An administrator adds local administrative accounts to manage the Aruba Mobility Controllers (MCs).
Which role should be assigned to an administrator who needs to only generate reports and monitor WLANS and ports?
- A . Location-api-management
- B . Network-operations
- C . Root
- D . AP-provisioning
Refer to the exhibit.
What can be determined from the command output shown in the exhibit?
- A . The synchronized data is protected by VRRP.
- B . The command was executed on the standby Mobility Master (MM).
- C . The synchronization period is at its default value.
- D . The other Mobility Master (MM) is the active license server.
Refer to the exhibit.
An administrator supports a RAP at a branch office shown in the exhibit. The company has one Mobility Controller (MC) at the Primary DMZ site and one at the Secondary DMZ site. The RAP is configured to connect to only the MC at the Primary DMZ site. A network outage with the ISP at the Primary DMX site causes the RAP to reboot. Upon reboot, the RAP cannot build a tunnel to the Secondary DMZ site MC because the administrator forgot to add the Second LMS IP address to the AP Group configuration. Once the RAP can successfully connect, the administrator can add the Secondary DMZ MC as a backup LMS to fix the AP Group.
What should the administrator implement to allow the RAP to connect to the MC at the Secondary DMZ site while the outage at the primary site persists?
- A . Dynamic discovery through DHCP Option 43
- B . Static configuration from apboot mode
- C . Dynamic discovery through DHCP Option 60
- D . Dynamic discovery through multicast ADP
An administrator supports a cluster of four Aruba Mobility Controllers (MCs) with management addresses of 10.1.100.101, 10.1.100.102, 10.1.100.103, and 10.1.202.181. The administrator accesses an AP associated with this cluster, reboots it and accesses apboot mode. The administrator executes the printenv command.
Which AP parameter contains the IP addresses of the cluster members that the AP should use to connect to the cluster?
- A . Nodelist
- B . Servername
- C . Master_ip
- D . Cfg_lms
A VIA client tries to initially connect to corporate office controller through an intermediate firewall.
However, the VPN connection fails. The administrator examines the firewall rules and determines that rules for UDP 4500 and UDP 500 are configured.
Which additional protocol must be allowed in the firewall rules to resolve this connection failure?
- A . TCP 22
- B . TCP 443
- C . UDP 8200
- D . ESP
An administrator has a cluster of Aruba Mobility Controllers (MCs). The administrator wants to manually reboot one of the controllers.
Before rebooting, which command should the administrator use to move the APs?
- A . apmove
- B . lc-cluster move ap
- C . active-ap-rebalance
- D . active-ap-lb
Which Aruba Unified Communications and Collaboration (UCC) deployment mode should be used when UCC is disabled on the Mobility Controllers (MCs)?
- A . Heuristics mode
- B . WMM mode
- C . ALG mode
- D . SDN-API mode
An administrator implements a ClearPass solution to authenticate Aruba wireless users. The Aruba wireless solution is an ArubaOS 8.x Mobility Master (MM) deployment. ClearPass sends an Aruba VSA role name for an authenticated user.
However, the administrator notices that the role assigned to the user is different from the one assigned by the ClearPass server.
Which two items should the administrator verify that might be the cause of this problem? (Choose two.)
- A . Enablement of user roles on the controller
- B . Spelling of the role on the ClearPass server
- C . Server-derived role assignment on the ClearPass server
- D . Role existence on the Managed Network
- E . Order assignment that the controller uses to select a user role
Refer to the exhibit.
What is true about the configuration shown in the exhibit?
- A . This is an ArubaOS-Switch configured for per-user tunneled node.
- B . This is an ArubaOS controller configured for per-user tunneled node.
- C . This is an ArubaOS-Switch configured for per-port tunneled node.
- D . This is an ArubaOS controller configured for per-user tunneled node.
Which license type must an administrator purchase to use Spectrum Monitoring?
- A . RFP
- B . VMC
- C . PEFV
- D . PEFNG
A
Explanation:
Reference: http://community.arubanetworks.com/t5/Wireless-Access/license-requirements-air-monitorspectrum-monitor/td-p/243832
A company opens a new branch office and a RAP is used to connect to a corporate office Aruba Mobility Controller (MC). The company needs to provide connectivity to the office across the street. There is an AP across the street.
However, there is no wired connectivity between the buildings.
Which actions can the administrator select to provide the required connectivity? (Choose two.)
- A . Provision all Aps at the branch office as Mesh Points.
- B . Provision all Aps at the branch offices as Mash Portals.
- C . Implement one of the Aps as a Mesh Point.
- D . Provision the RAP as a Mesh Portal.
- E . Implement two mesh clusters.
A customer uses an SIP application that is not supported by Aruba United Communications and Collaboration (UCC).
Which voice deployment mode should the administrator implement on Aruba Mobility Controllers (MCs) to support this application?
- A . Heuristic mode
- B . SDN-API mode
- C . QoS-mode
- D . WMM-only mode
A company has a wireless network that contains a cluster of four Aruba 7030 Mobility Controllers (MC) managed by a Mobility Master (MM) located in the data center. The company has Aps deployed that are nearing the capacity of the cluster. The administrator wants to increase AP capacity.
How can the administrator solve the problem?
- A . Add a new controller to the Mobility Master.
- B . Add a Virtual Mobility Controller to the existing cluster.
- C . Add a 7030 controller to the existing cluster.
- D . Add a 7220 controller to the existing cluster.
An Administrator supports a group of employees that connect to the corporate office using the VIA client. An Aruba Mobility Controller (MC), behind a corporate firewall, terminates the user’s VPN sessions. The VPN sessions fail to establish because of the existing firewall rules.
Which connections must the administrator allow on the firewall? (Choose three.)
- A . UDP 8202
- B . UDP 4500
- C . UDP 8211
- D . TCP 4443
- E . TCP 443
- F . UDP 500
Refer to the exhibit.
Under which AirWave Management Platform (AMP) section should an administrator navigate to see the connection status between the AMP and managed device shown in the exhibit?
- A . Folders
- B . Aps/Devices
- C . VisualRF
- D . Device Setup
A group of users on the same floor of a campus residence experience connectivity problems continuously throughout the morning. The administrator suspects that it is a L1 problem with physical interference.
What can the administrator do to find the cause of this problem?
- A . Access a controller’s spectrum analysis data directly from AirWave with Quick Links.
- B . Access RAPIDS data from AirWave’s RAPIDS section.
- C . Access RAPIDS data from AirWave’s dashboards, under Home.
- D . Access a controller’s spectrum analysis data from AirWave’s dashboards, under Home.
An administrator at Campus A manages Aruba Mobility Controllers (MCs). The administrator defines a server group that includes a local ClearPass server and a remote Microsoft RADIUS server. The ClearPass server has the credentials for users at Campus A and the Microsoft RADIUS server has the credentials for users at Campus B. Users at Campus A successfully authenticate and connect to the Campus A wireless network.
However, when users from Campus B visit Campus A they fail authentication.
What can the administrator do to solve this problem?
- A . Enable FastConnect on the Campus A Mobility Controllers.
- B . Enable machine authentication on the Mobility Controllers.
- C . Enable EAP-TTLS with EAP Termination on the Mobility Controllers.
- D . Enable EAP termination on the ClearPass server.
An administrator troubleshoots a roaming problem where a user loses connectivity to the network during the roaming process.
To help troubleshooting this problem, which device or devices in a wireless network initiates the roaming process?
- A . Both the client and the controller
- B . The AP
- C . The Client
- D . The Controller
An administrator wants to reduce downtime of the wireless network when controllers are upgraded.
Which Aruba OS feature should the administrator implement to reduce the amount of downtime the Aps will experience at the time of the upgrade process?
- A . Centralized upgrades
- B . AP apboot mode bypass
- C . AP fast start
- D . AP image preload
D
Explanation:
Reference: http://community.arubanetworks.com/t5/Wireless-Access/Firmware-Upgrade-Best-Practise/tdp/93516
Refer to the exhibit.
The branch office RAP shown in the exhibit provides secure wireless employee access. Because of security concerns, the company’s security policy does not allow wireless guest access. Some customers that visit the Branch office need Internet access. A RAP’s Ethernet Port 3 is used for wired guest access and Port2 is used for wired employee access. When employees connect to Port2, they are authenticated successfully and split-tunnel policy allows them access to both corporate and Internet resources from the Branch office. Guest users, however, cannot access Internet resources on Port 3.
How can the administrator provide guest users internet access?
- A . Implement ClientMatch to handle the employee and guest user traffic correctly.
- B . Implement the MultiZone feature on the RAP.
- C . Configure a bridge role for the wired RAP port.
- D . Create a guest VAP that allows wired RAP port access.
Refer to the exhibit.
An administrator implements the MultiZone feature.
The administrator sets up five zones as shown in the exhibit in this configuration:
– Zone A has six controllers that form a cluster.
– Zone B has three controllers that from a cluster.
– Zones C, D, and E have a single standalone controller each.
A total of 13 VAPs are created across the five zones, Aruba Mobility Controllers (MCs) in Zones A, B and C run ArubaOS 8.1.0.1 MCs in zones D and E run ArubaOS 8.1.0.2. Some APs do not join their respective data zones.
What could cause this problem?
- A . The number of controllers exceeds the maximum for MultiZone.
- B . The MCs run different versions of the ArubaOS code.
- C . The number of zones exceeds the maximum for MultiZone.
- D . The number of VAPs exceeds the maximum for MultiZone.
A guest establishes an authenticated wireless session to an Aruba Mobility Controller (MC). The controller uses a ClearPass server for all AAA functions.
Which AAA component disconnects the user when the guest exceeds their allowed duration?
- A . RADIUS Change of Authorization
- B . Active Directory Session Limits
- C . RADIUS Authorization Profile
- D . SNMP Disconnect
In the WebUI of an Aruba Mobility Controller (MC), where can an administrator generate a tech support file that the Aruba Technical Support team can use to help customers?
- A . Diagnostics> Technical Support> System Information
- B . Maintenance> Copy logs> download logs
- C . Configuration> System> Logging
- D . Diagnostics>Technical Support> Copy Logs
D
Explanation:
Reference: http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-do-I-generate-logs-tarwith-tech-support-information/ta-p/178198
A Microsoft RADIUS server is used to centralize AAA functions by a company. Upon a successful authentication lookup performed by an Aruba Mobility Controller (MC), the administrator wants to have the RADIUS server pass back the correct post-authentication role name that the controller should apply to the user’s traffic.
Which additional task must the administrator perform for the controller’s configuration to implement this process?
- A . Install ClearPass’s VSA file on the controller.
- B . Install Microsoft’s VSA file on the controller.
- C . Configure the server-derived rules on the controller.
- D . Enable AAA on the controller.
An administrator needs to support Unified Communications and Collaboration (UCC) in a company’s network. The network infrastructure requires the OpenFlow protocol to support SDN-capable applications.
Which controller topology meets these requirements?
- A . Zones
- B . Standalone Mobility Controller
- C . Mobility Master-Mobility Controller
- D . Master_Local
Refer to the exhibit.
An administrator sets up a cluster of Aruba Mobility Controllers (MCs).
What can the administrator determine about the cluster from the command output shown in the exhibit?
- A . AP load balancing is enabled.
- B . User load balancing is enabled.
- C . This is an L2-connected cluster.
- D . This is an L3-connected cluster.
An administrator defines credentials in the Mobility Master> Configuration> System section to configure a Mobility Master (MM). The administrator then accesses AirWave and adds the MM in Monitor-Only mode. The administrator expects AirWave to automatically discover the Aruba Virtual Mobility Controllers (VMCs) also managed by the MM, but does not see these under APs/Devices> New section in AirWave.
What should the administrator do to solve this problem?
- A . Enable Automatic Device Authorization for the Group the Mobility Master belongs to in AirWave.
- B . Define AirWave communication parameters for the Virtual Mobility Controllers on the Mobility Master, and then scan for the Virtual Mobility Controllers in AirWave.
- C . Define the AirWave communication parameters on the Virtual Mobility Controllers, and then scan for the Virtual Mobility Controllers in AirWave.
- D . Define AirWave communication parameters for the Virtual Mobility Controllers on the Mobility Master, and have AirWave repoll the Mobility Master.
An administrator manages an Aruba wireless network. Users authenticate to the wireless network using PEAP, where their credentials are validated by the controller’s local database. The company purchases Android tablets to use with an inventory tracking system The administrator notices that many of the users of these devices use their normal username and password to authenticate, which allows the tablet to access all resources that the user can access from their wireless computers. This is a security violation.
Which Aruba Mobility Controller (MC) feature should the administrator configure to restrict tablet access to a web portal for authentication, where an appropriate post-authentication policy can be applied to these tablets?
- A . AirMatch
- B . AP fingerprinting
- C . Server-derived roles
- D . User-derived rules
An administrator has multiple AAA servers, some Microsoft RADIUS and some ClearPass. When 802.1X users authenticate, the administrator wants to ensure that the authentication requests are handled by the appropriate AAA server. Users enter their username in this format: username@domain_name.
What administrator implement to ensure the correct AAA server processes the authentication request?
- A . server matching rules for the VAP profile
- B . server matching rules for the server group
- C . server matching rules for the AAA profile
- D . server matching rules for the 802.1X profile
An administrator suspects that the network drops frames between a wireless client and an Aruba Mobility Controller (MC). The administrator wants to examine the frames between the AP and the controller to determine if any frames are missing.
Which solution allows the administrator to use a protocol analyzer to examine the contents of the 802.11 frames between the AP and controller?
- A . Implement bridge mode
- B . Implement decrypt-tunnel mode.
- C . Implement GRE mode.
- D . Implement split-tunnel mode.
Which network components are tracked by Aruba Clarity? (Choose two.)
- A . Wireless associations
- B . DNS lookups
- C . AP and controller health
- D . WLAN health
- E . Client health
AB
Explanation:
Reference: http://community.arubanetworks.com/t5/Technology-Blog/Aruba-Clarity-Don-t-Let-Users-TellYou-It-s-Bad-Wi-Fi/ba-p/261332
Refer to the exhibit.
An administrator configures policies to allow RAPs to connect to the corporate office and remote users to access resources.
Which function does the VPN address pool serve in this situation?
- A . Assigns an inner IP address to the RAP used within the VPN
- B . Assigns a public IP address that the RAP should use on its internet port
- C . Assigns IP addresses for remote users
- D . Assigns a DHCP address pool for the RAP
When they operate in a cluster, Aruba APs obtain AP Group configuration information form which device?
- A . Mobility Master
- B . AirWave
- C . ClearPass
- D . Mobility Controller
D
Explanation:
Reference: http://www.arubanetworks.com/techdocs/ArubaOS_61/ArubaOS_61_UG/ AP_Config.php#XREF_35048_Deploying_APs
Refer to the exhibit.
An administrator configures a policy for an AP Group. Port 3 of a RAP is a trunk that connects to a switch at a branch office. VLAN 1 is untagged and VLANs 10 (for data) and 11 (for voice) are tagged. The administrator applies an ACL inbound on Port 3 of the RAP.
How does this configuration affect traffic on Port 3?
- A . It filters traffic from VLAN 10 and 11, but allows traffic from VLAN1.
- B . It filters traffic form VLAN 1, but allows traffic from VLANs 10 and 11.
- C . It allows all traffic form VLANs 1, 10, and 11.
- D . It filters traffic from VLANs 1, 10, and 11.
An administrator supports a network that contains ArubaOS-Switches and Mobility Controllers (MCs).
Restrictive MC firewall policies, control wireless access. The administrator wants to implement a feature to apply the same MC firewall policies to users connected to the Ethernet switch ports.
Which ArubaOS-Switch feature provides this capability?
- A . Port Security
- B . Tunneled node
- C . IPSec site-to-site tunneling
- D . VSF
An administrator purchases a RAP and has it shipped directly to a branch office. The branch office plugs in the RAP and the RAP contacts Aruba Activate. The RAP learns the Mobility Controller (MC) IP address and connects to it.
However, the connection fails. Upon verifying the MC IP address in Aruba Activate, what should the administrator do to allow the RAP connection to succeed?
- A . Whitelist the RAP’s IP address on the MC.
- B . Define the RAP’s IPSec pre-shared key in Activate.
- C . Whitelist the RAP’s certificate on the MC.
- D . Configure a VPN address pool in Activate.
An administrator has a standalone controller that runs ArubaOS 8.x software and wants to upgrade it to a newer release. The upgrade will be performed from the front panel of the physical controller. The administrator places the new software in the root directory of a USB drive. On the controller’s LCD panel, no image is found.
What is the cause of this problem?
- A . The image must be placed in the /Upgrade subdirectory.
- B . The image must be placed in the /Images subdirectory.
- C . The image must be placed in the /ArubaImage subdirectory.
- D . The upgrade must be performed from the controller’s WebUI.
C
Explanation:
Reference: https://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Content/ArubaFrameStyles/ Base_WLAN_Switch/Using_the_LCD.htm
What is true about Aruba controllers under normal operations in a Mobility Master (MM)-Mobility Controller (MC) architecture?
- A . The Mobility Master can push a full configuration to a Mobility Controller.
- B . ARM must be used to optimize wireless performance.
- C . The APs can terminate on both Mobility Masters and Mobility Controllers.
- D . Any controller can perform local configurations.
Refer to the exhibit.
An administrator configures a cluster with only the members shown in the exhibit. AP load balancing is enabled. There are no other cluster parameters configured.
What occurs when a cluster member experiences a failure?
- A . High value sessions are synchronized.
- B . APs and clients are fully replicated.
- C . Connected users are de-authenticated
- D . APs reboot and rejoin the cluster.
Refer to the exhibit.
Controllers are configured in a cluster as shown in the exhibit.
These are the network details.
– A Mobility Master (MM) managers the cluster.
– The cluster contains two controllers: C1 and C2.
– AP1 and AP2 use C1 as their Active AP Anchor Controller (A-AAC), with C2 as their Standby AAC (SAAC).
– AP3 and AP4 use C2 as their A-AAC with, C1 as their S-AAC.
User1 establishes a wireless connection via AP1, where the Active User Controller (U-UAC) assigned is C1, with C2 as the standby.
What happens when User1 roams the wireless network and eventually their session is handled by AP3?
- A . The AP3’s A-AAC switches to C1, and the user’s A-UAC remains on C1.
- B . The AP3’s A-AAC switches to C2, and the user’s A-UAC remains on C2.
- C . The AP3’s A-AAC switches to C1, and the user’s A-UAC remains on C2.
- D . The AP3’s A-AAC switches to C2, and the user’s A-UAC remains on C1.
Refer to the exhibit.
A user uses Microsoft Windows for a wireless session. Based on the output shown in the exhibit for the selected Aruba AP, what is the possible problem with this user’s wireless session?
- A . The AP has reached the limit for number of users that are allowed to connect to the radio.
- B . The controller cannot reach the AAA server to perform the authentication.
- C . The user is configured for PEAP, but the WLAN profile on the controller implemented EAP-TLS.
- D . The user misconfigured the Managed Network Settings profile in Windows.
Refer to the exhibit.
The administrator expects the AP to connect to a cluster, but the AP fails to connect. The administrator examines the configuration of an AP from apboot mode shown in the exhibit.
What can the administrator determine about the configuration of the AP?
- A . The AP is configured to terminate on a non-cluster Mobility Controller.
- B . The AP is configured as a RAP to terminate on a stand-alone controller.
- C . The AP is configured as a RAP to terminate on a Mobility Master.
- D . The AP is configured to terminate on a Mobility Controller in a cluster.
Refer to the exhibit.
An administrator implements the MultiZone feature.
The administrator sets up five zones as shown in the exhibit.
– Zone A has six controllers that form a cluster.
– Zone B has three controllers that from a cluster.
– Zones C, D, and E have a single standalone controller each.
A total of 13 VAPs are created across the five zones. A zone needs to accept RAP connections form branch offices. All zones have the same AP Group name. One of the zones will not accept connections from the MultiZone APs.
Which could be a cause of this problem?
- A . RAPs are used in the configuration.
- B . The number of zones exceeds the maximum limit of four zones.
- C . AP Group names are different for each zone.
- D . The number of VAPs exceeds the maximum limit of 12 VAPs.
An administrator creates service-based policies for AirGroup on the Mobility Master (MM).
The administrator can define location-based policy limits based on which information?
- A . AP names, AP groups, controller names, and controller groups
- B . AP Fully Qualified Location Names (FQLNs) and controller Fully Qualified Domain Names (FQDNs)
- C . AP names, AP groups, and AP Fully Qualified Location Names (FQLNs)
- D . Controller names, controller groups, and controller Fully Qualified Domain Names (FQDNs)
C
Explanation:
Reference: http://www.arubanetworks.com/techdocs/ArubaOS_81_Web_Help/Content/ArubaFrameStyles/
AirGroup/AirGroup_Features.htm
A branch office location has two buildings: an office and a small warehouse that are within 20 meters of each other. A RAP at the branch office provides connectivity to the corporate office network. This RAP is also configured as a Remote Mesh Portal (RMP).
Which solution should the administrator implement to provide connectivity between the office and small warehouse buildings at the branch office location?
- A . Deploy a Remote Mesh Portal in the warehouse building to connect to the Remote Mesh Portal in the office building.
- B . Deploy a Remote Mesh Point AP in the warehouse building to connect to the Remote Mesh Portal in the office building.
- C . Deploy an ArubaOS-Switch in the warehouse building with tunneled node to connect to the Remote Mesh Portal in the office building.
- D . Deploy a Mesh Point AP in the warehouse building to connect to the Remote Mesh Portal in the office building.
An administrator needs to authenticate users connected to an ArubaOS-Switch. The Aruba Mobility Controller (MC) authenticates the user and assigns user roles to wired users.
Which mode should the administrator configure on the MC?
- A . Per-user tunneled node
- B . Per-port tunneled node
- C . VLAN tunneled node
- D . Split-tunneled node
An administrator wants to add a new folder in AirWave.
Where would the administrator perform this action?
- A . in AMP Setup
- B . in AP/Devices
- C . in Groups
- D . in Device Setup
B
Explanation:
Reference: http://community.arubanetworks.com/t5/Wireless-Access/Move-a-Folder/td-p/28220
An administrator uses a ClearPass server to perform user authentication and download the role configuration that should be applied to the user’s session. The server is associated to an AAA profile of a VAP.
However, when a user connects to the SSID of the VAP, they are assigned the default role.
What must the administrator do to ensure that the role is downloaded and used?
- A . Enable download role for CPPM in the VAP’s WLAN profile.
- B . Enable server derivation in the ClearPass’ RADIUS configuration.
- C . Enable server derivation in the server group.
- D . Enable server derivation in the AAA Server Group.
An administrator deploys an Aruba wireless solution comprised of:
– a pair of Mobility Masters (MMs)
– multiple Mobility Controllers (MCs) and virtual Mobility Controllers (VMCs)
– an AirWave server
– a ClearPass server
The Aruba Mobility solution runs ArubaOS 8.X.
Which component in this environment globally defines and deploys VLANs for wireless users?
- A . Mobility Controller or Virtual Mobility Controller
- B . AirWave server
- C . Mobility Master
- D . ClearPass server
A cluster has two Aruba 7240 Mobility Controllers (MCs) and two Aruba 7220 Mobility Controllers (MCs).
How is the cluster leader elected if all controllers have the default priority?
- A . The 7240 controller with the highest MAC address is elected.
- B . The controller with the highest IP address is elected.
- C . The controller with the highest MAC address is elected.
- D . The 7240 controller with the lowest IP address is elected.