Refer to the exhibit.

How can you use the thumbprint?

A. Install this thumbprint on management stations to use as two-factor authentication along with manager usernames and passwords, this will ensure managers connect from valid stations

B. Copy the thumbprint to other Aruba switches to establish a consistent SSH Key for all switches this will enable managers to connect to the switches securely with less effort

C. When you first connect to the switch with SSH from a management station, make sure that the thumbprint matches to ensure that a man-in-t he-mid die (MITM) attack is not occurring

D. install this thumbprint on management stations the stations can then authenticate with the thumbprint instead of admins having to enter usernames and passwords.

What is a difference between radius and TACACS+?

A. RADIUS combines the authentication and authorization process while TACACS+ separates them.

B. RADIUS uses TCP for Its connection protocol, while TACACS+ uses UDP tor its connection protocol.

C. RADIUS encrypts the complete packet, white TACACS+ only offers partial encryption.

D. RADIUS uses Attribute Value Pairs (AVPs) in its messages, while TACACS+ does not use them.

How should admins deal with vulnerabilities that they find in their systems?

A. They should apply fixes, such as patches, to close the vulnerability before a hacker exploits it.

B. They should add the vulnerability to their Common Vulnerabilities and Exposures (CVE).

C. They should classify the vulnerability as malware. a DoS attack or a phishing attack.

D. They should notify the security team as soon as possible that the network has already been breached.

You are deploying an Aruba Mobility Controller (MC). What is a best practice for setting up secure management access to the ArubaOS Web UP?

A. Avoid using external manager authentication tor the Web UI.

B. Change the default 4343 port tor the web UI to TCP 443.

C. Install a CA-signed certificate to use for the Web UI server certificate.

D. Make sure to enable HTTPS for the Web UI and select the self-signed certificate Installed in the factory.

What is an example or phishing?

A. An attacker sends TCP messages to many different ports to discover which ports are open.

B. An attacker checks a user's password by using trying millions of potential passwords.

C. An attacker lures clients to connect to a software-based AP that is using a legitimate SSID.

D. An attacker sends emails posing as a service team member to get users to disclose their passwords.

You have an Aruba Mobility Controller (MC). for which you are already using Aruba ClearPass Policy Manager (CPPM) to authenticate access to the Web Ul with usernames and passwords You now want to enable managers to use certificates to log in to the Web Ul CPPM will continue to act as the external server to check the names in managers' certificates and tell the MC the managers' correct rote in addition to enabling certificate authentication.

What is a step that you should complete on the MC?

A. Verify that the MC has the correct certificates, and add RadSec to the RADIUS server configuration for CPPM

B. install all of the managers' certificates on the MC as OCSP Responder certificates

C. Verify that the MC trusts CPPM's HTTPS certificate by uploading a trusted CA certificate Also, configure a CPPM username and password on the MC

D. Create a local admin account mat uses certificates in the account, specify the correct trusted CA certificate and external authentication

What is a guideline for managing local certificates on an ArubaOS-Switch?

A. Before installing the local certificate, create a trust anchor (TA) profile with the root CA certificate for the certificate that you will install

B. Install an Online Certificate Status Protocol (OCSP) certificate to simplify the process of enrolling and re-enrolling for certificate

C. Generate the certificate signing request (CSR) with a program offline, then, install both the certificate and the private key on the switch in a single file.

D. Create a self-signed certificate online on the switch because ArubaOS-Switches do not support CA-signed certificates.

Refer to the exhibit.

You have set up a RADIUS server on an ArubaOS Mobility Controller (MC) when you created a WLAN named "MyEmployees .You now want to enable the MC to accept change of authorization (CoA) messages from this server for wireless sessions on this WLAN.

What Is a part of the setup on the MC?

A. Create a dynamic authorization, or RFC 3576, server with the 10.5.5.5 address and correct shared secret.

B. Install the root CA associated with the 10 5.5.5 server's certificate as a Trusted CA certificate.

C. Configure a ClearPass username and password in the MyEmployees AAA profile.

D. Enable the dynamic authorization setting in the "clearpass" authentication server settings.

An ArubaOS-CX switch enforces 802.1X on a port. No fan-through options or port-access roles are configured on the port The 802 1X supplicant on a connected client has not yet completed authentication.

Which type of traffic does the authenticator accept from the client?

A. EAP only

B. DHCP, DNS and RADIUS only

C. RADIUS only

D. DHCP, DNS, and EAP only

What is a benefit of Opportunistic Wireless Encryption (OWE)?

A. It allows both WPA2-capabie and WPA3-capable clients to authenticate to the same WPA-Personal WLAN

B. It offers more control over who can connect to the wireless network when compared with WPA2Personal

C. It allows anyone lo connect, but provides better protection against eavesdropping than a traditional open network

D. It provides protection for wireless clients against both honeypot APs and man-in-the- middle (MUM) attacks