EMT Practice Test

1. Question Content...


Question List

Question1: A client has accessed an HTTPS server at myhost1.example.com using Chrome. The server sends a certificate that includes these properties:
Subject name: myhost.example.com
SAN: DNS: myhost.example.com; DNS: myhost1.example.com
Extended Key Usage (EKU): Server authentication
Issuer: MyCA_Signing
The server also sends an intermediate CA certificate for MyCA_Signing, which is signed by MyCA. The client's Trusted CA Certificate list does not include the MyCA or MyCA_Signing certificates.
Which factor or factors prevent the client from trusting the certificate?

Question2: A company has Aruba Mobility Controllers (MCs), Aruba campus APs, and ArubaOS-Switches. The company plans to use ClearPass Policy Manager (CPPM) to classify endpoints by type. This company is using only CPPM and no other ClearPass solutions.
The ClearPass admins tell you that they want to use HTTP User-Agent strings to help classify endpoints.
What should you do as a part of configuring the ArubaOS-Switches to support this requirement?

Question3: Which attack is an example or social engineering?

Question4: What is one of the policies that a company should define for digital forensics?

Question5: What is a correct description of a stage in the Lockheed Martin kill chain?

Question6: Which is a correct description of a Public Key Infrastructure (PKI)?

Question7: A company has Aruba Mobility Controllers (MCs), Aruba campus APs, and ArubaOS-CX switches. The company plans to use ClearPass Policy Manager (CPPM) to classify endpoints by type. The company is contemplating the use of ClearPass's TCP fingerprinting capabilities.
What is a consideration for using those capabilities?

Question8: You are managing an Aruba Mobility Controller (MC). What is a reason for adding a "Log Settings" definition in the ArubaOS Diagnostics > System > Log Settings page?

Question9: You have been asked to rind logs related to port authentication on an ArubaOS-CX switch for events logged in the past several hours But. you are having trouble searching through the logs What is one approach that you can take to find the relevant logs?

Question10: You have an Aruba solution with multiple Mobility Controllers (MCs) and campus APs. You want to deploy a WPA3-Enterprise WLAN and authenticate users to Aruba ClearPass Policy Manager (CPPM) with EAP-TLS.
What is a guideline for ensuring a successful deployment?

Question11: What is a guideline for creating certificate signing requests (CSRs) and deploying server Certificates on ArubaOS Mobility Controllers (MCs)?

Question12: Your company policies require you to encrypt logs between network infrastructure devices and Syslog servers. What should you do to meet these requirements on an ArubaOS-CX switch?

Question13: A user attempts to connect to an SSID configured on an AOS-8 mobility architecture with Mobility Controllers (MCs) and APs. The SSID enforces WPA3-Enterprise security and uses HPE Aruba Networking ClearPass Policy Manager (CPPM) as the authentication server. The WLAN has initial role, logon, and 802.1X default role, guest.
A user attempts to connect to the SSID, and CPPM sends an Access-Accept with an Aruba-User-Role VSA of "contractor," which exists on the MC.
What does the MC do?

Question14: Refer to the exhibits.
A company has added a new user group. Users in the group try to connect to the WLAN and receive errors that the connection has no Internet access. The users cannot reach any resources. The first exhibit shows the record for one of the users who cannot connect. The second exhibit shows the role to which the AOS device assigned the user's client.
What is a likely problem?

Question15: Refer to the exhibit.
Device A is establishing an HTTPS session with the Arubapedia web sue using Chrome. The Arubapedia web server sends the certificate shown in the exhibit What does the browser do as part of vacating the web server certificate?

Question16: You are checking the Security Dashboard in the Web Ul for your ArubaOS solution and see that Wireless Intrusion Prevention (WIP) has discovered a rogue radio operating in ad hoc mode with open security. What correctly describes a threat that the radio could pose?

Question17: A company has an AOS controller-based solution with a WPA3-Enterprise WLAN, which authenticates wireless clients to HPE Aruba Networking ClearPass Policy Manager (CPPM). The company has decided to use digital certificates for authentication. A user's Windows domain computer has had certificates installed on it. However, the Networks and Connections window shows that authentication has failed for the user. The Mobility Controller's (MC's) RADIUS events show that it is receiving Access-Rejects for the authentication attempt.
What is one place that you can look for deeper insight into why this authentication attempt is failing?

Question18: What is a guideline for managing local certificates on AOS-CX switches?

Question19: The first exhibit shows roles on the MC, listed in alphabetic order. The second and third exhibits show the configuration for a WLAN to which a client connects. Which description of the role assigned to a user under various circumstances is correct?

Question20: What is a use case for implementing RadSec instead of RADIUS?

Question21: Refer to the exhibit:
port-access role role1 vlan access 11
port-access role role2 vlan access 12
port-access role role3 vlan access 13
port-access role role4 vlan access 14
aaa authentication port-access dot1x authenticator
enable
interface 1/1/1
no shutdown
no routing
vlan access 1
aaa authentication port-access critical-role role1
aaa authentication port-access preauth-role role2
aaa authentication port-access auth-role role3
interface 1/1/2
no shutdown
no routing
vlan access 1
aaa authentication port-access critical-role role1
aaa authentication port-access preauth-role role2
aaa authentication port-access auth-role role3
The exhibit shows the configuration on an AOS-CX switch.
Client1 connects to port 1/1/1 and authenticates to HPE Aruba Networking ClearPass Policy Manager (CPPM). CPPM sends an Access-Accept with this VSA: Aruba-User-Role: role4.
Client2 connects to port 1/1/2 and does not attempt to authenticate.
To which roles are the users assigned?

Question22: What is a benefit of deploying Aruba ClearPass Device insight?

Question23: What is a benefit of Protected Management Frames (PMF). sometimes called Management Frame Protection (MFP)?

Question24: What does the NIST model for digital forensics define?

Question25: What is one practice that can help you to maintain a digital chain of custody in your network?

Question26: What is one thing can you determine from the exhibits?

Question27: What is one way that Control Plane Security (CPSec) enhances security for the network?

Question28: Which correctly describes a way to deploy certificates to end-user devices?

Question29: A company has an ArubaOS controller-based solution with a WPA3-Enterprise WLAN. which authenticates wireless clients to Aruba ClearPass Policy Manager (CPPM). The company has decided to use digital certificates for authentication A user's Windows domain computer has had certificates installed on it However, the Networks and Connections window shows that authentication has tailed for the user. The Mobility Controllers (MC's) RADIUS events show that it is receiving Access-Rejects for the authentication attempt.
What is one place that you can you look for deeper insight into why this authentication attempt is failing?

Question30: A company with 439 employees wants to deploy an open WLAN for guests. The company wants the experience to be as follows:
* Guests select the WLAN and connect without having to enter a password.
* Guests are redirected to a welcome web page and log in.
The company also wants to provide encryption for the network for devices that are capable. Which security options should you implement for the WLAN?

Question31: What is one way that WPA3-Enterprise enhances security when compared to WPA2-Enterprise?

Question32: How should admins deal with vulnerabilities that they find in their systems?

Question33: This company has AOS-CX switches. The exhibit shows one access layer switch, Switch-2, as an example, but the campus actually has more switches. Switch-1 is a core switch that acts as the default router for end-user devices.
What is a correct way to configure the switches to protect against exploits from untrusted end-user devices?

Question34: Which is a correct description of a stage in the Lockheed Martin kill chain?

Question35: Two wireless clients, client 1 and client 2, are connected to an ArubaOS Mobility Controller. Subnet 10.1.10.10/24 is a network of servers on the other side of the ArubaOS firewall. The exhibit shows all three firewall rules that apply to these clients.
Which traffic is permitted?

Question36: What is one of the roles of the network access server (NAS) in the AAA framewonx?

Question37: You are troubleshooting an authentication issue for HPE Aruba Networking switches that enforce 802.1X to a cluster of HPE Aruba Networking ClearPass Policy Manager (CPPMs). You know that CPPM is receiving and processing the authentication requests because the Aruba switches are showing Access-Rejects in their statistics. However, you cannot find the record for the Access-Rejects in CPPM Access Tracker.
What is something you can do to look for the records?

Question38: What purpose does an initialization vector (IV) serve for encryption?

Question39: What is a correct guideline for the management protocols that you should use on ArubaOS-Switches?

Question40: What is one benefit of enabling Enhanced Secure mode on an ArubaOS-Switch?

Question41: An AOS-CX switch currently has no device fingerprinting settings configured on it. You want the switch to start collecting DHCP and LLDP information. You enter these commands:
Switch(config)# client device-fingerprint profile myprofile
Switch(myprofile)# dhcp
Switch(myprofile)# lldp
What else must you do to allow the switch to collect information from clients?

Question42: What is one way a noneypot can be used to launch a man-in-the-middle (MITM) attack to wireless clients?

Question43: What correctly describes the Pairwise Master Key (PMK) in thee specified wireless security protocol?

Question44: What is a correct use case for using the specified certificate file format?

Question45: You have deployed a new Aruba Mobility Controller (MC) and campus APs (CAPs). One of the WLANs enforces 802.IX authentication lo Aruba ClearPass Policy Manager {CPPM) When you test connecting the client to the WLAN. the test falls You check Aruba ClearPass Access Tracker and cannot find a record of the authentication attempt You ping from the MC to CPPM. and the ping is successful.
What is a good next step for troubleshooting?

Question46: How can ARP be used to launch attacks?

Question47: What is a guideline for managing local certificates on an ArubaOS-Switch?

Question48: You have configured a WLAN to use Enterprise security with the WPA3 version.
How does the WLAN handle encryption?

Question49: A customer has an AOS-10 network infrastructure. The customer is looking for a solution that can classify many different types of devices, including IoT devices. Which solution should you explain can provide these capabilities?

Question50: An MC has a WLAN that enforces WPA3-Enterprise with authentication to HPE Aruba Networking ClearPass Policy Manager (CPPM). The WLAN's default role is set to guest. A Mobility Controller (MC) has these roles configured on it:
authenticated
denyall
guest
general-access
guest-logon
logon
stateful-dot1x
switch-logon
voice
A client authenticates. CPPM returns an Access-Accept with an Aruba-User-Role VSA set to general_access. What role does the client receive?

Question51: What role does the Aruba ClearPass Device Insight Analyzer play in the Device Insight architecture?

Question52: From which solution can ClearPass Policy Manager (CPPM) receive detailed information about client device type OS and status?

Question53: A company with 465 employees wants to deploy an open WLAN for guests. The company wants the experience to be as follows:
Guests select the WLAN and connect without having to enter a password.
Guests are redirected to a welcome web page and log in.
The company also wants to provide encryption for the network for devices that are capable. Which security options should you implement for the WLAN?

Question54: You are setting up an Aruba mobility solution which includes a Mobility Master (MM), Mobility Controllers (MCs), and campus APs (CAPs) for a university. The university plans to enforce WPA2-Enterprise for all users' connections. The university wants to apply one set of access control rules to faculty users' traffic and a different set of rules to students' traffic.
What is the best approach for applying the correct rules to each group?

Question55: What is an Authorized client, as defined by AOS Wireless Intrusion Prevention System (WIP)?

Question56: What is one difference between EAP-Tunneled Layer security (EAP-TLS) and Protected EAP (PEAP)?

Question57: What is a reason to set up a packet capture on an HPE Aruba Networking Mobility Controller (MC)?

Question58: What is a use case for tunneling traffic between an Aruba switch and an AruDa Mobility Controller (MC)?

Question59: A company with 382 employees wants to deploy an open WLAN for guests. The company wants the experience to be as follows:

The company also wants to provide encryption for the network for devices mat are capable, you implement Tor the WLAN?
Which security options should

Question60: You have enabled 802.1X authentication on an AOS-CX switch, including on port 1/1/1. That port has these port-access roles configured on it:
Fallback role = roleA
Auth role = roleB
Critical role = roleC
No other port-access roles are configured on the port. A client connects to that port. The user succeeds authentication, and CPPM does not send an Aruba-User-Role VSA.
What role does the client receive?

Question61: What is an example of passive endpoint classification?

Question62: You have been asked to send RADIUS debug messages from an ArubaOS-CX switch to a central SIEM server at 10.5.15.6. The server is already defined on the switch with this command: logging 10.5.6.12 You enter this command: debug radius all What is the correct debug destination?

Question63: What are the roles of 802.1X authenticators and authentication servers?

Question64: Refer to the exhibit.

An admin has created a WLAN that uses the settings shown in the exhibits (and has not otherwise adjusted the settings in the AAA profile) A client connects to the WLAN Under which circumstances will a client receive the default role assignment?

Question65: Refer to the exhibit.

You are deploying a new ArubaOS Mobility Controller (MC), which is enforcing authentication to Aruba ClearPass Policy Manager (CPPM). The authentication is not working correctly, and you find the error shown In the exhibit in the CPPM Event Viewer.
What should you check?

Question66: What are some functions of an AruDaOS user role?

Question67: What is a correct guideline for the management protocols that you should use on AOS-CX switches?

Question68: The monitoring admin has asked you to set up an ArubaOS-Switch to meet these criteria:
* Send logs to a SIEM Syslog server at 10.4.13.15 at the standard UDP port (514)
* Send a log for all events at the "warning" level or above
The switch did not have any "logging" configuration on it. You then entered this command:
ArubaOS-Switch(config)# logging 10.4.13.15 udp
What should you do to finish configuring to the requirements?

Question69: What is one difference between EAP-Tunneled Layer Security (EAP-TLS) and Protected EAP (PEAP)?

Question70: What is an example or phishing?

Question71: Which correctly describes one of HPE Aruba Networking ClearPass Policy Manager's (CPPM's) device profiling methods?

Question72: You have been instructed to look in an AOS Security Dashboard's client list. Your goal is to find clients that belong to the company and have connected to devices that might belong to hackers.
Which client fits this description?

Question73: An organization has HPE Aruba Networking infrastructure, including AOS-CX switches and an AOS-8 mobility infrastructure with Mobility Controllers (MCs) and APs. Clients receive certificates from ClearPass Onboard. The infrastructure devices authenticate clients to ClearPass Policy Manager (CPPM). The company wants to start profiling clients to take their device type into account in their access rights.
What is a role that CPPM should play in this plan?

Question74: What is a Key feature of me ArubaOS firewall?

Question75: You have deployed a new HPE Aruba Networking Mobility Controller (MC) and campus APs (CAPs). One of the WLANs enforces 802.1X authentication to HPE Aruba Networking ClearPass Policy Manager (CPPM). When you test connecting the client to the WLAN, the test fails. You check ClearPass Access Tracker and cannot find a record of the authentication attempt. You ping from the MC to CPPM, and the ping is successful.
What is a good next step for troubleshooting?

Question76: Refer to the exhibit.

This Aruba Mobility Controller (MC) should authenticate managers who access the Web Ul to ClearPass Policy Manager (CPPM) ClearPass admins have asked you to use RADIUS and explained that the MC should accept managers' roles in Aruba-Admin-Role VSAs Which setting should you change to follow Aruba best security practices?

Question77: What is one benefit of a Trusted Platform Module (TPM) on an Aruba AP?

Question78: Refer to the exhibit.

A company has an Aruba Instant AP cluster. A Windows 10 client is attempting to connect a WLAN that enforces WPA3-Enterprise with authentication to ClearPass Policy Manager (CPPM). CPPM is configured to require EAP-TLS. The client authentication fails. In the record for this client's authentication attempt on CPPM, you see this alert.
What is one thing that you check to resolve this issue?

Question79: You have a network with ArubaOS-Switches for which Aruba ClearPass Policy Manager (CPPM) is acting as a TACACS+ server to authenticate managers. CPPM assigns the admins a TACACS+ privilege level, either manager or operator. You are now adding ArubaOS-CX switches to the network. ClearPass admins want to use the same CPPM service and policies to authenticate managers on the new switches.
What should you explain?

Question80: You have an HPE Aruba Networking Mobility Controller (MC) that is locked in a closet. What is another step that HPE Aruba Networking recommends to protect the MC from unauthorized access?

Question81: What is the purpose of an Enrollment over Secure Transport (EST) server?

Question82: What is a benefit of Opportunistic Wireless Encryption (OWE)?

Question83: A company has added a new user group. Users in the group try to connect to the WLAN and receive errors that the connection has no Internet access. The users cannot reach any resources. The first exhibit shows the record for one of the users who cannot connect. The second exhibit shows the role to which the ArubaOS device assigned the user's client.
What is a likely problem?

Question84: How does the ArubaOS firewall determine which rules to apply to a specific client's traffic?