HPE6-A71 Exam Dumps from PassLeader

New VCE and PDF Exam Dumps from PassLeader
➢ Vendor: HP
➢ Exam Code: HPE6-A71
➢ Exam Name: Aruba Certified Mobility Professional Exam
➢ Part of New Questions from PassLeader (Updated in Mar/2020)
Visit PassLeader and Download Full Version HPE6-A71 Exam Dumps
QUESTION 1
An administrator configures AirGroup policies to define which Apple services are visible and
available to wireless users in a campus WLAN. However, the policies are not being enforced.
Where must the administrator enable the AirGroup functionality on the Mobility Master (MM) so that
the policies will be in effect?
A. At the Mobility Master hierarchy

B. At the controller level in the Managed Network hierarchy
C. At the Access Points level in the Managed Network hierarchy
D. At the global Managed Network hierarchy
Answer: D
QUESTION 2
An administrator inherits an Aruba Mobility Controller (MC) that has an unknown username and
password. Which credentials should the administrator enter to reset the administrative access?
A. Username: backdoor; Password: @ruba

B. Username: admin; Password: admin
C. Username: password; Password: forgetme!
D. Username: Aruba; Password: Reset!
Answer: C
QUESTION 3
An administrator configures the MultiZone feature for a company network, where a mobility cluster
is the primary zone and a standalone controller in the company's DMZ represents a secondary data
zone. The administrator configures two AP Groups and respective VAPs for the zones on the
Mobility Master (MM) in the primary zone. When the APs boot up and establish connections to both
zones, the administrator notices that no data connections are established to the data zone.
What must the administrator do to fix this problem?
A. Configure the same AP Groups and VAPs on the standalone controller, and associate the
MultiZone APs to both groups.
B. Configure the same AP Group in the data zone as it is in the primary zone, and configure
the VAPs in the data zone.
C. Have the MultiZone APs initially boot from the standalone controller in the data zone.
D. Create different AP groups and VAPs on the Mobility Master and standalone controllers,
HPE6-A71 Exam Dumps HPE6-A71 Exam Questions HPE6-A71 PDF Dumps HPE6-A71 VCE Dumps
https://www.passleader.com/hpe6-a71.html
and associate the MultiZone APs to both groups.
Answer: B
QUESTION 4
An administrator creates new pre-and post-authentication roles for a new WLAN. For which profile
should the administrator assign these new roles under the Managed Network section?
A. Server Groups
B. Virtual AP
C. 802.1X
D. AAA profile
Answer: D
QUESTION 5
An administrator currently manages an L2 cluster with Aruba Mobility Controllers (MCs) that run
ArubaOS 8.x. What happens when the administrator enables AP load balancing?
A. AP load balancing occurs when the rebalance and unbalance thresholds are met.
B. Users must re-authenticate if they are moved from one controller to another because load
balancing is performed.
C. Balancing of users is based on a hash of their IP address.
D. AP load balancing is triggered based on the amount of user traffic that users generate.
Answer: A
QUESTION 6
An administrator implements clustering on Aruba Mobility Controllers (MCs) that run ArubaOS 8.x.
An AP is connected to a cluster member. The administrator accidentally powers off the AP. How
does the AP determine that it should failover to an alternate controller in the cluster?
A. The Mobility Master notifies the AP.

B. The AP detects a PAPI failure.
C. The cluster leader notifies the AP.
D. The Standby AAC notifies the AP.
Answer: D
QUESTION 7
An administrator implements a standalone controller that runs ArubaOS 8.x. Which feature should
the administrator configure to optimize the RF operation for the company's WLAN?
A. AirMatch
B. Clustering
C. ARM
D. Zones
Answer: C
QUESTION 8
An administrator creates a cluster of four Mobility Controllers (MCs). When the administrator
verifies the cluster operation, the administrator notices that it is operating as an L3-connected
cluster. What should the administrator do to ensure that the cluster operates as an L2-connected
cluster? (Choose two.)
A. Include all IP addresses in the same subnets shared by the Mobility Controllers.
B. Exclude all VLANs that are not trunked to each Mobility Controller.
C. Verify VLAN configuration on the switch trunks that interconnects the Mobility Controllers.
D. Configure a separate VRRP group for each cluster member.
E. Ensure that the controller IP addresses are in the same subnet.
Answer: BE
QUESTION 9
An administrator has ArubaOS-Switches that support tunneled node. The administrator wants to
tunnel all user traffic from the Ethernet ports on the switches, and have the controllers authenticate
the user traffic and apply the appropriate user role.
Which implementation meets these requirements?
A. Role-based tunneled node with the controllers configured for standalone mode
B. Role-based tunneled node with the controllers configured in a cluster
C. Per-port tunneled node with the controllers configured for standalone mode
D. Per-port tunneled node with the controllers configured in a cluster
Answer: C
QUESTION 10
An administrator manages an Aruba wireless network. ClearPass is used to centralize AAA
functions. The administrator wants to implement server role derivation. Which information will the
ClearPass server return in regards to the user role assignment?
A. RADIUS VSA User-Role

B. Aruba VSA Firewall-Role
C. Aruba VSA Aruba-User-Role
D. RADIUS VSA Firewall-Role
Answer: C
QUESTION 11
What are the responsibilities of a cluster leader in a cluster of Aruba Mobility Controllers (MCs)?
(Choose two.)
A. To identify primary and secondary Mobility Controllers for APs

B. To create a table to determine how a wireless client maps to a cluster member
C. To identify a backup cluster leader for redundancy
D. To manage the configuration of cluster members
E. To automatically load balance clients if the load across cluster members changes
Answer: BE
QUESTION 12
An administrator wants to implement a Live Upgrade (in-service upgrade) of a cluster in an Aruba
wireless solution. Which ArubaOS feature does the Mobility Master (MM) use to ensure RF
redundancy, so that when one or more APs are rebooted there is no loss of wireless coverage for
users?
A. AirMatch
B. Mobility Controller load balancing
C. AP image preload
D. AP image verification
Answer: A
QUESTION 13
Which ArubaOS CLI command can an administrator execute to determine if AP load balancing is
enabled in a cluster?
A. show aaa cluster essid

B. show lc-cluster group-membership
C. show switches
D. show ap active
Answer: B
QUESTION 14
What must an administrator configure in order for the ClearPass server to execute a RADIUS
Change of Authorization (CoA) to Aruba Mobility Controllers (MCs) in a cluster?
A. Active and Standby AAC with clustering

B. VRRP IP on each cluster member
C. IPSec High Availability (HA) between two cluster members
D. Primary and backup LMS IP addresses
Answer: B
QUESTION 15
An administrator configures a network scan set in AirWare to scan a subnet to discover new
switches. The scan completes and AirWave successfully uses the SNMP credentials to validate
SNMP access. However, SSH access fails and the administrator must manually configure the SSH
credentials used for all of these devices.
To prevent this problem in the future, what should the administrator complete prior to running the
network scan?
A. Define the SSH communication parameters under the Group's Manage section.
B. Define a scan credentials set that includes the SSH communication parameters.
C. Define the SSH communication parameters under the AP/Device's Manage section.
D. Define the SSH communication parameters for the Default Credentials under Device Setup
section.
Answer: D
QUESTION 16
Which Aruba AP mode constantly scans the radio environment to gather IDS and RF information?
A. Spectrum AP
B. RAP
C. Mesh Portal
D. Air Monitor
Answer: D
QUESTION 17
An administrator needs to apply a patch to an Aruba environment to implement improvements for
AirMatch. What is the Aruba recommended approach for this process without a reboot?
A. Upgrade the AirMatch Loadable Service Module (LSM) on each Mobility Controller.
B. Upgrade the AirMatch Loadable Service Module (LSM) on the Mobility Master.
C. Upgrade the ArubaOS by the use of Live Upgrades (in-service upgrades).
D. Create controller partitions to minimize downtime.
Answer: C
QUESTION 18
An administrator creates a mesh cluster profile and has defined the RF band and cluster name.
What else must the administrator configure in the profile?
A. IPSec
B. CPSec
C. WPA hexkey or passphrase
D. Mesh portal IP address(es)
Answer: C
QUESTION 19
An administrator implements a per-port tunneled node configuration for an Aruba Mobility Controller
(MC) that runs ArubaOS 8.x. The controller performs both MAC and 802.1X authentication.
What must the administrator specify on the controller to allow for 802.1X authentication to succeed?
A. Define External RADIUS servers in the AAA profile.

B. Enable L2 Authentication Fail Through in the AAA profile.
C. Define MAC addresses in the local database for the 802.1X users.
D. Enable server roles in the AAA profile.
Answer: B
QUESTION 20
An administrator configures a port on a RAP through the association of an AAA profile with 802.1X
authentication to a RAP Ethernet port. This port connects to a switch with user desktops attached.
The administrator notices that when users connect wirelessly to the RAP, a user role correctly
restricts their traffic. But, when users connect with their wired desktops, they have full access to
corporate resources.
What must the administrator do to restrict desktop usage based on the users' role assignment?
A. Apply a server-derived role privacy to the RAP port.

B. Identify the RAP port as untrusted.
C. Implement ACLs on the RAP port.
D. Implement per-user tunnel node on the RAP.
Answer: B
QUESTION 21
Which Aruba Mobility Controller (MC) administrative role should an administrator assign to a
receptionist so that they can create and manage guest accounts?
A. guest-provisioning
B. receptionist
C. guest-operator
D. network-operations
Answer: A
QUESTION 22
An administrator configures an ArubaOS-Switch for per-user tunneled node. Which protocols does
the switch use to establish and maintain a connection with the Aruba Mobility Controller (MC)?
(Select two.)
A. GRE
B. SSL
C. PAPI
D. IPSec
Answer: AC
QUESTION 23
Which RAP WLAN operation mode should an administrator configure if the SSID should only be
advertised if controller connectivity is lost?
A. Standard
B. Persistent
C. Backup
D. Always
Answer: C
QUESTION 24
Where would an administrator define the split-tunneling mode for a RAP located at a branch office?
A. the Firewall policy on the RAP

B. the AAA policy on the controller
C. the Firewall policy on the controller
D. the VAP profile on the controller
Answer: D
Explanation:
the WLAN was created to use the tunnel-forwarding mode. To configure the WLAN to use split-
tunnel mode, you must edit the WLAN profile.
QUESTION 25
An administrator supports an Aruba wireless solution that uses ClearPass to implement server role
assignment. A user reports that they are not able to access the correct department resources. The
administrator determines from the connected controller that the user is associated to the login user
profile instead of the department user profile.
What should the administrator examine on the ClearPass server to determine the Aruba VSA User
Role value that ClearPass returns to the controller?
A. Accounting
B. Event Viewer
C. Audit Viewer
D. Access Tracker
Answer: D
QUESTION 26
Which configuration command enables an Aruba Mobility Controller (MC) to send AMON messages
to an AirWave System?
A. auth-server
B. snmp-server
C. mgmt-server
D. tunneled-node-server
Answer: C
QUESTION 27
A company network implements Skype for Business, where voice and video calls, desktop sessions,
and file sharing sessions need to be prioritized. These applications are used across a wireless
network, implemented with Aruba APs and Aruba Mobility Controllers (MC) that run ArubaOS 8.x.
Which Unified Communications and Collaboration (UCC) deployment mode should an
administrator recommend for this customer?
A. WMM-only
B. SDN API
C. Zones
D. Heuristics
Answer: B
QUESTION 28
In a VPN that uses certificate-based authentication, which component must be configured on the
Mobility Master (MM) to allow a RAP to successfully connect to a Mobility Controller (MC)?
A. RAP VPN username and password

B. WLAN and new RAP group
C. RAP IPSec pre-shared key
D. RAP whitelist
Answer: D
QUESTION 29
An administrator manages an Aruba wireless solution, deployed in a company with locations across
the world. In one country, the local government organization that controls wireless transmissions
increases the maximum EIRP allowed for certain channels. Which component does the
administrator need to update on the Mobility Master (MM) to accommodate this change?
A. the Controller port configuration

B. the regulatory-cert file
C. the AP system profile
D. the AP Group configuration
Answer: B
QUESTION 30
An administrator wants to temporarily deny login access who fail 802.1x authentication functions
three or more times. Which process will the administrator need to configure?
A. EAP termination
B. blacklisting
C. captive portal
D. fail through
Answer: B
QUESTION 31 ~ QUESTION 46
QUESTION 47
An administrator wants to deploy Zero Touch Provisioning (ZTP) with Activate. The controllers run
ArubaOS.8.x.
Which Aruba architecture should the administrator deploy?
A. Master-Local
B. Standalone
C. AirWave
D. Mobility Master-Mobility Controller
Answer: D
QUESTION 48
An administrator manages an AirWave Management Platform (AMP). The AMP server receives
many SNMP traps from managed devices, but no alerts are generated on the AMP for certain
critical traps. Which rule should the administrator create to cause the AMP server to generate an
alert based on receipt of a critical SNMP trap from an Aruba Mobility Controller (MC)?
A. AMON rule
B. SNMP trap rule
C. Trigger rule
D. Alert rule
Answer: C
QUESTION 49
An administrator wants to implement the MultiZone feature in a company's network to segregate
corporate and guest traffic. Corporate traffic will have APs establish connections to a cluster
managed by a Mobility Master (MM), and guest traffic will have the same APs establish connections
to a standalone controller at the company's DMZ.
Given this scenario, what is true about the implementation of Multizone?
A. A management session is established only with the primary zone, but data sessions are
established to all zones.
B. Only the primary zones can reboot, upgrade, or provision MultiZone APs.
C. The primary and data zones must be in the same L2 subnet.
D. A MultiZone AP can initially connect to any zone to obtain its configuration.
Answer: B
QUESTION 50
An administrator creates a User Rule for role derivation on the Mobility Master (MM). Which client
information can an administrator specify to identify that a particular user should be assigned a
different role from the initial role?
A. IP address
B. VLAN
C. MAC address
D. Profiling information
Answer: C
QUESTION 51
An administrator wants to implement bandwidth limits for guest users to restrict their Internet usage.
On the Mobility Master (MM), where would the administrator define these limits?
A. User role
B. Firewall policy
C. AAA policy
D. 802.1X policy
Answer: B
QUESTION 52
An administrator wants to use AirWave to manually add devices on the network. Where should the
administrator perform this action?
A. in AMP Setup
B. in APs/Devices
C. in Groups
D. in Device Setup
Answer: D
QUESTION 53
An administrator configures Unified Communications and Collaboration (UCC) heuristics mode on
an Aruba Mobility Master (MM). What should be modified in order to send items such as VoIP
sessions and monitored information about adds, updates, deletions, and periodic snapshots of
those VoIP sessions on the MM or the Aruba Mobility Controller (MC)?
A. OpenFlow Controller profile

B. Mgmt Config profile
C. Skype ALG Configuration profile
D. OpenFlow profile
Answer: B
QUESTION 54
An administrator wants to simulate network traffic and analyze results in an Aruba wireless network
to test components such as WPA-2, DHCP, and other protocols. Which Aruba solution implements
these functions?
A. Clarity Live
B. AirWave VisualRF
C. AirWave RAPIDS
D. Clarity Synthetic
Answer: D
QUESTION 56
An administrator implements machine authentication in an 802.1X profile. Which user role will be
assigned to the user's session if machine authentication fails, but the 802.1X user authentication
passes for a user who connects?
A. 802.1X default user role

B. Machine authentication initial user role
C. 802.1X initial user role
D. Machine authentication default user role
Answer: D
QUESTION 57
In a cluster-controller environment, which Aruba component in a network builds a cache table of
mDNS records that can be used to help user devices access Apple Bonjour services?
A. the Mobility Master

B. any Aruba Mobility Controller
C. the Mobility Controllers that are cluster members
D. the Mobility Master and cluster members
Answer: A
Explanation:
The MM maintains a cache table of mDNS records for all mDNS service advertisements that it sees
QUESTION 58
On the Aruba Mobility Master (MM), when is an AP configured to act as Mesh Portal or Mesh Point?
A. when the mesh cluster profile is created

B. at the time of the AP's apboot mode CLI
C. when the APs are provisioned
D. when the mesh radio profile is created
Answer: C
Explanation:
4. Configure the Mesh Role:
To configure the AP as the mesh portal, select Mesh Portal. To configure the AP as a mesh point,
select Mesh Point
QUESTION 59
An administrator stages an AP and re-provisions it as a RAP from the Mobility Master (MM). When
re-provisioning the RAP, the administrator must enter a user's credentials. What is the purpose of
these credentials?
A. to authenticate users on wired and wireless ports

B. to authenticate the RAP device
C. to authenticate users on wireless ports
D. to authenticate users on wired ports
Answer: B
QUESTION 60
An administrator mistakenly configures the wrong VLAN setting on a managed controller's interface.
This causes the controller to lose management access to the Mobility Master (MM). Which
mechanism will then attempt to restore the previous working configuration on the managed
controller?
A. disaster recovery
B. auto-rollback
C. restore config
D. bulk configuration
Answer: B
QUESTION 61
An administrator migrates Aruba Mobility Controllers (MCs) from ArubaOS.6x to ArubaOS.8. x. In
the 6.x. configuration, the administrator configures GRE tunnels on the local controllers to a
controller in the DMZ to keep guest traffic off the corporate network. The problem with the solution
is that is creates suboptimal routing paths.
Which feature should the administrator implement to solve this problem?
A. MultiZone
B. Mobility
C. Clustering
D. AirMatch
Answer: A
QUESTION 63
An administrator deploys an AP at a branch office. The branch office has a private WAN circuit that
provides connectivity to a corporate office controller. An Ethernet port on the AP is connected to a
network storage device that contains sensitive information. The administrator is concerned about
sending this traffic in clear-text across the private WAN circuit. What can the administrator do to
prevent this problem?
A. Redirect the wired port traffic to an AP-to-controller GRE tunnel.

B. Convert the campus AP into a RAP.
C. Enable AP encryption for wired ports.
D. Enable IPSec encryption on the AP's wired ports.
Answer: B
QUESTION 64
An administrator deploys Aruba Mobility Controller 7005s to a company's branch offices. The
administrator wants to disable the console port to prevent unauthorized access to the controllers.
Which controller command should the administrator use to implement this policy?
A. no console enable
B. no mgmt-user console
C. mgmt-user console-block
D. console disable
Answer: C
QUESTION 66
What is true about clustering and AP connections to cluster members?
A. The AP will always stay connected to the LMS IP address configured in the AP profile.
B. During rebalancing, the active load is redistributed first.
C. The default thresholds are 75% for the Rebalanced Threshold and 25% for the Unbalanced
Threshold.
D. AP load balancing is disabled by default.
Answer: D
QUESTION 67
Which IEEE standard should user devices support to implement Fast BSS Transition when a
network implements wireless roaming (mobility)?
A. 802.11r
B. 802.11f
C. 801.11m
D. 802.11i
Answer: A
QUESTION 68
An administrator purchases a pair of Mobility Masters (MM) and wants to deploy 16 Virtual Mobility
Controllers (VMCs). What is the minimum number of clusters that the administrator needs to
implement to support the number of VMCs?
A. 1
B. 2
C. 4
D. 8
Answer: C
Explanation:
https://community.arubanetworks.com/t5/Aruba-Solution-Exchange/Clustering-of-Mobility-
Controllers/ta-p/282686
QUESTION 69
Which methods can be used to configure RAP redundancy when connected to two redundant
Aruba Mobility Controllers (MCs) in the DMZ? (Select two.)
A. Virtual IP address of the two controllers.

B. Active and Standby AAC.
C. Primary and backup LMS IP addresses.
D. IPSec High Availability (HA) between two cluster members.
E. AirWave direction to RAPs redundant Mobility Controllers.
Answer: BEC
QUESTION 70
An administrator wants to change the default roles for the pre- and post-authentication user roles
for a WLAN on a Mobility Master (MM). The controllers in the network perform all authentication.
Under the Managed Network hierarchy, where can the administrator assign these roles?
A. AAA Profiles
B. VLAN
C. RADIUS attributes
D. AAA Server Group
Answer: A
Explanation:
In the WebUI
1. Navigate to the Configuration > Security > Authentication > AAA Profiles page.
2. Select the default profile or a user-defined AAA profile.
3. Click the Initial Role drop-down list, and select the desired user role for unauthenticated users.
4. Click the 802.1x Authentication Default Role drop-down list and select the desired user role for
users who have completed 802.1x authentication.
5. Click the MAC Authentication Default Role drop-down list and select the desired user role for
clients who have completed MAC authentication.
6. Click Apply.
QUESTION 71
An administrator wants to implement 802.1X authentication on Ethernet ports on branch office
controllers. What must the administrator do to implement this policy?
A. Define the port an untrusted, and assign an AAA policy to the port.
B. Define the port as trusted, and assign an AAA policy to the port.
C. Define the port as untrusted, and assign an AAA policy to the VLAN.
D. Define the port as trusted, and assign an AAA policy to the VLAN.
Answer: A
QUESTION 72
An administrator moves an AP from Campus 1 to Campus 2. At the Campus 2, the moved AP does
not connect to a controller and download an AP Group configuration. Which process should the
administrator perform to reset the AP back to its initial default state?
A. From apboot mode, execute purgeenv.

B. From the AP's ArubaOS CLI, execute write erase all.
C. From the controller's ArubaOS, execute write erase all.
D. From apboot mode, execute factory_reset.
Answer: D
QUESTION 73
When an administrator manually adds a Mobility Controller (MC) on the Mobility Master (MM)
hierarchy, which parameters must be specified? (Select three.)
A. IP address
B. Device type
C. MAC address
D. Hostname
E. Serial number
Answer: BCD
QUESTION 74
Which Aruba Mobility Controller (MC) command should an administrator execute to determine
whether an ArubaOS-Switch successfully registers to an MC?
A. show port-access clients

B. show crypto ipsec sa
C. show tunneled-node-server state
D. show datapath tunnel
Answer: D
QUESTION 76
An administrator implements the MultiZone feature and uses two clusters that utilize CPSec. A
primary and a data zone are created. MultiZone APs successfully build sessions to the primary
cluster but fail to establish sessions to the data zone cluster. What must the administrator do to
solve this problem?
A. Enable CPSec in the MultiZone profile for both the primary and data zone.
B. Enable MultiZone booting in the MultiZone AP apboot configuration mode.
C. Add the MultiZone APs to the data zone's CPSec whitelist.
D. Use different AP Group names for the two zones.
Answer: C
QUESTION 77
An administrator implements machine authentication in an 802.1X profile. Which user role will be
assigned to the user's session if machine authentication passes, but the 802.1X user authentication
fails for a user who connects?
A. 802.1X default user role

B. Machine authentication default machine role
C. 802.1X initial user role
D. Machine authentication default user role
Answer: B
QUESTION 78
An administrator supports a group of engineers that commonly troubleshoot company problems
from any location without wired connectivity. They need secure connectivity to a corporate web-
based portal with their Android smartphones. Which solution should the administrator recommend
to solve the engineer's connectivity problem?
A. Deploy site-to-site VPN

B. Deploy VIA clients
C. Deploy Mobile Device Management
D. Deploy Campus APs with mesh
Answer: B
QUESTION 79
An administrator wants to determine if an IPSec session is established. In order to tunnel and
protect the GRE data traffic between a RAP and an Aruba Mobility Controller (MC). Which MC
command provides this information?
A. show rap-wml
B. show tunneled-node
C. show crypto ipsec sa
D. show crypto isakmp sa
Answer: C
QUESTION 80
An administrator moves an AP from one campus to another. However, at the second campus, the
moved AP does not connect to a controller and download an AP Group configuration. Which
process should the administrator perform to reset the AP to the initial state?
A. From the controller's CLI, reboot the AP.

B. From the AP's CLI apboot mode, execute a factory reset.
C. From the controller's CLI, stop the autoboot process of the AP.
D. From the AP's CLI, toggle POE on the AP's port.
Answer: B
QUESTION 81
Which VPN component must be configured on the Mobility Master (MM) to allow a RAP to use the
built-in certificate to successfully connect to a Mobility Controller (MC)?
A. IP Address pool
B. VPN username and password
C. IPSec pre-shared key
D. CPSec auto-whitelist
Answer: D
QUESTION 82
An administrator wants to implement the MultiZone feature in a company's network to segregate
corporate and guest traffic. Corporate traffic will have APs establish connections to a cluster
managed by a Mobility Master (MM), and guest traffic will have the same APs establish connections
to a standalone controller at the company's DMZ.
What is true about the implementation of MultiZones in this scenario?
A. The MultiZone feature must be enabled in the data zone.

B. The primary zone maintains full control of AP management and configuration.
C. The primary and data zones must be in the same L2 subnet.
D. A MultiZone AP can initially connect to any zone to obtain its configuration.
Answer: B
QUESTION 83
An administrator configures a port on a RAP through the association of an AAA profile with 802.1X
authentication to a RAP Ethernet port. This port connects to a switch with user desktops attached.
The administrator notices that when users connect wirelessly to the RAP, a user role correctly
restricts their traffic. But, when users connect with their wired desktops, they are assigned an initial
role and routed to a Captive Portal page.
What must the administrator do to enable desktop usage based on the user's role assignment?
A. Implement ACLs on the RAP port.

B. Apply a server-derived role policy to the RAP port.
C. Identify the RAP port as untrusted.
D. Map the RAP port to an authentication profile.
Answer: C
QUESTION 84
Which device can terminate to a cluster of Aruba Mobility Controllers (MCs) that run ArubaOS.8.x?
A. BLE Beacon
B. Mobility Master
C. Mesh Point
D. RAP
Answer: D
Explanation:
Only MCs can be actual cluster members-MMs cannot be cluster members. Cluster members can
terminate Campus APs (CAP) and Remote APs (RAP). Mesh APs will be supported in a future
version.
QUESTION 85
An administrator deploys an Aruba Mobility Controller 7005 to a branch office. The administrator
accidentally disables the console port on the controller. Which controller command should the
administrator use to re-enable the console part?
A. mgmt-user console
B. console enable
C. console reset
D. no mgmt-user console-block
Answer: D
QUESTION 87
Which protocol do Mobility Controllers (MCs) use to detect a failed Mobility Master (MM)?
A. PAPI
B. SNMP
C. VRRP
D. IPSec
Answer: A
QUESTION 88
An administrator implements blacklisting of users that fail authentication functions three or more
times. By default, how long will these users have to wait before they can successfully log into the
network again?
A. 15 minutes
B. 1 hour
C. 4 hour
D. 24 hours
Answer: B
Explanation:
https://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Content/ArubaFrameStyles/N
ew_WIP/Client_Blacklisting.htm
QUESTION 89
An administrator creates a user role that department A in a company uses. Various other roles exist
for other departments. All employees connect to the same ESSID, which authenticates to an
external AAA server. How should the administrator configure to assign the appropriate roles to the
employees?
A. implement default roles

B. implement server-derived roles
C. implement user roles
D. implement AAA profile roles
Answer: B
QUESTION 90
An administrator implements the Aruba AitGroup feature to accommodate the Apple Bonjour
service. In this implementation, which protocol advertises devices such as printers, computers, and
their services?
A. LLDP
B. Multicast DHCP
C. Multicast DNS
D. Broadcast DNS
Answer: C
QUESTION 91
An administrator wants to use AirWave to manage the configuration policy settings of a set of
ArubaOS-Switches. Where should the administrator perform this action?
A. in Groups
B. in Device Setup
C. in APs/Devices
D. in AMP Setup
Answer: A
QUESTION 92
An administrator wants to dynamically upgrade AppRF on Aruba Mobility Controllers (MC) in a
cluster. The administrator does not want to reboot the system at the time of the upgrade.
What should the administrator use for this upgrade?
A. Aruba image
B. Upgrade Profiles
C. Loadable Service Module (LSM)
D. Cluster Upgrade Manager
Answer: C
QUESTION 93
An administrator supports an Aruba wireless network. The administrator configures as AAA profile
referenced in a WLAN profile, where:
- The initial role assigned in the AAA profile is logon
- The MAC authentication default role is guest
- The 802.1X authentication role is authenticated
ClearPass is used to verify the 802.1X user credentials. A user authenticates and is assigned the
authenticated default role instead of the role assigned in the ClearPass server configuration. What
must the administrator do so that the ClearPass role is assigned to the user?
A. Select the Server-derived roles User Role in the AAA profile.

B. Verify the role exists on the controller.
C. Create the Download Role from CPPM User Rule.
D. Select the Server-derived roles in the Server Group section.
Answer: D
QUESTION 94
Which forwarding mode is used for a WLAN if a RAP needs to decrypt all user traffic and forward
it locally?
A. Split-tunnel
B. Bridge
C. Tunnel
D. Decrypt-tunnel
Answer: B
QUESTION 95
An administrator wants to implement bandwidth limits to restrict employee access to high-risk web
sites. On the Mobility Master (MM), where would the administrator define these limits?
A. 802.1X policy
B. User role
C. Firewall policy
D. AAA policy
Answer: B
Explanation:
Bandwidth limit we can edit at "ROLE Page"
QUESTION 96
An administrator supports a RAP at a branch office. A user's device that is attached to the Ethernet
port is assigned an 802.1X AAA policy and is configured for tunneled node. How is the user's traffic
transmitted to the corporate office?
A. It is not encapsulated by GRE and not protected with IPSec.

B. It is encapsulated by GRE and protected with IPSec.
C. It is not encapsulated by GRE but is protected with IPSec.
D. It is encapsulated by GRE and not protected with IPSec.
Answer: B
QUESTION 97
A network of Mobility Controllers (MCs) is managed by a Mobility Master (MM). An administrator
misconfigures the IP addressing on an MC and the MC loses connectivity to the MM.
How should the administrator fix this problem?
A. Restore the previous configuration on the Mobility Master.

B. Use the disaster recovery mode on the Mobility Master.
C. Use the auto-recovery mode on the Mobility Master.
D. Use the disaster recovery mode on the Mobility Controller.
Answer: D
QUESTION 98
Which two protocols does AirWave use to monitor Aruba Mobility Controllers?
A. PAPI and AMON

B. SNMP and AMON
C. PAPI and GRE
D. SNMP and SSH
Answer: B
QUESTION 99
An administrator adds local administrative accounts to manage the Aruba Mobility Controllers
(MCs). Which role should be assigned to an administrator who needs to only generate reports and
monitor WLANS and ports?
A. Location-api-management
B. Network-operations
C. Root
D. AP-provisioning
Answer: B
QUESTION 102
An administrator supports a cluster of four Aruba Mobility Controllers (MCs) with management
addresses of 10.1.100.101, 10.1.100.102, 10.1.100.103, and 10.1.202.181. The administrator can
an administrator this cluster, reboots it and accesses apboot mode. The administrator executes the
printenv command. Which AP parameter contains the IP addresses of the cluster members that
the AP should use to connect to the cluster?
A. Nodelist
B. Servername
C. Master_ip
D. Cfg_lms
Answer: A
QUESTION 103
A VIA client tries to initially connect to corporate office controller through an intermediate firewall.
However, the VPN connection fails. The administrator examines the firewall rules and determines
that rules for UDP 4500 and UDP 500 are configured.
Which additional protocol must be allowed in the firewall rules to resolve this connection failure?
A. TCP 22
B. TCP 443
C. UDP 8200
D. ESP
Answer: B
QUESTION 104
An administrator has a cluster of Aruba Mobility Controllers (MCs). The administrator wants to
manually reboot one of the controllers.
Before rebooting, which command should the administrator use to move the APs?
A. apmove
B. lc-cluster move ap
C. active-ap-rebalance
D. active-ap-lb
Answer: A
QUESTION 105
Which Aruba Unified Communications and Collaboration (UCC) deployment mode should be used
when UCC is disabled on the Mobility Controllers (MCs)?
A. Heuristics mode
B. WMM mode
C. ALG mode
D. SDN-API mode
Answer: B
QUESTION 106
An administrator implements a ClearPass solution to authenticate Aruba wireless users. The Aruba
wireless solution is an ArubaOS 8.x Mobility Master (MM) deployment. ClearPass sends an Aruba
VSA role name for an authenticated user. However, the administrator notices that the role assigned
to the user is different from the one assigned by the ClearPass server. Which two items should the
administrator verify that might be the cause of this problem? (Choose two.)
A. Enablement of user roles on the controller

B. Spelling of the role on the ClearPass server
C. Server-derived role assignment on the ClearPass server
D. Role existence on the Managed Network
E. Order assignment that the controller uses to select a user role
Answer: BD
QUESTION 108
Which license type must an administrator purchase to use Spectrum Monitoring?
A. RFP
B. VMC
C. PEFV
D. PEFNG
Answer: A
QUESTION 109
A company opens a new branch office and a RAP is used to connect to a corporate office Aruba
Mobility Controller (MC). The company needs to provide connectivity to the office across the street.
There is an AP across the street. However, there is no wired connectivity between the buildings.
Which actions can the administrator select to provide the required connectivity? (Choose two.)
A. Provision all Aps at the branch office as Mesh Points.

B. Provision all Aps at the branch offices as Mash Portals.
C. Implement one of the Aps as a Mesh Point.
D. Provision the RAP as a Mesh Portal.
E. Implement two mesh clusters.
Answer: AD
QUESTION 110
An administrator implements a cluster of four Aruba Mobility Controllers (MCs) managed by a
Mobility Master (MM). An AP Group is configured with two VAPs and deployed to an AP that will
connect to the cluster. Each AP contains two radios. How many GRE tunnels will be built from the
AP to the Active AP Anchor Controller (A-AAC)?
A. 2
B. 4
C. 5
D. 8
Answer: A
QUESTION 111
What must the administrator configure on AirWare to monitor and run operational commands on
the Aruba Mobility Masters (MMs) and Mobility Controllers (MCs)?
A. PAPI and SSH/telnet

B. PAPI and SNMP
C. SNMP and HTTPS
D. SNMP and SSH/telnet
Answer: D
QUESTION 112
An administrator enables AP load balancing for a cluster of Mobility Controllers (MCs). APs
connected to the cluster have an LMS IP address configured in their AP Group configuration. No
other parameters are changed in the cluster.
If the two load AP thresholds are reached, what occurs?
A. The APs are rebalanced across the cluster.

B. The APs always stay connected to the LMS IP address configured in the AP Group profile.
C. The users are rebalanced across the cluster.
D. The users and APs are rebalanced across the cluster.
Answer: A
QUESTION 114
An administrator implements per-user tunneled node that involves ArubaOS-Switches and Aruba
Mobility Controllers (MCs). What always happens when a wired client connects to the network?
A. All switch traffic is tunneled to the controller.

B. The switch performs user authentication.
C. The tunnel fails unless VMCs are used.
D. Wired users map to an AAA profile on the controller.
Answer: D
QUESTION 115
An administrator needs to modify a VAP used for a branch office RAP. The VAP's operating mode
is currently defined as backup and uses tunnel mode forwarding. The administrator wants to
implement split-tunnel forwarding mode in the VAP.
Which WLAN operating mode must the administrator define for the VAP before the tunnel
forwarding mode can be changed to split-tunnel?
A. Persistent
B. Standard
C. Trusted
D. Always
Answer: B
QUESTION 116
A company has a wireless network that contains a cluster of four Aruba 7030 Mobility Controllers
(MC) managed by a Mobility Master (MM) located in the data center. The company has Aps
deployed that are nearing the capacity of the cluster. The administrator wants to increase AP
capacity.
How can the administrator solve the problem?
A. Add a new controller to the Mobility Master.

B. Add a Virtual Mobility Controller to the existing cluster.
C. Add a 7030 controller to the existing cluster.
D. Add a 7220 controller to the existing cluster.
Answer: A
QUESTION 117
An Administrator supports a group of employees that connect to the corporate office using the VIA
client. An Aruba Mobility Controller (MC), behind a corporate firewall, terminates the user's VPN
sessions. The VPN sessions fail to establish because of the existing firewall rules. Which
connections must the administrator allow on the firewall? (Choose three.)
A. UDP 8202
B. UDP 4500
C. UDP 8211
D. TCP 4443
E. TCP 443
F. UDP 500
Answer: BEF
QUESTION 119
A group of users on the same floor of a campus residence experience connectivity problems
continuously throughout the morning. The administrator suspects that it is a L1 problem with
physical interference.
What can the administrator do to find the cause of this problem?
A. Access a controller's spectrum analysis data directly from AirWave with Quick Links.
B. Access RAPIDS data from AirWave's RAPIDS section.
C. Access RAPIDS data from AirWave's dashboards, under Home.
D. Access a controller's spectrum analysis data from AirWave's dashboards, under Home.
Answer: A
QUESTION 120
An administrator at Campus A manages Aruba Mobility Controllers (MCs). The administrator
defines a server group that includes a local ClearPass server and a remote Microsoft RADIUS
server. The ClearPass server has the credentials for users at Campus A and the Microsoft RADIUS
server has the credentials for users at Campus B. Users at Campus A successfully authenticate
and connect to the Campus A wireless network. However, when users from Campus B visit Campus
A they fail authentication.
What can the administrator do to solve this problem?
A. Enable FastConnect on the Campus A Mobility Controllers.

B. Enable machine authentication on the Mobility Controllers.
C. Enable EAP-TTLS with EAP Termination on the Mobility Controllers.
D. Enable EAP termination on the ClearPass server.
Answer: A
QUESTION 121
An administrator troubleshoots a roaming problem where a user loses connectivity to the network
during the roaming process. To help troubleshooting this problem, which device or devices in a
wireless network initiates the roaming process?
A. Both the client and the controller

B. The AP
C. The Client
D. The Controller
Answer: C
QUESTION 122
An administrator wants to reduce downtime of the wireless network when controllers are upgraded.
Which Aruba OS feature should the administrator implement to reduce the amount of downtime the
Aps will experience at the time of the upgrade process?
A. Centralized upgrades
B. AP apboot mode bypass
C. AP fast start
D. AP image preload
Answer: D
QUESTION 125
An AP connects to a controller. Then, the AP loses power and reboots. Which parameters will the
AP remember and use from its initial connection? (Select two.)
A. AP group
B. Server IP
C. AP IP address and subnet mask
D. Mobility Master IP
E. AirWave server name
Answer: AC
QUESTION 126
IEEE 802.11r relies on which technology to reduce re-authentication delays when clients roam
between APs?
A. Fast BSS Transition

B. Temporal Key Integrity
C. Robust Security Network
D. Opportunistic Key Caching
Answer: A
QUESTION 127
Which protocol is used to tunnel user traffic when an administrator implements tunneled mode
between an ArubaOS-Switch and an Aruba Mobility Controller (MC)?
A. IPSec
B. AMON
C. PAPI
D. GRE
Answer: D
QUESTION 128
An administrator configures an ArubaOS switch for per-user tunneled node.
Which protocol does the switch use to communicate with the Aruba Mobility Controller (MC)?
A. GRE
B. SSL
C. PAPI
D. IPSec
Answer: A
QUESTION 129
A guest establishes an authenticated wireless session to an Aruba Mobility Controller (MC). The
controller uses a ClearPass server for all AAA functions. Which AAA component disconnects the
user when the guest exceeds their allowed duration?
A. RADIUS Change of Authorization

B. Active Directory Session Limits
C. RADIUS Authorization Profile
D. SNMP Disconnect
Answer: A
QUESTION 130
In the WebUI of an Aruba Mobility Controller (MC), where recommended approach for this process
generate a tech support file that the Aruba Technical Support team can use to help customers?
A. Diagnostics> Technical Support> System Information

B. Maintenance> Copy logs> download logs
C. Configuration> System> Logging
D. Diagnostics>Technical Support> Copy Logs
Answer: A
Explanation:
Generating a crash Dump:
Diagnostics>Technical Support>Copy Crash Files
Generating a tech support file:
Diagnostics> Technical Support> System Information
QUESTION 131
A Microsoft RADIUS server is used to centralize AAA functions by a company. Upon a successful
authentication lookup performed by an Aruba Mobility Controller (MC), the administrator wants to
have the RADIUS server pass back the correct post-authentication role name that the controller
should apply to the user's traffic.
Which additional task must the administrator perform for the controller's configuration to implement
this process?
A. Install ClearPass's VSA file on the controller.

B. Install Microsoft's VSA file on the controller.
C. Configure the server-derived rules on the controller.
D. Enable AAA on the controller.
Answer: C
QUESTION 132
An administrator needs to support Unified Communications and Collaboration (UCC) in a
company's network. The network infrastructure requires the OpenFlow protocol to support SDN-
capable applications.
Which controller topology meets these requirements?
A. Zones
B. Standalone Mobility Controller
C. Mobility Master-Mobility Controller
D. Master-Local
Answer: C
QUESTION 134
An administrator defines credentials in the Mobility Master> Configuration> System section to
configure a Mobility Master (MM). The administrator then accesses AirWave and adds the MM in
Monitor-Only mode. The administrator expects AirWave to automatically discover the Aruba Virtual
Mobility Controllers (VMCs) also managed by the MM, but does not see these under APs/Devices>
New section in AirWave.
What should the administrator do to solve this problem?
A. Enable Automatic Device Authorization for the Group the Mobility Master belongs to in
AirWave.
B. Define AirWave communication parameters for the Virtual Mobility Controllers on the
Mobility Master, and then scan for the Virtual Mobility Controllers in AirWave.
C. Define the AirWave communication parameters on the Virtual Mobility Controllers, and then
scan for the Virtual Mobility Controllers in AirWave.
D. Define AirWave communication parameters for the Virtual Mobility Controllers on the
Mobility Master, and have AirWave repoll the Mobility Master.
Answer: D
QUESTION 135
Where on the Mobility Master (MM) can an administrator configure the VIA connection profile?
A. L2 Authentication
B. L3 Authentication
C. AAA Profiles
D. User Roles
Answer: B
QUESTION 136
An administrator configures two Mobility Masters (MMs) for redundancy and database
synchronization. Which protocol transports database information between the two MMs?
A. AMON
B. SNMP
C. IPSec
D. VRRP
Answer: C
QUESTION 137
Which protocol communicates RF neighborhood information to an Aruba Mobility Master (MM) for
use by AirMatch?
A. GRE
B. PAPI
C. SNMP
D. AMON
Answer: D
QUESTION 138
An administrator adds local administrative accounts to manage the Aruba Mobility Controllers
(MCs). Which role should the administrator assign to an administrator who should have the same
privileges as the default admin account?
A. level-15
B. superuser
C. root
D. admin
Answer: C
QUESTION 139
An administrator implements two redundant Aruba Mobility Masters (MMs). Which protocol should
the administrator use to detect a failure in a single subnet?
A. PAPI
B. SNMP
C. VRRP
D. IPSec
Answer: C
QUESTION 141
An administrator deploys a RAP at a branch office. The RAP should send all employee corporate
traffic to the Mobility Controller (MC) and Internet traffic should stay local. Which forwarding mode
should the administrator configure for the employee WLAN to allow for this forwarding?
A. Tunnel
B. Decrypt-tunnel
C. Bridge
D. Split-tunnel
Answer: D
QUESTION 142
An administrator wants to implement AAA in an Aruba wireless environment that references two
ClearPass servers for redundancy. To use these servers, what must the administrator create that
will be referenced in the AAA profile?
A. ClearPass Group
B. Server matching rules
C. Server Group
D. Server Load Balancing
Answer: C
QUESTION 144
An administrator manages an Aruba wireless network. Users authenticate to the wireless network
using PEAP, where their credentials are validated by the controller's local database. The company
purchases Android tablets to use with an inventory tracking system. The administrator notices that
many of the users of these devices use their normal username and password to authenticate, which
allows the tablet to access all resources that the user can access from their wireless computers.
This is a security violation.
Which Aruba Mobility Controller (MC) feature should the administrator configure to restrict tablet
access to a web portal for authentication, where an appropriate post-authentication policy can be
applied to these tablets?
A. AirMatch
B. AP fingerprinting
C. Server-derived roles
D. User-derived rules
Answer: D
QUESTION 145
An administrator has multiple AAA servers, some Microsoft RADIUS and some ClearPass. When
802.1X users authenticate, the administrator wants to ensure that the authentication requests are
handled by the appropriate AAA server. Users enter their username in this format:
username@domain_name.
What must the administrator implement to ensure the correct AAA server processes the
authentication request?
A. server matching rules for the VAP profile

B. server matching rules for the server group
C. server matching rules for the AAA profile
D. server matching rules for the 802.1X profile
Answer: B
QUESTION 146
An administrator suspects that the network drops frames between a wireless client and an Aruba
Mobility Controller (MC). The administrator wants to examine the frames between the AP and the
controller to determine if any frames are missing.
Which solution allows the administrator to use a protocol analyzer to examine the contents of the
802.11 frames between the AP and controller?
A. Implement bridge mode

B. Implement decrypt-tunnel mode.
C. Implement GRE mode.
D. Implement split-tunnel mode.
Answer: B
QUESTION 147
Which network components are tracked by Aruba Clarity? (Choose two.)
A. Wireless associations
B. DNS lookups
C. AP and controller health
D. WLAN health
E. Client health
Answer: AB
QUESTION 148 ~ QUESTION 169
QUESTION 170
Which settings cannot be modified directly from a local controller?
A. Port VLAN setting

B. Switch Time Zone
C. Port trusted
D. Roles
E. SNMP Enable Trap Generation
Answer: D
QUESTION 171
Which of the statements below are TRUE regarding ARM's Spectrum Load Balancing feature?
(Choose two)
A. Available only on 5GHz radios

B. Disabled by default
C. Balances client load across available channels/APs
D. Enabled by default
E. Available only on 2.4GHz radios
Answer: BC
QUESTION 172
A Valid client laptop is attempting to associate to a Rogue AP. The AM in proximity creates a Tarpit.
What are the two mechanisms that the AM can utilize to Tarpit?(Choose two)
A. Fake client's BSSID

B. Fake SSID
C. Fake Channel
D. Fake BSSID
E. Fake ESSID
Answer: CD
QUESTION 173
What information do you need to generate a feature license key for an Aruba controller?
A. The controller's MAC address and the feature description.

B. controller's MAC address and the certificate number
C. controller's Serial Number and the feature description
D. controller's Serial Number and the certificate number
E. controller's MAC address and Serial Number
Answer: D
QUESTION 174
Which of the following APs do NOT support dual radio operations? (Choose two)
A. AP 93
B. AP 105
C. RAP 3WN
D. AP 224
E. AP 135
Answer: AC
QUESTION 175
The permanent licenses on the controller will be deleted with the use of which command?
A. delete license
B. write erase
C. Licenses cannot be deleted once activated
D. write erase all
E. reboot delete all
Answer: D
QUESTION 176
A network administrator wants to terminate VPN sessions on a local controller in the DMZ. Which
statement is true about the PEF-VPN license?
A. It is only applied to the master controller

B. It is only applied to the DMZ controller.
C. It is based on the number of APs
D. One license is needed on the master and the DMZ local E. It is distributed by the license
server as needed
Answer: D
QUESTION 177
A 3200 controller has 16 AP licenses,16 PEF-NG licenses, 16 RFProtect licenses. There are 10
Campus APs terminating on the controller. How many remote AP's can terminate on the controller?
A. 6
B. 12
C. 16
D. 24
E. 32
Answer: A
QUESTION 178
An Aruba 650 controller is functioning as a standby Master.
How many APs can it control while in standby mode?
A. 0
B. 16
C. 24
D. 128
E. 256
Answer: A
QUESTION 179
An 7240 controller is Licensed for 560 APs. The controller has 500 Campus APs terminating on
the controller. How many Remote APs can terminate on this controller?
A. 12
B. 24
C. 48
D. 60
E. 120
Answer: D
QUESTION 180
A 3600 controller has 64 PEF-NG license, 128 AP licenses and 1 RFProtect license. How many
AP's can terminate on the controller?
A. 1 Campus APs
B. 64 Campus APs
C. 128 Remote APs
D. 256 Remote APs
E. 512 Remote APs
Answer: A
QUESTION 181
What is the maximum number of remote APs supported by a 3600 controller?
A. 512
B. 1024
C. 128
D. 256
E. 2048
Answer: A
QUESTION 182
Which settings can be modified directly from a local controller? (Choose all correct answers.)
A. Port VLAN setting

B. Switch Time Zone
C. Port trusted
D. Roles
E. SNMP Enable Trap Generation
Answer: ABCE
QUESTION 183
Which of the following Aruba controllers is able to provide IEEE 802.3af? (Choose two)
A. 3200
B. 620
C. 650
D. 6000 with M3
E. 7000
Answer: BC
QUESTION 184
An AP was configured and assigned to an AP group then powered off for over a week. When the
AP is redeployed, what previous configuration will it retain?
A. It's AP name and AP Group

B. It's Serial Number
C. The controller's IP address
D. After a few days all configurations are lost
E. The controller IP address and the AP Group
Answer: A
QUESTION 185
What does Aruba Layer 3 redundancy require to operate?
A. LMS-IP
B. Backup LMS-IP
C. VRRP
D. Backup AP group
E. ARM
Answer: B
QUESTION 186
Aruba pair of 3200XM controllers are licensed to their maximum and are configured as a VRRP
pair. Each controller terminates 24 APs. One of the controllers fails. How many of the APs from the
failed controller can fail over to the remaining controller?
A. 8
B. 16
C. 32
D. 48
E. 96
Answer: A
QUESTION 187
The network administrator wishes to terminate the VPN encryption on the Aruba controller. When
writing a firewall rule to accomplish the task of automatically moving the VPN traffic for the wireless
clients from a third party VPN concentrator to an Aruba controller, which action needs to be
configured in the rule?
A. redirect to IPSec Group

B. source NAT
C. destination NAT
D. redirect to tunnel
E. redirect to GRE
Answer: C
QUESTION 188
When an Aruba 6000 controller has two M3 modules installed, for which uses may the modules be
used? (Choose two)
A. hot standby operations

B. VRRP backup
C. higher AP density per switch chassis
D. Active-Active masters
E. Active-Active master-backup
Answer: BC
QUESTION 189
When deploying Remote Mesh Portals, what is one of the purposes of the Mesh Private VLAN?
A. To separate wireless user traffic coming from mesh networks from non-mesh networks
B. To tag mesh wireless user traffic on a particular AP
C. To allow Mesh Points to form private vlan networks with certain users
D. To tag control plane traffic from Mesh points to the controller
E. To tag clients high priority traffic
Answer: D
QUESTION 190
A customer forgot all passwords for a controller. What method could you use to reset the passwords?
A. Telnet to the controller and login to the password recovery account

B. SSH to the controller and login to the password recovery account
C. Connect directly to the serial console and login to the password recovery account
D. Interrupt the boot process at CP-boot and select password recovery
E. Open the controller and press the reset switch
Answer: C
QUESTION 191
Which of the following controllers has an integrated single radio AP?
A. 3200
B. 620
C. 650
D. 651
Answer: D
QUESTION 192
What is the maximum number of campus APs supported by a 620 controller?
A. 32
B. 8
C. 16
D. 24
Answer: B
QUESTION 193
Which of the following APs support remote AP operation?
A. AP 105
B. AP 125
C. RAP2
D. All of the above
Answer: D
QUESTION 194
An Aruba based network has a Master and three local controllers. No APs terminate on the Master
controller. IDS is desired, so the administrator wants to install the "RFProtect license." On which
controller should the license be installed?
A. master controller since it performs the IDS analysis

B. the local controllers since the APs terminate there
C. all of the controllers
D. this isn't the correct license for this purpose
Answer: C
QUESTION 195
Which statement is true about the Content Security License?
A. Applied to the master controller

B. Applied to all the controllers in the network
C. It is based on number of users
D. It is based on number of APs
Answer: C
QUESTION 196
Which may be applied directly to an interface? (Choose all the correct answers.)
A. Access List (ACL)

B. Firewall Policy
C. Roles
D. RF Plan Map
Answer: AB
QUESTION 197
What new firewall action was added specifically for use with Aruba's Content Security Service?
VisualRF supports import of floor plans from:
A. dst-nat
B. dual-nat
C. route dst-nat
D. redirect to tunnel
Answer: C
QUESTION 198
When creating a firewall policy, which of the following parameters are required? (Choose all the
correct answers.)
A. Destination
B. Service
C. Source
D. Log
E. Action
Answer: ABCE
QUESTION 199
In all unmodified default AAA profiles, in which default initial role is the user placed?
A. trusted-ap
B. guest
C. pre-guest
D. logon
Answer: D
QUESTION 200
When are the system-defined default roles added to the configuration on the controller?
A. when the controller is first booted

B. when an RF Proctect license is added to the controller
C. when created manually
D. when a PEF-NG license is added to the controller
Answer: D
QUESTION 201
When a user first associates to the WLAN, what role are they given?
A. the guest role

B. the stateful role
C. the initial role in the server group profile
D. the initial role in the AAA profile
Answer: D
QUESTION 202
Which of the following statements allows a user to initiate an HTTP session to other devices?
A. any alias internal-nets svc-dns permit

B. user any svc-http permit
C. user user svc-http permit
D. any any svc-http permit
Answer: BD
QUESTION 203
The Aruba Policy Enforcement Firewall (PEF) module supports destination network address
translation (dst-nat).
Which is a common use of this statement in an Aruba configuration?
A. source the IP addresses of users to specific IP address

B. redirect HTTP sessions to Captive Portal
C. redirect Access Points to another Aruba controller
D. provide a telnet connection to the controller
Answer: B
QUESTION 204
As a user moves through the authentication process, which of the following is not used in a
derivation rule?
A. MAC address
B. OS version
C. SSID
D. Radius attribute
Answer: B
QUESTION 205
Other than a user role, what attribute can be applied to a user with a derivation rule?
A. SSID
B. MAC
C. VLAN
D. IP Address
Answer: C
QUESTION 206
Which is an Aruba specific DSA that can be used in a user derivation rule?
A. user login name

B. authentication server
C. location
D. controller Loopback address
Answer: C
QUESTION 207
Where are Aruba Vendor Specific Attributes (VSA) programmed?
A. controller
B. client
C. authentication server
D. Internal user database
Answer: C
QUESTION 208
A customer has configured a 3000 controller with the following commands:
Vlan 55
Vlan 56
Vlan 57
Interface gigabitethernet 1/0
switchport mode trunk
switchport trunk native vlan 55
switchport trunk allowed vlan 55-57
Which of the following sentences best describes this port?
A. All traffic in vlan 55 will be dropped and all traffic in vlan 56 and 57 will be trunked with and
802.1Q tag.
B. All traffic in vlan 55, 56 and 57 will be trunked with an 802.1Q tag.
C. All traffic in vlan 55 will be sent with an 802.1Q tag while vlan 56 and 57 traffic will be
trunked untagged.
D. All traffic in vlan 56 and 57 will be sent with an 802.1Q tag while vlan 55 traffic will be
trunked untagged.
Answer: D

HPE6-A71 Exam Dumps from PassLeader

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

HPE6-A71 Exam Dumps from PassLeader

Hochgeladen von

Copyright:

Verfügbare Formate

New VCE and PDF Exam Dumps from PassLeader

➢ Exam Code: HPE6-A71

➢ Exam Name: Aruba Certified Mobility Professional Exam

➢ Part of New Questions from PassLeader (Updated in Mar/2020)

Visit PassLeader and Download Full Version HPE6-A71 Exam Dumps

A. At the Mobility Master hierarchy

A. Username: backdoor; Password: @ruba

A. The Mobility Master notifies the AP.

A. RADIUS VSA User-Role

A. To identify primary and secondary Mobility Controllers for APs

A. show aaa cluster essid

A. Active and Standby AAC with clustering

A. Define External RADIUS servers in the AAA profile.

A. Apply a server-derived role privacy to the RAP port.

A. the Firewall policy on the RAP

A. RAP VPN username and password

A. the Controller port configuration

Visit PassLeader and Download Full Version HPE6-A71 Exam Dumps

A. OpenFlow Controller profile

A. 802.1X default user role

A. the Mobility Master

A. when the mesh cluster profile is created

A. to authenticate users on wired and wireless ports

A. Redirect the wired port traffic to an AP-to-controller GRE tunnel.

A. Virtual IP address of the two controllers.

A. From apboot mode, execute purgeenv.

A. show port-access clients

A. 802.1X default user role

A. Deploy site-to-site VPN

A. From the controller's CLI, reboot the AP.

A. The MultiZone feature must be enabled in the data zone.

A. Implement ACLs on the RAP port.

A. implement default roles

A. Select the Server-derived roles User Role in the AAA profile.

A. It is not encapsulated by GRE and not protected with IPSec.

A. Restore the previous configuration on the Mobility Master.

A. PAPI and AMON

A. Enablement of user roles on the controller

A. Provision all Aps at the branch office as Mesh Points.

A. PAPI and SSH/telnet

A. The APs are rebalanced across the cluster.

A. All switch traffic is tunneled to the controller.

A. Add a new controller to the Mobility Master.

A. Enable FastConnect on the Campus A Mobility Controllers.

A. Both the client and the controller

A. Fast BSS Transition

A. RADIUS Change of Authorization

A. Diagnostics> Technical Support> System Information

A. Install ClearPass's VSA file on the controller.

A. server matching rules for the VAP profile

A. Implement bridge mode

QUESTION 148 ~ QUESTION 169

Visit PassLeader and Download Full Version HPE6-A71 Exam Dumps

A. Port VLAN setting

A. Available only on 5GHz radios

A. Fake client's BSSID

A. The controller's MAC address and the feature description.

A. It is only applied to the master controller

A. Port VLAN setting

A. It's AP name and AP Group

A. redirect to IPSec Group

A. hot standby operations