unique pre-shared Key.

MPSK Local will allow the cameras to share a rey and the scanners to share a different

34 / 70

When configuring UBT on a switch what will happen when a gateway role is not specified?

The switch will put the client on the access VLAN

The gateway will assign a default role to the client

The switch will assign the default deny role to the client.

The gateway will send back the deny role to the client.

35 / 70

With the Aruba CX 6200 24G switch with uplinks or 1/1/25 and 1/1/26, how do you protect client ports from forming layer-2 loops?

int 1/1/1-1/1/24, loop-protect

int 1/1/1-1/1/28, loop-protect

int 1/1/1-1/1/28, loop-guard

int 1/1/1-1/1/24, loop-guard

36 / 70

With the Aruba CX switch configuration, what is the Active Gateway feature that is used for and is unique to VSX configuration?

Sixteen different VMACs are supported total as shared

Active Gateway can once MSTP instances are created for VLAN load sharing

Sixteen different VMACS are supported for each IPV4 and IPV6 stack simultaneously

copied over the ISL link for an optimized path

37 / 70

Which statement best describes QoS?

Determining which traffic passes specified quality metrics

Scoring traffic based on the quality of the contents

Identifying specific traffic for special treatment

Identifying the quality of the connection

38 / 70

You are troubleshooting an issue with a pair of Aruba CX 8360 switches configured with VSX Each switch has multiple VRFs. You need to find the IP address of a particular client device with a known MAC address You run the “show arp” command on the primary switch in the pair but do not find a matching entry for the client MAC address. The client device is connected to an Aruba CX 6100 switch by VSX LAG.
Which action can be used to find the IP address successfully?

Option A

Option B

Option C

Option D

39 / 70

Which statements are true regarding a VXLAN implementation on Aruba Switches? (Select two.)

MTU size must be increased beyond the default

VNIs encapsulate and decapsulate VXLAN traffic

VTEPs encapsulate and decapsulate VXLAN traffic

They are only available for datacenter switches (CX 8k, 9k,10k)

All Aruba CX switches support VXLAN.

40 / 70

What is enabled by LLDP-MED? (Select two.)

Voice VLANs can be automatically configured for VoIP phones

APs can request power as needed from PoE-enabled switch ports

iSCSl client devices can request to have flow control enabled

GVRP VLAN information can be used to dynamically add VLANs to a trunk

iSCSl client devices can set the required MTU setting for the port

41 / 70

You need to ensure that voice traffic sent through an ArubaOS-CX switch arrives with minimal latency What is the best scheduling technology to use for this task?

Strict queuing

Rate limiting

QoS shaping

DWRR queuing

42 / 70

Which statements are true about VSX LAG? (Select two.)

The total number of configured links may not exceed 8 for the pair or 4 per switch

Outgoing traffic is switched to a port based on a hashing algorithm which may be either switch in the pair

LAG traffic is passed over VSX ISL links only while upgrading firmware on the switch pair

Outgoing traffic is preferentially switched to local members of the LAG.

Up to 255 VSX lags can be configured on all 83xx and 84xx model switches

43 / 70

You are configuring an SVI on an Aruba CX switch that needs to have the following characteristics:

• VLANID = 25
• IPv4 address 10 105 43 1 with mask 255 255 255.0
• IPv6 address fd00:5708::f02d:4df6 with a 64 bit prefix length
• member of VRF eng
• VRF eng and VLAN 25 have not yet been created

Which command lists will satisfy the requirements with the least number of commands?

A)

B)

C)

D)

Option A

Option B

Option C

Option D

44 / 70

Your customer currently has Two (2) 5406 modular switches with MSTP configured as their core switches. You are proposing a new solution. What would you explain regarding the Aruba CX VSX switch pair when the Primary VSX node is replaced and the system MAC is replaced?

VSX will select the MAC address from a node that is the lower ID

Configure vMAC on the Primary VSX node under VSX to retain MAC after hardware replacement

VSX will select the MAC address from a node that is a higher ID

During the initial VSX configuration, the system-mac is assigned with a fixed MAC based on VSX ID

45 / 70

A customer is using stacked Aruba CX 6200 and CX 6300 switches for access and a VSX pair of Aruba CX 8325 as a collapsed core 802 1X is implemented for authentication. Due to the lack of cabling, some unmanaged switches are still in use Sometimes devices behind these switches cause network outages The switch should send a warning to the Helpdesk when the problem occurs You have been asked to implement an effective solution to the problem-
What is the solution for this?

Configure spanning tree on the Aruba CX 8325 switches Set the trap-option

Configure loop protection on all edge ports of the Aruba CX 6200 and CX 6300 switches No trap option is needed

Configure loop protection on all edge ports of the Aruba CX 6200 and CX 6300 switches Set up the trap-option

Configure spanning tree on the Aruba CX 6200 and CX 6300 switches No trap option is needed

46 / 70

With the Aruba CX 6100 48G switch with uplinks of 1/1/47 and 1/1/48. how do you automate the process of resuming the port operational state once a loop on a client port is cleared?

Configure int 1/1/1-1/1/52 loop-protect disable timer

Configure global loop-protect disable timer

Configure int 1/1/1-1/1/46 loop-protect re-enable-timer

Configure global loop-protect re-enable-timer

47 / 70

You need to have different routing-table requirements With Aruba CX 6300 VSF configuration. Assuming the correct layer-2 VLAN already exists, how would you create a new SVI for a separate routing table?

create a new VLAN, and attach the VRF to it

Create a new routing table, and attach VLANS to it

Create a new SVI and use attach command

Create a new VLAN. and attach the routing table to it

48 / 70

A customer is concerned about me unprotected traffic between an AOS-CX switch and a gateway, running on AOS 10. What is a feasible option to protect this traffic?

Implement an IPSec tunnel to protect PAPI between the AOS-CX switches and the gateway

Implement an MD5 HMAC function lo protect PAPI between the AOS-CX switches and the gateway

Implement a GRE tunnel to protect PAPI between the AOS-CX switches and the gateway

no action is needed, an RSA certificate already encrypts the traffic

49 / 70

A network administrator is attempting to troubleshoot a connectivity issue between a group of users and a particular server The administrator needs to examine the packets over a period of time from their desktop; however, the administrator is not directly connected to the AOS-CX switch involved with the traffic flow.
What statements are correct regarding the ERSPAN session that needs to be established on an AOS-
CX switch’? (Select two )

On the source AOS-CX switch, the destination specified is the switch to which the administrator's desktop is connected

The encapsulation protocol used is GRE

The encapsulation protocol used is VXLAN

The encapsulation protocol is UDP

On the source AOS-CX switch, the destination specified is the administrators desktop

50 / 70

What is the best practice for handling voice traffic with dynamic segmentation on AOS-CX switches?

Switch authentication and local forwarding of the voice traffic

Switch authentication and user-based tunneling of the voice traffic

Central authentication and port-based tunneling of the voice traffic

Controller authentication and port-based tunneling of all traffic

51 / 70

A customer is using a legacy application that communicates at layer-2. The customer would like to keep this application working across the campus which is connected via layer-3. The legacy devices are connected to Aruba CX 6300 switches throughout the campus.

Which technology minimizes flooding so the legacy application can work efficiently?

Generic Routing Encapsulation (GRE)

EVPN-VXLAN

Ethernet over IP (EolP)

Static VXLAN

52 / 70

A customer wants to enable wired authentication across all their CX switches One of the requirements is that the switch must be able to authenticate a single computer connected through a VoIP phone.
Which feature should be enabled to support this requirement?

Multi-Domain Authentication

Device-Based Mode

MAC Authentication

Multi-Auth Mode

53 / 70

When setting up an Aruba CX VSX pair, which information does the Inter-Switch Link Protocol configuration use in the configuration created?

QSVI

MAC tables

UDLD

RPVST+

54 / 70

Your customer has four (4) Aruba 7200 Series Gateways and two (2) 7000 Series Gateways. The customer wants to form a cluster with these Gateways. What design consideration would prevent you from using all of those Gateways?

Multiple versions between Gateways in the same cluster profile are not allowed AOS 10.x.

A heterogeneous cluster is not supported in AOS 10.x.

The AP load should be lowest value of worst-case scenario load.

A combination of 7200 series and 7000 series gateways supports up to 4 nodes

55 / 70

You need to drop excessive broadcast traffic on an ingress port or an ArubaOS-CX switch. What is the best feature to use for this task?

DWRR queuing

Strict queuing

Rate limiting

QoS shaping

56 / 70

What is used to retrieve data stored in a Management Information Base (MIS)?

SNMPv3

DSCP

TLV

CDP

57 / 70

The administrator notices that wired guest users that have exceeded their bandwidth limit are not being disconnected Access Tracker in ClearPass indicates a disconnect CoA message is being sent to the AOS-CX switch.
An administrator has performed the following configuration:

What is the most likely cause of this issue?

Change of Authorization has not been globally enabled on the switch

The SSL certificate for CPPM has not been added as a trust point on the switch

There is a mismatch between the RADIUS secret on the switch and CPPM

There is a time difference between the switch and the ClearPass Policy Manager

58 / 70

A company recently deployed new Aruba Access Points at different branch offices Wireless 802.1X authentication will be against a RADIUS server in the cloud. The security team is concerned that the traffic between the AP and the RADIUS server will be exposed.
What is the appropriate solution for this scenario?

Enable EAP-TLS on all wireless devices

Configure RadSec on the AP and Aruba Central

Enable EAP-TTLS on all wireless devices

Configure RadSec on the AP and the RADIUS server

59 / 70

A company deployed Dynamic Segmentation with their CX switches and Gateways After performing a security audit on their network, they discovered that the tunnels built between the CX switch and the Aruba Gateway are not encrypted. The company is concerned that bad actors could try to insert spoofed messages on the Gateway to disrupt communications or obtain information about the network.

Which action must the administrator perform to address this situation?

Enable Secure Mode Enhanced

Enable Enhanced security

Enable Enhanced PAPI security

Enable GRE security

60 / 70

Which feature supported by SNMPv3 provides an advantage over SNMPv2c?

Transport mapping

Community strings

GetBulk

Encryption

61 / 70

A customer wants to provide wired security as close to the source as possible The wired security must meet the following requirements:

-allow ping from the IT management VLAN to the user VLAN
-deny ping sourcing from the user VLAN to the IT management VLAN

The customer is using Aruba CX 6300s
What is the correct way to implement these requirements?

Apply an outbound ACL on the user VLAN allowing temp echo-reply traffic toward the IT management VLAN

Apply an inbound ACL on the user VLAN allowing icmp echo-reply traffic toward the IT management VLAN

Apply an inbound ACL on the user VLAN denying icmp echo traffic toward the IT management VLAN

Apply an outbound ACL on the user VLAN denying icmp echo traffic toward the IT management VLAN

62 / 70

What is one advantage of using OCSP vs CRLs for certificate validation?

reduces latency between the time a certificate is revoked and validation reflects this status

less complex to implement

higher availability for certificate validation

supports longer certificate validity periods

63 / 70

A company recently upgraded its campus switching infrastructure with Aruba 6300 CX switches. They have implemented 802.1X authentication on edge ports where laptop and loT devices typically connect. An administrator has noticed that for PoE devices the pons are delivering the maximum wattage instead of what the device actually needs Upon connecting the loT devices, the devices request their specific required wattage through information exchange

Concerned about this waste of electricity, what should the administrator implement to solve this problem?

Enable AAA authentication to exempt LLDP and/or CDP information

Globally enable the QoS trust setting for LLDP and/or CDP

Create device profiles with the correct power definitions.

Implement a classifier policy with the correct power definitions.

64 / 70

You must ensure the HPE Aruba network you are configuring for a client is capable of plug-and-play provisioning of access points. What enables this capability?

UCC Service

LLDP-MED

SRTP

CSMA

65 / 70

your customer has asked you to assign a switch management role for a new user The customer requires the user role to View switch configuration information and have access to the PUT and POST methods for REST API.
Which default AOS-CX user role meets these requirements?

administrators

auditors

sysops

helpdesk

66 / 70

Your customer has asked you to assign a switch management role for a new user. The customer requires the user role to only have Web Ul access to the System > Log page and only have access to the GET method for REST API for the /logs/event resource
Which default AOS-CX user role meets these requirements?

administrators

auditors

sysops

operators

67 / 70

Which method is used to onboard a new UXI in an existing environment with 802 1X authentication?

(The sensor has no cellular connection)

Use the UXI app on your smartphone and connect the UXI via Bluetooth

Use the Aruba installer app on your smartphone to scan the barcode

Connect the new UXI from an already installed one and adjust the initial configuration

Use the CLI via the serial cable and adjust the initial configuration

68 / 70

On AOS10 Gateways, which device persona is only available when configuring a Gateway-only group?

Edge

Mobility

Branch

VPN Concentrator

69 / 70

Which statements regarding Aruba NAE agents are true? (Select two )

A single NAE script can be used by multiple NAE agents

NAE agents are active at all times

NAE agents will never consume more than 10% of switch processor resources

NAE scripts must be reviewed and signed by Aruba before being used

A single NAE agent can be used by multiple NAE scripts

70 / 70

Which component is used by the Aruba Network Analytics Engine (NAE)?

JSON-based scripts

Lisp-based agents

Ruby-based scripts

Current State Database

Your score is

The average score is 27%

0%

Blog

HPE7-A01