Which is a correct description of a stage in the Lockheed Martin kill chain?
A. In the delivery stage, malware collects valuable data and delivers or exfilltrated it to the hacker.
B. In the reconnaissance stage, the hacker assesses the impact of the attack and how much information was exfilltrated.
C. In the weaponization stage, which occurs after malware has been delivered to a system, the malware executes Its function.
D. In the exploitation and installation phases, malware creates a backdoor into the infected system for the hacker.
You have been instructed to look in the ArubaOS Security Dashboard's client list Your goal is to find clients mat belong to the company and have connected to devices that might belong to hackers.
Which client fits this description?
A. MAC address d8:50:e6:f3;6d;a4; Client Classification Authorized; AP Classification, interfering
B. MAC address d8:50:e6 f3;6e;c5; Client Classification Interfering. AP Classification Neighbor
C. MAC address d8:50:e6:f3;6e;60; Client Classification Interfering. AP Classification Interfering
D. MAC address d8:50:e6:f3;TO;ab; Client Classification Interfering. AP Classification Rogue
What is a vulnerability of an unauthenticated Dime-Heliman exchange?
A. A hacker can replace the public values exchanged by the legitimate peers and launch an MITM attack.
B. A brute force attack can relatively quickly derive Diffie-Hellman private values if they are able to obtain public values
C. Diffie-Hellman with elliptic curve values is no longer considered secure in modem networks, based on NIST recommendations.
D. Participants must agree on a passphrase in advance, which can limit the usefulness of Diffie- Hell man in practical contexts.
You need to deploy an Aruba instant AP where users can physically reach It. What are two recommended options for enhancing security for management access to the AP? (Select two )
A. Disable Its console ports
B. Place a Tamper Evident Label (TELS) over its console port
C. Disable the Web Ul.
D. Configure WPA3-Enterpnse security on the AP
E. install a CA-signed certificate
Which correctly describes a way to deploy certificates to end-user devices?
A. ClearPass Onboard can help to deploy certificates to end-user devices, whether or not they are members of a Windows domain
B. ClearPass Device Insight can automatically discover end-user devices and deploy the proper certificates to them
C. ClearPass OnGuard can help to deploy certificates to end-user devices, whether or not they are members of a Windows domain
D. in a Windows domain, domain group policy objects (GPOs) can automatically install computer, but not user certificates
What is a benefit or using network aliases in ArubaOS firewall policies?
A. You can associate a reputation score with the network alias to create rules that filler traffic based on reputation rather than IP.
B. You can use the aliases to translate client IP addresses to other IP addresses on the other side of the firewall
C. You can adjust the IP addresses in the aliases, and the rules using those aliases automatically update
D. You can use the aliases to conceal the true IP addresses of servers from potentially untrusted clients.
What correctly describes the Pairwise Master Key (PMK) in thee specified wireless security protocol?
A. In WPA3-Enterprise, the PMK is unique per session and derived using Simultaneous Authentication of Equals.
B. In WPA3-Personal, the PMK is unique per session and derived using Simultaneous Authentication of Equals.
C. In WPA3-Personal, the PMK is derived directly from the passphrase and is the same tor every session.
D. In WPA3-Personal, the PMK is the same for each session and is communicated to clients that authenticate
What is a guideline for managing local certificates on an ArubaOS-Switch?
A. Before installing the local certificate, create a trust anchor (TA) profile with the root CA certificate for the certificate that you will install
B. Install an Online Certificate Status Protocol (OCSP) certificate to simplify the process of enrolling and re-enrolling for certificate
C. Generate the certificate signing request (CSR) with a program offline, then, install both the certificate and the private key on the switch in a single file.
D. Create a self-signed certificate online on the switch because ArubaOS-Switches do not support CA-signed certificates.
How does the ArubaOS firewall determine which rules to apply to a specific client's traffic?
A. The firewall applies every rule that includes the dent's IP address as the source
B. The firewall applies the rules in policies associated with the client's wlan
C. The firewall applies thee rules in policies associated with the client's user role
D. The firewall applies every rule that includes the client's IP address as the source or destination
What is a use case for tunneling traffic between an Aruba switch and an AruDa Mobility Controller (MC)?
A. applying firewall policies and deep packet inspection to wired clients
B. enhancing the security of communications from the access layer to the core with data encryption
C. securing the network infrastructure control plane by creating a virtual out-of-band- management network
D. simplifying network infrastructure management by using the MC to push configurations to the switches
