What is a use case for Transport Layer Security (TLS)?
Correct Answer: B
The use case for Transport Layer Security (TLS) is to enable a client and a server to establish secure communications for another protocol. TLS is a cryptographic protocol designed to provide secure communication over a computer network. It is widely used for web browsers and other applications that require data to be securely exchanged over a network, such as file transfers, VPN connections, and voice-over-IP (VoIP). TLS operates between the transport layer and the application layer of the Internet Protocol Suite and is used to secure various other protocols like HTTP (resulting in HTTPS), SMTP, IMAP, and more. This protocol ensures privacy and data integrity between two communicating applications. Detailed information about TLS and its use cases can be found in IETF RFC 5246, which outlines the specifications for TLS 1.2, and in subsequent RFCs that define TLS 1.3.
Question 7
How can hackers implement a man-in-the-middle (MITM) attack against a wireless client?
Correct Answer: C
A common method for hackers to perform a man-in-the-middle (MITM) attack on a wireless network is by ARP poisoning. The attacker connects to the same network as the victim and sends false ARP messages over the network. This causes the victim's device to send traffic to the attacker's machine instead of the legitimate destination, allowing the attacker to intercept the traffic.
Question 8
Which is a correct description of a stage in the Lockheed Martin kill chain?
Correct Answer: A
The Lockheed Martin Cyber Kill Chain model describes the stages of a cyber attack. In the exploitation phase, the attacker uses vulnerabilities to gain access to the system. Following this, in the installation phase, the attacker installs a backdoor or other malicious software to ensure persistent access to the compromised system. This backdoor can then be used to control the system, steal data, or execute additional attacks. References: Lockheed Martin Cyber Kill Chain framework.
Question 9
Refer to the exhibit, which shows the current network topology. You are deploying a new wireless solution with an Aruba Mobility Master (MM). Aruba Mobility Controllers (MCs). and campus APs (CAPs). The solution will Include a WLAN that uses Tunnel for the forwarding mode and Implements WPA3-Enterprise security What is a guideline for setting up the vlan for wireless devices connected to the WLAN?
Correct Answer: A
Question 10
A client is connected to a Mobility Controller (MC). These firewall rules apply to this client's role: ipv4 any any svc-dhcp permit ipv4 user 10.5.5.20 svc-dns permit ipv4 user 10.1.5.0 255.255.255.0 https permit ipv4 user 10.1.0.0 255.255.0.0 https deny_opt ipv4 user any any permit What correctly describes how the controller treats HTTPS packets to these two IP addresses, both of which are on the other side of the firewall: 10.1.20.1 10.5.5.20
Correct Answer: D
In an HPE Aruba Networking AOS-8 Mobility Controller (MC), firewall rules are applied based on the user role assigned to a client. The rules are evaluated in order, and the first matching rule determines the action (permit or deny) for the packet. The client's role has the following firewall rules: ipv4 any any svc-dhcp permit: Permits DHCP traffic (UDP ports 67 and 68) from any source to any destination. ipv4 user 10.5.5.20 svc-dns permit: Permits DNS traffic (UDP port 53) from the user to the IP address 10.5.5.20. ipv4 user 10.1.5.0 255.255.255.0 https permit: Permits HTTPS traffic (TCP port 443) from the user to the subnet 10.1.5.0/24. ipv4 user 10.1.0.0 255.255.0.0 https deny_opt: Denies HTTPS traffic from the user to the subnet 10.1.0.0/16, with the deny_opt action (which typically means deny with an optimized action, such as dropping the packet without logging). ipv4 user any any permit: Permits all other traffic from the user to any destination. The question asks how the MC treats HTTPS packets (TCP port 443) to two IP addresses: 10.1.20.1 and 10.5.5.20. HTTPS packet to 10.1.20.1: Rule 1: Does not match (traffic is HTTPS, not DHCP). Rule 2: Does not match (destination is 10.1.20.1, not 10.5.5.20; traffic is HTTPS, not DNS). Rule 3: Does not match (destination 10.1.20.1 is not in the subnet 10.1.5.0/24). Rule 4: Matches (destination 10.1.20.1 is in the subnet 10.1.0.0/16, and traffic is HTTPS). The action is deny_opt, so the packet is denied. HTTPS packet to 10.5.5.20: Rule 1: Does not match (traffic is HTTPS, not DHCP). Rule 2: Does not match (traffic is HTTPS, not DNS). Rule 3: Does not match (destination 10.5.5.20 is not in the subnet 10.1.5.0/24). Rule 4: Does not match (destination 10.5.5.20 is not in the subnet 10.1.0.0/16). Rule 5: Matches (catches all other traffic). The action is permit, so the packet is permitted. Therefore, the HTTPS packet to 10.1.20.1 is denied, and the HTTPS packet to 10.5.5.20 is permitted. Option A, "Both packets are denied," is incorrect because the packet to 10.5.5.20 is permitted. Option B, "The first packet is permitted, and the second is denied," is incorrect because the packet to 10.1.20.1 (first) is denied, and the packet to 10.5.5.20 (second) is permitted. Option C, "Both packets are permitted," is incorrect because the packet to 10.1.20.1 is denied. Option D, "The first packet is denied, and the second is permitted," is correct based on the rule evaluation. The HPE Aruba Networking AOS-8 8.11 User Guide states: "Firewall policies on the Mobility Controller are evaluated in order, and the first matching rule determines the action for the packet. For example, a rule such as ipv4 user 10.1.0.0 255.255.0.0 https deny_opt will deny HTTPS traffic to the specified subnet, while a subsequent rule like ipv4 user any any permit will permit all other traffic that does not match earlier rules. The 'user' keyword in the rule refers to the client's IP address, and the rules are applied to traffic initiated by the client." (Page 325, Firewall Policies Section) Additionally, the guide notes: "The deny_opt action in a firewall rule drops the packet without logging, optimizing performance for high-volume traffic. Rules are processed sequentially, and only the first matching rule is applied." (Page 326, Firewall Actions Section) : HPE Aruba Networking AOS-8 8.11 User Guide, Firewall Policies Section, Page 325. HPE Aruba Networking AOS-8 8.11 User Guide, Firewall Actions Section, Page 326.
