Quizzzzzz

HPE07-01

1 / 70

You are helping an onsite network technician bring up an Aruba 9004 gateway with ZTP for a branch office The technician was to plug in any port for the ZTP process to start Thirty minutes after the gateway was plugged in new users started to complain they were no longer able to get to the internet. One user who reported the issue stated their IP address is 172.16 0.81 However, the branch office network is supposed to be on 10.231.81.0/24.
What should the technician do to alleviate the issue and get the ZTP process started correctly?

Turn off the DHCP scope on the gateway, and set DNS correctly on the gateway to reach Aruba Activate

Move the cable on the gateway from port G0/0V1 tc port G0 0.0

Move the cable on the gateway to G0/0/1. and add the device's MAC and Serial number in Central

Factory default and reboot the gateway to restart the process

2 / 70

A customer wants to enable wired authentication across all their CX switches One of the requirements is that the switch must be able to authenticate a single computer connected through a VoIP phone.
Which feature should be enabled to support this requirement?

Multi-Domain Authentication

Device-Based Mode

MAC Authentication

Multi-Auth Mode

3 / 70

A customer is using Aruba Cloud Guest, but visitors keep complaining that the captive portal page keeps coming up after devices go to sleep Which solution should be enabled to deal with this issue?

MAC Caching under the splash page

MAC Caching under the user-role

Wireless Caching under the splash page

MAC Caching under the WLAN

4 / 70

Your customer is interested in hearing more about how roles can help keep consistent policy enforcement in a distributed overlay fabric How would you explain this concept to them?

Group Based Policy ID is applied on egress VTEP after device authentication and policy is enforced on ingress VTEP

Role-based policies are tied to IP addresses which have an advantage over IP-based policies and role names are sent between VTEPs

Group Based Policy ID is applied on ingress VTEP after device authentication and policy is enforced on egress VTEP

Role-based policies enhance User Based Tunneling across the campus network and the policy traffic is protected with IPsec

5 / 70

Which statements regarding OSPFv2 route redistribution are true for Aruba OS CX switches?

(Select two.)

The "redistribute connected" command will redistribute all connected routes for the switch including local loopback addresses

The "redistribute ospf" command will redistribute routes from all OSPF V2 and V3 processes

The "redistribute static route-map connected-routes" command will redistribute all static routes without a matching deny in the route map "connected-routes".

The "redistribute connected" command will redistribute all connected routes for the switch except local loopback addresses.

The "redistribute static route-map connected-routes" command will redistribute all static routes with a matching permit in the route map "connected-routes"

6 / 70

A customer is using a legacy application that communicates at layer-2. The customer would like to keep this application working to a remote site connected via layer-3 All legacy devices are connected to a dedicated Aruba CX 6200 switch at each site.

What technology on the Aruba CX 6200 could be used to meet this requirement?

Inclusive Multicast Ethernet Tag (IMET)

Ethernet over IP (EolP)

Generic Routing Encapsulation (GRE)

Static VXLAN

7 / 70

Two AOS-CX switches are configured with VSX at the the Access-Aggregation layer where servers attach to them An SVI interface is configured for VLAN 10 and serves as the default gateway for VLAN10. The ISL link between the switches fails, but the keepalive interface functions. Active gateway has been configured on the VSX switches.

What is correct about access from the servers to the Core? (Select two.)

Server 1 can access the core layer via the keepalrve link

Server 2 can access the core layer via the keepalive link

Server 2 cannot access the core layer.

Server 1 can access the core layer via both uplinks

Server 1 and Server 2 can communicate with each other via the core layer

Server 1 can access the core layer on only one uplink

8 / 70

Which feature allows the device to remain operational when a remote link failure occurs between a Gateway cluster and a RADIUS server that is either in the cloud or a datacenter?

MAC caching

MAC Authentication

Authentication survivability

Opportunistic key caching

9 / 70

A customer wants to provide wired security as close to the source as possible The wired security must meet the following requirements:

-allow ping from the IT management VLAN to the user VLAN
-deny ping sourcing from the user VLAN to the IT management VLAN

The customer is using Aruba CX 6300s
What is the correct way to implement these requirements?

Apply an outbound ACL on the user VLAN allowing temp echo-reply traffic toward the IT management VLAN

Apply an inbound ACL on the user VLAN allowing icmp echo-reply traffic toward the IT management VLAN

Apply an inbound ACL on the user VLAN denying icmp echo traffic toward the IT management VLAN

Apply an outbound ACL on the user VLAN denying icmp echo traffic toward the IT management VLAN

10 / 70

What is an OSPF transit network?

a network that uses tunnels to connect two areas

a special network that connects two different areas

a network on which a router discovers at least one neighbor

a network that connects to a different routing protocol

11 / 70

What is a primary benefit of BSS coloring?

BSS color tags improve performance by allowing APS on the same channel to be farther apart

BSS color tags improve security by identifying rogue APS and tagging them as threats

BSS color tags are applied on the wireless controllers and can reduce the threshold for interference

BSS color tags are applied to WI-Fi channels and can reduce the threshold tor interference

12 / 70

Which statements are true about VSX LAG? (Select two.)

The total number of configured links may not exceed 8 for the pair or 4 per switch

Outgoing traffic is switched to a port based on a hashing algorithm which may be either switch in the pair

LAG traffic is passed over VSX ISL links only while upgrading firmware on the switch pair

Outgoing traffic is preferentially switched to local members of the LAG.

Up to 255 VSX lags can be configured on all 83xx and 84xx model switches

13 / 70

Your Director of Security asks you to assign AOS-CX switch management roles to new employees based on their specific job requirements After the configuration was complete, it was noted that a user assigned with the administrators role did not have the appropriate level of access on the switch.
The user was not limited to viewing nonsensitive configuration information and a level of 1 was not assigned to their role Which default management role should have been assigned for the user?

sysadmin

operators

helpdesk

config

14 / 70

Refer to Exhibit

A company has deployed 200 AP-635 access points. To take advantage of the 6 GHz band, the administrator has attempted to configure a new WPA3-OWE SSID in Central but is not working as expected.
What would be the correct action to fix the issue?

Change the SSID to WPA3-Enterprise (CNSA)

Change the SSID to WPA3-Personal

Change the SSID to WPA3-Enhanced Open

Change the SSID to WPA3-Enterprise (CCM)

15 / 70

Refer to the exhibit

With Core-1. what is the default value for config-revision?

0

1

1-0

0.0

16 / 70

What does the 802.3bz standard describe?

2.5Gb and 5Gb Ethernet ports

60 W and 90W PoE

AP directed roaming between APs

60 GHz P2P Wi-Fi

17 / 70

What is true regarding 802.11k?

It extends radio measurements to define mechanisms for wireless network management of stations

It reduces roaming delay by pre-authenticating clients with multiple target APs before a client roams to an AP

It provides mechanisms for APs and clients to dynamically measure the available radio resources.

It considers several metrics before it determines if a client should be steered to the 5GHz band, including client RSSI

18 / 70

How do you allow a new VLAN 100 between VSX pair inter-switch-link 256 for port 1/45 and 2/45?

vlan trunk allowed 100 for ports 1/45 and 1/46

vlan trunk add 100 in LAG256

vlan trunk allowed 100 in LAG256

vlan trunk add 100 in MLAG256

19 / 70

In AOS 10. which session-based ACL below will only allow ping from any wired station to wireless clients but will not allow ping from wireless clients to wired stations”? The wired host ingress traffic arrives on a trusted port.

ip access-list session pingFromWired any user any permit

ip access-list session pingFromWired user any svc-icmp deny any any svc-icmp permit

ip access-list session pingFromWired any any svc-icmp permit user any svc-icmp deny

ip access-list session pingFromWired any any svc-icmp deny any user svc-icmp permit

20 / 70

Which component is used by the Aruba Network Analytics Engine (NAE)?

JSON-based scripts

Lisp-based agents

Ruby-based scripts

Current State Database

21 / 70

With Aruba CX 6300. How do you configure ip address 10.10.10.1 for the interface in default state for interface 1/1/1?

int 1/1/1 switching, ip address 10.10.10.1/24

int 1/1/1 no switching, ip address 10.10.10.1/24

int 1/1/1 ip address 10.10.10.1/24

int 1/1/1 routing, ip address 10.10.10.1/24

22 / 70

What is a primary benefit of BSS coloring?

BSS color tags improve performance by allowing clients on the same channel to share airtime

BSS color tags are applied to client devices and can reduce the threshold for interference

BSS color tags are applied to Wi-Fi channels and can reduce the threshold for interference

BSS color tags improve security by identifying rogue APs and removing them from the network

23 / 70

You need to have different routing-table requirements With Aruba CX 6300 VSF configuration. Assuming the correct layer-2 VLAN already exists, how would you create a new SVI for a separate routing table?

create a new VLAN, and attach the VRF to it

Create a new routing table, and attach VLANS to it

Create a new SVI and use attach command

Create a new VLAN. and attach the routing table to it

24 / 70

Describe the difference between Class of Service (CoS) and Differentiated Services Code Point (DSCP).

CoS has much finer granularity than DSCP

CoS is only contained in VLAN Tag fields DSCP is in the IP Header and preserved throughout the IP packet flow

They are similar and can be used interchangeably.

CoS is only used to determine CLASS of traffic DSCP is only used to differentiate between different Classes

25 / 70

What is the best practice for handling voice traffic with dynamic segmentation on AOS-CX switches?

Switch authentication and local forwarding of the voice traffic

Switch authentication and user-based tunneling of the voice traffic

Central authentication and port-based tunneling of the voice traffic

Controller authentication and port-based tunneling of all traffic

26 / 70

A customer wants to deploy a Gateway and take advantage of all the SD-WAN features. Which persona role option should be selected?

ArubaOS 10 Branch

ArubaOS 10 VPN Concentrator

ArubaOS 10 Wireless

ArubaOS 10 Mobility

27 / 70

Your customer has asked you to assign a switch management role for a new user. The customer requires the user role to only have Web Ul access to the System > Log page and only have access to the GET method for REST API for the /logs/event resource
Which default AOS-CX user role meets these requirements?

administrators

auditors

sysops

operators

28 / 70

Your customer is having issues with Wi-Fi 6 clients staying connected to poor-performing APs when a higher throughput APs are closer. Which technology should you implement?

Clearpass

ClientMatch

Airmatch

ARM

29 / 70

With the Aruba CX 6000 24G switch with uplinks of 1/1/25 and what does the switch do when a client port detects a loop and the do-not-disabie parameter is used?

Port status will be validated once status is cleared

An event log message is created

The network analytics engine is triggered

Port status led blinks in amber with 100Hz

30 / 70

your customer has asked you to assign a switch management role for a new user The customer requires the user role to View switch configuration information and have access to the PUT and POST methods for REST API.
Which default AOS-CX user role meets these requirements?

administrators

auditors

sysops

helpdesk

31 / 70

A customer is looking for a wireless authentication solution for all of their loT devices that meet the following requirements
– The wireless traffic between the IoT devices and the Access Points must be encrypted
– Unique passphrase per device
– Use fingerprint information to perform role-based access
Which solutions will address the customer’s requirements? (Select two.)

MPSK and an internal RADIUS server

MPSK Local with MAC Authentication

ClearPass Policy Manager

MPSK Local with EAP-TLS

Local User Derivation Rules

32 / 70

The customer needs a network hardware refresh to replace an aging Aruba 5406R core switch pair using spanning tree configuration with Aruba CX 8360-32YC switches What is the benefit of VSX clustering with the new solution?

stacked data-plane

faster MSTP converge processing

dual Aruba AP LAN port connectivity for PoE redundancy

dual control plane provides better resiliency

33 / 70

When setting up an Aruba CX VSX pair, which information does the Inter-Switch Link Protocol configuration use in the configuration created?

hello interval is disabled by default

hello interval is based on the value set by dead interval

hello interval 100ms by default

hello interval is 1s by default

34 / 70

With the Aruba CX 6200 24G switch with uplinks or 1/1/25 and 1/1/26, how do you protect client ports from forming layer-2 loops?

int 1/1/1-1/1/24, loop-protect

int 1/1/1-1/1/28, loop-protect

int 1/1/1-1/1/28, loop-guard

int 1/1/1-1/1/24, loop-guard

35 / 70

You are doing tests in your lab and with the following equipment specifications:
• AP1 has a radio that generates a 20 dBm signal
• AP2 has a radio that generates a 8 dBm signal
• AP1 has an antenna with a gain of 7 dBI.
• AP2 has an antenna with a gain of 12 dBI.
• The antenna cable for AP1 has a 3 dB loss
• The antenna cable forAP2 has a 3 dB loss.
What would be the calculated Equivalent Isotropic Radiated Power (EIRP) for AP1?

2 dBm

8 dBm

22 dBm

24 dBm

36 / 70

You need to create a keepalive network between two Aruba CX 8325 switches for VSX configuration. How should you establish the keepalive connection?

SVI, VLAN trunk allowed all on ISL in default VRF

routed port in custom VRF

loopback 0 and OSPF area 0 in default VRF

SVI, VLAN trunk allowed all on ISL in custom VRF

37 / 70

Which Aruba AP mode is sending captured RF data to Aruba Central for waterfall plot?

Hybrid Mode

Air Monitor

Spectrum Monitor

Dual Mode

38 / 70

A system engineer needs to preconfigure several Aruba CX 6300 switches that will be sent to a
remote office An untrained local field technician will do the rollout of the switches and the mounting
of several AP-515s and AP-575S. Cables running to theAPs are not labeled.
The VLANs are already preconfigured to VLAN 100 (mgmt), VLAN 200 (clients), and VLAN 300 (guests)
What is the correct configuration to ensure that APs will work properly?

A)

B)

C)

D)

Option A

Option B

Option C

Option D

39 / 70

A customer is using a legacy application that communicates at layer-2. The customer would like to keep this application working across the campus which is connected via layer-3. The legacy devices are connected to Aruba CX 6300 switches throughout the campus.

Which technology minimizes flooding so the legacy application can work efficiently?

Generic Routing Encapsulation (GRE)

EVPN-VXLAN

Ethernet over IP (EolP)

Static VXLAN

40 / 70

You are doing tests in your lab and with the following equipment specifications
• AP1 has a radio that generates a 10 dBm signal
• AP2 has a radio that generates a 11 dBm signal
• AP1 has an antenna with a gain of 9 dBi
• AP2 has an antenna with a gain of 12 dBi.
• The antenna cable for AP1 has a 2 dB loss
• The antenna cable for AP2 has a 3 dB loss
What would be the calculated Equivalent Isotropic Radiated Power (EIRP) for APT?

26 dBm

30 dBm

17 dBm

-12 dBm

41 / 70

What is an Aruba-recommended best practice for hardening that only applies to Aruba CX 6300 series switches with dedicated management ports?

Implement a control plane ACL to limit access to approved IPs and/or subnets

Manually enable Enhanced Security Mode from a console session

Disable all management services on the default VRF

Create a dedicated management VRF, and assign the management port to it

42 / 70

With the Aruba CX switch configuration, what is the Active Gateway feature that is used for and is unique to VSX configuration?

VRRP and Active gateway are mutually exclusive on a VLAN

VRID is set automatically as SVI vlan id

VRIDs need to be non-overlapping with VRRP

VRRP and Active Gateway can be configured on a single VLAN for interoperability

43 / 70

Your Director of Security asks you to assign AOS-CX switch management roles to new employees based on their specific job requirements. After the configuration was complete, it was noted that a user assigned with the auditors role did not have the appropriate level of access on the switch. The user was not allowed to perform firmware upgrades and a privilege level of 15 was not assigned to their role. Which default management role should have been assigned for the user?

sysadmin

sysops

administrators

config

44 / 70

A company deployed Dynamic Segmentation with their CX switches and Gateways After performing a security audit on their network, they discovered that the tunnels built between the CX switch and the Aruba Gateway are not encrypted. The company is concerned that bad actors could try to insert spoofed messages on the Gateway to disrupt communications or obtain information about the network.

Which action must the administrator perform to address this situation?

Enable Secure Mode Enhanced

Enable Enhanced security

Enable Enhanced PAPI security

Enable GRE security

45 / 70

For the Aruba CX 6400 switch, what does virtual output queueing (VOQ) implement that is different from most typical campus switches?

large ingress packet buffers

large egress packet buffers

per port ASICs

VSX

46 / 70

Which statements regarding Aruba NAE agents are true? (Select two )

A single NAE script can be used by multiple NAE agents

NAE agents are active at all times

NAE agents will never consume more than 10% of switch processor resources

NAE scripts must be reviewed and signed by Aruba before being used

A single NAE agent can be used by multiple NAE scripts

47 / 70

A network engineer recently identified that a wired device connected to a CX Switch is misbehaving on the network To address this issue, a new ClearPass policy has been put in place to prevent this device from connecting to the network again. Which steps need to be implemented to allow ClearPass to perform a CoA and change the access for this wired device?
(Select two.)

Confirm that NTP is configured on the switch and ClearPass

Configure dynamic authorization on the switch

Bounce the switchport

Use Dynamic Segmentation

Configure dynamic authorization on the switchport

48 / 70

With the Aruba CX switch configuration, what is the Active Gateway feature that is used for and is unique to VSX configuration?

Sixteen different VMACs are supported total as shared

Active Gateway can once MSTP instances are created for VLAN load sharing

Sixteen different VMACS are supported for each IPV4 and IPV6 stack simultaneously

copied over the ISL link for an optimized path

49 / 70

What are two advantages of splitting a larger OSPF area into a number of smaller areas? (Select two )

It extends the LSDB

It increases stability

it simplifies the configuration

It reduces processing overhead

It reduces the total number of LSAs

50 / 70

Review the exhibit

You are troubleshooting an issue with a 10.102.39.0/24 subnet which is also VLAN 1000 used Tor wireless clients on a pair of Aruba CX 8360 switches The subnet SVI is configured on the 8360 pair, and the DHCP server is a Microsoft Windows Server 2022 Standard with an IP address of 10.200.1.100. The 10.102.250.0/24 subnet is used for switch management. A large number of DHCP requests are failing You are observing sporadic DHCP behavior across clients attached to the CX 6100 switch.
Which action may help fix the issue?

Option A

Option B

Option C

Option D

51 / 70

You are troubleshooting an issue with a pair of Aruba CX 8360 switches configured with VSX Each switch has multiple VRFs. You need to find the IP address of a particular client device with a known MAC address You run the “show arp” command on the primary switch in the pair but do not find a matching entry for the client MAC address. The client device is connected to an Aruba CX 6100 switch by VSX LAG.
Which action can be used to find the IP address successfully?

Option A

Option B

Option C

Option D

52 / 70

You are setting up a customer’s 15 headless loT devices that do not support 802.1X. What should you use?

Multiple Pre-Shared Keys (MPSK) Local

Clearpass with WPA3-PSK

Clearpass with WPA3-AES

Multiple Pre-Shared Keys (MPSK) with WPA3-AES

53 / 70

Which statements are true regarding a VXLAN implementation on Aruba Switches? (Select two.)

MTU size must be increased beyond the default

VNIs encapsulate and decapsulate VXLAN traffic

VTEPs encapsulate and decapsulate VXLAN traffic

They are only available for datacenter switches (CX 8k, 9k,10k)

All Aruba CX switches support VXLAN.

54 / 70

You need to have different routing-table requirements with Aruba CX 6300 VSF configuration Assuming the correct layer-2 VLAN already exists how would you create a new OSPF configuration for a separate routing table?

Create a new OSPF area, and attach VRF name.

Create a new OSPF process ID with vrf name.

Attach a new OSFP process ID with a custom routing table

Attach OSPF process ID in the VRF configuration.

55 / 70

A large retail client is looking to generate a rich set of contextual data based on the location information of wireless clients in their stores Which standard uses Round Trip Time (RTT) and Fine Time Measurements (FTM) to calculate the distance a client is from an AP?

802.11ah

802.11mc

802.11be

802.11V

56 / 70

You are deploying a bonded 40 MHz wide channel What is the difference in the noise floor perceived by a client using this bonded channel as compared to an unbonded 20MHz wide channel?

2 dB

3 dB

8 dB

4 dB

57 / 70

In an ArubaOS 10 architecture using an AP and a gateway, what happens when a client attempts to join the network and the WLAN is configured with OWE?

Authentication information is not exchanged

The Gateway will not respond

No encryption is applied

RADIUS protocol is utilized

58 / 70

When setting up an Aruba CX VSX pair, which information does the Inter-Switch Link Protocol configuration use in the configuration created?

QSVI

MAC tables

UDLD

RPVST+

59 / 70

You need to drop excessive broadcast traffic on an ingress port or an ArubaOS-CX switch. What is the best feature to use for this task?

DWRR queuing

Strict queuing

Rate limiting

QoS shaping

60 / 70

You are are doing tests in your lab and with the following equipment specifications:
• AP1 has a radio that generates a 16 dBm signal.
• AP2 has a radio that generates a 13 dBm signal.
• AP1 has an antenna with a gain of 8 dBi.
• AP2 has an antenna with a gain of 12 dBi. The antenna cable for AP1 has a 4 dB loss. The
antenna cable for AP2 has a 3 dB loss.
What would be the calculated Equivalent Isotropic Radiated Power (EIRP) for AP1?

-9 dBm

20 dBm

40 dBm

15 dBm

61 / 70

When configuring UBT on a switch what will happen when a gateway role is not specified?

The switch will put the client on the access VLAN

The gateway will assign a default role to the client

The switch will assign the default deny role to the client.

The gateway will send back the deny role to the client.

62 / 70

Refer to the image

Your customer is complaining of weak Wi-Fi coverage in their office. They mention that the office on the other side of the hall has much better signal What is the likely cause of this issue?

The AP is a remote access point

The AP is using a directional antenna

The AP is an outdoor access point

The AP is configured in Mesh mode

63 / 70

You must ensure the HPE Aruba network you are configuring for a client is capable of plug-and-play provisioning of access points. What enables this capability?

UCC Service

LLDP-MED

SRTP

CSMA

64 / 70

A client is connecting to 802.1X SSID that has been configured in tunnel mode with the default AP-group settings. After receiving Access-Accept from the RADIUS server, the Aruba Gateway will send Access-Accept to the AP through which tunnel?

IPsec tunnel

Split tunnel

GRE tunnel

PAR tunnel

65 / 70

Your customer is having connectivity issues with a newly-deployed Microbranch group The access points in this group are online in Aruba Central, but no VPN tunnels are forming.

What is the most likely cause of this issue?

There is a time difference between the AP and the gateways The gateways should have NTP added

The SSL certificate on the gateway used to encrypt the connection has not been added to the APs trust list

There may be a firewall blocking GRE tunneling between the AP and the gateway

The gateway group is running in automatic cluster mode and should be in manual cluster mode

66 / 70

What is used to retrieve data stored in a Management Information Base (MIS)?

SNMPv3

DSCP

TLV

CDP

67 / 70

You are working on a network where the customer has a dedicated router with redundant Internet connections Tor outbound high-importance real-time audio streams from their datacenter All of this traffic.
• originates from a single subnet
• uses a unique range of UDP ports
• is required to be routed to the dedicated router
All other traffic should route normally The SVI for the subnet containing the servers originating the traffic is located on the core routing switch in the datacenter What should be configured?

Configure a new OSPF area including both the core routing switch and the dedicated router

Configure a BGP link between the core routing switch and the dedicated router and route filtering

Configure Policy Based Routing (PBR) on the core routing switch for the VRF with the servers’ SVI

Configure a dedicated VRF on the core routing switch and make the dedicated router the default route

68 / 70

What are the requirements to ensure that WMM is working effectively’? (Select two)

The APs and the controller are Wi-Fi CERTIFIED for WMM which is enabled

All APs need to be from the AP-5xx series and AP-6xx series which are Wi-Fi CERTIFIED 6

The Client must be Wi-Fi CERTIFIED for WMM and configured for WMM marking

The Aruba AOS10 APs installed have to be converted to controlled mode

The AP needs to be connected via a tagged VLAN to the wired port

69 / 70

Which method is used to onboard a new UXI in an existing environment with 802 1X authentication?

(The sensor has no cellular connection)

Use the UXI app on your smartphone and connect the UXI via Bluetooth

Use the Aruba installer app on your smartphone to scan the barcode

Connect the new UXI from an already installed one and adjust the initial configuration

Use the CLI via the serial cable and adjust the initial configuration

70 / 70

What steps are part of the Key Management workflow when a wireless device is roaming from AP1 to AP2? (Select two.)

AP1 will cache the client's information and send it to the Key Management service

The Key Management service receives from AirMatch a list of all AP2's neighbors

The Key Management service receives a list of all AP1 s neighbors from AirMatch

The Key Management service then generates R1 keys for AP2's neighbors.

A client associates and authenticates with the AP2 after roaming from AP1

Your score is

The average score is 3%

0%

Blog

HPE7-A01