Chat with AI
Deck 19: Aruba Certified Switching Associate
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
A network engineer is having a problem adding a custom-written script to an AOS-CX switch's NAE GUI. The script was written in Python and was successfully added on other AOS-CX switches. The engineer examines the following items from the CLI of the switch: 
What should the engineer perform to fix this issue?
A) Install the script's signature before installing the new script
B) Ensure the engineer's desktop and the AOS-CX switch are synchronized to the same NTP server
C) Enable trust settings for the AOS-CX switch's SSL certificate
D) Remove a script that is no longer used before installing the new script
What should the engineer perform to fix this issue?A) Install the script's signature before installing the new script
B) Ensure the engineer's desktop and the AOS-CX switch are synchronized to the same NTP server
C) Enable trust settings for the AOS-CX switch's SSL certificate
D) Remove a script that is no longer used before installing the new script
Question
Question
Question
Question
Question
Question
Question
Question
Examine the network exhibit. 
A company has a guest implementation for wireless and wired access. Wireless access is implemented through a third-party vendor. The company is concerned about wired guest traffic traversing the same network as the employee traffic. The network administrator has established a GRE tunnel between AOS-CX switches where guests are connected to a routing switch in the DMZ. Which feature should the administrator implement to ensure that the guest traffic is tunneled to the DMZ while the employee traffic is forwarded using OSPF?
A) OSPF route maps using the "set metric" command
B) Policy-based routing (PBR)
C) User-based tunneling (UBT)
D) Classifier policies
A company has a guest implementation for wireless and wired access. Wireless access is implemented through a third-party vendor. The company is concerned about wired guest traffic traversing the same network as the employee traffic. The network administrator has established a GRE tunnel between AOS-CX switches where guests are connected to a routing switch in the DMZ. Which feature should the administrator implement to ensure that the guest traffic is tunneled to the DMZ while the employee traffic is forwarded using OSPF?A) OSPF route maps using the "set metric" command
B) Policy-based routing (PBR)
C) User-based tunneling (UBT)
D) Classifier policies
Question
Question
Question
Question
Question
Question
Question
Question
Question
An administrator has configured the following on an AOS-CX switch: 
What is the correct ACL rule configuration that would allow traffic from anywhere to reach the web ports on the two specified servers?
A) access-list ip server 10 permit tcp any web-servers group web-ports
B) access-list ip server 10 permit tcp any object-group web-servers object-group web-ports
C) access-list ip server 10 permit tcp any group web-servers group web-ports
D) access-list ip server 10 permit tcp any web-servers web-ports
What is the correct ACL rule configuration that would allow traffic from anywhere to reach the web ports on the two specified servers?A) access-list ip server 10 permit tcp any web-servers group web-ports
B) access-list ip server 10 permit tcp any object-group web-servers object-group web-ports
C) access-list ip server 10 permit tcp any group web-servers group web-ports
D) access-list ip server 10 permit tcp any web-servers web-ports
Question
Question
Question
Question
Question
Question
Question
Question
Question
Examine the following AOS-CX configuration: 
Based on this configuration, which statement is correct regarding IoT traffic?
A) If 10.100.1.2 is not reachable, the IoT traffic will be automatically dropped by the switch
B) If a specific route is not available in the routing table, the traffic will be routed to 10.100.1.2
C) The next hop of 10.100.1.2 can be one or more hops away from the AOS-CX switch
D) All routes are ignored in the routing table for IoT traffic, which is routed to 10.100.1.2
Based on this configuration, which statement is correct regarding IoT traffic?A) If 10.100.1.2 is not reachable, the IoT traffic will be automatically dropped by the switch
B) If a specific route is not available in the routing table, the traffic will be routed to 10.100.1.2
C) The next hop of 10.100.1.2 can be one or more hops away from the AOS-CX switch
D) All routes are ignored in the routing table for IoT traffic, which is routed to 10.100.1.2
Question
Examine the network exhibit: 
The ACL configuration defined on Core-1 is as follows: 
If telnet was being used, which device connection would be permitted and functional in both directions? (Choose two.)
A) Client 3 to Client 2
B) Client 1 to Client 2
C) Server 2 to Client 2
D) Server 1 to Client 1
E) Client 1 to Client 3
The ACL configuration defined on Core-1 is as follows: If telnet was being used, which device connection would be permitted and functional in both directions? (Choose two.)A) Client 3 to Client 2
B) Client 1 to Client 2
C) Server 2 to Client 2
D) Server 1 to Client 1
E) Client 1 to Client 3
Question
Question
Examine the configuration performed on newly deployed AOS-CX switches: 
After performing this configuration, the administrator notices that the switch ports always remain in the EAP-start state. What should the administrator do to fix this problem?
A) Define the server group cppm
B) Set the ports to client-mode
C) Create and assign a local user role to the ports
D) Enable change of authorization (CoA)
After performing this configuration, the administrator notices that the switch ports always remain in the EAP-start state. What should the administrator do to fix this problem?A) Define the server group cppm
B) Set the ports to client-mode
C) Create and assign a local user role to the ports
D) Enable change of authorization (CoA)
Question
Examine the following AOS-CX switch configuration: 
Which statement correctly describes what is allowed for traffic entering interface 1/1/3?
A) IP traffic from 10.1.11.0/24 is allowed to access 10.1.110.0/24
B) IP traffic from 10.0.11.0/24 is allowed to access 10.1.12.0/24
C) Traffic from 10.0.12.0/24 will generate a log record when accessing 10.0.11.0/24
D) IP traffic from 10.1.12.0/24 is allowed to access 172.0.1.0/23
Which statement correctly describes what is allowed for traffic entering interface 1/1/3?A) IP traffic from 10.1.11.0/24 is allowed to access 10.1.110.0/24
B) IP traffic from 10.0.11.0/24 is allowed to access 10.1.12.0/24
C) Traffic from 10.0.12.0/24 will generate a log record when accessing 10.0.11.0/24
D) IP traffic from 10.1.12.0/24 is allowed to access 172.0.1.0/23
Question
Examine the AOS-CS switch output: 
Based on this output, what is correct?
A) 802.1X authentication was successful, but MAC authentication is yet to start
B) 802.1X authentication occurred and downloadable user roles are deployed
C) A local user role was deployed using a ClearPass solution
D) Only 802.1X authentication is configured on the port
Based on this output, what is correct?A) 802.1X authentication was successful, but MAC authentication is yet to start
B) 802.1X authentication occurred and downloadable user roles are deployed
C) A local user role was deployed using a ClearPass solution
D) Only 802.1X authentication is configured on the port
Question
Question
Question
Examine the attached diagram 
Two AOS-CX switches are configured for VSX at the access layer, where servers attached to them. An SVI interface is configured for VLAN 10 and serves as the default gateway for VLAN 10. The ISL link between the switches fails, but the keepalive interface functions. Active gateway has been configured on the switches. What is correct about access from the servers to the Core?
A) Server 2 can successfully access the core layer via the keepalive link.
B) Server 1 and Server 2 can communicate with each other via the core layer.
C) Server 2 cannot access the core layer.
D) Server 1 can access the core layer via both uplinks.
Two AOS-CX switches are configured for VSX at the access layer, where servers attached to them. An SVI interface is configured for VLAN 10 and serves as the default gateway for VLAN 10. The ISL link between the switches fails, but the keepalive interface functions. Active gateway has been configured on the switches. What is correct about access from the servers to the Core?A) Server 2 can successfully access the core layer via the keepalive link.
B) Server 1 and Server 2 can communicate with each other via the core layer.
C) Server 2 cannot access the core layer.
D) Server 1 can access the core layer via both uplinks.
Question
Question
Question
Examine the attached exhibit. 
The network administrators is trying to add a remote location as area 3 to the network shown in the diagram. Based on current connection restrictions, the administrator cannot connect area 3 directly to area 0. The network is using AOS-CX switches. Which feature should the administrator implement to provide connectivity to the remote location?
A) Not-so-stubby areas
B) Bidirectional forward detection (BFD)
C) OSPFv3
D) Virtual links
The network administrators is trying to add a remote location as area 3 to the network shown in the diagram. Based on current connection restrictions, the administrator cannot connect area 3 directly to area 0. The network is using AOS-CX switches. Which feature should the administrator implement to provide connectivity to the remote location?A) Not-so-stubby areas
B) Bidirectional forward detection (BFD)
C) OSPFv3
D) Virtual links
Question
Question
Question
Question
Question
Question
Question
Question
Examine the network topology. 
The network is configured for OSPF with the following attributes: Core1 and Core2 and ABRs Area 1 has 20 networks in the 10.1.0.0/16 range Area 0 has 10 networks in the 10.0.0.0/16 range Area 2 has 50 networks in the 10.2.0.0/16 range The ASBR is importing a static route into Area 1 Core2 has a summary for Area 2: area 0.0.0.2 range 10.2.0.0/16 type inter-area Here is the OSPF configuration performed on Core1: 
Based on the above information, what is correct?
A) Area 0 has 13 routes
B) Core1 has no OSPF routes
C) Core1 has received one LSA Type 5 from the ASBR
D) Area 1 has 23 routes
The network is configured for OSPF with the following attributes: Core1 and Core2 and ABRs Area 1 has 20 networks in the 10.1.0.0/16 range Area 0 has 10 networks in the 10.0.0.0/16 range Area 2 has 50 networks in the 10.2.0.0/16 range The ASBR is importing a static route into Area 1 Core2 has a summary for Area 2: area 0.0.0.2 range 10.2.0.0/16 type inter-area Here is the OSPF configuration performed on Core1: Based on the above information, what is correct?A) Area 0 has 13 routes
B) Core1 has no OSPF routes
C) Core1 has received one LSA Type 5 from the ASBR
D) Area 1 has 23 routes
Question
Question
Question
Question
An AOS-CX switch is configured to implement downloadable user roles. Examine the AOS-CX switch output: 
Based on this output, what is the state of the user's access?
A) No downloadable user role exists
B) MAC authentication has passed, but 802.1X authentication is in progress
C) The RADIUS request timed out to the AAA server
D) The port should be configured for 802.1X
Based on this output, what is the state of the user's access?A) No downloadable user role exists
B) MAC authentication has passed, but 802.1X authentication is in progress
C) The RADIUS request timed out to the AAA server
D) The port should be configured for 802.1X
Question
Question
Examine the commands entered on an AOS-CX switch: 
What is true regarding this configuration for traffic received on interface 100?
A) The default next-hop address supersedes the two preceding next-hop addresses
B) The traffic is always dropped is the next-hop addresses are unreachable
C) The traffic will be routed with the IP routing table entries if the next-hop addresses are unreachable
D) The next-hop address of 1.1.1.1 is overwritten by the next-hop address of 2.2.2.2
What is true regarding this configuration for traffic received on interface 100?A) The default next-hop address supersedes the two preceding next-hop addresses
B) The traffic is always dropped is the next-hop addresses are unreachable
C) The traffic will be routed with the IP routing table entries if the next-hop addresses are unreachable
D) The next-hop address of 1.1.1.1 is overwritten by the next-hop address of 2.2.2.2
Question
Question
Question
Examine the partial output of the BGP routing table of an AOS-CX switch: 
The switch is learning about four possible path to reach the 1.0.0.0/8 network. Based on this output, which next-hop route will the AOS-CX select to be placed in the IP routing table?
A) 192.168.1.5
B) 192.168.2.5
C) 192.168.3.5
D) 192.168.4.5
The switch is learning about four possible path to reach the 1.0.0.0/8 network. Based on this output, which next-hop route will the AOS-CX select to be placed in the IP routing table?A) 192.168.1.5
B) 192.168.2.5
C) 192.168.3.5
D) 192.168.4.5
Question
Question
Question
Question
Question
Question
Examine the network topology. 
The network is configured for OSPF with the following attributes: Core1 and Core2 and ABRs Area 1 has 20 networks in the 10.1.0.0/16 range Area 0 has 10 networks in the 10.0.0.0/16 range Area 2 has 50 networks in the 10.2.0.0/16 range The ASBR is importing a static route into Area 1 Core2 has a summary for Area 2: area 0.0.0.2 range 10.2.0.0/16 type inter-area Here is the OSPF configuration performed on Core1: 
Based on the above information, what is correct?
A) ISP 1 is not reachable from any area.
B) Core1 has received one type 5 LSA from the ASBR.
C) Area 0 has 81 routes
D) Area 1 has 23 routes
The network is configured for OSPF with the following attributes: Core1 and Core2 and ABRs Area 1 has 20 networks in the 10.1.0.0/16 range Area 0 has 10 networks in the 10.0.0.0/16 range Area 2 has 50 networks in the 10.2.0.0/16 range The ASBR is importing a static route into Area 1 Core2 has a summary for Area 2: area 0.0.0.2 range 10.2.0.0/16 type inter-area Here is the OSPF configuration performed on Core1: Based on the above information, what is correct?A) ISP 1 is not reachable from any area.
B) Core1 has received one type 5 LSA from the ASBR.
C) Area 0 has 81 routes
D) Area 1 has 23 routes
Question
Question
Question
Examine the network topology. 
Company XYZ has two connections to a service provider (ISP1). Here is the configuration of Router1: 
Here is the configuration of Router2: 
Based on configuration of Router1 and Router2, which BGP metric is being manipulated?
A) Weight
B) Multiple exit discriminator
C) Local preference
D) AS path length
Company XYZ has two connections to a service provider (ISP1). Here is the configuration of Router1: Here is the configuration of Router2: Based on configuration of Router1 and Router2, which BGP metric is being manipulated?A) Weight
B) Multiple exit discriminator
C) Local preference
D) AS path length
Question
Question
Examine the network exhibit. 
A network administrator is implementing OSPF on a VSX pair of aggregation switches: Agg1 and Agg2. VLANs 10 and 20 are connected to layer-2 access switches. Agg-1 and Agg-2 are configured as the default gateway for VLANs 10 and 20, with active gateway enabled. What is the best practice for configuring OSPF on the aggregation switches and their connection to the Core switch?
A) Define a layer-2 VSX LAG associated with a layer-3 VLAN interface. Enable active gateway for the Layer-3 VLAN.
B) Define separate layer-3 VLAN interfaces between the aggregation and core switches. Enable active forwarding for the Layer-3 VLAN.
C) Define separate layer-3 VLAN interfaces between the aggregation and core switches. Enable active gateway for the Layer-3 VLAN.
D) Define a layer-2 VSX LAG associated with a layer-3 VLAN interface. Enable active forwarding for the Layer-3 VLAN.
A network administrator is implementing OSPF on a VSX pair of aggregation switches: Agg1 and Agg2. VLANs 10 and 20 are connected to layer-2 access switches. Agg-1 and Agg-2 are configured as the default gateway for VLANs 10 and 20, with active gateway enabled. What is the best practice for configuring OSPF on the aggregation switches and their connection to the Core switch?A) Define a layer-2 VSX LAG associated with a layer-3 VLAN interface. Enable active gateway for the Layer-3 VLAN.
B) Define separate layer-3 VLAN interfaces between the aggregation and core switches. Enable active forwarding for the Layer-3 VLAN.
C) Define separate layer-3 VLAN interfaces between the aggregation and core switches. Enable active gateway for the Layer-3 VLAN.
D) Define a layer-2 VSX LAG associated with a layer-3 VLAN interface. Enable active forwarding for the Layer-3 VLAN.
Question
Question
Question
Question
Question
Question
An administrator wants to drop traffic from VLAN 6 (10.1.6.0/24) to VLAN 5 (10.1.5.0/24), but allow all other traffic. What is correct configuration to accomplish this?
A)
B)
C)
D)
A)
B)
C)
D)
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/98
Play
Full screen (f)
Deck 19: Aruba Certified Switching Associate
1
A company has implemented 802.1X authentication on AOS-CX access switches, where two ClearPass servers are used to implement AAA. Each switch has the two servers defined. A network engineer notices the following command configured on the AOS-CX switches: radius-server tracking user-name monitor password plaintext aruba123 What is the purpose of this configuration?
A) Implement replay protection for AAA messages
B) Define the account to implement downloadable user roles
C) Speed up the AAA authentication process
D) Define the account to implement change of authorization
A) Implement replay protection for AAA messages
B) Define the account to implement downloadable user roles
C) Speed up the AAA authentication process
D) Define the account to implement change of authorization
Speed up the AAA authentication process
2
How is voice traffic prioritized correctly on AOS-CX switches?
A) By defining device profiles with QOS settings
B) By placing it in the strict priority queue
C) By implementing voice VLANs
D) By implementing weighted fair queueing (WFQ)
A) By defining device profiles with QOS settings
B) By placing it in the strict priority queue
C) By implementing voice VLANs
D) By implementing weighted fair queueing (WFQ)
By implementing voice VLANs
3
A network administrator needs to replace an antiquated access layer solution with a modular solution involving AOS-CX switches. The administrator wants to leverage virtual switching technologies. The solution needs to support high-availability with dual-control planes. Which solution should the administrator implement?
A) AOS-CX 8325
B) AOS-CX 6300
C) AOS-CX 6400
D) AOS-CX 8400
A) AOS-CX 8325
B) AOS-CX 6300
C) AOS-CX 6400
D) AOS-CX 8400
AOS-CX 8325
4
A network administrator is managing a network that deploys a multicast service. The administrator has multiple streams successfully being routed by PIM-DM in the network. The administrator then adds a new stream with a destination address of 239.0.0.1. However, clients who have not joined the stream are receiving it. What should the administrator do to fix this problem?
A) Verify that IGMP is enabled between the switches connecting the multicast source and receivers
B) Change the destination multicast address to 239.1.1.1
C) Define the 239.0.0.1 stream on the rendezvous point (RP)
D) Define the 239.0.0.1 stream on the PIM candidate bootstrap router
A) Verify that IGMP is enabled between the switches connecting the multicast source and receivers
B) Change the destination multicast address to 239.1.1.1
C) Define the 239.0.0.1 stream on the rendezvous point (RP)
D) Define the 239.0.0.1 stream on the PIM candidate bootstrap router
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
5
An administrator is replacing the current access switches with AOS-CX switches. The access layer switches must authenticate user and networking devices connecting to them. Some devices support no form of authentication, and some support 802.1X. Some ports have a VoIP phone and a PC connected to the same port, where the PC is connected to the data port of the phone and the phone's LAN port is connected to the switch. Which statement is correct about this situation?
A) 802.1X must be configured to work in fallback mode
B) Device fingerprinting is required for authentication
C) The client-limit setting for port access needs to be changed
D) Device mode should be implemented
A) 802.1X must be configured to work in fallback mode
B) Device fingerprinting is required for authentication
C) The client-limit setting for port access needs to be changed
D) Device mode should be implemented
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
6
Which protocols are used by NetEdit to interact with third-party devices? (Choose two.)
A) telnet
B) SNMP
C) SSH
D) Restful API
E) CDP
A) telnet
B) SNMP
C) SSH
D) Restful API
E) CDP
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
7
A network engineer is having a problem adding a custom-written script to an AOS-CX switch's NAE GUI. The script was written in Python and was successfully added on other AOS-CX switches. The engineer examines the following items from the CLI of the switch: What should the engineer perform to fix this issue?
A) Install the script's signature before installing the new script
B) Ensure the engineer's desktop and the AOS-CX switch are synchronized to the same NTP server
C) Enable trust settings for the AOS-CX switch's SSL certificate
D) Remove a script that is no longer used before installing the new script
What should the engineer perform to fix this issue?A) Install the script's signature before installing the new script
B) Ensure the engineer's desktop and the AOS-CX switch are synchronized to the same NTP server
C) Enable trust settings for the AOS-CX switch's SSL certificate
D) Remove a script that is no longer used before installing the new script
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
8
A network administrator is attempting to troubleshoot a connectivity issue between a group of users and a particular server. The administrator needs to examine the packets over a period of time from their desktop; however, the administrator is not directly connected to the AOS-CX switch involved with the traffic flow. What is correct regarding the ERSPAN session that needs to be established on an AOS-CX switch? (Choose two.)
A) On the source AOS-CX switch, the destination specified is the switch to which the administrator's desktop is connected
B) On the source AOS-CX switch, the destination specified is the administrator's desktop
C) The encapsulation protocol used is GRE
D) The encapsulation protocol used is VXLAN
E) The encapsulation protocol is UDP
A) On the source AOS-CX switch, the destination specified is the switch to which the administrator's desktop is connected
B) On the source AOS-CX switch, the destination specified is the administrator's desktop
C) The encapsulation protocol used is GRE
D) The encapsulation protocol used is VXLAN
E) The encapsulation protocol is UDP
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
9
Which statement is correct regarding ACLs and TCAM usage?
A) Applying an ACL to a group of ports consumes the same resources as specific ACE entries
B) Using object groups consumes the same resources as specific ACE entries
C) Compression is automatically enabled for ASIC TCAMs on AOS-CX switches
D) Applying an ACL to a group of VLANs consumes the same resources as specific ACE entries
A) Applying an ACL to a group of ports consumes the same resources as specific ACE entries
B) Using object groups consumes the same resources as specific ACE entries
C) Compression is automatically enabled for ASIC TCAMs on AOS-CX switches
D) Applying an ACL to a group of VLANs consumes the same resources as specific ACE entries
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
10
A company has an existing wireless solution involving Aruba APs and Mobility controllers running 8.4 code. The solution leverages a third-party AAA solution. The company is replacing existing access switches with AOS-CX 6300 and 6400 switches. The company wants to leverage the same security and firewall policies for both wired and wireless traffic. Which solution should the company implement?
A) RADIUS dynamic authorization
B) Downloadable user roles
C) IPSec
D) User-based tunneling
A) RADIUS dynamic authorization
B) Downloadable user roles
C) IPSec
D) User-based tunneling
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
11
What is correct regarding the operation of VSX and multicasting with PIM-SM routing configured?
A) Each VSX peers runs PIM and builds its own group database. One of the VSX peers is elected as the designated router (DR) to forward multicast streams to a receiver VLAN
B) Each VSX peers runs PIM and creates a shared group database. Both VSX peers can forward multicast streams to receivers in a VLAN, achieving load sharing
C) Each VSX peers runs PIM and builds its own group database. Both VSX peers can forward multicast streams to receivers in a VLAN, achieving load sharing
D) Each VSX peers runs PIM and creates a shared group database. One of the VSX peers is elected as the designated router (DR) to forward multicast streams to a receiver VLAN
A) Each VSX peers runs PIM and builds its own group database. One of the VSX peers is elected as the designated router (DR) to forward multicast streams to a receiver VLAN
B) Each VSX peers runs PIM and creates a shared group database. Both VSX peers can forward multicast streams to receivers in a VLAN, achieving load sharing
C) Each VSX peers runs PIM and builds its own group database. Both VSX peers can forward multicast streams to receivers in a VLAN, achieving load sharing
D) Each VSX peers runs PIM and creates a shared group database. One of the VSX peers is elected as the designated router (DR) to forward multicast streams to a receiver VLAN
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
12
An administrator wants to track what configuration changes were made on a switch. What should the administrator implement to see the configuration changes on an AOS-CX switch?
A) AAA authorization
B) Network Analysis Engine (NAE)
C) AAA authentication
D) VSX synchronization logging
A) AAA authorization
B) Network Analysis Engine (NAE)
C) AAA authentication
D) VSX synchronization logging
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
13
An administrator has an AOS-CX switch configured with: router ospf 1 area 0 area 1 stub no-summary It is the only ABR for area 1. The switch has the appropriate adjacencies to routing switches in areas 0 and 1. The current routes in each area are: Area 0: 5 routes (LSA Type 1 and 2) Area 1: 10 routes (LSA Type 1 and 2) External routes: 2 (LSA Type 5) Based on the above configuration, how many OSPF routes will routing switches see in Area 1?
A) 15
B) 6
C) 11
D) 12
A) 15
B) 6
C) 11
D) 12
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
14
What is correct regarding the tunneling of user traffic between AOS-CX switches and Aruba Mobility Controllers (MCs)?
A) Uses IPSec to protect the management and data traffic
B) Uses IPSec to protect the management traffic
C) Supports only port-based tunneling
D) Uses the same management protocol as Aruba APs
A) Uses IPSec to protect the management and data traffic
B) Uses IPSec to protect the management traffic
C) Supports only port-based tunneling
D) Uses the same management protocol as Aruba APs
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
15
Examine the network exhibit. A company has a guest implementation for wireless and wired access. Wireless access is implemented through a third-party vendor. The company is concerned about wired guest traffic traversing the same network as the employee traffic. The network administrator has established a GRE tunnel between AOS-CX switches where guests are connected to a routing switch in the DMZ. Which feature should the administrator implement to ensure that the guest traffic is tunneled to the DMZ while the employee traffic is forwarded using OSPF?
A) OSPF route maps using the "set metric" command
B) Policy-based routing (PBR)
C) User-based tunneling (UBT)
D) Classifier policies
A company has a guest implementation for wireless and wired access. Wireless access is implemented through a third-party vendor. The company is concerned about wired guest traffic traversing the same network as the employee traffic. The network administrator has established a GRE tunnel between AOS-CX switches where guests are connected to a routing switch in the DMZ. Which feature should the administrator implement to ensure that the guest traffic is tunneled to the DMZ while the employee traffic is forwarded using OSPF?A) OSPF route maps using the "set metric" command
B) Policy-based routing (PBR)
C) User-based tunneling (UBT)
D) Classifier policies
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
16
An administrator is implementing a downloadable user role solution involving AOS-CX switches. The AAA solution and the AOS-CX switches can successfully authenticate users; however, the role information fails to download to the switches. What policy should be added to an intermediate firewall to allow the downloadable role function to succeed?
A) Allow TCP 443
B) Allow UDP 1811
C) Allow UDP 8211
D) Allow TCP 22
A) Allow TCP 443
B) Allow UDP 1811
C) Allow UDP 8211
D) Allow TCP 22
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
17
Which option correctly defines how to identify a VLAN as a voice VLAN on an AOS-CX switch?
A) Switch(config)# port-access lldp-group Switch(config-lldp-group)# vlan
B) Switch(config)# port-access role Switch(config-pa-role)# vlan access
C) Switch(config)# vlan Switch(config-vlan-)# voice
D) Switch(config)# vlan voice
A) Switch(config)# port-access lldp-group
B) Switch(config)# port-access role
C) Switch(config)# vlan
D) Switch(config)# vlan
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
18
An administrator is implementing a multicast solution in a multi-VLAN network. Which statement is true about the configuration of the switches in the network?
A) IGMP snooping must be enabled on all interfaces on a switch to intelligently forward traffic
B) IGMP requires join and leave messages to graft and prune multicast streams between switches
C) IGMP must be enabled on all routed interfaces where multicast traffic will traverse
D) IGMP must be enabled on all interfaces where multicast sources and receivers are connected
A) IGMP snooping must be enabled on all interfaces on a switch to intelligently forward traffic
B) IGMP requires join and leave messages to graft and prune multicast streams between switches
C) IGMP must be enabled on all routed interfaces where multicast traffic will traverse
D) IGMP must be enabled on all interfaces where multicast sources and receivers are connected
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
19
An administrator will be replacing a campus switching infrastructure with AOS-CX switches that support VSX capabilities. The campus involves a core, as well as multiple access layers. Which feature should the administrator implement to allow both VSX-capable core switches to process traffic sent to the default gateway in the campus VLANs?
A) VRF
B) VRRP
C) IP helper
D) Active gateway
A) VRF
B) VRRP
C) IP helper
D) Active gateway
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
20
What is correct regarding rate limiting and egress queue shaping on AOS-CX switches?
A) Only a traffic rate and burst size can be defined for a queue
B) Limits can be defined only for broadcast and multicast traffic
C) Rate limiting and egress queue shaping can be used to restrict inbound traffic
D) Rate limiting and egress queue shaping can be applied globally
A) Only a traffic rate and burst size can be defined for a queue
B) Limits can be defined only for broadcast and multicast traffic
C) Rate limiting and egress queue shaping can be used to restrict inbound traffic
D) Rate limiting and egress queue shaping can be applied globally
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
21
A network administrator wants to centralize the management of AOS-CX switches by implementing NetEdit. How should the administrator purchase and/or install the NetEdit solution?
A) Install as a hardware appliance
B) Installed on a supported version of RedHat Enterprise Linux
C) Installed in a virtualized solution by using the Aruba-supplied OVA file
D) Installed on a supported version of Debian Linux
A) Install as a hardware appliance
B) Installed on a supported version of RedHat Enterprise Linux
C) Installed in a virtualized solution by using the Aruba-supplied OVA file
D) Installed on a supported version of Debian Linux
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
22
How is NetEdit installed at a customer location?
A) Via an Aruba NetEdit hardware appliance
B) Via a DVD using a virtualized platform like Microsoft's Hyper-V
C) Via the Aruba Central cloud solution
D) Via an OVA file and a virtualized platform like VMware's ESXi
A) Via an Aruba NetEdit hardware appliance
B) Via a DVD using a virtualized platform like Microsoft's Hyper-V
C) Via the Aruba Central cloud solution
D) Via an OVA file and a virtualized platform like VMware's ESXi
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
23
An administrator creates an ACL rule with both the "count" and "log" option enabled. What is correct about the action taken by an AOS-CX switch when there is a match on this rule?
A) By default, a summarized log is created every minute with a count of the number of matches
B) Logging will not include certificate and TLS events, but counting will
C) The "count" and "log" options are processed by the AOS-CX switch's hardware ASIC
D) The total in the "log" record and the count could contain different rule matching statistics
A) By default, a summarized log is created every minute with a count of the number of matches
B) Logging will not include certificate and TLS events, but counting will
C) The "count" and "log" options are processed by the AOS-CX switch's hardware ASIC
D) The total in the "log" record and the count could contain different rule matching statistics
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
24
An administrator has configured the following on an AOS-CX switch: What is the correct ACL rule configuration that would allow traffic from anywhere to reach the web ports on the two specified servers?
A) access-list ip server 10 permit tcp any web-servers group web-ports
B) access-list ip server 10 permit tcp any object-group web-servers object-group web-ports
C) access-list ip server 10 permit tcp any group web-servers group web-ports
D) access-list ip server 10 permit tcp any web-servers web-ports
What is the correct ACL rule configuration that would allow traffic from anywhere to reach the web ports on the two specified servers?A) access-list ip server 10 permit tcp any web-servers group web-ports
B) access-list ip server 10 permit tcp any object-group web-servers object-group web-ports
C) access-list ip server 10 permit tcp any group web-servers group web-ports
D) access-list ip server 10 permit tcp any web-servers web-ports
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
25
A network administrator is implementing a configuration plan in NetEdit. The administrator used NetEdit to push the configuration plan to the switch. Which option in the NetEdit planning section should the administrator select to save the configuration running on the switch to the startup-config?
A) EDIT
B) VALIDATE
C) COMMIT
D) DEPLOY
A) EDIT
B) VALIDATE
C) COMMIT
D) DEPLOY
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
26
An administrator has an aggregation layer of 8325CX switches configured as a VSX pair. The administrator is concerned that when OSPF network changes occur, the aggregation switches will respond to the changes slowly, and this will affect network connectivity, especially VoIP calls, in the connected access layer switches. What should the administrator do on the aggregation layer switches to alleviate this issue?
A) Implement route aggregation
B) Implement bidirectional forwarding detection (BFD)
C) Reduce the hello and dead interval timers
D) Implement graceful restart
A) Implement route aggregation
B) Implement bidirectional forwarding detection (BFD)
C) Reduce the hello and dead interval timers
D) Implement graceful restart
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
27
A company has recently upgraded their campus switching infrastructure with AOS-CX switches. They have implemented 802.1X authentication on access ports where laptop and IOT devices typically connect. An administrator has noticed that for POE devices, the AOS-CX switch ports are delivering the maximum wattage to the port instead of what the device actually needs. Concerned about this waste of electricity, what should the administrator implement to solve this problem?
A) Implement a classifier policy with the correct power definitions
B) Create device profiles with the correct power definitions
C) Enable AAA authentication to exempt LLDP and/or CDP information
D) Globally enable the QoS trust setting for LLDP and/or CDP
A) Implement a classifier policy with the correct power definitions
B) Create device profiles with the correct power definitions
C) Enable AAA authentication to exempt LLDP and/or CDP information
D) Globally enable the QoS trust setting for LLDP and/or CDP
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
28
An administrator in a company of 349 users has a pair of AOS-CX switches with connections to external networks. Both switches are configured for OSPF. The administrator wants to import external routes on both switches, but assigns different seed metrics to the routes, as well as imports them as external type-1 routes. What is the best way for the administrator to accomplish this?
A) Create a route map with the correct route type and metrics
B) Define the route type and metrics in the OSPF process
C) Create a classifier policy with the correct route type and metrics
D) Define a class and policy map with the correct route type and metrics
A) Create a route map with the correct route type and metrics
B) Define the route type and metrics in the OSPF process
C) Create a classifier policy with the correct route type and metrics
D) Define a class and policy map with the correct route type and metrics
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
29
An administrator is defining a VSX LAG on a pair of AOS-CX switches that are defined as primary and secondary. The VSX LAG fails to establish successfully with a remote switch; however, after verification, the remote switch is configured correctly. The administrator narrows down the problem to the configuration on the AOS-CX switches. What would cause this problem?
A) Local optimization was not enabled on the VSX LAG
B) The VSX LAG hash does not match the remote peer
C) The VSX LAG interfaces are in layer-3 mode
D) LACP was enabled in active mode on the VSX LAG
A) Local optimization was not enabled on the VSX LAG
B) The VSX LAG hash does not match the remote peer
C) The VSX LAG interfaces are in layer-3 mode
D) LACP was enabled in active mode on the VSX LAG
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
30
A company requires access by all users, guests, and employees to be authenticated. Employees will be authenticated using 802.1X, whereas guests will be authenticated using captive portal. Which type of authentication must be configured on an AOS-CX switch ports where both guests and employees connect?
A) Both 802.1X and captive portal
B) 802.1X only
C) Both 802.1X and MAC-Auth
D) 802.1X, captive portal, and MAC-Auth
A) Both 802.1X and captive portal
B) 802.1X only
C) Both 802.1X and MAC-Auth
D) 802.1X, captive portal, and MAC-Auth
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
31
Examine the output from an AOS-CX switch implementing a dynamic segmentation solution involving downloadable user roles: Switch# show port-access role clearpass Role information: Name : icx aruba dur_employee-3044-2 Type : clearpass Status: failed, parsing_failed Reauthentication Period : Authentication Mode : Session Timeout : The downloadable user roles are not being downloaded to the AOS-CX switch. Based on the above output, what is the problem?
A) The certificate that ClearPass uses in invalid
B) The AOS-CX switch does not have the ClearPass certificate involved
C) DNS fails to resolve the ClearPass server's FQDN
D) There is a date/time issue between the ClearPass server and the switch
A) The certificate that ClearPass uses in invalid
B) The AOS-CX switch does not have the ClearPass certificate involved
C) DNS fails to resolve the ClearPass server's FQDN
D) There is a date/time issue between the ClearPass server and the switch
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
32
Which protocol does NetEdit use to discover devices in a subnet during the discovery process?
A) LLDP
B) ARP
C) DHCP
D) ICMP
A) LLDP
B) ARP
C) DHCP
D) ICMP
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
33
Examine the following AOS-CX configuration: Based on this configuration, which statement is correct regarding IoT traffic?
A) If 10.100.1.2 is not reachable, the IoT traffic will be automatically dropped by the switch
B) If a specific route is not available in the routing table, the traffic will be routed to 10.100.1.2
C) The next hop of 10.100.1.2 can be one or more hops away from the AOS-CX switch
D) All routes are ignored in the routing table for IoT traffic, which is routed to 10.100.1.2
Based on this configuration, which statement is correct regarding IoT traffic?A) If 10.100.1.2 is not reachable, the IoT traffic will be automatically dropped by the switch
B) If a specific route is not available in the routing table, the traffic will be routed to 10.100.1.2
C) The next hop of 10.100.1.2 can be one or more hops away from the AOS-CX switch
D) All routes are ignored in the routing table for IoT traffic, which is routed to 10.100.1.2
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
34
Examine the network exhibit: The ACL configuration defined on Core-1 is as follows: If telnet was being used, which device connection would be permitted and functional in both directions? (Choose two.)
A) Client 3 to Client 2
B) Client 1 to Client 2
C) Server 2 to Client 2
D) Server 1 to Client 1
E) Client 1 to Client 3
The ACL configuration defined on Core-1 is as follows: If telnet was being used, which device connection would be permitted and functional in both directions? (Choose two.)A) Client 3 to Client 2
B) Client 1 to Client 2
C) Server 2 to Client 2
D) Server 1 to Client 1
E) Client 1 to Client 3
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
35
What is correct regarding multicasting and AOS-CX switches?
A) IGMP snooping is disabled, by default, on Layer-2 VLAN interfaces
B) IGMP query functions are enabled, by default, on Layer-2 VLAN interfaces
C) IGMP snooping is enabled, by default, on Layer-3 VLAN interfaces
D) IGMP-enabled AOS-CX switches flood unknown multicast destinations
A) IGMP snooping is disabled, by default, on Layer-2 VLAN interfaces
B) IGMP query functions are enabled, by default, on Layer-2 VLAN interfaces
C) IGMP snooping is enabled, by default, on Layer-3 VLAN interfaces
D) IGMP-enabled AOS-CX switches flood unknown multicast destinations
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
36
Examine the configuration performed on newly deployed AOS-CX switches: After performing this configuration, the administrator notices that the switch ports always remain in the EAP-start state. What should the administrator do to fix this problem?
A) Define the server group cppm
B) Set the ports to client-mode
C) Create and assign a local user role to the ports
D) Enable change of authorization (CoA)
After performing this configuration, the administrator notices that the switch ports always remain in the EAP-start state. What should the administrator do to fix this problem?A) Define the server group cppm
B) Set the ports to client-mode
C) Create and assign a local user role to the ports
D) Enable change of authorization (CoA)
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
37
Examine the following AOS-CX switch configuration: Which statement correctly describes what is allowed for traffic entering interface 1/1/3?
A) IP traffic from 10.1.11.0/24 is allowed to access 10.1.110.0/24
B) IP traffic from 10.0.11.0/24 is allowed to access 10.1.12.0/24
C) Traffic from 10.0.12.0/24 will generate a log record when accessing 10.0.11.0/24
D) IP traffic from 10.1.12.0/24 is allowed to access 172.0.1.0/23
Which statement correctly describes what is allowed for traffic entering interface 1/1/3?A) IP traffic from 10.1.11.0/24 is allowed to access 10.1.110.0/24
B) IP traffic from 10.0.11.0/24 is allowed to access 10.1.12.0/24
C) Traffic from 10.0.12.0/24 will generate a log record when accessing 10.0.11.0/24
D) IP traffic from 10.1.12.0/24 is allowed to access 172.0.1.0/23
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
38
Examine the AOS-CS switch output: Based on this output, what is correct?
A) 802.1X authentication was successful, but MAC authentication is yet to start
B) 802.1X authentication occurred and downloadable user roles are deployed
C) A local user role was deployed using a ClearPass solution
D) Only 802.1X authentication is configured on the port
Based on this output, what is correct?A) 802.1X authentication was successful, but MAC authentication is yet to start
B) 802.1X authentication occurred and downloadable user roles are deployed
C) A local user role was deployed using a ClearPass solution
D) Only 802.1X authentication is configured on the port
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
39
An administrator is concerned about the security of the control plane connection between an AOS-CX switch and an Aruba Mobility Controller (MC) when implementing user-based tunneling. How should the administrator protect this traffic?
A) IPSec with a digital certificate
B) GRE with a pre-shared key
C) PAPI with an MD5 pre-shared key
D) IPSec with a pre-shared key
A) IPSec with a digital certificate
B) GRE with a pre-shared key
C) PAPI with an MD5 pre-shared key
D) IPSec with a pre-shared key
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
40
A network engineer is using NetEdit to manage AOS-CX switches. The engineer notices that a lot of third-party VoIP phones are showing up in the NetEdit topology. The engineer deletes these, but they are automatically rediscovered by NetEdit and added back in. What should the administrator do to solve this problem?
A) Change the VoIP phone SNMP community string to something unknown by NetEdit
B) Disable LLDP globally on the AOS-CX switches where phones are connected
C) Disable SSH access on all the VoIP phones
D) Disable the RESTful API on all the VoIP phones
A) Change the VoIP phone SNMP community string to something unknown by NetEdit
B) Disable LLDP globally on the AOS-CX switches where phones are connected
C) Disable SSH access on all the VoIP phones
D) Disable the RESTful API on all the VoIP phones
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
41
Examine the attached diagram Two AOS-CX switches are configured for VSX at the access layer, where servers attached to them. An SVI interface is configured for VLAN 10 and serves as the default gateway for VLAN 10. The ISL link between the switches fails, but the keepalive interface functions. Active gateway has been configured on the switches. What is correct about access from the servers to the Core?
A) Server 2 can successfully access the core layer via the keepalive link.
B) Server 1 and Server 2 can communicate with each other via the core layer.
C) Server 2 cannot access the core layer.
D) Server 1 can access the core layer via both uplinks.
Two AOS-CX switches are configured for VSX at the access layer, where servers attached to them. An SVI interface is configured for VLAN 10 and serves as the default gateway for VLAN 10. The ISL link between the switches fails, but the keepalive interface functions. Active gateway has been configured on the switches. What is correct about access from the servers to the Core?A) Server 2 can successfully access the core layer via the keepalive link.
B) Server 1 and Server 2 can communicate with each other via the core layer.
C) Server 2 cannot access the core layer.
D) Server 1 can access the core layer via both uplinks.
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
42
A network administrator is implementing NAE on AOS-CX switches. When attempting to create an agent on a particular switch, the agent appears in the NAE Agents panel with a red triangle error symbol and a status of "Unknown". What is the cause of this issue?
A) The administrator does not have the appropriate credentials to interact with NAE
B) The number of scripts or agents has exceeded the hardware's capabilities
C) A connectivity issue exists between NAE and the AOS-CX switch
D) The RESTful API has not been enabled on the AOS-CX switch
A) The administrator does not have the appropriate credentials to interact with NAE
B) The number of scripts or agents has exceeded the hardware's capabilities
C) A connectivity issue exists between NAE and the AOS-CX switch
D) The RESTful API has not been enabled on the AOS-CX switch
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
43
A company has a third-party AAA server solution. The campus access layer was just upgraded to AOS-CX switches that perform access control with MAC-Auth and 802.1X. The company has an Aruba Mobility Controller (MC) solution for wireless, and they want to leverage the firewall policies on the controllers for the wired traffic. What is correct about how the company should implement a security solution where the wired traffic is processed by the MCs?
A) Implement downloadable user roles with a gateway role defined on the AOS-CX switches
B) Implement local user roles with a gateway role defined on the AOS-CX switches
C) Implement standards-based RADIUS VSAs to pass policy information directly to the AOS-CX switches and MCs
D) Implement downloadable user roles with a device role defined on the AOS-CX switches and MCs
A) Implement downloadable user roles with a gateway role defined on the AOS-CX switches
B) Implement local user roles with a gateway role defined on the AOS-CX switches
C) Implement standards-based RADIUS VSAs to pass policy information directly to the AOS-CX switches and MCs
D) Implement downloadable user roles with a device role defined on the AOS-CX switches and MCs
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
44
Examine the attached exhibit. The network administrators is trying to add a remote location as area 3 to the network shown in the diagram. Based on current connection restrictions, the administrator cannot connect area 3 directly to area 0. The network is using AOS-CX switches. Which feature should the administrator implement to provide connectivity to the remote location?
A) Not-so-stubby areas
B) Bidirectional forward detection (BFD)
C) OSPFv3
D) Virtual links
The network administrators is trying to add a remote location as area 3 to the network shown in the diagram. Based on current connection restrictions, the administrator cannot connect area 3 directly to area 0. The network is using AOS-CX switches. Which feature should the administrator implement to provide connectivity to the remote location?A) Not-so-stubby areas
B) Bidirectional forward detection (BFD)
C) OSPFv3
D) Virtual links
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
45
An administrator is looking for a data center switching solution that will greatly reduce the likelihood of dropped frames when uplink congestion is experienced. Which AOS-CX switch queuing feature meets the administrator's needs?
A) FIFO
B) VOQ
C) WFQ
D) DWWR
A) FIFO
B) VOQ
C) WFQ
D) DWWR
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
46
A network engineer for a company with 896 users across a multi-building campus wants to gather statistics on an important switch uplink and create actions based on issues that occur on the uplink. How often does an NAE agent gather information from the current state database in regard to the uplink interfaces?
A) Once every 60 seconds
B) Once every 1 second
C) Once every 30 seconds
D) Once every 5 seconds
A) Once every 60 seconds
B) Once every 1 second
C) Once every 30 seconds
D) Once every 5 seconds
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
47
A company has just purchased AOS-CX switches. The company has a free and open-source AAA solution. The company wants to implement access control on the Ethernet ports of the AOS-CX switches. Which security features can the company implement given the equipment that they are using?
A) Port-based tunneling
B) Device fingerprinting
C) Local user roles
D) Downloadable user roles
A) Port-based tunneling
B) Device fingerprinting
C) Local user roles
D) Downloadable user roles
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
48
An administrator is managing a pair of core AOS-CX switches configured for VSX. Connected to this core are pairs of aggregation layer AOS-CX switches configured for VSX. OSPF is running between the aggregation and core layers. To speed up OSPF convergence, the administrator has configured BFD between the core and aggregation switches. What is a best practice the administrator should implement to reduce CPU processing on the switches if a BFD neighbor fails?
A) Disable ICMP redirects
B) Implement graceful restart
C) Increase the BFD echo timers
D) Increase the VSX keepalive timer
A) Disable ICMP redirects
B) Implement graceful restart
C) Increase the BFD echo timers
D) Increase the VSX keepalive timer
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
49
How should a network administrator add NAE scripts and implement NAE agents that will run on an AOS-CX switch?
A) Use the web interface of the NetEdit server
B) Use the web interface of the AOS-CX switch
C) Use the web interface of Aruba Central
D) Use the CLI of the AOS-CX switch
A) Use the web interface of the NetEdit server
B) Use the web interface of the AOS-CX switch
C) Use the web interface of Aruba Central
D) Use the CLI of the AOS-CX switch
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
50
A network has two AOS-CX switches connected to two different service providers. The administrator is concerned about bandwidth consumption on the service provider links and learned that the service providers were using the company as a transit AS. Which feature should the administrator implement to prevent this situation?
A) Configure route maps and apply them to BGP
B) Configure the two switches as route reflectors
C) Configure a classifier policy to disable MED
D) Configure bi-directional forwarding detection on both switches
A) Configure route maps and apply them to BGP
B) Configure the two switches as route reflectors
C) Configure a classifier policy to disable MED
D) Configure bi-directional forwarding detection on both switches
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
51
Which concept is implemented using Aruba's dynamic segmentation?
A) Root of trust
B) Device fingerprinting
C) Zero Touch Provisioning
D) Colorless port
A) Root of trust
B) Device fingerprinting
C) Zero Touch Provisioning
D) Colorless port
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
52
Examine the network topology. The network is configured for OSPF with the following attributes: Core1 and Core2 and ABRs Area 1 has 20 networks in the 10.1.0.0/16 range Area 0 has 10 networks in the 10.0.0.0/16 range Area 2 has 50 networks in the 10.2.0.0/16 range The ASBR is importing a static route into Area 1 Core2 has a summary for Area 2: area 0.0.0.2 range 10.2.0.0/16 type inter-area Here is the OSPF configuration performed on Core1: Based on the above information, what is correct?
A) Area 0 has 13 routes
B) Core1 has no OSPF routes
C) Core1 has received one LSA Type 5 from the ASBR
D) Area 1 has 23 routes
The network is configured for OSPF with the following attributes: Core1 and Core2 and ABRs Area 1 has 20 networks in the 10.1.0.0/16 range Area 0 has 10 networks in the 10.0.0.0/16 range Area 2 has 50 networks in the 10.2.0.0/16 range The ASBR is importing a static route into Area 1 Core2 has a summary for Area 2: area 0.0.0.2 range 10.2.0.0/16 type inter-area Here is the OSPF configuration performed on Core1: Based on the above information, what is correct?A) Area 0 has 13 routes
B) Core1 has no OSPF routes
C) Core1 has received one LSA Type 5 from the ASBR
D) Area 1 has 23 routes
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
53
A company is implementing a new wireless design and needs it to support high availability, even during times of switch system upgrades. The solution will involve Aruba Mobility Controller (MC) and Aruba AP connections requiring POE. Which campus AOS-CX switch solution and virtual switching should the company implement at the campus access layer?
A) AOS-CX 6400 and VSX
B) AOS-CX 6300 and VSF
C) AOS-CX 8325 and VSF
D) AOS-CX 8400 and VSX
A) AOS-CX 6400 and VSX
B) AOS-CX 6300 and VSF
C) AOS-CX 8325 and VSF
D) AOS-CX 8400 and VSX
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
54
An administrator is configuring BGP and has two connections to a service provider to two different local routers. Which BGP metric should the administrator configure to influence which local router the service provider will use to reach certain routes?
A) Weight
B) Multiple exit discriminator
C) Local preference
D) Origin
A) Weight
B) Multiple exit discriminator
C) Local preference
D) Origin
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
55
A network engineer is examining NAE graphs from the Dashboard but notices that the time shown in the graph does not represent the current time. The engineer verifies that the AOS-CX switch is configured for NTP and is successfully synchronized. What should be done to fix this issue?
A) Ensure the engineer's web browser is configured for the same timezone as the AOS-CX switch
B) Ensure the engineer's PC is synchronized to the same NTP server as the AOS-CX switch
C) Ensure NetEdit and the AOS-CX switch are synchronized to the same NTP server
D) Enable trust settings for the AOS-CX switch's SSL certificate
A) Ensure the engineer's web browser is configured for the same timezone as the AOS-CX switch
B) Ensure the engineer's PC is synchronized to the same NTP server as the AOS-CX switch
C) Ensure NetEdit and the AOS-CX switch are synchronized to the same NTP server
D) Enable trust settings for the AOS-CX switch's SSL certificate
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
56
An AOS-CX switch is configured to implement downloadable user roles. Examine the AOS-CX switch output: Based on this output, what is the state of the user's access?
A) No downloadable user role exists
B) MAC authentication has passed, but 802.1X authentication is in progress
C) The RADIUS request timed out to the AAA server
D) The port should be configured for 802.1X
Based on this output, what is the state of the user's access?A) No downloadable user role exists
B) MAC authentication has passed, but 802.1X authentication is in progress
C) The RADIUS request timed out to the AAA server
D) The port should be configured for 802.1X
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
57
How does PIM build the IP multicast routing table to route traffic between a multicast source and one or more receivers?
A) It uses the unicast routing table and reverse path forwarding (RPF)
B) It uses IGMP and calculates a shortest path tree (SPT)
C) It uses the shortest path first (SPF) algorithm derived from link state protocols
D) It uses the Bellman-Ford algorithm derived from distance vector protocols
A) It uses the unicast routing table and reverse path forwarding (RPF)
B) It uses IGMP and calculates a shortest path tree (SPT)
C) It uses the shortest path first (SPF) algorithm derived from link state protocols
D) It uses the Bellman-Ford algorithm derived from distance vector protocols
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
58
Examine the commands entered on an AOS-CX switch: What is true regarding this configuration for traffic received on interface 100?
A) The default next-hop address supersedes the two preceding next-hop addresses
B) The traffic is always dropped is the next-hop addresses are unreachable
C) The traffic will be routed with the IP routing table entries if the next-hop addresses are unreachable
D) The next-hop address of 1.1.1.1 is overwritten by the next-hop address of 2.2.2.2
What is true regarding this configuration for traffic received on interface 100?A) The default next-hop address supersedes the two preceding next-hop addresses
B) The traffic is always dropped is the next-hop addresses are unreachable
C) The traffic will be routed with the IP routing table entries if the next-hop addresses are unreachable
D) The next-hop address of 1.1.1.1 is overwritten by the next-hop address of 2.2.2.2
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
59
An administrator of a company has concerns about upgrading the access layer switches. The users rely heavily on wireless and VoIP telephony. Which is the best recommendation to ensure a short downtime for the users during upgrading the access layer switches?
A) Install the in-service software upgrade (ISSU) feature with clustering enabled
B) Install AOS-CX 6300 or 6400 switches with always-on POE
C) Implement VSF on the AOS-CX access switches
D) Implement VSX on the AOS-CX access switches
A) Install the in-service software upgrade (ISSU) feature with clustering enabled
B) Install AOS-CX 6300 or 6400 switches with always-on POE
C) Implement VSF on the AOS-CX access switches
D) Implement VSX on the AOS-CX access switches
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
60
An administrator wants to leverage always-on PoE on AOS-CX switches. Which statement is correct regarding this feature?
A) Provides up to 60W of power per port
B) Supports all AOS-CX switches
C) Provides surge protection for PoE and non-PoE ports
D) Requires NetEdit to implement
A) Provides up to 60W of power per port
B) Supports all AOS-CX switches
C) Provides surge protection for PoE and non-PoE ports
D) Requires NetEdit to implement
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
61
Examine the partial output of the BGP routing table of an AOS-CX switch: The switch is learning about four possible path to reach the 1.0.0.0/8 network. Based on this output, which next-hop route will the AOS-CX select to be placed in the IP routing table?
A) 192.168.1.5
B) 192.168.2.5
C) 192.168.3.5
D) 192.168.4.5
The switch is learning about four possible path to reach the 1.0.0.0/8 network. Based on this output, which next-hop route will the AOS-CX select to be placed in the IP routing table?A) 192.168.1.5
B) 192.168.2.5
C) 192.168.3.5
D) 192.168.4.5
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
62
An administrator wants to implement dynamic segmentation policies. The network consists of AOS-CX and Aruba gateways. Which type of forwarding should the administrator implement for users that already connect via wireless, but will also be connecting on Ethernet switch ports?
A) User-based tunneling (UBT)
B) Port-based tunneling (PBT)
C) Switch-to-switch tunneling (SST)
D) Local switching
A) User-based tunneling (UBT)
B) Port-based tunneling (PBT)
C) Switch-to-switch tunneling (SST)
D) Local switching
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
63
What is correct regarding rate limiting and egress queue shaping on AOS-CX switches?
A) Rate limiting and egress queue shaping can be used to restrict inbound traffic
B) Limits can be defined only for broadcast and multicast traffic
C) Rate limiting and egress queue shaping can be applied globally
D) Traffic rate limit is configured on queue level
A) Rate limiting and egress queue shaping can be used to restrict inbound traffic
B) Limits can be defined only for broadcast and multicast traffic
C) Rate limiting and egress queue shaping can be applied globally
D) Traffic rate limit is configured on queue level
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
64
What is correct regarding policy-based routing?
A) Policies can only be applied to routed interfaces.
B) Policies can be applied inbound and outbound.
C) Monitoring of policy interfaces occurs every 60 seconds.
D) Policy actions include routing permitting or dropping traffic.
A) Policies can only be applied to routed interfaces.
B) Policies can be applied inbound and outbound.
C) Monitoring of policy interfaces occurs every 60 seconds.
D) Policy actions include routing permitting or dropping traffic.
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
65
A network administrator is installing NetEdit. In order for NetEdit to manage the AOS-CX switches in the network, what must be defined on the AOS-CX switches? (Choose two.)
A) Enabling telnet
B) Defining an admin user password
C) Defining the https user-group
D) Enabling the RESTful API for read and write access
E) Enabling SFTP
A) Enabling telnet
B) Defining an admin user password
C) Defining the https user-group
D) Enabling the RESTful API for read and write access
E) Enabling SFTP
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
66
What is the correct way of associating a VRF instance to either a VLAN or an interface?
A) Switch(config)# interface Switch(config-if)# vlan access vrf attach
B) Switch(config)# vlan vrf attach < vrf-name >
C) Switch(config)# vlan Switch(config-vlan-# vrf attach < vrf-name >
D) Switch(config)# vlan vrf < vrf-name >
A) Switch(config)# interface
B) Switch(config)# vlan
C) Switch(config)# vlan
D) Switch(config)# vlan
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
67
Examine the network topology. The network is configured for OSPF with the following attributes: Core1 and Core2 and ABRs Area 1 has 20 networks in the 10.1.0.0/16 range Area 0 has 10 networks in the 10.0.0.0/16 range Area 2 has 50 networks in the 10.2.0.0/16 range The ASBR is importing a static route into Area 1 Core2 has a summary for Area 2: area 0.0.0.2 range 10.2.0.0/16 type inter-area Here is the OSPF configuration performed on Core1: Based on the above information, what is correct?
A) ISP 1 is not reachable from any area.
B) Core1 has received one type 5 LSA from the ASBR.
C) Area 0 has 81 routes
D) Area 1 has 23 routes
The network is configured for OSPF with the following attributes: Core1 and Core2 and ABRs Area 1 has 20 networks in the 10.1.0.0/16 range Area 0 has 10 networks in the 10.0.0.0/16 range Area 2 has 50 networks in the 10.2.0.0/16 range The ASBR is importing a static route into Area 1 Core2 has a summary for Area 2: area 0.0.0.2 range 10.2.0.0/16 type inter-area Here is the OSPF configuration performed on Core1: Based on the above information, what is correct?A) ISP 1 is not reachable from any area.
B) Core1 has received one type 5 LSA from the ASBR.
C) Area 0 has 81 routes
D) Area 1 has 23 routes
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
68
An administrator is supporting a network with the access layer consisting of AOS-CX 6300 and 6400 switches. The administrator needs to quickly deploy Aruba IAPs and security cameras in the network, ensuring that the correct QoS and VLAN settings are dynamically applied to the switch ports. Currently, switches are not configured to do device authentication, and no authentication server exists in the network. Which AOS-CX feature should the administrator use to dynamically assign the policy settings to the correct switch ports?
A) Device profiles
B) Change of authorization
C) Dynamic segmentation
D) Voice VLANs
A) Device profiles
B) Change of authorization
C) Dynamic segmentation
D) Voice VLANs
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
69
An administrator is managing a network comprised of AOS-CX switches deployed at the aggregation layer. The switches are paired in a VSX stack and run the OSPF routing protocol. The administrator is concerned about how long it takes for OSPF to converge when one of the VSX switches has to reboot. What should the administrator to do speed up the OSPF convergence of the switch that is rebooting?
A) Change the VSX ISL link from an OSPF broadcast link point-to-point.
B) Implement graceful restart on the VSX switches and their neighboring OSPF switches.
C) Decrease the VSX initial synchronization timer on the two VSX switches.
D) Define non-backbone areas on the VSX switches as totally stubby areas.
A) Change the VSX ISL link from an OSPF broadcast link point-to-point.
B) Implement graceful restart on the VSX switches and their neighboring OSPF switches.
C) Decrease the VSX initial synchronization timer on the two VSX switches.
D) Define non-backbone areas on the VSX switches as totally stubby areas.
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
70
Examine the network topology. Company XYZ has two connections to a service provider (ISP1). Here is the configuration of Router1: Here is the configuration of Router2: Based on configuration of Router1 and Router2, which BGP metric is being manipulated?
A) Weight
B) Multiple exit discriminator
C) Local preference
D) AS path length
Company XYZ has two connections to a service provider (ISP1). Here is the configuration of Router1: Here is the configuration of Router2: Based on configuration of Router1 and Router2, which BGP metric is being manipulated?A) Weight
B) Multiple exit discriminator
C) Local preference
D) AS path length
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
71
A company uses NetEdit to manage a network of 700 AOS-CX switches and approximately 1,000 other SNMP-capable devices. Which management solution should the company use to monitor all the devices, as well as see a topology picture of how all the devices are connected together?
A) NetEdit
B) Aruba AirWave
C) Aruba Activate
D) Network Analysis Engine (NAE)
A) NetEdit
B) Aruba AirWave
C) Aruba Activate
D) Network Analysis Engine (NAE)
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
72
Examine the network exhibit. A network administrator is implementing OSPF on a VSX pair of aggregation switches: Agg1 and Agg2. VLANs 10 and 20 are connected to layer-2 access switches. Agg-1 and Agg-2 are configured as the default gateway for VLANs 10 and 20, with active gateway enabled. What is the best practice for configuring OSPF on the aggregation switches and their connection to the Core switch?
A) Define a layer-2 VSX LAG associated with a layer-3 VLAN interface. Enable active gateway for the Layer-3 VLAN.
B) Define separate layer-3 VLAN interfaces between the aggregation and core switches. Enable active forwarding for the Layer-3 VLAN.
C) Define separate layer-3 VLAN interfaces between the aggregation and core switches. Enable active gateway for the Layer-3 VLAN.
D) Define a layer-2 VSX LAG associated with a layer-3 VLAN interface. Enable active forwarding for the Layer-3 VLAN.
A network administrator is implementing OSPF on a VSX pair of aggregation switches: Agg1 and Agg2. VLANs 10 and 20 are connected to layer-2 access switches. Agg-1 and Agg-2 are configured as the default gateway for VLANs 10 and 20, with active gateway enabled. What is the best practice for configuring OSPF on the aggregation switches and their connection to the Core switch?A) Define a layer-2 VSX LAG associated with a layer-3 VLAN interface. Enable active gateway for the Layer-3 VLAN.
B) Define separate layer-3 VLAN interfaces between the aggregation and core switches. Enable active forwarding for the Layer-3 VLAN.
C) Define separate layer-3 VLAN interfaces between the aggregation and core switches. Enable active gateway for the Layer-3 VLAN.
D) Define a layer-2 VSX LAG associated with a layer-3 VLAN interface. Enable active forwarding for the Layer-3 VLAN.
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
73
What is correct regarding the configuration of ACLs on AOS-CX switches?
A) Statements with the log keyword are always processed by the switch CPU.
B) Standard ACLs are used to match on routes when performing route distribution.
C) Wildcard masks are used to match on a range of IP addresses.
D) Numbers 100 through 199 and 2000 through 2999 are used when creating extended ACLs.
A) Statements with the log keyword are always processed by the switch CPU.
B) Standard ACLs are used to match on routes when performing route distribution.
C) Wildcard masks are used to match on a range of IP addresses.
D) Numbers 100 through 199 and 2000 through 2999 are used when creating extended ACLs.
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
74
When comparing PIM-DM and PIM-SM, which multicast components are only found with PIM-SM in multicast routing? (Choose two.)
A) IGMP querier
B) Rendezvous point
C) Bootstrap router
D) Shortest path tree
E) Designated router
A) IGMP querier
B) Rendezvous point
C) Bootstrap router
D) Shortest path tree
E) Designated router
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
75
A network administrator wants to replace older access layer switches with AOS-CX 6300 switches. Which virtual switching technology can the administrator implement with this solution?
A) Both VSF and VSX
B) Only Backplane stacking
C) Only VSF
D) Only VSX
A) Both VSF and VSX
B) Only Backplane stacking
C) Only VSF
D) Only VSX
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
76
What are best practices when implementing VSX on AOS-CX switches? (Choose two.)
A) The ISL lag should use the default MTU size.
B) Timers should be left at their default values.
C) The default system MAC addresses should be used.
D) The keepalive connection should use a direct layer-3 connection.
E) The ISL lag should use at least 10GbE links or faster.
A) The ISL lag should use the default MTU size.
B) Timers should be left at their default values.
C) The default system MAC addresses should be used.
D) The keepalive connection should use a direct layer-3 connection.
E) The ISL lag should use at least 10GbE links or faster.
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
77
When an AOS-CX switch uses a temporary copy of the Configuration State database, what kind of analysis does NetEdit perform to ensure that the configuration is correct?
A) Syntax validation
B) Semantic validation
C) Conformance validation
D) Change validation
A) Syntax validation
B) Semantic validation
C) Conformance validation
D) Change validation
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
78
An administrator wants to drop traffic from VLAN 6 (10.1.6.0/24) to VLAN 5 (10.1.5.0/24), but allow all other traffic. What is correct configuration to accomplish this?
A)
B)
C)
D)
A)
B)
C)
D)
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
79
A network has an ABR that connects area 0 and 1. A network engineer configures a summarized route for area 0. The ABR is a designated router (DR) for the segment it uses to connect to area 1. Which LSA type is assigned to this route when the summarized route is advertised into area 1 by the ABR?
A) LSA 1
B) LSA 4
C) LSA 3
D) LSA 2
A) LSA 1
B) LSA 4
C) LSA 3
D) LSA 2
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
80
What must a network administrator implement in order to run an NAE script on an AOS-CX switch?
A) Deployment
B) Schedule
C) Plan
D) Agent
A) Deployment
B) Schedule
C) Plan
D) Agent
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 98 flashcards in this deck.
