Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

The company has just upgraded their access layer switches with AOS-CX switches and implemented an AAA solution with ClearPass. The company has become concerned about what actually connects to the user ports on the access layer switch, Therefore, the company is implementing 802.1X authentication on the AOS-CX switches. An administrator has globally enabled 802.1X, and has enabled it on all the access ports connected to user devices, including VoIP phones, security cameras, and wireless Aruba IAPs. Wireless users are complaining that they successfully authenticate to the IAPs; however, they do not have access to network resources. Previously, this worked before 802.1X was implemented on the AOS-CX switches.

What should the company do to solve this problem?

A.

Implement device-based mode on the lAP-connected AOS-CX switch ports.

B.

Implement local user roles and local forwarding on the AOS-CX switches.

C.

Implement downloadable user roles and user-based tunneling (UBT) on the AOS-CX switches.

D.

Implement AAA RADIUS change of authorization on the AOS-CX switches.

Which concept is implemented using Aruba’s dynamic segmentation?

A.

Root of trust

B.

Device fingerprinting

C.

Zero Touch Provisioning

D.

Colorless port

A company has implemented 802.1X authentication on AOS-CX access switches, where two ClearPass

servers are used to implement AAA. Each switch has the two servers defined. A network engineer notices the following command configured on the AOS-CX switches:

radius-server tracking user-name monitor password plaintext aruba123

What is the purpose of this configuration?

A.

Implement replay protection for AAA messages

B.

Define the account to implement downloadable user roles

C.

Speed up the AAA authentication process

D.

Define the account to implement change of authorization

An administrator wants to leverage always-on PoE on AOS-CX switches. Which statement is correct regarding this feature?

A.

Provides up to 60W of power per port

B.

Supports all AOS-CX switches

C.

Provides surge protection for PoE and non-PoE ports

D.

Requires NetEdit to implement

An administrator will be implementing tunneling between AOS-CX switches and Aruba gateways. Which list of protocols must minimally be allowed by an intermediate firewall between two sets of devices?

A.

IP protocol 50 and UDP 8209

B.

UDP 4500 and IP protocol 47

C.

UDP 8211 and IP protocol 47

D.

UDP 4500 and UDP 8209

An administrator is concerned about the security of the control plane connection between an AOS-CX switch and an Aruba Mobility Controller (MC) when implementing user-based tunneling. How should the administrator protect this traffic?

A.

IPSec with a digital certificate

B.

GRE with a pre-shared key

C.

PAPI with an MD5 pre-shared key

D.

IPSec with a pre-shared key

A network administrator is implementing OSPF, where there are two exit points. Each exit point has a stateful, application inspection firewall to implement company policies.

What would the best practice be to ensure that one firewall will see both directions of the traffic, preventing asynchronous connections in the network?

A.

Both ASBRs should define External Type 1 routes for the

B.

Both ASBRs should define External Type 1 routes for the

C.

Both ASBRs should define External Type 2 routes for the

D.

Both ASBRs should define External Type 2 routes for the

What are best practices when implementing VSX on AOS-CX switches? (Choose two.)

A.

The ISL lag should use the default MTU size.

B.

Timers should be left at their default values.

C.

The default system MAC addresses should be used.

D.

The keepalive connection should use a direct layer-3 connection.

E.

The ISL lag should use at least 10GbE links or faster.