You are configuring ArubaOS-CX switches to tunnel client traffic to an Aruba Mobility Controller (MC). What should you do to enhance security for control channel communications between the switches and the MC?

A. Create one UBT zone for control traffic and a second UBT zone for clients.

B. Configure a long, random PAPI security key that matches on the switches and the MC.

C. install certificates on the switches, and make sure that CPsec is enabled on the MC

D. Make sure that the UBT client vlan is assigned to the interface on which the switches reach the MC and only that interface.

What is symmetric encryption?

A. It simultaneously creates ciphertext and a same-size MAC.

B. It any form of encryption mat ensures that thee ciphertext Is the same length as the plaintext.

C. It uses the same key to encrypt plaintext as to decrypt ciphertext.

D. It uses a Key that is double the size of the message which it encrypts.

What is a Key feature of me ArubaOS firewall?

A. The firewall is stateful which means that n can track client sessions and automatically allow return traffic for permitted sessions

B. The firewall Includes application layer gateways (ALGs). which it uses to filter Web traffic based on the reputation of the destination web site.

C. The firewall examines all traffic at Layer 2 through Layer 4 and uses source IP addresses as the primary way to determine how to control traffic.

D. The firewall is designed to fitter traffic primarily based on wireless 802.11 headers, making it ideal for mobility environments

You need to deploy an Aruba instant AP where users can physically reach It. What are two recommended options for enhancing security for management access to the AP? (Select two )

A. Disable Its console ports

B. Place a Tamper Evident Label (TELS) over its console port

C. Disable the Web Ul.

D. Configure WPA3-Enterpnse security on the AP

E. install a CA-signed certificate

Your Aruba Mobility Master-based solution has detected a rogue AP Among other information the ArubaOS Detected Radios page lists this Information for the AP SSID = PubllcWiFI

BSSID = a8M27 12 34:56 Match method = Exact match Match type = Eth-GW-wired-Mac-Table

The security team asks you to explain why this AP is classified as a rogue. What should you explain?

A. The AP Is connected to your LAN because It is transmitting wireless traffic with your network's default gateway's MAC address as a source MAC Because it does not belong to the company, it is a rogue

B. The ap has a BSSID mat matches authorized client MAC addresses. This indicates that the AP is spoofing the MAC address to gam unauthorized access to your company's wireless services, so It is a rogue

C. The AP has been detected as launching a DoS attack against your company's default gateway. This qualities it as a rogue which needs to be contained with wireless association frames immediately

D. The AP is spoofing a routers MAC address as its BSSID. This indicates mat, even though WIP cannot determine whether the AP is connected to your LAN. it is a rogue.

What is an example or phishing?

A. An attacker sends TCP messages to many different ports to discover which ports are open.

B. An attacker checks a user's password by using trying millions of potential passwords.

C. An attacker lures clients to connect to a software-based AP that is using a legitimate SSID.

D. An attacker sends emails posing as a service team member to get users to disclose their passwords.

A. the match method

B. the detecting devices

C. the match type

D. the confidence level

Refer to the exhibit.

You have set up a RADIUS server on an ArubaOS Mobility Controller (MC) when you created a WLAN named "MyEmployees .You now want to enable the MC to accept change of authorization (CoA) messages from this server for wireless sessions on this WLAN.

What Is a part of the setup on the MC?

A. Create a dynamic authorization, or RFC 3576, server with the 10.5.5.5 address and correct shared secret.

B. Install the root CA associated with the 10 5.5.5 server's certificate as a Trusted CA certificate.

C. Configure a ClearPass username and password in the MyEmployees AAA profile.

D. Enable the dynamic authorization setting in the "clearpass" authentication server settings.

How does the ArubaOS firewall determine which rules to apply to a specific client's traffic?

A. The firewall applies every rule that includes the dent's IP address as the source

B. The firewall applies the rules in policies associated with the client's wlan

C. The firewall applies thee rules in policies associated with the client's user role

D. The firewall applies every rule that includes the client's IP address as the source or destination

What is a use case for tunneling traffic between an Aruba switch and an AruDa Mobility Controller (MC)?

A. applying firewall policies and deep packet inspection to wired clients

B. enhancing the security of communications from the access layer to the core with data encryption

C. securing the network infrastructure control plane by creating a virtual out-of-band- management network

D. simplifying network infrastructure management by using the MC to push configurations to the switches