ACCA-v6 - GRATIS EXAM · 2019-10-05 · A. Captive Portal has not been assigned in the SSID...

http://www.gratisexam.com/

ACCA-v6.4

Number: ACCA-v6.4Passing Score: 800Time Limit: 120 minFile Version: 5.0



Exam A

QUESTION 1Which of the following Aruba controllers is able to provide IEEE 802.3af? (Choose two)

A. 3200

B. 620

C. 650

D. 6000 with M3

E. 7000

Correct Answer: BCSection: (none)Explanation

Explanation/Reference:Explanation:

QUESTION 2What is the maximum number of remote APs supported by a 3600 controller?


A. 512

B. 1024

C. 128

D. 256

E. 2048

Correct Answer: ASection: (none)Explanation

Explanation/Reference:


correct answer.

QUESTION 3Which profiles are required in an AP Group to enable an SSID with VLAN 1, WPA2 and LMSIP? (Choose three)

A. Virtual-AP profile

B. WLAN profile

C. 802.1x authentication profile

D. AP System Profile

E. SSID Profile

Correct Answer: ADESection: (none)Explanation


QUESTION 4A user connected to a Captive Portal VAP successfully. When the user opens their browser and tries to access their homepage, they get redirected as expected toanother URL on the Aruba Controller. However, they see an error message that web authentication has been disabled. What might be a cause of this?

A. Captive Portal has not been assigned in the SSID profile.

B. The Captive portal profile has not been assigned to the AAA profile.

C. A server group has not been assigned to the captive portal profile.

D. An initial role has not been assigned to the AAA profile.

E. The Captive portal profile has not been assigned to the initial role.

Correct Answer: ESection: (none)Explanation

Explanation/Reference:real answer.

QUESTION 5Exhibit:


Referring to the above screen capture, if an administrator desires to change a specific AP into a Spectrum Monitor without assigning the AP to a new group, whichmenus could be used?

A. Network > Controller

B. Wireless > AP Configuration

C. Wireless > AP Installation

D. Advanced Services > Wireless

E. Wizards > WIP Wizard

Correct Answer: BSection: (none)Explanation


QUESTION 6Which of the statements below are TRUE regarding ARM's Spectrum Load Balancing feature? (Choose two)

A. Available only on 5GHz radios

B. Disabled by default

C. Balances client load across available channels/APs

D. Enabled by default

E. Available only on 2.4GHz radios

Correct Answer: BCSection: (none)Explanation


QUESTION 7What are the Airtime Allocation Policy options for Airtime Fairness? (Choose three)

A. Default Access

B. Priority Access

C. Fair Access


D. Preferred Access

E. Distributed Access

Correct Answer: ACDSection: (none)Explanation

Explanation/Reference:right answer.

QUESTION 8Which of the following statements is true of Spectrum Mode?

A. No licenses are required to run an AP in Spectrum mode

B. Spectrum mode can only be configured for one AP at a time

C. An AP can be in spectrum mode for both 2.4 and 5G bands at the same time

D. An AP can be placed in Spectrum Mode via the Spectrum Profile

E. Spectrum mode can be configured from the GUI under AP installation

Correct Answer: CSection: (none)Explanation


QUESTION 9Which method can APs use to discover a controller?

A. DHCP

B. Dynamic DNS (DDNS)

C. PnP

D. PAPI

E. HTTPS




QUESTION 10What does Aruba Layer 3 redundancy require to operate?


A. LMS-IP

B. Backup LMS-IP

C. VRRP

D. Backup AP group

E. ARM



QUESTION 11Exhibit:


In the diagram provided for this question, the client laptop is associated with the Aruba AP. The Aruba controller is configured to perform L2 switching for this SSID.

What will be the client laptop default gateway?

A. A

B. B

C. C

D. D

E. E

Correct Answer: C


Section: (none)Explanation


QUESTION 12In the diagram provided for this question, the Aruba controller terminates one end of a GRE tunnel that carries wireless user traffic.

Where does the other end terminate?

A. A

B. B

C. C

D. D

E. A or B




QUESTION 13In the above diagram, the system shows two Aruba access points and a wired user.

Which VLAN(s) do NOT need to be configured on link A between the L2 switch and router to support the wireless users?

A. 101 and 102

B. 101 and 103

C. 102 and 103

D. only 101

E. only 103




QUESTION 14In the above diagram, the system shows two Aruba access points.

Which VLANs must be configured on trunk link D between the router and Aruba controller to support wireless users when the controller is provisioned for L2operations?

A. 10, 101 and 102

B. 101 and 102

C. 101, 102 and 103

D. 10, 101,102 and 103

E. 10 and 103


Explanation/Reference:


Explanation:

QUESTION 15Exhibit:

Referring to the diagram provided for this question, if the Aruba controller is configured to perform L3 switching, what will be the wireless client laptop defaultgateway?

A. A

B. B

C. C

D. D


E. E

Correct Answer: DSection: (none)Explanation

Explanation/Reference:answer is suitable .

QUESTION 16When configuring Captive Portal, which protocols are supported when accessing the Captive Portal? (Choose two)

A. HTTPS

B. VPN

C. HTTP

D. TELNET

E. SSH

Correct Answer: ACSection: (none)Explanation


QUESTION 17When the controller is configured for Captive Portal and the user is only required to provide an email address for authentication, which option is configured in theGUI?

A. enable termination

B. enable guest logon

C. enable user logon

D. eap method

E. disable CP Login




QUESTION 18A user logged in with the Captive Portal settings shown in the above screen capture.

What does the user need to do to logout?

A. wait 30 minutes then logout

B. wait 60 minutes then logout


C. click Logout on the browser screen

D. he cannot logout

E. wait 10 seconds for redirect



QUESTION 19Screenshots of the Captive Portal authentication profile and server group of a guest network are displayed above.


How was the user authenticated?

A. with a radius server called Radius01

B. with the Internal database

C. with a radius server called Internal

D. with another form of authentication

E. user wasn't authenticated against any server



QUESTION 20Where should mobility domains be enabled in a network with 1 master, 1 backup master and 5 local controllers?

A. Only on the master controller

B. All the local controllers in the network

C. All the controllers where the client is allowed to roam

D. Master and backup master

E. Only on the backup master



Explanation/Reference:absolute answer.

QUESTION 21What are two different methods of configuring AP redundancy between 2 local controllers? (Choose two)


A. Fast-Failover

B. Configure the locals as remote nodes

C. Use named VLANS

D. LMS and Backup LMS IP

E. AP Redundancy can only be configured between a Master and Local

Correct Answer: ADSection: (none)Explanation

Explanation/Reference:sophisticated answer.

QUESTION 22Referring to the diagram provided for this question, an employee brought an unauthorized AP from home and attached it to the cubicle Ethernet port as shown in thediagram. The APs are in VLANs as shown in the diagram. Only AP1 is within RF range.


How will the Aruba controller classify this AP?


A. an AP

B. an AM

C. a Rogue AP

D. an Interfering AP

E. a workstation



QUESTION 23Referring to the diagram provided for this question, an employee brought an unauthorized AP from home, but did not attach it to the LAN infrastructure. The APs arein the VLANs as shown in the diagram. Only AP1 is within RF range of the employee AP.


By default, how will the Aruba system classify the employee's AP?


A. an AP

B. an AM

C. a Rogue AP

D. an Interfering AP

E. a valid workstation



QUESTION 24What can an AM do that an AP cannot do?

A. Detect rogue APs

B. Detect an AP failure

C. Scans all channels in under 1 minute

D. Detect interfering APs

E. Scan all valid channels


Explanation/Reference:answer is valid.

QUESTION 25(group8) #show ap active

Active AP Table

---------------

Name Group IP Address 11g Clients 11g Ch/EIRP/MaxEIRP 11a Clients 11a Ch/EIRP/MaxEIRP

---- ----- ---------- --------- ------------------- ----------- -------------------


AP1 building1 10.1.80.150 0 AM 0 AM

AP2 building1 10.1.80.151 0 AM 0 AM

A user called technical support because they cannot see any of their APs in building one. You perform the "show" command as illustrated above.

What can you conclude about these two APs from this output?

A. the GRE for the APs terminate on two different controllers: 10.1.80.150 and 10.1.80.151

B. the system will not function because there is no building1 group defined

C. the building1 APs will not accept any user connections

D. the user needs to configure his client to use the b/g band

E. the user needs to configure his client to use the a band



QUESTION 26Exhibit:


Based on the above screen capture for Interfering APs, what can you conclude?

A. The APs must be connected to the Aruba network.

B. The APs are classified as interfering because they are all transmitting on channel 6.

C. There must not be any evidence that the APs are attached to the wired corporate network.

D. These APs are classified as interfering because they are not Aruba APs.

E. They are classified as interfering because they are running in g mode.



QUESTION 27As illustrated in the above diagram and screen capture, a wireless hacker injects messages into your network to detach a client from your Aruba AP.


What action should you take to identify and prevent the Intruder from connecting to your system? (Choose two)

A. Enable Detect disconnect Station Attack

B. Enable Spoofed Deauth Blacklist

C. Take no action as there is no protection against this form of attack

D. Take no action as the Aruba system ignores this attack because it is against the client

E. Enable Detect EAP rate Anomaly


Correct Answer: ABSection: (none)Explanation


QUESTION 28(group8) #show ap arm history ap-name AP1

Interface :wifi0

ARM History

-----------

Time of Change Old Channel New Channel Old Power New Power Reason

-------------- ----------- ----------- --------- --------- ------

2010-10-28 07:58:53 157+ 149+ 21 21 I

2010-10-28 07:52:06 149+ 157+ 21 21 M

2010-10-28 07:16:59 157+ 149+ 21 21 I

Interface :wifi1

ARM History

-----------

Time of Change Old Channel New Channel Old Power New Power Reason

-------------- ----------- ----------- --------- --------- ------

2010-10-28 08:52:53 6 1 21 21 I

Referring to the output above. What can you conclude about AP1?

A. This device is scanning channels.

B. This device is unstable because the channel assignment changed.


C. The device changed channels recently.

D. The device changed channels and power levels recently.

E. The device is transmitting at maximum power levels.



QUESTION 29An Aruba controller is configured with the correct IP address and gateway information and is connected to the corporate LAN via a core layer 2 switch. Control PlaneSecurity is not enabled on the network. An access point is provisioned with AP name and group and connected to a different Layer 2 switch on the corporate LANthat has IP connectivity to the core layer 2 switch. The AP powers on and layer 2 connects to the network, but the wireless radios do not power on.

Which could cause this condition? (Choose two)

A. the layer 2 switches have ACLs that block GRE traffic

B. the layer 2 switches are configured to block IPSec traffic

C. a DHCP server is not configured for the segment to which the AP is connected

D. the AP's mac address needs to be configured in the Aruba controller whitelist.

E. the AP and controller are in different subnets

Correct Answer: ACSection: (none)Explanation


QUESTION 30In the diagram provided for this question, four buildings are identified on a college campus. Most of the wireless LAN traffic will be from students accessing theinternet.


According to Aruba best practices, which building is the best location to install the Aruba mobility controller?


A. data center

B. dormitory

C. server farm

D. library

E. 3rd party site


Explanation/Reference:proper answer.

QUESTION 31Referring to the diagram provided for this question, representing an office wireless LAN deployment, there will be approximately 250 users in the offices section ofthe building. All Switches are setup as L3 routers.


According to Aruba best practice, which network device is the best choice for the wireless clients' default gateway?

A. device 'A'

B. device 'B'

C. device 'C'

D. device 'D'

E. device 'C or D'


Explanation/Reference:exact answer.


QUESTION 32One hundred (100) additional APs were deployed in an existing network. But some APs are not able to connect to the lms-ip address, even though all of the APsbelong to the same AP group. Which of the following are NOT potential causes? (Choose two)

A. The problem APs are not getting an IP address.

B. The problem APs have the wrong lms-ip address setting.

C. There is a firewall between the problem APs and the controller blocking PAPI.

D. The controller does not support that many APs in a single AP-Group.

E. There are not enough AP licenses to support the additional quantity of APs.

Correct Answer: BDSection: (none)Explanation


QUESTION 33IEEE 802.11r provides support for which of the following:


A. radio measurements within a WLAN

B. radio measurement within an ESS

C. fast roaming within an ESS

D. fast roaming within a BSS

E. roaming across controllers




QUESTION 34If a Remote AP (RAP) is attempting to contact a controller that is behind a NAT device what protocol must be allowed through the NAT/Firewall?

A. PAPI

B. NATT

C. IPSec

D. SSH

E. GRE


Explanation/Reference:suitable answer.

QUESTION 35Which of the following are valid RAP operating modes?

A. Always, Backup, Standard, Persistent

B. Always, Backup, Tunnel, Persistent

C. Always, Hotel-Connect, Tunnel, Standard

D. Backup, Hotel-Connect, Standard, Persistent

E. Backup, Normal, Tunnel, Always


Explanation/Reference:best asnwer.

QUESTION 36When configuring split tunnel mode on a Remote AP (RAP) where is the routing function for the split tunnel defined?

A. On the IP routing tab in the configuration screen.

B. On the AP provisioning screen.

C. In the RAP static routing tables


D. In the Firewall policy

E. In the RAP whitelist



QUESTION 37A Remote AP provisioned in "Split-Tunnel" Forwarding mode has which characteristic?

A. Local traffic first goes to the controller and is then spilt back to the local network.

B. Traffic is IPSec encrypted before it is sent to the controller.

C. The user role must have a "Permit" statement in order to locally bridge the traffic.

D. The user role must have a "route dst-nat" statement to locally bridge the traffic.

E. The RAP uses PAPI to send data traffic to the controller.



QUESTION 38A Remote AP was properly functioning before losing it's internet connection and now cannot communicate with the controller. What SSID is the AP broadcasting?

A. The SSID in Operational mode Always and Forwarding mode Backup

B. The SSID in Operational mode Split Tunnel and Forwarding mode Bridge

C. The SSID in Operational mode Always and Forwarding mode Tunnel

D. The SSID in Operational mode Standard and Forwarding mode Tunnel

E. The SSID in Operational mode Persistent and Forwarding mode Bridge



Explanation/Reference:real answer.

QUESTION 39An AP 105 was converted into a RAP. The RAP can authenticate its IPSec tunnel to a controller using which of the following methods? (Choose two)

A. 802.1X/EAP authentication

B. Captive Portal authentication

C. IP address authentication

D. Username/Password authentication.

E. Certificate/MAC address authentication.

Correct Answer: DESection: (none)Explanation


QUESTION 40Which of the following describes a Remote AP provisioned in "Split-Tunnel" Forwarding mode?

A. Local user traffic first goes to the controller and is then spilt back to the local network.

B. All data and control traffic goes to the controller unsecured.


D. The user role must have a "route src-nat" statement to locally bridge the traffic.

E. The RAP uses PAPI to send data traffic to the controller.


Explanation/Reference:selected answer is accurate.

QUESTION 41A Remote AP provisioned in "Split-Tunnel" Forwarding mode has which of the following characteristics?

A. Local traffic first goes to the controller and is then spilt back to the local network.


B. User Traffic is CPSec encrypted before it is sent to the controller.


D. The user role must have a "permit dst-nat" statement to locally bridge the traffic.

E. The RAP uses UDP 4500 to send traffic to the controller.



QUESTION 42A company purchased an indoor mesh deployment using the 620 controller and the AP 105 models, where 5 APs will be deployed on a floor to provide wirelessinternet access for users. Users may open VPN tunnels using software clients over the wireless network to a 3rd party VPN concentrator overseas. The companywants to limit wireless user access to TCP traffic locally and VPN traffic overseas.

In addition to the base AOS, which licenses will be necessary for this deployment?

A. VPN, PEF-NG

B. AP Capacity, PEF-NG

C. AP Capacity, PEF-NG, VPN

D. AP Capacity

E. PEF-NG, PEF-V


Explanation/Reference:appropriate answer.

QUESTION 43When deploying Remote Mesh Portals, what is one of the purposes of the Mesh Private VLAN?



A. To separate wireless user traffic coming from mesh networks from non-mesh networks

B. To tag mesh wireless user traffic on a particular AP

C. To allow Mesh Points to form private vlan networks with certain users

D. To tag control plane traffic from Mesh points to the controller

E. To tag clients high priority traffic



QUESTION 44How does an Aruba infrastructure calculate a wireless device's location?

A. GPS

B. RF Fingerprinting

C. RSSI triangulation

D. TDOA

E. LBS


Explanation/Reference:sophisticated answer.

QUESTION 45Centralized licensing is not in use on an Aruba based network which has a Master and three local controllers. No APs terminate on the Master controller. Roles andFirewall policies need to be created and applied, hence PEF-NG license is required

On which controller should the license be installed?

A. Only the master controller since role and firewall policies are created here.

B. Only the local controllers since firewall policies are applied here

C. The master and all three local controllers


D. This isn't the correct license for this purpose, use PEF-VPN license

E. This is not needed because PEF-NG is part of base OS



QUESTION 46What information do you need to generate a feature license key for an Aruba controller?

A. The controller's MAC address and the feature description.

B. Controller's MAC address and the certificate number

C. Controller's Serial Number and the feature description

D. Controller's Serial Number and the certificate number

E. Controller's MAC address and Serial Number



QUESTION 47Which of the following licenses are consumed by Mesh APs advertising an SSIDs?

A. AP license

B. Mesh license

C. PEF-V license

D. No license is required

E. RAP License



Explanation/Reference:genuine answer.

QUESTION 48A network administrator wants to terminate VPN sessions on a local controller in the DMZ. Which statement is true about the PEF-VPN license?

A. It is only applied to the master controller

B. It is only applied to the DMZ controller.

C. It is based on the number of APs

D. One license is needed on the master and the DMZ local

E. It is distributed by the license server as needed



QUESTION 49Which of the following functions can be configured in the Controller WIP wizard? (Choose three)

A. Configure APs as Air Monitors

B. Configure rules for AP classification.

C. Configure preset levels for intrusion detection

D. Blacklisting Rules for clients

E. Identify encryption method used in your network.

Correct Answer: BCESection: (none)Explanation

Explanation/Reference:correct answer.

QUESTION 50A client device associates with an SSID provisioned with 802.1X authentication. The client is set for PEAP authentication. EAP termination (AAA Fastconnect) isdisabled on the controller. But the client continuously cycles through the authentication process. Which of the following could cause this? (Choose two)


A. The client is provisioned with the wrong EAP type.

B. The client has an expired or revoked server certificate.

C. The DHCP server is not enabled.

D. The VLAN is missing for the SSID.

E. The controller does not support PEAP in this mode.

Correct Answer: ABSection: (none)Explanation



ACCA-v6 - GRATIS EXAM · 2019-10-05 · A. Captive Portal has not been assigned in the SSID...

Documents

Transcript of ACCA-v6 - GRATIS EXAM · 2019-10-05 · A. Captive Portal has not been assigned in the SSID...