ExamReal.Aruba.ACMP-6-1.v20130709.180q

Aruba.ACMP-6-1.v20130709.180q

Vendor : Aruba

Exam Name : Aruba Certified Mobility Professional 6.1

Exam Code : ACMP-6-1

For Full Set of Questions Please Visit : http://www.ExamReal.com/ACMP-6-1.html

Exam A

QUESTION 1Which Aruba controllers are able to provide IEEE 802.3af POE? (Choose all the correct answers.)

A. 3200

B. 620

C. 650

D. 6000

Correct Answer: BCD

QUESTION 2Which of the following controllers has an integrated single radio AP?

A. 3200

B. 620

C. 650

D. 651

Correct Answer: D

QUESTION 3What is the maximum number of campus APs supported by a 620 controller?

A. 32

B. 8

C. 16

D. 24

Correct Answer: B

QUESTION 4Which access point models support concurrent operations in both the ?b/g? band as well as the ?a? band?(Choose all the correct answers.)

A. RAP2

B. AP-120

C. AP-105

D. AP-125

E. AP-135

Correct Answer: CDE

QUESTION 5Which of the following APs do not support dual radio operations? (Choose all the correctanswers.)

A. RAP - 5

B. AP 125

C. AP 120

D. AP 124

Correct Answer: AC

QUESTION 6Which of the following APs support remote AP operation?

Aruba ACMP-6-1 Exam | ExamReal.com

Contact Us : [email protected] Get Success in Passing Your Certification Exam at first attempt

www.Exa

mReal.c

om

www.Exa

mReal.c

om

www.Exa

mReal.c

om

A. AP 105

B. AP 125

C. RAP2

D. All of the above

Correct Answer: D

QUESTION 7An Aruba based network has a Master and three local controllers. No APs terminate on the Mastercontroller. IDS is desired, so the administrator wants to install the "RFProtect license."On which controller should the license be installed?

A. master controller since it performs the IDS analysis

B. the local controllers since the APs terminate there

C. all of the controllers

D. this isn't the correct license for this purpose

Correct Answer: C

QUESTION 8What do you need to generate a feature license key for an Aruba controller?

A. controller's MAC address and the feature description

B. controller's MAC address and the certificate number

C. controller's Serial Number and the feature description

D. controller's Serial Number and the certificate number

Correct Answer: D

QUESTION 9What are the PEF-NG license limits based on?

A. Number of APs

B. Limit One per controller

C. Number of users

D. Number of local controllers

Correct Answer: A

QUESTION 10Which of the following licenses are consumed by RAP?

A. AP license

B. PEF-NG license

C. PEF-V license

D. No license required

Correct Answer: A

QUESTION 11The permanent licenses on the controller will be deleted with the use of which command?

A. delete license

B. write erase

C. Licenses cannot be deleted once activated

D. write erase all



www.Exa

mReal.c

om

www.Exa

mReal.c

om

www.Exa

mReal.c

om

Correct Answer: D

QUESTION 12Which statement is true about the Content Security License?

A. Applied to the master controller

B. Applied to all the controllers in the network

C. It is based on number of users

D. It is based on number of APs

Correct Answer: C

QUESTION 13What is the best practice regarding licensing for a backup master to support Master Redundancy?

A. Backup master only requires the AP license

B. License limits should be the same on primary master and backup Master

C. Licenses are pushed from the primary to the backup Master along with the configuration

D. Backup Master does not require licenses to support master redundancy

Correct Answer: B

QUESTION 14Which may be applied directly to an interface? (Choose all the correct answers.)

A. Access List (ACL)

B. Firewall Policy

C. Roles

D. RF Plan Map

Correct Answer: AB

QUESTION 15What new firewall action was added specifically for use with Aruba's Content Security Service?VisualRF supports import of floor plans from:

A. dst-nat

B. dual-nat

C. route dst-nat

D. redirect to tunnel

Correct Answer: C

QUESTION 16When creating a firewall policy, which of the following parameters are required? (Choose all the correctanswers.)

A. Destination

B. Service

C. Source

D. Log

E. Action

Correct Answer: ABCE

QUESTION 17In all unmodified default AAA profiles, in which default initial role is the user placed?



www.Exa

mReal.c

om

www.Exa

mReal.c

om

www.Exa

mReal.c

om

A. trusted-ap

B. guest

C. pre-guest

D. logon

Correct Answer: D

QUESTION 18When are the system-defined default roles added to the configuration on the controller?

A. when the controller is first booted

B. when an RF Proctect license is added to the controller

C. when created manually

D. when a PEF-NG license is added to the controller

Correct Answer: D

QUESTION 19When a user first associates to the WLAN, what role are they given?

A. the guest role

B. the stateful role

C. the initial role in the server group profile

D. the initial role in the AAA profile

Correct Answer: D

QUESTION 20Which of the following could be used to set a user's post-authentication role or VLAN association?(Choose all the correct answers.)

A. AAA default role for authentication method

B. Server Derivation Rule

C. Vendor Specific Attributes

D. AP Derivation Rule

Correct Answer: BC

QUESTION 21Which describe "roles" as used on Aruba Mobility Controllers? (Choose all the correct answers.)

A. Roles are assigned to users.

B. Roles are applied to interfaces.

C. Policies are built from roles.

D. A user can belong to only one role at a time.

Correct Answer: AD

QUESTION 22Which netdestination aliases are built into the controller? (Choose all the correct answers.)

A. mswitch

B. any

C. user

D. guest

Correct Answer: ABC



www.Exa

mReal.c

om

www.Exa

mReal.c

om

www.Exa

mReal.c

om

QUESTION 23What are aliases used for?

A. improve performance

B. simplify the configuration process

C. tie IP addresses to ports

D. assign rules to policies

Correct Answer: B

QUESTION 24Which of the following statements allows a user to initiate an HTTP session to other devices?

A. any alias internal-nets svc-dns permit

B. user any svc-http permit

C. user user svc-http permit

D. any any svc-http permit

Correct Answer: BD

QUESTION 25The Aruba Policy Enforcement Firewall (PEF) module supports destination network address translation(dst-nat).Which is a common use of this statement in an Aruba configuration?

A. source the IP addresses of users to specific IP address

B. redirect HTTP sessions to Captive Portal

C. redirect Access Points to another Aruba controller

D. provide a telnet connection to the controller

Correct Answer: B

QUESTION 26The Aruba Policy Enforcement Firewall (PEF) module supports source network addresstranslation (src-nat).Which is a common use of this statement in an Aruba configuration?

A. provide a single source IP address for users in a role

B. redirect Captive Portal HTTP sessions

C. redirect Access Points to another Aruba controller

D. provide IP addresses to clients

Correct Answer: A

QUESTION 27The network administrator wishes to terminate the VPN encryption on the Aruba controller.When writing a firewall rule to accomplish the task of automatically moving the VPN traffic for the wirelessclients from a third party VPN concentrator to an Aruba controller, which action needs to be configured inthe rule?

A. redirect to ESI group

B. source NAT

C. destination NAT

D. redirect to tunnel

Correct Answer: C



www.Exa

mReal.c

om

www.Exa

mReal.c

om

www.Exa

mReal.c

om

QUESTION 28Review the following truncated output from an Aruba controller for this item.(Example) #show rights logonDerived Role = 'logon'Up BW:No Limit Down BW:No LimitL2TP Pool = default-l2tp-poolPPTP Pool = default-pptp-poolPeriodic reauthentication: DisabledACL Number = 1/0Max Sessions = 65535



www.Exa

mReal.c

om

www.Exa

mReal.c

om

www.Exa

mReal.c

om

Based on the above output from an Aruba controller, an unauthenticated user assigned to the logon roleattempts to start an http session to IP address 172.16.43.170.What will happen?

A. the user's traffic will be passed to the IP address because of the policy statement:user any svc-http dst-nat 8080

B. the user's traffic will be passed to the IP address because of the policy statement:user any svc-https dst-nat 8081

C. the user's traffic will be passed to the IP address because of the policy statement:user any svc-http-proxy1 dst-nat 8088

D. the user will not reach the IP address because of the policy statement:user any svc-http dst-nat 8080

E. the user will not reach the IP address because of the implicit deny any any at the end of the policy.

Correct Answer: D

QUESTION 29Refer to the following configuration segment for this item.ip access-list session anewoneuser network 10.1.1.0 255.255.255.0 any permituser host 10.1.1.1 any denyuser any any permitBased on the above Aruba Mobility Controller configuration segment, which statements best describe thispolicy? (Choose all the correct answers.)

A. The rule user host 10.1.1.1 any deny is redundant because of the implicit deny all at the end.

B. The rule user network 10.1.1.0 255.255.255.0 any permit is redundant because of the user any anypermit at the end.

C. The two rules user network 10.1.1.0 255.255.255.0 any permit and user host 10.1.1.1 any deny need tobe re-sequenced.

D. This list is fine as is.

Correct Answer: BC

QUESTION 30



www.Exa

mReal.c

om

www.Exa

mReal.c

om

www.Exa

mReal.c

om

Refer to the following configuration segment for this item.netdestination "internal"no invert network 172.16.43.0 255.255.255.0 position 1range 172.16.11.0 172.16.11.16 position 2!ip access-list session "My-Policy"alias "user" alias "internal" service_any permit queue low!A user frame is evaluated against this access-list with the following attributes:Source IP: 172.17.49.3 Destination IP: 10.100.86.37 Destination Port: 80Referring to the above file segment, how will the frame be handled by this access-list?

A. The frame will be dropped because of the implicit deny all at the end of the netdestination definition.

B. The frame will be dropped because of the implicit deny all at the end of the access list.

C. The frame will be forwarded because of the implicit permit all at the end of the access list.

D. The frame will be passed because there is no service specified in the access list.

E. The frame will be dropped because there is no service specified in the access list.

Correct Answer: B

QUESTION 31ip access-list session anewoneuser network 10.1.1.0 255.255.255.0 any permituser any any permithost 10.1.1.1 host 10.2.2.2 any denyA user sends a frame with the following attributes:Source IP: 10.1.1.1 Destination IP: 10.2.2.2 Destination Port: 25Based on the above Mobility Controller configuration file segment, what will this policy do with the userframe?

A. The frame is discarded because of the implicit deny all at the end of the policy.

B. The frame is discarded because of the statement:user host 10.1.1.1 host 10.2.2.2 deny.

C. The frame is accepted because of the statement:user any any permit.

D. The frame is accepted because of the statement:user network 10.1.1.0 255.255.255.0 any permit.

E. This is not a valid policy.

Correct Answer: C

QUESTION 32ip access-list session anewoneuser network 10.1.1.0 255.255.255.0 any permituser host 10.1.1.1 any denyuser any any permitReferring to the above portion of a Mobility Controller configuration file, what can you conclude?(Choose all of the correct answers.)

A. This is a session firewall policy.

B. This is an extended Access Control List (ACL).

C. Any traffic going to destination 10.1.1.1 will be denied.

D. Any traffic going to destination 10.2.2.2 will be denied.

E. Any traffic going to destination 172.16.100.100 will be permitted.

Correct Answer: AE

QUESTION 33As a user moves through the authentication process, which of the following is not used in a derivation rule?



www.Exa

mReal.c

om

www.Exa

mReal.c

om

www.Exa

mReal.c

om

A. MAC address

B. OS version

C. SSID

D. Radius attribute

Correct Answer: B

QUESTION 34Other than a user role, what attribute can be applied to a user with a derivation rule?

A. SSID

B. MAC

C. VLAN

D. IP Address

Correct Answer: C

QUESTION 35Which is an Aruba specific DSA that can be used in a user derivation rule?

A. user login name

B. authentication server

C. location

D. controller Loopback address

Correct Answer: C

QUESTION 36Which match condition can be used by a server derivation rule?

A. greater than

B. less than

C. inverse of

D. contains

Correct Answer: D

QUESTION 37Where are Aruba Vendor Specific Attributes (VSA) programmed?

A. controller

B. client

C. authentication server

D. Internal user database

Correct Answer: C

QUESTION 38View the Server group screen shot above.



www.Exa

mReal.c

om

www.Exa

mReal.c

om

www.Exa

mReal.c

om

A company has provisioned the same VAP, AAA and SSID profiles at both its Miami and NY offices. ThisServer Group is applied for 802.1x authentication at both locations. The user's credentials are only found inthe Miami Radius server ?RadiusMiami?. There is no Radius synchronization. What happens when theuser attempts to authenticate?

A. The controller recognizes the users Domain and sends the authentication request directly toRadiusMiami.

B. The request is initially sent to RadiusNY1 then RadiusNY1 redirects, the controller, to send theauthentication request to RadiusMiami

C. RadiusNY1 receives the request and returns a deny. No other action is taken.

D. RadiusNY1 receives the request and returns a deny. The authentications request will then be sent toRadiusMiami.

Correct Answer: C

QUESTION 39View the Server group and User Roles screen shots above.



www.Exa

mReal.c

om

www.Exa

mReal.c

om

www.Exa

mReal.c

om

A user associated to an SSID with 802.1x using this server group. RadiusNY returned a standard radiusattribute of filter-Id with a value of ?employee?. The user was placed in the guest Role.What statements below are correct?

A. The user was placed in the 802.1x authentication default Role guest

B. The user was placed in the initial Role guest

C. Role derivation failed because roles are case sensitive

D. Role derivation failed because the incorrect operation ?value-of? was used

E. 802.1x authentication failed so the user was automatically placed in the guest Role

Correct Answer: AC

QUESTION 40View the Server group and User Roles screen shots above.



www.Exa

mReal.c

om

www.Exa

mReal.c

om

www.Exa

mReal.c

om

A user associated to an SSID with 802.1x using this server group. RadiusNY returned a standard radiusattribute of filter-Id with a value of ?employee?. What Role will the user get?

A. The User will get the Emp Role

B. The user will get the 802.1x authentication default Role

C. The User will get the employee Role

D. The User will get the Employee Role

E. The User will get the initial Role

Correct Answer: B

QUESTION 41Which profiles are required in an AP Group to enable an SSID with VLAN 1, WPA2 andLMSIP?

A. Virtual-apap mesh-radio-profileap system profile

B. Wlan ssid-profileap-system-profilevirtual-ap profile

C. Virtual-ap profileap-system profile



www.Exa

mReal.c

om

www.Exa

mReal.c

om

www.Exa

mReal.c

om

aaa profile

D. 802.1X authentication profilewlan ssid-profilevirtual-ap profile

Correct Answer: B

QUESTION 42A user connected to a Captive Portal VAP successfully. When the user opens their browser and tries toaccess their homepage, they get redirected as expected to another URL on the Aruba Controller.However, they see an error message that web authentication has been disabled. What might be a cause ofthis?

A. The Captive portal profile has not been assigned to the initial role

B. The Captive portal profile has not been assigned to the AAA profile

C. A server group has not been assigned to the captive portal profile

D. An initial role has not been assigned to the AAA profile

Correct Answer: A

QUESTION 43A customer has configured a 3000 controller with the following commands:Vlan 55Vlan 56Vlan 57Interface gigabitethernet 1/0switchport mode trunkswitchport trunk native vlan 55switchport trunk allowed vlan 55-57Which of the following sentences best describes this port?

A. All traffic in vlan 55 will be dropped and all traffic in vlan 56 and 57 will be trunked with and 802.1Q tag

B. All traffic in vlan 55, 56 and 57 will be trunked with an 802.1Q tag

C. All traffic in vlan 55 will be sent with an 802.1Q tag while vlan 56 and 57 traffic will be trunked untagged

D. All traffic in vlan 56 and 57 will be sent with an 802.1Q tag while vlan 55 traffic will be trunked untagged

Correct Answer: D

QUESTION 44A customer has a remote AP deployment, where each remote AP has an IPSEC VPN tunnel with L2TP tothe controller. 1 of the remote APs is stuck in the user table and hasn't yet transitioned to the AP activetable in the controller. The customer suspects that the AP is not setting up its VPN connectionsuccessfully. Which of the following commands might be useful in troubleshooting this?Select all that apply.

A. Logging level debugging security process localdb

B. Logging level debugging security process l2tp

C. Logging level debugging security process dot1x

D. Logging level debugging security process crypto

Correct Answer: ABD

QUESTION 45The screen captures above show the 802.1X authentication profile and AAA profile settings for a VAP.



www.Exa

mReal.c

om

www.Exa

mReal.c

om

www.Exa

mReal.c

om

If machine authentication passes and user authentication passes, which role will be assigned?

A. employee

B. guest

C. contractor

D. logon

E. you can't tell

Correct Answer: A

QUESTION 46The screen captures above show the 802.1X authentication profile and AAA profile settings for a VAP.



www.Exa

mReal.c

om

www.Exa

mReal.c

om

www.Exa

mReal.c

om

If machine authentication fails and user authentication fails, which role will be assigned?

A. employee

B. guest

C. contractor

D. Captive Portal

E. Logon

F. no role will be assigned

Correct Answer: B

QUESTION 47What cannot be configured from the Initial Configuration wizards?

A. Controller name.

B. Syslog server and levels.

C. User firewall policy.

D. User derivation rules.



www.Exa

mReal.c

om

www.Exa

mReal.c

om

www.Exa

mReal.c

om

Correct Answer: B

QUESTION 48When you create a WLAN SSID in the WLAN/LAN wizard what AP group is it automatically added to?

A. The air-monitors group

B. The first configured AP group

C. The Default AP group

D. It is only added to the 'All Profiles' section

Correct Answer: C

QUESTION 49The reusable wizards are accessible in which one of the following ways?

A. On startup through the CLI

B. Through the CLI, after the initial CLI wizard has been completed

C. In the Web UI under maintenance.

D. In the Web UI under configuration.

Correct Answer: D

QUESTION 50What additional fields must be configured in the configuration wizard if the controller role is selected as alocal instead of a standalone controller?

A. The Local's SNMPv3 user name and password

B. The Master IP address

C. The Local's loopback address

D. The IPSec PSK for Master/Local communication

Correct Answer: BD

QUESTION 51The configuration wizard enables which of the following controller clock configurations?

A. NTP to a time server

B. Manually setting the date time

C. Daylight savings time

D. Only GMT can be configured

Correct Answer: AB

QUESTION 52When configuring ports in the configuration wizard, which of the following are not options for configuration?

A. Inter-VLAN routing

B. Source NAT

C. Trusted

D. LACP

Correct Answer: ABD

QUESTION 53What Wizards can be used to create a new AP Group?

A. AP Wizard



www.Exa

mReal.c

om

www.Exa

mReal.c

om

www.Exa

mReal.c

om

B. Controller Wizard

C. WLAN/LAN Wizard

D. License Wizard

E. AP configurations Wizard

Correct Answer: AC

QUESTION 54By default, which CLI based remote access method is enabled on Aruba controllers?

A. rsh

B. Telnet

C. SSH

D. Telnet and SSH

E. Telnet, SSH and rsh

Correct Answer: C

QUESTION 55An Aruba controller can be configured to support which CLI based remote access methods?

A. RSH

B. Telnet

C. SSH

D. Telnet and SSH

E. SSH and RSH

Correct Answer: D

QUESTION 56The Aruba controller's Command Line Interface can be accessed from WITHIN the browser based WebUser Interface using which method?

A. It's not possible to access the CLI from within the WebUI

B. Embedded Telnet client

C. Java based SSH client

D. Proprietary serial over Ethernet client

Correct Answer: C

QUESTION 57As an admin/root user, what other types of role-based management users can be created on Arubacontrollers? (Choose all the correct answers)

A. Auditing-compliance user

B. Read only user

C. Location-api-management user

D. Guest provisioning user

Correct Answer: BCD

QUESTION 58Which log type should be enabled to troubleshoot IPSec authentication issues on ArubaControllers?

A. Security Logs

B. Management Logs



www.Exa

mReal.c

om

www.Exa

mReal.c

om

www.Exa

mReal.c

om

C. Wireless Logs

D. IDS Logs

Correct Answer: A

QUESTION 59Referring to the above screen capture,

if an administrator desires to change a specific AP into an AM without assigning the AP to a new group,which menus could be used?

A. Network > Controller

B. Wireless > AP Configuration

C. Wireless > AP Installation

D. Advanced Services > Wireless

E. Advanced Services > All Profiles

Correct Answer: B

QUESTION 60



www.Exa

mReal.c

om

www.Exa

mReal.c

om

www.Exa

mReal.c

om

A customer forgot all passwords for a controller. What method could you use to reset thepasswords?

A. Telnet to the controller and login to the password recovery account

B. SSH to the controller and login to the password recovery account

C. Connect directly to the serial console and login to the password recovery account

D. Interrupt the boot process at CP-boot and select password recovery

E. Open the controller and press the reset switch

Correct Answer: C

QUESTION 61Which tunnel protocol is used between controllers to support L2 mobility in an Aruba environment?

A. Basic IP

B. GRE

C. IPinIP

D. Mobile IP

E. None of the above

Correct Answer: E

QUESTION 62In an Aruba based system, the L3 mobility tunnel exists between the home agent and which otherelement?

A. the default gateway

B. the remote AP

C. the foreign agent

D. the mobile node

Correct Answer: C

QUESTION 63When roaming, by default which device will decide when to handoff / move to another AP?

A. Aruba AP

B. Aruba controller

C. Client PC

D. Radius Server

E. Router

Correct Answer: C

QUESTION 64The above diagram has one master and three local controllers.



www.Exa

mReal.c

om

www.Exa

mReal.c

om

www.Exa

mReal.c

om

All controllers are configured with the wireless user VLAN 201. A wireless user associates with AP 1. OnlyL2 mobility is enabled.Which elements will know about this association? (Choose all of the correct answers.)

A. Local 1

B. Local 2

C. Local 3

D. Master

Correct Answer: ABD

QUESTION 65Which command will show all client association history?

A. Aruba-6000# show mobile trail current (ip address)

B. Aruba-6000# show ip mobile trail (ip address)

C. Aruba-6000# show ap client status (mac address)

D. Aruba-6000# show current client ip (ip address)

Correct Answer: B

QUESTION 66By default, how long will an AP scan a single channel when ARM is enabled?

A. 80 milliseconds

B. 90 milliseconds

C. 100 milliseconds

D. 110 milliseconds

Correct Answer: D

QUESTION 67Which actions does ARM (Adaptive Radio Management) perform? (Choose all correct answers.)



www.Exa

mReal.c

om

www.Exa

mReal.c

om

www.Exa

mReal.c

om

A. allows controllers to provision the AP Radio type

B. allows controllers to provision the best channel for APs

C. allows controllers to provision the best power setting for APs

D. attempts to Self Heal in case of an AP failure

Correct Answer: BCD

QUESTION 68Which of the following metrics does the ARM feature use to calculate the optimal channel and power levelfor Access Points? (Choose all correct answers)

A. RF Spectrum Index

B. Priority Index

C. Interference Index

D. Coverage Index

Correct Answer: CD

QUESTION 69How does the ARM's Band Steering feature encourage 5GHz capable clients to move/connect to the 5GHzradios of Aruba APs?

A. ARM ?hides? the 2.4GHz radios from 5GHz capable clients

B. ARM utilizes third party software on the wireless clients

C. Current Wi-Fi chipset firmware supports this by default

D. It's not possible the move clients to 5GHz radios when they can see both 2.4 and 5GHz APs

Correct Answer: A

QUESTION 70Which of the statements below are TRUE regarding ARM's Spectrum Load Balancing feature?(Choose all correct answers)

A. Available only on 5GHz radios

B. Disabled by default

C. Balances client load across available channels/APs

D. Enabled by default

Correct Answer: BC

QUESTION 71What is the function of Band Steering?

A. Balancing clients across APs on different channels within the same band

B. Encourages clients, 5GHz capable, to connect on the 5GHz spectrum

C. Coordinate access to the same channel across multiple APs

D. Enables selection of 20 vs. 40 MHz mode of operation per band

E. Enables acceptable coverage index on both the ?b/g? and ?a? spectrums

Correct Answer: B

QUESTION 72What are the Airtime Allocation Policy options for Airtime Performance Protection?

A. Default Access

B. Priority Access

C. Fair Access



www.Exa

mReal.c

om

www.Exa

mReal.c

om

www.Exa

mReal.c

om

D. Preferred Access

E. Distributed Access

Correct Answer: ACD

QUESTION 73Which of the following statement is true of the Spectrum Mode?

A. No licenses are required to run an AP in Spectrum mode

B. Spectrum mode can only be configured for one AP at a time

C. An AP can be in spectrum mode for both 2.4 and 5G bands at the same time

D. Spectrum Mode is configured under Spectrum Profile

Correct Answer: C

QUESTION 74Which of the following charts are available for selection in Spectrum Dashboard for AP 125?

A. FFT Duty Cycle

B. Channel Quality

C. Active Devices by Channel

D. Number of Spectrum Monitors

Correct Answer: BC

QUESTION 75Which settings can be modified directly from a local controller? (Choose all correct answers.)

A. Port VLAN setting

B. Switch Time Zone

C. Port trusted

D. Roles

E. SNMP Enable Trap Generation

Correct Answer: ABCE

QUESTION 76Masters communicate configuration information with locals using which tunnel type?

A. GRE

B. IP in IP

C. Provision Tunnel Protocol

D. IPSec

Correct Answer: D

QUESTION 77In the above screen capture, the administrator notes that the "Save As" and "Apply" buttons are grayed outand have no action.



www.Exa

mReal.c

om

www.Exa

mReal.c

om

www.Exa

mReal.c

om

What is the cause of the problem?

A. attempting to make changes on a Master Switch

B. attempting changes on a Local Switch

C. does not have administrative rights to perform these actions

D. does not have the correct software license

Correct Answer: B


on which switch can you create a vlan?

A. Controller 10.1.11.100 only

B. Controller 10.1.11.101 and 10.254.1.3 only

C. All three Controllers

D. None

Correct Answer: C




www.Exa

mReal.c

om

www.Exa

mReal.c

om

www.Exa

mReal.c

om

on which switch can you add an administrative user and assign a switch management role?




D. None

Correct Answer: C

QUESTION 80What type of license is required on the Aruba S3500 for tunneled node operation?

A. PEF-NG

B. No license is required

C. Tunneled node license for each wired AP

D. Tunneled node license for each S3500

Correct Answer: B

QUESTION 81Refer to the above screen capture.

By default, which switch's internal database will be used for user authentication?




D. None

Correct Answer: A

QUESTION 82Referring to the above screen capture, on which switch can you modify APs to enable ARM?




D. None



www.Exa

mReal.c

om

www.Exa

mReal.c

om

www.Exa

mReal.c

om

Correct Answer: A

QUESTION 83Aruba access points are logically connected to controllers using which protocol?

A. 802.1q

B. LWAPP

C. PPTP

D. GRE

Correct Answer: D

QUESTION 84Which types of encryption will an Aruba access point perform on traffic sent through a Campus AP VirtualAP (VAP) profile in Tunnel forwarding mode?

A. TKIP & AES

B. WEP & TKIP

C. WEP & AES

D. WEP, TKIP, & AES

E. None of the above

Correct Answer: E

QUESTION 85Where in the network can Aruba controllers be deployed?

A. access

B. distribution

C. core

D. all of the above

Correct Answer: D

QUESTION 86In a campus environment, where are encryption keys sent or stored when users roam from AP to AP onthe same controller using 802.1X?

A. sent to the new AP via GRE

B. sent to the new AP via IPSec

C. stored on the controller

D. stored on the RADIUS server

Correct Answer: C

QUESTION 87In the diagram provided for this question,



www.Exa

mReal.c

om

www.Exa

mReal.c

om

www.Exa

mReal.c

om

the wireless user's laptop is associated with an Aruba AP's Virtual AP profile in tunnel forwarding mode.When the client transmits, where will the 802.11 headers be removed?

A. A

B. B

C. C

D. D

Correct Answer: D

QUESTION 88When configuring a server group containing 3 servers, a customer chooses 'fail through mode'.What other feature has to be enabled on the controller for this to work?

A. Machine authentication

B. EAP Termination

C. Server group fall through mode

D. MAC authentication

Correct Answer: B

QUESTION 89A campus AP has been provisioned with a VAP in bridge forwarding and standard operation modes. Whichof the following authentication types are supported?

A. 802.1X authentication

B. Open System authentication

C. Machine authentication

D. Captive portal authentication

Correct Answer: AB

QUESTION 90Which method is NOT supported to provision an Aruba thin AP?

A. Telnet directly to AP

B. SSH to the AP's controller

C. Web interface to the AP's controller

D. Console to AP

Correct Answer: A

QUESTION 91When direct consoled to an AP, what is the command sequence to factory default the AP and rebootstrap?

A. setenv bootstat init

B. setenv master init, boot

C. purge, save, boot

D. init, save, boot

Correct Answer: C

QUESTION 92What APs can be configured as a Certificate based RAP?

A. AP70

B. AP125

C. AP93

D. AP105

E. RAP5

Correct Answer: BCDE

QUESTION 93What settings need to be changed on a factory default AP in order for it to use ADP to discover the ArubaController?

A. DNS of the controller

B. Static route

C. AP group

D. None

Correct Answer: D

QUESTION 94An AP125 has been provisioned as a Campus AP in the default AP group. It has booted but the radio lightsare orange. What might be a cause of this? Select all that apply.

A. The AP has booted successfully and is broadcasting wireless networks

B. The VAP does not have a VLAN assigned to it

C. The antenna gain parameters of the AP must be provisioned

D. The default AP Group does not have any VAPs assigned to it

Correct Answer: BD

QUESTION 95As illustrated in the above diagram, a company has two campus locations and a buildingheadquarters all located in different cities.

Following best practices, what would be the best way to construct mobility domains for thecompany?

A. Buildings (1, 2) in one domain and Buildings (3, 4, 5, 6) in one domain

B. Buildings (1, 2) in one domain, Building (3) in one domain, and Buildings (4, 5, 6) in one domain

C. Buildings (1, 2, 4, 5, 6) in one domain and Building (3) in one domain

D. Buildings (1, 2, 3, 4, 5, 6) in one domain

Correct Answer: B

QUESTION 96How many Aruba controllers can be added to a single mobility domain?

A. 64 controllers of any type

B. 128 controllers supporting 2000 users

C. 256 controllers with no more than 1024 subnets

D. Controllers supporting up to 6000 AP's

E. There is no controller limit

Correct Answer: E

QUESTION 97In a master-local controller scenario, where is the mobility domain defined?

A. the AP group

B. the master controller

C. the local controller

D. the master and the local controllers

Correct Answer: B

QUESTION 98In the university illustrated in the above diagram, the Life Sciences department has its own mobilitydomain, as does the engineering department. The university is planning on offering a new application andneeds users to be able to roam between both mobility domains.

What is the best way to accomplish this?

A. The 2 existing domains should be left as they are. A 3rd mobility domain should then becreated and all 3 controllers need to be added to it

B. Merge the Life Sciences and Engineering controllers into the same mobility domain

C. The IP subnets of all controllers need to be configured to match

D. This cannot be accomplished

Correct Answer: B

QUESTION 99A port firewall policy is applied to a trunk port that denies controller access. An ?allow all? Vlan firewallpolicy is applied to VLAN 33 on the same port. A user connected to VLAN 33 on that port attempts to gainaccess to the controller. What happens next?

A. The Port policy is applied, therefore no controller access

B. The Vlan policy is applied, then the port policy, therefore no controller access

C. The Vlan policy is applied, therefore access to the controller is allowed

D. You cannot place a firewall policy on a Ports Vlan when the Port already has a policy, therefore nocontroller access

E. When locally connected to a controllers port you always have controller access

Correct Answer: C

QUESTION 100An access port has been placed in Untrusted mode. The Vlan on the port is in Trusted mode.

A. The traffic is trusted since the Vlan is trusted

B. The traffic is untrusted since the port is untrusted

C. This is an invalid configurations, both must be set the same

D. You cannot set Vlans as trusted or untrusted

E. Only traffic from that specific Vlan is trusted, all other traffic is untrusted

Correct Answer: B

QUESTION 101How can a role be assigned to a user, connected to an untrusted port, on a controller?

A. An initial Role can be assigned

B. Roles are assigned to users connected to a trusted port

C. Captive Portal default Role can be assigned

D. Adding a wired AAA profile to a VLAN on the port

E. The Role assigned to the Port

Correct Answer: ACD

QUESTION 102When a port has been configured as untrusted, but no wired access AAA profile has beenconfigured. A user connects to that port. What happens next?

A. Since there is no wired access AAA profile, only port policies will be applied

B. The user will fall into the default wired access AAA profile and will be given the initial role

C. Since there is no wired access AAA profile the user will be given the logon role

D. When configuring the port as untrusted, an error message of "no wired access AAA profile exists".Therefore this is an invalid configuration.

Correct Answer: C

QUESTION 103Which method can APs use to discover a controller?

A. DHCP

B. Dynamic DNS (DDNS)

C. PnP

D. PAPI

Correct Answer: A

QUESTION 104When APs boot up, in which order do they discover a controller?

A. DNS, DHCP, ADP multicast, ADP unicast, static

B. static, DNS, DHCP, ADP broadcast, ADP multicast

C. static, DHCP, ADP multicast, ADP broadcast, DNS

D. static, DHCP, DNS, ADP multicast, ADP broadcast

Correct Answer: C

QUESTION 105An AP is not communicating with the controller. Upon investigation you find that the AP is not discoveringits controller through DNS. Instead, it received a DHCP reply with option 43 specifying the SIP server's IPaddress. How do you resolve this problem?

A. Statically configure the AP to ignore Option 43

B. Remove the option 43 configuration on the DHCP server

C. Statically configure the AP to only use DNS resolution and not other dynamic discoverymethods

D. After failing option 43 the AP should have proceeded with ADP, therefore the AP is faulty and needs tobe replaced

E. The AP should be purged

Correct Answer: B

QUESTION 106An AP resolved DNS and found the master controller. How will this AP be redirected to a Local controller?

A. Based on the AP-Groups CONTROLLER-IP attribute

B. Based on the AP-Groups LMS-IP attribute

C. In AP-provisioning set the LMS-IP attribute

D. Must be statically configure to find the local controller

E. In AP-Provisioning set the CONTROLLER-IP attribute

Correct Answer: B

QUESTION 107An AP was configured to use dynamic controller discovery and assigned to an AP group, then powered offfor over a week. When the AP is redeployed, what previous configuration will it retain?

A. It's AP name and AP Group

B. It's Serial Number

C. The controllers IP address

D. After a few days all configurations is lost

E. The controller IP address and the AP Group

Correct Answer: A

QUESTION 108A 3200 controller has 32 PEF-NG license, 16 RFProtect license and 32 AP licenses, how many AP's canterminate on the controller?

A. 32 Campus APs

B. 32 Campus and 32 Remote APs

C. 16 Campus APs

D. 16 Remote APs

Correct Answer: C

QUESTION 109A 3200 controller has 16 PEF-NG license, 16 RFProtect license. There are 10 Campus Aps terminating onthe controller, how many remote AP's can terminate on the controller?

A. 6

B. 16

C. 24

D. 32

Correct Answer: A

QUESTION 110In a network of 1 Master and 2 Local, to terminate 8 APs on each controller with Local redundancy whatshould be the license count on all controllers?

A. 16 AP license on all controllers

B. 8 AP license on Master 16 AP license on both locals

C. 8 AP license on all controllers

D. 1 AP license on Master and 16 AP license on both locals

Correct Answer: C

QUESTION 111Which is the default management VLAN on an Aruba switch?

A. VLAN 10

B. VLAN 1

C. VLAN 100

D. None, it must be defined

Correct Answer: B

QUESTION 112Which set of configuration commands are needed to make VLAN 10 the management VLAN?

A. config# vlan 10config# interface vlan 10config-subif# ip address 10.10.10.1 255.255.255.0config# controller-ip vlan 10

B. config# vlan 10config# interface vlan 10config-subif# ip address 10.10.10.1 255.255.255.0config-subif# management-vlan

C. config# vlan 10config-subif# interface vlan 10config-subif# ip address 10.10.10.1 255.255.255.0config-subif# management-vlan 10

D. config# vlan 10config-subif# interface vlan 10config-subif# ip address 10.10.10.1 255.255.255.0config-subif# default-management-vlan

Correct Answer: A

QUESTION 113Aruba APs must be physically attached to the Aruba switch.

A. True

B. False

Correct Answer: B

QUESTION 114Referring to the diagram provided for this question,

in which locations must you define the new data VLANs for wireless client traffic? (Choose all the correctanswers.)

A. in all L2 switches where an Aruba AP is physically connected

B. in all APs and the L2 switches to which they are connected

C. in the Aruba controller and the router it's connected to in an L2 deployment

D. in the routers and switches where the APs are physically connected

E. only on the Aruba controller in an L3 deployment

Correct Answer: CE

QUESTION 115A controller is provisioned in L3 Mode for Wireless Users. What must be configured on thecontroller to enable DHCP requests to an external DHCP server?

A. an IP helper command

B. the IP address of the DNS server

C. the IP address of the APs

D. the subnet address of the DHCP server

Correct Answer: A

QUESTION 116Which parameter does a Master switch use to determine where a provisioned AP should terminate its GREtunnel?

A. at the IP address of the AP

B. the MAC address of the AP

C. the IP address of the switch nearest to the AP

D. the name and group settings of the AP

E. based on the VLAN of the AP

Correct Answer: D

QUESTION 117Which of the following configurations can accept a vlan pool?

A. Trunk native vlan

B. Virtual AP profile

C. User Role

D. Server derived role

Correct Answer: B

QUESTION 118Which feature must be enabled for self-healing to be performed?

A. ADP

B. ARM

C. IDS

D. PEF

Correct Answer: B

QUESTION 119What does Aruba's RF self-healing require to operate?

A. LMS-IP

B. Backup LMS-IP

C. VRRP

D. None of the above

Correct Answer: D

QUESTION 120In the diagram provided for this question,

wireless User A is associated with the Aruba AP. The Aruba controller is configured to perform L2switching.What will be the wireless user's default gateway?

A. A

B. B

C. C

D. D

Correct Answer: C

QUESTION 121In the diagram provided for this question, the Aruba controller terminates one end of a GRE tunnel thatcarries wireless user traffic.

Where does the other end terminate?

A. A

B. B

C. C

D. D

Correct Answer: C

QUESTION 122In the above diagram, the system shows two Aruba access points and a wired user.

Which VLANs do NOT need to be configured on link A between the L2 switch and router tosupport the wireless users?

A. 101 and 102

B. 101 and 103

C. 102 and 103

Correct Answer: A

QUESTION 123In the above diagram, the system shows two Aruba access points.

Which VLANs must be configured on trunk link D between the router and Aruba controller to supportwireless users when the controller is provisioned for L2 operations? (Choose all of the correct answers.)

A. 10

B. 101

C. 102

D. 103

E. 104

Correct Answer: ABC

QUESTION 124Referring to the diagram provided for this question,

if the Aruba controller is configured to perform L3 switching, what will be the wireless user's defaultgateway?

A. A

B. B

C. C

D. D

Correct Answer: D

QUESTION 125When configuring Captive Portal, which protocols are supported when accessing the Captive Portal?(Choose all the correct answers.)

A. https

B. socks

C. http

D. telnet

Correct Answer: AC

QUESTION 126When the controller is configured for Captive Portal and the user is only required to provide an emailaddress for authentication, which option is configured in the gui?

A. enable termination

B. enable guest logon

C. enable user logon

D. eap method

Correct Answer: B

QUESTION 127A user logged in with the Captive Portal settings shown in the above screen capture.What does the user need to do to logout?

A. wait 30 minutes then logout

B. wait 60 minutes then logout

C. click Logout on the browser screen

D. he cannot logout

Correct Answer: C

QUESTION 128Screenshots of the Captive Portal authentication profile and server group of a guest network are displayedabove.

How was the user authenticated?

A. with a radius server called Radius01

B. with the Internal database

C. with a radius server called Internal

D. with another form of authentication

E. user wasn't authenticated against any server

Correct Answer: E

QUESTION 129In Visual RF, Floor plans can be imported in what format?

A. Visio

B. PNG

C. PDF

D. GIF

E. CAD

Correct Answer: BDE

QUESTION 130

Which of the following functions cannot be done in the offline Visual RF plan?

A. Create a BOM

B. Exporting a plan to the controller

C. Tracking AP's and client devices

D. Replicating floor plans

Correct Answer: C

QUESTION 131With Visual RF location tracking, show location history can be set for a maximum of?

A. 1 hour

B. 6 hours

C. 24 hours

D. 12 hours

Correct Answer: C

QUESTION 132In a network setup with 1 master, 1 backup master and 5 local controllers where should the mobilitydomains be enabled.

A. Only on the master controller

B. All the local controllers in the network

C. All the controllers where the client is allowed to roam

D. Master and backup master

Correct Answer: C

QUESTION 133Which of the following statements is not true about the remote node?

A. Remote Node builds an Ipsec tunnel to Remote Node Master?

B. A RN-Master can be either a Master or a Local controller

C. Remote Node is only used for Remote AP termination

D. Only L3 configurations are pushed from a RN-Master to an Remote Node

E. Remote Node can only be configured using the CLI

Correct Answer: CD

QUESTION 134What are the different methods of configuring AP redundancy between 2 local controllers?

A. Active-Active VRRP

B. Configure the locals as remote nodes

C. Use named VLANS

D. LMS and Backup LMS IP

E. AP Redundancy can only be configured between a Master and Local

Correct Answer: AD

QUESTION 135An Aruba 650 controller is functioning as a standby Master.How many APs can it control while in standby mode?

A. 0

B. 16

C. 24

D. 128

E. 256

Correct Answer: A

QUESTION 136Two Aruba 620 controllers are configured as a VRRP pair. One of the controllers fails.Which is the maximum number of campus APs that the remaining controller can terminate?

A. 8

B. 32

C. 48

D. 96

Correct Answer: A

QUESTION 137Which protocol does the Aruba controller utilize for controller redundancy?

A. HSRP

B. VRRP

C. VPN

D. GRE

E. IP-IP

Correct Answer: B

QUESTION 138For controller redundancy to work and support failover of access points, to which IP address should theAruba AP terminate its GRE tunnel?

A. VRRP IP address

B. management IP of an Aruba controller

C. management IP of the backup Aruba controller

D. HSRP IP address

Correct Answer: A

QUESTION 139A Master switch can serve as an AP backup for a local switch.

A. True

B. False

Correct Answer: A

QUESTION 140When an Aruba 6000 controller has two M3 modules installed, for which uses may the modules be used?(Choose all the correct answers.)

A. hot standby operations

B. VRRP backup

C. higher AP density per switch chassis

D. Active-Active masters

Correct Answer: BC

QUESTION 141Referring to the diagram provided for this question, an employee brought an unauthorized AP from homeand attached the LAN port to the cubicle Ethernet port. All Aruba APs and AMs as well as the employeeAP are in VLAN 170 and within RF range of each other. No traffic from the wired or wireless network haspassed through the AP yet, but the AP began wireless broadcasts.

How will the Aruba system first initially classify the employee's AP?

A. a valid AP

B. an AM

C. a Rouge AP

D. an interfering AP

E. a known interfering AP

Correct Answer: D

QUESTION 142Referring to the diagram provided for this question, an employee brought an unauthorized AP from homeand attached it to the cubicle Ethernet port as shown in the diagram. The APs are in VLANs as shown inthe diagram. Only AP1 is within RF range.

How will the Aruba system classify this AP?

A. an AP

B. an AM

C. a Rogue AP

D. an Interfering AP

E. a workstation

Correct Answer: D

QUESTION 143Referring to the diagram provided for this question, an employee brought an unauthorized AP from home,but did not attach it to the LAN infrastructure. The APs are in the VLANs as shown in the diagram. OnlyAP1 is within RF range of the employee AP.

By default, how will the Aruba system classify the employee's AP?

A. an AP

B. an AM

C. a Rogue AP

D. an Interfering AP

E. a valid workstation

Correct Answer: D

QUESTION 144What can an AM do that an AP cannot do?

A. detect rogue APs

B. detect an AP failure

C. complete scanning of all channels in under 1 minute

D. detect interfering APs

Correct Answer: C

QUESTION 145(group8) #show ap active

A user has called technical support because they cannot see any of their APs in building one. You performthe "show" command as illustrated above.What can you conclude about these two APs from this output?

A. the GRE for the APs terminate on two different controllers: 10.1.80.150 and 10.1.80.151

B. the system will not function because there is no building1 group defined

C. the building1 APs are configured to not accept any user connections

D. the user needs to configure his client to use the b/g band

E. the user needs to configure his client to use the a band

Correct Answer: E

QUESTION 146Based on the above screen capture for Interfering APs,

what can you conclude?

A. The APs must be connected to the Aruba network.

B. The APs are classified as interfering because they are all transmitting on channel 6.

C. There must not be any evidence that the APs are attached to the wired network.

D. These APs are classified as interfering because they are not Aruba APs.

E. They are classified as interfering because they are running in b mode.

Correct Answer: C

QUESTION 147As illustrated in the above diagram and screen capture, a wireless hacker injects messages into yournetwork to detach a client from your Aruba AP.

What action should you take to identify and prevent the Intruder from connecting to your system?(Choose all of the correct answers.)

A. enable Detect disconnect Station Attack

B. enable Spoofed Deauth Blacklist

C. take no action as there is no protection against this form of attack

D. take no action as the Aruba system ignores this attack because it is against the client

Correct Answer: AB

QUESTION 148(group8) #show ap arm history ap-name AP1Interface: wifi0

Referring to the output above, what can you conclude about AP1?

A. This device is scanning channels.

B. This device is unstable because the channel assignment changed.

C. The device changed channels recently.

D. The device changed channels and power levels recently.

E. The device is transmitting at maximum power levels.

Correct Answer: C

QUESTION 149Which of the following parameters can be specified in a rule for AP classification?

A. SSID of an AP

B. Number of clients connected to an AP.

C. SNR of an AP.

D. Operating mode of an AP

Correct Answer: AC

QUESTION 150Which of the following functions cannot be configured in the WIPS wizard?

A. Configure APs as Air Monitors

B. Configure rules for AP classification.

C. Configure preset levels for intrusion detection

D. Identify encryption method used in your network.

Correct Answer: A

QUESTION 151Referring to the screen captures provided for this question,

what can you conclude about the two clients from the Packet Rate Distribution screens?

A. client #1 does not support 802.11a

B. client #2 does not support 802.11g

C. client #1 is further from the AP than client #2

D. client #2 is further from the AP than client #1

Correct Answer: C

QUESTION 152A client device associates with an SSID provisioned with 802.1X authentication. The client is set for PEAPauthentication. EAP termination (AAA Fastconnect) is disabled on the controller. But the client continuouslycycles through the authentication process. Which of the following could cause this? Choose all that apply.

A. The client is provisioned with the wrong EAP type.

B. The client has an expired or revoked server certificate.

C. The DHCP server is not enabled.

D. The VLAN is missing for the SSID.

E. The controller does not support PEAP in this mode.

Correct Answer: AB

QUESTION 153A client device associates with an SSID provisioned with 802.1X authentication. The client is set for LEAPauthentication. EAP termination (AAA Fastconnect) is enabled on the controller. But the client continuouslycycles through the authentication process. Which of the following could cause this?

A. The Radius server is rejecting the client credentials.

B. The client has an expired or revoked server certificate.

C. The DHCP server is not enabled.

D. The VLAN is missing for the SSID.

E. The controller does not support LEAP in this mode.

Correct Answer: E

QUESTION 154

A client attaches to a secure jack interface set to untrusted. But when the client tries to access the captiveportal page, the following message appears, ?Web Authentication is not enabled.? What might be wrong?Choose all that apply.

A. The client has the browser provisioned with proxy settings.

B. The controller port needs to be set to trusted.

C. A ?aaa? profile needs to be selected on the Wired Access page.

D. A Captive Portal profile needs to be assigned to the initial role.

E. Web Authentication cannot be used in this way.

Correct Answer: CD


which tab tells you which licenses are installed on the controller?

A. Controller Summary

B. All Wlan Controllers

C. Process Logs

D. Inventory

Correct Answer: D

QUESTION 156Which command, when executed on a master controller, will show the APs connected to an lms?

A. show stm connectivity

B. show ap active

C. show ap database

D. show ap bss-table

Correct Answer: C

QUESTION 157Which of the following commands is most useful in showing the traffic of an individual user?

A. show datapath session table

B. show acl hits

C. show rights

D. show firewall

Correct Answer: A

QUESTION 158An Aruba based network has a Master and four local controllers deployed. But one of the locals, a newinstallation, is not seen by the Master. What might be wrong? Choose all that apply.

A. PAPI is not enabled on the local controller.

B. The master controller can only support three local controllers.

C. IPSec is blocked by the internal network between the local and the master controllers.

D. The passphrase does not match on the master and local controllers.

E. GRE is blocked between the master and local controllers.

Correct Answer: CD

QUESTION 159An Aruba controller is configured with the correct IP address and gateway information and is connected tothe corporate LAN via a core layer 2 switch. An access point is provisioned with AP name and group andconnected to a different switch on the corporate LAN that has IP connectivity to the core layer 2 switch.The AP powers on and connects to the LAN, but the wireless radios do not power on.Which could cause this condition? (Choose all of the correct answers.)

A. the layer 2 switches have ACLs that block GRE traffic

B. the layer 2 switches are configured to block multicast traffic

C. a DHCP server is not configured for the segment to which the AP is connected

D. the AP name needs to be configured on the Aruba controller

Correct Answer: ABC

QUESTION 160In the diagram provided for this question, four buildings are identified on a college campus.

Most of the wireless LAN traffic will be from students accessing the internet.According to Aruba best practices, which building is the best location to install the Aruba mobilitycontroller?

A. data center

B. dormitory

C. server farm

D. library

Correct Answer: A

QUESTION 161Referring to the diagram provided for this question, representing an office wireless LANdeployment, there will be approximately 250 users in the offices section of the building.

According to Aruba best practice, which network device is the best choice for the wireless clients' defaultgateway?

A. device 'A'

B. device 'B'

C. device 'C'

D. device 'D'

Correct Answer: B

QUESTION 162One hundred (100) additional APs were deployed in an existing network. But some APs are not able toconnect to the lms-ip address, even though all of the APs belong to the same AP group.What might be wrong? Choose all possibilities.

A. The AP isn't getting an IP address.

B. The AP has the wrong lms-ip address setting.

C. There is a firewall between some APs and the controller blocking PAPI.

D. The controller does not support that many APs in a single AP-Group.

E. The controller does not have enough AP licenses to support the additional quantity of APs.

Correct Answer: ACE

QUESTION 163If a Remote AP (RAP) is attempting to contact a controller that is behind a NAT device what protocol mustbe allowed through the NAT/Firewall?

A. PAPI

B. NATT

C. IPSec

D. The controller must have a public IP address.

Correct Answer: B

QUESTION 164Which of the following are valid RAP forwarding modes (select all that apply)?

A. Tunnel

B. Bridge

C. Split-Tunnel

D. Backup

Correct Answer: ABC

QUESTION 165Which of the following are valid RAP operating modes?

A. Always, Backup, Standard, Persistent

B. Always, Backup, Tunnel, Persistent

C. Always, Hotel-Connect, Tunnel, Standard

D. Backup, Hotel-Connect, Standard, Persistent

Correct Answer: A

QUESTION 166When configuring split tunnel mode on a Remote AP (RAP) where is the routing function for the split tunneldefined?

A. On the IP routing tab in the configuration screen.

B. On the AP provisioning screen.

C. The RAP uses OSPF for routing.

D. In the Firewall policy.

Correct Answer: D

QUESTION 167When does a backup SSID configured on a Remote AP (RAP) begin broadcasting?

A. When the GRE tunnel to the controller is established.

B. When the IPSec tunnel to the controller is established.

C. When the controller cannot be reached.

D. When bridging is required for guest users.

Correct Answer: C

QUESTION 168A Remote AP provisioned in ?Split-Tunnel? Forwarding mode has which of the followingcharacteristics? Choose all that apply.

A. Local traffic first goes to the controller and is then spilt back to the local network.

B. Traffic is IPSec encrypted before it is sent to the controller.

C. The user role must have a ?Permit? statement in order to locally bridge the traffic.

D. The user role must have a ?route src-nat? statement to locally bridge the traffic.

E. The RAP uses UDP 4500 to send traffic to the controller.

Correct Answer: BDE

QUESTION 169A Remote AP provisioned with an SSID in the operational mode ?always? has which one of the followingcharacteristics?

A. The RAP must obtain its configuration from the controller each time it boots.

B. The operational mode applies to tunnel and split-tunnel forwarding SSID.

C. The operational mode applies to a Bridge forwarding SSID.

D. The RAP does not support this mode.

E. The SSID only appears if the AP does not see the controller.

Correct Answer: C

QUESTION 170A Remote AP provisioned with an SSID in ?Bridged? forwarding mode has which one of the followingcharacteristics?

A. The client obtains its IP address from the controller.

B. The client's default gateway must be the controller.

C. The client traffic is forwarded through a GRE tunnel to the controller.

D. The client's default gateway may be the Access Point or a local gateway.

E. The client's authentication must be 802.1X.

Correct Answer: D

QUESTION 171An Aruba RAP2 model can authenticate its IPSec tunnel to a controller using which of thefollowing methods? Choose all that apply.

A. 802.1X

B. Captive Portal

C. IP address authentication

D. Legacy Username/Password authentication.

E. Certificate and MAC address authentication.

Correct Answer: DE

QUESTION 172What is the purpose of Mesh Clusters?

A. To separate Mesh points and Mesh Portals

B. To make sure that mesh points and portals with the same VAPs are not in the same cluster

C. To create a group of mesh points and mesh portals that create mesh links with each other using thesame 802.11 connection settings

D. To cluster mesh APs of the same model together

Correct Answer: C

QUESTION 173A company purchased an indoor mesh deployment using the 620 controller and the AP 125 models, where5 APs will be deployed on a floor to provide wireless internet access for users.Users may open VPN tunnels using software clients over the wireless network to a 3rd party VPNconcentrator overseas. The company wants to limit wireless user access to NetBIOS over TCP trafficlocally and VPN traffic overseas.Which licenses will be necessary for this deployment?

A. Base AOS, VPN, PEF-NG

B. Base AOS, AP Capacity, PEF-NG

C. Base AOS, AP Capacity, PEF-NG, VPN

D. Base AOS, AP Capacity

Correct Answer: B

QUESTION 174When deploying Remote Mesh Portals, what is one of the purposes of the Mesh Private VLAN?

A. To separate wireless user traffic coming from mesh networks from non-mesh networks

B. To tag mesh wireless user traffic on a particular AP

C. To allow Mesh Points to form private vlan networks with certain users

D. To tag control plane traffic from Mesh points to the controller

Correct Answer: D

QUESTION 175A network administrator runs a 'show ap mesh topology' command on an Aruba 620 controller.Which of the following information would he be able to obtain? Choose all that apply.

A. The number of mesh nodes in the network

B. The channel settings of each mesh node

C. The parent of each mesh node

D. The number of hops each mesh points has to make to reach the mesh portal

Correct Answer: ACD

QUESTION 176How does Aruba's infrastructure calculate location?

A. GPS

B. RF Fingerprinting

C. RSSI triangulation

D. TDOA

Correct Answer: C

QUESTION 177You want to locate a wireless device on the controller GUI. You go to the Clients list from the Monitoringtab and click the Locate button but the controller is unable to locate the client.Which could be the possible reasons for the error? (Choose all of the correct answers.)

A. No floor plan exists

B. Only 2 APs can hear the client

C. The client is not a valid client

D. No client was selected

Correct Answer: ABD

QUESTION 178Which of the following needs to be done prior to attempting to use the GUI quick setup of a factorydefaulted Aruba S3500 Mobility Access Switch?

A. Set the S3500 IP address to the 172.16.0.0 range

B. Quick-Setup needs to be enabled on the LCD Panel

C. Connect the S3500 to the network for DHCP

D. Set the laptop IP address to the 192.168.0.0 range

Correct Answer: B

QUESTION 179Which two factors are important when choosing a controller model to support tunneled node?

A. Number of Wired Aps

B. Controller configuration

C. Number of Tunneled Ports

D. Layer 3 network architecture

Correct Answer: AC

QUESTION 180In tunneled node configuration the Aruba 3500 mobility access switch acts as a?

A. Authentication server

B. Security gateway

C. Wired to Wireless AP

D. Wired AP

Correct Answer: D

ExamReal.Aruba.ACMP-6-1.v20130709.180q

Documents

correct license

ap licenseb

aruba controllers

license requiredcorrect

number of apscorrect

following controllers

purposecorrect answer

abovecorrect answer