A company has an Aruba solution. A network administrator wants to prevent wireless users from accessing shopping web sites with a bad reputation.
What should the administrator set up to deny such traffic?
- A . an AppRF engine
- B . application filters in the Traffic Analysis dashboard
- C . firewall access control rules that specify HTTP and HTTPS services
- D . firewall application rules
What is a reason for a company to choose to deploy an Aruba 7024 Mobility Controller (MC) rather than an Aruba 7010 MC?
- A . to support 802.11ac Aps rather than only 802.11n APs
- B . to support more wireless users
- C . to support more POE devices directly connected to the MC
- D . to support a faster firewall throughput rate
What is a key difference between an Aruba Air Monitor (AM) and an Aruba Spectrum Analyzer (SA)?
- A . An AM detects threats such as rogue APs, while an SA analyzes RF conditions.
- B . An AM detects rogue APs and provides data services to clients, while an SA only detects rogue APs.
- C . An AM scans on only one 802.11 frequency band, while an SA scans on both 802.11 frequency bands.
- D . An AM both detects wireless intrusion attempts and mitigates them, while an SA only
detects wireless intrusion attempts.
An AP operates on channel 6.
Which device causes the most significant and consistent interference with the signal?
- A . cellular phone
- B . weather radar
- C . wireless security camera operating on channel 8
- D . AP operating on channel 11
Refer to the exhibits.
Exhibit 1
Exhibit 2
A network administrator configures a guest WLAN on an Aruba Mobility Master (MM)-based solution. The exhibits show some of the settings for this WLAN.
Which settings must the administrator configure on each Mobility Controller (MC) at the device level for this configuration to function properly?
- A . an IPsec preshared key
- B . CPSec certificates
- C . a portal page
- D . VLAN 99 IP settings
What is an advantage for a network administrator to use AirWave over a Mobility Master (MM)?
- A . ability to gather and analyze historical user data, and monitor client association and network usage trends
- B . scans wireless client settings and brings those settings in compliance with corporate security policies.
- C . ability to monitor and manage a Mobility Controller (MC) to configure the WLAN
- D . provides realtime firewall hits for client network troubleshooting
Which deployment option for Aruba Controllers is new to ArubaOS 8?
- A . deployment as virtual appliances
- B . deployment in standalone mode
- C . deployment in master-local mode
- D . deployment as branch office controller
A company has a single Aruba Mobility Master (MM)-based solution with two Mobility Controllers (MCs). Network administrators want APs in building 1 to support a WLAN but do not want APs in building 2 to support the WLAN.
How can administrator ensure that they can enforce this rule as they set up the WLAN in the Mobility Master (MM) Interface?
- A . Place APs in different buildings in different AP Groups.
- B . Assign APs in different buildings to different MM nodes.
- C . Configure APs in different buildings to use different frequency bands.
- D . Assign different radio profiles to APs in different buildings.
A network administrator configures this policy:
Users to which this policy applies are unable to receive IP addresses with DHCP.
How should the administrator fix the issue?
- A . Change user to any in the user any svc-dhcp permit rule.
- B . Move the user any svc-dhcp permit rule to the bottom of the list.
- C . Remove the deny rule from the policy.
- D . Use the correct service alias in the user any svc-dhcp permit rule.
A network administrator reduces an AP radio transmit power from 18 dBm to 15 dBm. This is a loss of 3 dBms.
What is the current power as a percentage of the original power?
- A . 10%
- B . 33%
- C . 50%
- D . 83%
What are two criteria that distinguish different Aruba Mobility Controller (MC) models from each other?
- A . firewall speed and ability to act as a standalone controller or not
- B . number of supported users and firewall throughput
- C . number of supported APs and ability to support 802.11ac APs or not
- D . number of supported users and ability to support 802.11ac APs or not
A network administrator has installed PEF licenses in the global pool of a Mobility Master
(MM) solution. When the administrator tries to configure roles and policies, an error indicates that the PEF licenses must be installed.
What should the administrator do to correct this issue?
- A . Ensure the PEF licenses were installed at the Managed Network and not at the MM level.
- B . Enable Building 1 as a local license pool.
- C . Enable the PEF feature in the Global Usage window.
- D . Activate the PEF licenses through an Aruba Activate account.
A network administrator creates the role employees and adds the rule to it:
user any any permit
The first several wireless clients assigned to the employees role are assigned IP addresses in the 10.10.10.0/24 subnet. Several other wireless clients with the employees role are then assigned IP addresses in the 10.10.20.0/24.
When the Aruba firewall matches traffic from these clients to the user any any permit rule, what does it do?
- A . It drops traffic from wireless clients in both the 10.10.0/24 subnet and 10.10.20.0/24 subnet.
- B . It permits traffic from wireless clients in both the 10.10.10.0/24 and 10.10.20.0/24 subnet as long as the packet has a source IP.
- C . It permits the traffic from wireless clients in the 10.10.20.0/24 subnet, but drops the traffic from wireless clients in the 10.10.10.0/24 subnet.
- D . It permits the traffic from wireless clients in the 10.10.0/24 subnet, but drops the traffic from wireless clients in the 10.10.20.0/24 subnet.
A network administrator examines a list of 2.4GHz clients with low performance in the Mobility Master (MM) dashboard.
Which property for a client should pose a concern as a potential performance issue?
- A . Radio PHY of HT 20MHz
- B . Max speed of 72Mbps
- C . SNR of 18
- D . Usage of 10 MB
What is the minimum space between channels in the 2.4GHz range to prevent overlap?
- A . 1 channel
- B . 3 channels
- C . 5 channels
- D . 7 channels
What is an example of a Layer2 wireless threat that a wireless intrusion detection system (WIDS) should detect?
- A . 802.11 association floods
- B . RF jamming
- C . Bluetooth interference
- D . spyware
Refer to the exhibit.
A network administrator sets up the Exam_Employees WLAN on an Aruba solution with a default role of guest, as shown in the exhibit.
To which users does the guest role apply?
- A . users who successfully authenticate and are assigned to the default role by the RADIUS server
- B . users who successfully authenticate and are not assigned a different role by the RADIUS server
- C . users who have connected to the SSID, but have not yet attempted authentication
- D . users who fail authentication
A network administrator wants to assign an authentication server group to the WPA2-Enterprise WLAN.
Which profile should the administrator modify?
- A . Virtual AP
- B . SSID
- C . AAA
- D . L2 Authentication
If the decrypt-tunnel forwarding mode is selected in an employee WLAN, where is the user traffic decrypted?
- A . at the switch
- B . at the AP
- C . at the controller
- D . at the RADIUS server
An Aruba Mobility Master (MM)-based solution has a WLAN that uses WPA2-Enterprise security. A test login on a wireless client fails.
How can a network administrator determine whether the RADIUS server rejected the credentials or another issue occurred?
- A . View Technical Support information for the MM.
- B . Ping the IP address configured as the RADIUS server.
- C . Use the MM AAA Server Test Diagnostic tool.
- D . Use the tools in the MM Dashboard > Security window.
A company has an Aruba Mobility Master (MM)-based solution. Under which circumstance will an AP radio change channel without the use of the Mobility Master (MM)?
- A . when the MM detects that a different channel has significantly better quality
- B . when the Mobility Controller (MC) detects a rogue AP on the channel
- C . when the AP detects a large amount of interference on its channel
- D . when the Client Match rules indicate that nearby clients do not support the current channel
Refer to the exhibit.
What is a valid way to help the APs discover devices that can control them?
- A . Set up an Aruba Central subscription, and ensure that APs can reach the Internet.
- B . Enable CPSec, and ensure the Mobility Master (MM) and Mobility Controllers (MCs) trust the Aruba certificates installed on the APs at the factory.
- C . Specify the Mobility Master (MM) IP address in DHCP option 43 on the network DHCP server.
- D . Map the Mobility Controller (MC) IP addresses to the aruba-master name on the network DNS server.
A company has an Aruba Mobility Master (MM)-based solution. A network administrator wants to collect and analyze information about clients and access points (APs) over extended periods of time.
What should the administrator do to achieve this goal?
- A . Add Aruba AirWave to the solution.
- B . Run a Traffic Analysis report on the MM.
- C . Make sure that MM has sufficient AppRF licenses.
- D . Enable archival from the MM interface Maintenance windows.
A network administrator creates a user account on an Aruba Mobility Master (MM) with the guest-provisioning role.
Which task does this user have the rights to perform?
- A . set up portal pages
- B . create guest user accounts
- C . monitor guest clients
- D . create guest WLANs
What is a role fulfilled by an Aruba Mobility Master (MM)?
- A . It forwards and routes traffic for wireless users across multiple sites.
- B . It terminates control tunnels for Aruba APs.
- C . It provides an advanced Web portal for onboarding Bring Your Own Device (BYOD) devices.
- D . It manages VLAN and routing configuration for multiple Mobility Controllers (MCs).
An Aruba solution runs ArubaOS 8 and uses a mobility master architecture.
Which feature can network administrators use to balance wireless devices across APs on different channels?
- A . AirMatch
- B . Client Match
- C . AppRF
- D . ARM
Refer to the exhibit.
The exhibit shows output from a Mobility Master (MM) dashboard.
What is a valid reason for the administrator to click the akamai square under applications?
- A . to see the break down for only the roles, destinations, WLANs, and devices that use this
application - B . to download a report about the usage of this application over time
- C . to create filter rules in order to control wireless user access to this application
- D . to set up bandwidth rule in order to control wireless user access to this application
A company has a Mobility Master (MM)-based solution. A network administrator wants to monitor data transfer speed ranges of all currently connected clients.
Which dashboard page in the MM interface should the administrator visit?
- A . Security
- B . Performance
- C . Traffic Analysis
- D . Network
A company has a Mobility Master (MM) solution that manages Mobility Controllers (MCs) in several groups. The company has several WebCC licenses and wants to reserve these licenses for MCs in the Sunnyvale group only.
How can a network administrator achieve this goal?
- A . Associate the MAC addresses for the Sunnyvale MCs with the licenses when they are generated.
- B . Make sure to be at the Managed Network > Sunnyvale level in the MM Interface when the licenses are installed.
- C . Install the licenses on the MM, and allocate them to a dedicated local pool for the Sunnyvale group.
- D . Install the licenses directly on the MCs in the Sunnyvale group, and activate the licneses locally.
A company deploys an Aruba wireless solution for the first time. In which deployment is clustering supported?
- A . deployment as Mobility Masters (MMs)
- B . deployment as a standalone VMC
- C . deployment in 7000 Series standalone mode
- D . deployment in master-local mode
Refer to the exhibit.
What describes the behavior for this WLAN?
- A . APs in the default group broadcast the SSID. Clients can connect to the WLAN on APs in the default group only.
- B . No APs broadcast the SSID. Clients cannot connect to the WLAN until administrators activate it.
- C . No APs broadcast the SSID. Clients can connect to the WLAN on APs in the default group only.
- D . APs in the default group broadcast the SSID. Clients can connect to the WLAN on APs in any group.
What is a valid way to deploy an Aruba Mobility Master (MM)?
- A . as a subscription-based service through the Aruba cloud
- B . as a role on a Mobility Controller 7030 that is deployed as a standalone controller
- C . as a virtual appliance on a server that meets the recommended hardware requirements
- D . as a role on a Mobility Controller 7240 that is deployed as a master controller
What is one difference between captive portal authentication and 802.1X authentication?
- A . 802.1X authentication always authenticates the wireless client, while captive portal authentication always authenticates the wireless user.
- B . 802.1X authentication occurs at Layer 2, while captive portal authentication occurs at Layer 3.
- C . 802.1X authentication must use an LDAP server, while captive portal authentication can use a RADIUS server or an LDAP server.
- D . 802.1X authentication is typically implemented without encryption, while captive authentication is often combined with WPA or WPA2.
A network administrator needs to configure firewall rules for three roles:
✑ Finance
✑ Sales
✑ Employee
Several rules apply to both the Employee and Sales roles, but not to the Finance role.
What is the simplest way to configure these rules?
- A . Define the Employee and Sales roles as internal roles, and then configure the rules as global rules for internal users.
- B . Apply these rules as a subnet-based policy, and then ensure that only Employee and Sales users are assigned IP addresses in that subnet.
- C . Select either the Employee or Sales role, and then configure these rules within the global policy.
- D . Create a policy with these rules, and then apply that policy to the Employee and Sales roles.
Refer to the exhibit.
A network administrator creates a guest WLAN on an Aruba Mobility Master (MM). The exhibit shows some of the settings for the WLAN.
How should the network administrator handle the Auth server settings?
- A . Add an authentication server with the LDAP type and the IP address of the company AD server.
- B . Add an authentication server with the LDAP type and IP address 10.10.10.10.
- C . Add an authentication server with the RADIUS type and IP address 10.10.10.10.
- D . Add an authentication server with the RADIUS type and the IP address of the company AD server.
Refer to the exhibit.
A network administrator needs to use Aruba AirWave to view statistics for an AP’s 802.11ac radio.
How can the administrator update the information on-demand rather than wait the typical interval?
- A . Click Poll Controller Now
- B . Click the 802.11ac link
- C . Log out of the interface and log back in
- D . Refresh the browser
A customer has a large campus that requires 400 Aruba 335 APs to support a total of 20,000 wireless users and 12Gbps of traffic. Although the customer wants two controllers for redundancy, each controller must be able to support all of the APs and users on its own.
Which Aruba Mobility Controller models meet the customer requirements and DO NOT unnecessarily exceed them?
- A . Aruba 7024 controllers
- B . Aruba 7210 controllers
- C . Aruba 7240 controllers
- D . Aruba 7030 controllers
A company currently uses Instant APs (IAPs), all managed by a virtual controller. The company expects to double in size without the next 18 months. The network manager wants to purchase additional APs to service the increased traffic load. The network manager also wants to deploy a Mobility Controller (MC) to manage all APs.
How should the network administrator adapt the current IAPs to a controlled architecture?
- A . Manage both the MCs and IAP clusters with Aruba Central.
- B . Configure the IAPs to establish CPSec tunnels to the new MCs.
- C . Manage both the MCs and IAP clusters with a Mobility Master (MM).
- D . Convert the IAPs to Campus APs controlled by the new MCs.
A company plans to deploy a Mobility Master (MM). The MM will manage 50 Mobility Controller (MC) appliances that will control a total of 700 APs, and 10 Virtual Mobility Controllers (VMCs) that will control a total of 200 APs.
How many MM licenses does the company require?
- A . 60
- B . 210
- C . 900
- D . 960
D
Explanation:
Starting with ArubaOS 8.0.1, the MM license is required to terminate devices (controllers or APs) on Mobility Master. If the Mobility Master does not have sufficient MM licenses and an AP fails to obtain a license, that AP can get an IP address and connect to its controller, but will not broadcast an SSID.
When an Aruba solution uses AirMatch, which device generates the channel and power plan for an AP?
- A . the AirWave Management Platform
- B . the Mobility Master (MM)
- C . the Mobility Controller (MC) for the AP
- D . the AP itself
Refer to the exhibit.
The exhibit shows the AAA profile for a WLAN on an Aruba solution. This WLAN uses 802.1X to authenticate users to a RADIUS server. A user successfully authenticates with 802.1X, but the RADIUS server does not send a role assignment.
How does the Aruba firewall handle the role assignment for this user?
- A . It does not assign a role.
- B . It applies the Aruba VSA role employee.
- C . It assigns the logon role.
- D . It assigns the authenticated role.
A company has an Aruba solution that is monitored by AirWave. Several users have recurring connectivity and performance issues with their wireless clients.
How can network administrators use AirWave to minitor these clients more easily?
- A . Specify the clients as Watched Cliesnts and view the tables and graphs for these clients.
- B . Click the Down icon in the Airwave banner to quickly see a list of issues with client connections.
- C . Use the Client > Tags windows to tag the client for periodic checks and analysis.
- D . Run Device Summary reports and filter for the client MAC addresses within the report.
Refer to the exhibits.
Exhibit 1
Exhibit 2
A company has an Aruba solution. Client 1 is assigned to the users1 role, and client 2 is assigned to the users2 role. The exhibits show current firewall rules for those roles. The network1 alias used to be 10.1.1.0/24, but the network administrator now changes the network1 alias to 172.16.1.0/24. Client 1 and Client 2 both send a packet destined to 172.16.1.10.
How does the firewall handle these packets?
- A . It permits the packet from Client 1 and denies the packet from Client 2.
- B . It permits both packets.
- C . It denies the packet from Client 1 and permits the packet from Client 2.
- D . It denies both packets.
A company has an Aruba solution and wants to provide guests with wireless access. The
company wants to assign guests IP addresses in subnets that exist only within the Aruba solution.
Which feature should network administrators set up so guests can send traffic on the Internet without changes to the company routing solution?
- A . Enable NAT on the VLAN assigned to the guest WLAN.
- B . Set up a dynamic default gateway on the Mobility Controllers (MCs).
- C . Create destination NAT rules for the guest role.
- D . Enable policy-based routing for the guest traffic.
A network manager wants to implement an Aruba wireless solution that accommodates 802.1X with EAP-TLS. All wireless users will utilize Active Directory (AD) accounts to authenticate.
Which device will the authenticator forward the authentication requests to in this type of solution?
- A . APs
- B . RADIUS server
- C . Mobility Controller (MC)
- D . Mobility Master (MM)