Which correctly describes a way to deploy certificates to end-user devices?
Correct Answer: A
Question 27
You need to set up Aruba network infrastructure devices for management with SNMP. The SNMP server has this SNMPv3 user configured on it: username: airwave auth algorithm: sha auth key: fyluqp18@S!9a priv algorithm: aes priv key: 761oxaiaoeu19& What correctly describes the setup on the infrastructure device?
Correct Answer: D
In SNMPv3, security is paramount and each SNMP entity (client or agent) needs to have a user with a security name (username) and optionally, a security level which determines whether authentication and encryption are used. When configuring SNMPv3 users on network infrastructure devices, it is essential to match the username, authentication (auth) algorithm, authentication key (auth key), privacy (priv) algorithm, and privacy key (priv key) exactly as they are configured on the SNMP server to ensure successful communication. This is because the SNMPv3 security model relies on a combination of a username and a pair of keys (authentication and privacy keys) to uniquely identify and secure communication between the agent and the manager. The keys are used to verify the integrity (auth key) and confidentiality (priv key) of the messages. Using the same algorithms ensures that the messages can be properly encrypted and decrypted on both ends.
Question 28
What is one way that Control Plane Security (CPSec) enhances security for the network?
Correct Answer: A
Control Plane Security (CPSec) is a feature in HPE Aruba Networking's AOS-8 architecture that secures the communication between Access Points (APs) and Mobility Controllers (MCs). The control plane includes management traffic, such as AP registration, configuration updates, and heartbeat messages, which are critical for the operation of the wireless network. Option A, "It protects management traffic between APs and Mobility Controllers (MCs) from eavesdropping," is correct. CPSec uses certificate-based authentication and encryption (IPSec tunnels) to secure the control plane communication between APs and MCs. This ensures that management traffic, which includes sensitive information like configuration data and AP status, is encrypted and protected from eavesdropping by unauthorized parties on the network. Option B, "It prevents Denial of Service (DoS) attacks against Mobility Controllers' (MCs') control plane," is incorrect. While CPSec enhances security by authenticating APs and encrypting traffic, it is not specifically designed to prevent DoS attacks. DoS attacks against the control plane are mitigated by other features, such as rate limiting or firewall policies on the MC. Option C, "It protects wireless clients' traffic, tunneled between APs and Mobility Controllers, from eavesdropping," is incorrect. CPSec protects the control plane (management traffic), not the data plane (client traffic). Client traffic in a tunneled architecture (e.g., GRE tunnels) is protected by the client's wireless encryption (e.g., WPA3), not CPSec. Option D, "It prevents access from unauthorized IP addresses to critical services, such as SSH, on Mobility Controllers (MCs)," is incorrect. CPSec does not control access to services like SSH on the MC. Access to such services is managed by other features, such as access control lists (ACLs) or management authentication settings on the MC. The HPE Aruba Networking AOS-8 8.11 User Guide states: "Control Plane Security (CPSec) enhances network security by protecting the management traffic between Access Points (APs) and Mobility Controllers (MCs). When CPSec is enabled, the control plane communication is secured using certificate-based authentication and IPSec encryption, preventing eavesdropping and ensuring that only authorized APs can communicate with the MC. This protects sensitive management data, such as AP configuration and status updates, from being intercepted." (Page 392, CPSec Overview Section) Additionally, the HPE Aruba Networking CPSec Deployment Guide notes: "CPSec secures the control plane by encrypting management traffic between APs and MCs, ensuring that attackers cannot eavesdrop on or tamper with this communication. It does not protect client data traffic, which is secured by wireless encryption protocols like WPA3." (Page 8, CPSec Benefits Section) : HPE Aruba Networking AOS-8 8.11 User Guide, CPSec Overview Section, Page 392. HPE Aruba Networking CPSec Deployment Guide, CPSec Benefits Section, Page 8.
Question 29
You are managing an Aruba Mobility Controller (MC). What is a reason for adding a "Log Settings" definition in the ArubaOS Diagnostics > System > Log Settings page?
Correct Answer: C
Question 30
A company has an ArubaOS controller-based solution with a WPA3-Enterprise WLAN. which authenticates wireless clients to Aruba ClearPass Policy Manager (CPPM). The company has decided to use digital certificates for authentication A user's Windows domain computer has had certificates installed on it However, the Networks and Connections window shows that authentication has tailed for the user. The Mobility Controllers (MC's) RADIUS events show that it is receiving Access-Rejects for the authentication attempt. What is one place that you can you look for deeper insight into why this authentication attempt is failing?
