Question 1 ( Topic 1 )
Which dual radio access point models support concurrent operations in the 2.4Ghz band as well as the 5Ghz band? (Choose three)
A. AP-92
B. AP-93
C. AP-105
D. AP-224
E. AP-135
Answer : CDE
Question 2 ( Topic 1 )
Which of the following APs do NOT support dual radio operations?
(Choose two)
A. AP 93
B. AP 105
C. RAP 3WN
D. AP 224
E. AP 135
Answer : AC
Question 3 ( Topic 1 )
An AP135 has been configured with 3 SSIDs supported on both 2.4Ghz and 5Ghz bands. How many GRE tunnels will be created between the AP 135 and the controller?
A. 3
B. 4
C. 6
D. 7
E. 8
Answer : D
Explanation:
1-3 "" Licensing
Question 4 ( Topic 1 )
Centralized licensing is not in use on an Aruba based network which has a Master and three local controllers. No APs terminate on the Master controller. Roles and Firewall policies need to be created and applied, hence PEF-NG license is required.
On which controller should the license be installed?
A. Only the master controller since role and firewall policies are created here.
B. only the local controllers since firewall policies are applied here
C. the master and all three local controllers
D. this isn't the correct license for this purpose, use PEF-VPN license
E. this is not needed because PEF-NG is part of base OS
Answer : C
Question 5 ( Topic 1 )
What information do you need to generate a feature license key for an Aruba controller?
A. The controller's MAC address and the feature description.
B. controller's MAC address and the certificate number
C. controller's Serial Number and the feature description
D. controller's Serial Number and the certificate number
E. controller's MAC address and Serial Number
Answer : D
Question 6 ( Topic 1 )
What are the PEF-NG license limits based on?
A. Number of APs
B. One license per controller
C. Number of users
D. Number of local controllers
E. Master Controller total user count
Answer : A
Question 7 ( Topic 1 )
Which of the following licenses are consumed by Mesh APs advertising an SSIDs?
A. AP license
B. Mesh license
C. PEF-V license
D. No license is required
E. RAP License
Answer : A
Question 8 ( Topic 1 )
The permanent licenses on the controller will be deleted with the use of which command?
A. delete license
B. write erase
C. Licenses cannot be deleted once activated
D. write erase all
E. reboot delete all
Answer : D
Question 9 ( Topic 1 )
A network administrator wants to terminate VPN sessions on a local controller in the DMZ. Which statement is true about the PEF-VPN license?
A. It is only applied to the master controller
B. It is only applied to the DMZ controller.
C. It is based on the number of APs
D. One license is needed on the master and the DMZ local
E. It is distributed by the license server as needed
Answer : D
Question 10 ( Topic 1 )
What is the best practice regarding licensing for a backup master to support Master Redundancy in a network without centralized licensing?
A. Backup master only requires the AP license
B. Supported limits and installed licenses should be the same on primary master and backup Master
C. Licenses are pushed from the primary to the backup Master along with the configuration
D. The Backup Master does not require licenses to support master redundancy
E. On the backup only one license of each type,is needed.
Answer : B
Question 11 ( Topic 1 )
Which of the following licenses can be included in the licensing pool for centralized licensing? (Choose three)
A. Factory default licenses
B. Master Controller licenses
C. Evaluation licenses
D. Local Controller licenses
E. PEFV license
Answer : BCD
Question 12 ( Topic 1 )
By default Centralized licensing messages between master and local controllers are sent ___________________.
A. In the clear unencrypted since the master and local controllers already share IPSEC tunnels.
B. Using CPSec
C. Using IPSec site to site VPN tunnels
D. Encrypted using GRE
E. PAPI
Answer : A
Question 13 ( Topic 1 )
Which of the following will occur if a master license server fails with no standby server present? (Choose two)
A. Local controllers licenses will continue to be valid for 30 days
B. Local controllers will immediately remove all installed licenses
C. No licenses will be sent to any new controllers that come online
D. All licenses go back into the pool for redistribution
E. A Local Controller elects itself master license server
Answer : AC
Question 14 ( Topic 1 )
A evaluation License is valid for a maximum of ________?
A. 30 Days
B. 60 Days
C. 90 Days
D. 6 Months
E. 12 Months
Answer : C
Question 15 ( Topic 1 )
The following licenses have been installed on these controllers:
Master-1: 8 AP licenses -
Local-2 : 8 AP licenses -
Local-3 : 5 Evaluation AP Licenses
Local-4 : 10 Factory installed AP licenses
Central Licensing is enabled. What is the AP Pool capacity on the Central License Server?
A. 8
B. 16
C. 21
D. 26
E. 31
Answer : C
Question 16 ( Topic 1 )
Centralized licensing is not enabled in a network of 1 Master and 2 Local controllers, what should be the license count on all controllers to terminate 8 APs on each Local controller and support Local redundancy?
A. 16 AP license on all controllers
B. 8 AP license on Master and 16 AP license on both locals
C. 8 AP license on all controllers
D. 1 AP license on Master and 16 AP license on both locals
E. 16 AP licenses on the Locals
Answer : D
Question 17 ( Topic 1 )
Which may be applied directly to an VLAN interface? (Choose three)
A. Access List (ACL)
B. Firewall Policy
C. Roles
D. AAA profiles
E. RF Plan Map
Answer : ABD
Question 18 ( Topic 1 )
When creating a firewall rule on an Aruba controller, which parameter is optional?
A. Destination
B. Service
C. Source
D. Log
E. Action
Answer : D
Question 19 ( Topic 1 )
What are valid methods of blacklisting a device? (Choose three)
A. Manually
B. Firewall Rule
C. Firewall Policy
D. Authentication Failures
E. Data Rate Thresholds
Answer : ABD
Question 20 ( Topic 1 )
What is the blacklist default time?
A. 30 seconds
B. 1800 seconds
C. 3600 seconds
D. No default time, it must be done manually
E. 1 day
Answer : C
Explanation:
2-2 - Roles
Question 21 ( Topic 1 )
An administrator creates a WLAN with an unmodified default AAA profile. What is the default role the user is placed in?
A. default-logon
B. logon
C. guest-logon
D. default-ap
E. AP-Role
Answer : B
Question 22 ( Topic 1 )
What is the first role a user is given when a user associates to an open WLAN?
A. the guest post authentication role
B. the initial role in the captive portal profile
C. the role in the server group profile
D. the initial role in the AAA profile
E. The initial role in the 802.1x profile
Answer : D
Question 23 ( Topic 1 )
Which of the following could be used to set a user's post-authentication role or VLAN association? (Choose two)
A. AAA default role for authentication method
B. Server Derivation Rule
C. Vendor Specific Attributes
D. AP Derivation Rule
E. The Global AAA profile
Answer : BC
Question 24 ( Topic 1 )
Which describe "roles" as used on Aruba Mobility Controllers? (Choose two)
A. Roles are assigned to users.
B. Roles are applied to interfaces.
C. Policies are built from roles.
D. A user can belong to only one role at a time.
E. Roles are a set of authentication rules
Answer : AD
Explanation:
2-3 - Aliases
Question 25 ( Topic 1 )
Which netdestination aliases are built into the controller? (Choose three)
A. logon
B. any
C. user
D. guest
E. localip
Answer : BCE
Question 26 ( Topic 1 )
What are aliases used for?
A. improve controller performance
B. simplify the configuration process
C. tie IP addresses to ports
D. assign rules to policies
E. assign policies to roles
Answer : B
Question 27 ( Topic 1 )
Which of the following firewall rules allows a user to initiate an ICMP session to other devices? (Choose two)
A. localip any svc-icmp permit
B. user any svc-icmp permit
C. user user svc-icmp permit
D. any any svc-icmp permit
E. mswitch any svc-icmp permit
Answer : BD
Question 28 ( Topic 1 )
What is true about Global Session ACL? (Choose two)
A. Any rules will apply to all users in the AP-group
B. Any rules will apply to all users in the Network
C. Any rules will apply to all users in the controller
D. Is in the first position in all roles
E. When added it is in the first position in selected Role
Answer : BD
Question 29 ( Topic 1 )
When creating a firewall rule what are valid choices for the Service/Application field? (Choose three)
A. Applications
B. Applications Category
C. Internet Protocol
D. Internet Category
E. Protocol
Answer : ABE
Explanation:
2-4 "" NAT
Question 30 ( Topic 1 )
The Aruba Policy Enforcement Firewall (PEF-NG) module supports destination network address translation (dst-nat).
Which is the default use of this statement in an Aruba controller configuration?
A. source the IP addresses of users to specific IP address
B. redirect HTTP sessions to Captive Portal
C. redirect Access Points to another Aruba controller
D. provide a telnet connection to the controller
E. redirect a SSH session to terminate on the controller
Answer : B
Question 31 ( Topic 1 )
The Aruba Policy Enforcement Firewall (PEF) module supports source network address translation (src-nat).
Which is a use of this statement in an Aruba configuration?
A. provide a single source IP address for users in a role
B. redirect Captive Portal HTTP sessions
C. redirect Access Points to another Aruba controller
D. provide IP addresses to clients
E. redirects clients to Aruba Firewall
Answer : A
Explanation:
2-5 - Policy Interpretation
Question 32 ( Topic 1 )
Review the following truncated output from an Aruba controller for this item.
(example) #show rights logon
access-list List
----------------
Position Name Location -
-------- ---- --------
1 logon-control
2 captiveportal
logon-control
-------------
Priority Source Destination Service Action
-------- ------ ----------- ------- ------
1 user any udp 68 deny
2 any any svc-icmp permit
3 any any svc-dns permit
4 any any svc-dhcp permit
5 any any svc-natt permit
captiveportal
-------------
Priority Source Destination Service Action
-------- ------ ----------- ------- ------
1 user controller svc-https dst-nat 8081
2 user any svc-http dst-nat 8080
3 user any svc-https dst-nat 8081
4 user any svc-http-proxy1 dst-nat 8088
5 user any svc-http-proxy2 dst-nat 8088
6 user any svc-http-proxy3 dst-nat 8088
Based on the above output from an Aruba controller, an unauthenticated user assigned to the logon role attempts to start an http session to IP address
172.16.43.170.
What will happen?
A. the user's traffic will be passed to the IP address because of the policy statement:user any svc-http dst-nat 8080
B. the user's traffic will be passed to the IP address because of the policy statement:user any svc-https dst-nat 8081
C. the user's traffic will be passed to the IP address because of the policy statement:user any svc-http-proxy1 dst-nat 8088
D. the user will not reach the IP address because of the policy statement:user any svc-http dst-nat 8080
E. the user will not reach the IP address because of the implicit deny any any at the end of the policy.
Answer : D
Question 33 ( Topic 1 )
Refer to the following configuration segment for this item.
ip access-list session anewone
user network 172.16.1.0 255.255.255.0 any permit
user host 172.16.1.1 any deny
user any any permit
An administrator wants users to have access to all destinations except 172.16.1.1. Based on the above Aruba Mobility Controller configuration segment, which statements best describe this policy? (Choose two)
A. The rule user host 172.16.1.1 any deny is redundant because of the implicit deny all at the end.
B. The rule user network 172.16.1.0 255.255.255.0 any permit is redundant.
C. The two rules user network 172.16.1.0 255.255.255.0 any permit and user host 172.16.1.1 any deny need to be re-sequenced.
D. The last statement user any any permit is not required
E. The last statement should be any any any deny
Answer : BC
Question 34 ( Topic 1 )
Refer to the following configuration segment for this item.
netdestination "internal"
no invert
network 172.16.43.0 255.255.255.0 position 1
range 172.16.11.0 172.16.11.16 position 2
!
ip access-list session "My-Policy"
alias "user" alias "internal" service_any permit queue low
!
A user frame is evaluated against this firewall policy with the following attributes:
Source IP: 172.17.49.3 Destination IP: 10.100.86.37 Destination Port: 80
Referring to the above file segment, how will the frame be handled by this firewall policy?
A. The frame will be dropped because of the implicit deny all at the end of the netdestination definition.
B. The frame will be dropped because of the implicit deny all at the end of the firewall policy.
C. The frame will be forwarded because of the implicit permit all at the end of the firewall policy.
D. The frame will be passed because there is no service specified in the firewall policy.
E. The frame will be dropped because there is no service specified in the firewall policy.
Answer : B
Question 35 ( Topic 1 )
ip access-list session anewone
user network 10.1.1.0 255.255.255.0 any permit
user any any permit
host 10.1.1.1 host 10.2.2.2 any deny
A user sends a frame with the following attributes:
Source IP: 10.1.1.1 Destination IP: 10.2.2.2 Destination Port: 25
Based on the above Mobility Controller configuration file segment, what will this policy do with the user frame?
A. The frame is discarded because of the implicit deny all at the end of the policy.
B. The frame is discarded because of the statement:user host 10.1.1.1 host 10.2.2.2 deny.
C. The frame is accepted because of the statement:user any any permit.
D. The frame is accepted because of the statement:user network 10.1.1.0 255.255.255.0 any permit.
E. This is not a valid policy.
Answer : C
Aruba Certified Mobility Professional Questions + Answers
-
answerhappygod
- Site Admin
- Posts: 899603
- Joined: Mon Aug 02, 2021 8:13 am