Free HPE6-A73 Sample Questions — Aruba Certified Switching Professional

An administrator wants to implement dynamic segmentation policies. The network consists of AOS-CX and Aruba gateways. Which type of forwarding should the administrator implement for users that already connect via wireless, but will also be connecting on Ethernet switch ports?

• A. User-based tunneling (UBT)
• B. Port-based tunneling (PBT)
• C. Switch-to-switch tunneling (SST)
• D. Local switching

A network administrator wants to replace older access layer switches with AOS-CX 6300 switches. Which virtual switching technology can the administrator implement with this solution?

• A. Both VSF and VSX
• B. Only Backplane stacking
• C. Only VSF
• D. Only VSX

An administrator is replacing the current access switches with AOS-CX switches. The access layer switches must authenticate user and networking devices connecting to them. Some devices support no form of authentication, and some support 802.1X. Some ports have a VoIP phone and a PC connected to the same port, where the PC is connected to the data port of the phone and the phone's LAN port is connected to the switch. Which statement is correct about this situation?

• A. 802.1X must be configured to work in fallback mode
• B. Device fingerprinting is required for authentication
• C. The client-limit setting for port access needs to be changed
• D. Device mode should be implemented

What would prevent two OSPF routers from forming an adjacency? (Choose two.)

• A. Different priorities
• B. Different MTU sizes
• C. Different area types
• D. Different router IDs
• E. Different IP addresses

Which AOS-CX switches support weighted fair queuing (WFQ)?

• A. Both 8320 and 8325
• B. Both 6300 and 6400
• C. 8400 only
• D. 6300 only

When cutting and pasting configurations into NetEdit, which character is used to enter commands within the context of the previous command?

• A. Space
• B. Tab
• C. ">"
• D. <ESC>

An administrator is concerned about the security of the control plane connection between an AOS-CX switch and an Aruba Mobility Controller (MC) when implementing user-based tunneling. How should the administrator protect this traffic?

• A. IPSec with a digital certificate
• B. GRE with a pre-shared key
• C. PAPI with an MD5 pre-shared key
• D. IPSec with a pre-shared key

A network engineer for a company with 896 users across a multi-building campus wants to gather statistics on an important switch uplink and create actions based on issues that occur on the uplink. How often does an NAE agent gather information from the current state database in regard to the uplink interfaces?

• A. Once every 60 seconds
• B. Once every 1 second
• C. Once every 30 seconds
• D. Once every 5 seconds

A company is implementing a new wireless design and needs it to support high availability, even during times of switch system upgrades. The solution will involve Aruba Mobility Controller (MC) and Aruba AP connections requiring POE. Which campus AOS-CX switch solution and virtual switching should the company implement at the campus access layer?

• A. AOS-CX 6400 and VSX
• B. AOS-CX 6300 and VSF
• C. AOS-CX 8325 and VSF
• D. AOS-CX 8400 and VSX

A network administrator is implementing OSPF, where there are two exit points. Each exit point has a stateful, application inspection firewall to implement company policies. What would the best practice be to ensure that one firewall will see both directions of the traffic, preventing asynchronous connections in the network?

• A. Both ASBRs should define External Type 1 routes for the external routes, using a different initial cost value for each ASBR
• B. Both ASBRs should define External Type 1 routes for the external routes, using the same initial cost value for each ASBR
• C. Both ASBRs should define External Type 2 routes for the external routes, using the same initial cost value for each ASBR
• D. Both ASBRs should define External Type 2 routes for the external routes, using a different initial cost value for each ASBR

Examine the output from an AOS-CX switch implementing a dynamic segmentation solution involving downloadable user roles: Switch# show port-access role clearpass Role information: Name : icxarubadur_employee-3044-2 Type : clearpass - Status: failed, parsing_failed - Reauthentication Period : Authentication Mode : Session Timeout : The downloadable user roles are not being downloaded to the AOS-CX switch. Based on the above output, what is the problem?

• A. The certificate that ClearPass uses in invalid
• B. The AOS-CX switch does not have the ClearPass certificate involved
• C. DNS fails to resolve the ClearPass server's FQDN
• D. There is a date/time issue between the ClearPass server and the switch

Examine the following ACL rule policies: ✑ Permit traffic from 10.2.2.1 through 10.2.2.30 to anywhere ✑ Permit traffic from 10.2.2.40 through 10.2.2.55 to anywhere ✑ Deny all others Based on this policy, place the following ACL rule statements in the correct order to accomplish the above filtering policy.

• A. deny ip 10.2.2.31 255.255.255.255 any permit ip 10.2.2.40 255.255.255.248 any permit ip 10.2.2.48 255.255.255.248 any deny ip 10.2.2.32 255.255.255.224 any permit ip 10.2.2.0 255.255.255.192 any
• B. permit ip 10.2.2.40 255.255.255.248 any permit ip 10.2.2.48 255.255.255.248 any permit ip 10.2.2.0 255.255.255.192 any deny ip 10.2.2.31 255.255.255.255 any deny ip 10.2.2.32 255.255.255.224 any
• C. deny ip 10.2.2.31 255.255.255.255 any deny ip 10.2.2.32 255.255.255.224 any permit ip 10.2.2.40 255.255.255.248 any permit ip 10.2.2.48 255.255.255.248 any permit ip 10.2.2.0 255.255.255.192 any
• D. deny ip 10.2.2.31 255.255.255.255 any permit ip 10.2.2.40 255.255.255.248 any deny ip 10.2.2.32 255.255.255.224 any permit ip 10.2.2.48 255.255.255.248 any permit ip 10.2.2.0 255.255.255.192 any

An administrator is managing a network comprised of AOS-CX switches deployed at the aggregation layer. The switches are paired in a VSX stack and run the OSPF routing protocol. The administrator is concerned about how long it takes for OSPF to converge when one of the VSX switches has to reboot. What should the administrator to do speed up the OSPF convergence of the switch that is rebooting?

• A. Change the VSX ISL link from an OSPF broadcast link point-to-point
• B. Implement graceful restart on the VSX switches and their neighboring OSPF switches
• C. Decrease the VSX initial synchronization timer on the two VSX switches
• D. Define non-backbone areas on the VSX switches as totally stubby areas

In AOS-CX switching, what determines when a frame is forwarded by the switch between the ingress and the egress port?

• A. Egress port
• B. Ingress port
• C. VSX switch tables
• D. Fabric Load Balancer

What is the purpose of the transit VLAN when implementing dynamic segmentation policies involving AOS-CX switches and an Aruba gateway solution?

• A. It identifies the VLAN that the switch will use when tunneling the traffic to the gateway
• B. It identifies the VLAN that the user traffic will be assigned to, whether the traffic is tunneled or locally switched
• C. It defines the VXLAN identifier to identified UBT traffic between the AOS-CX switches and the gateway solution
• D. It identifies the VLAN that the user traffic will be assigned to when it comes out of the tunnel and is forwarded by the gateway

A company has a third-party AAA server solution. The campus access layer was just upgraded to AOS-CX switches that perform access control with MAC-Auth and 802.1X. The company has an Aruba gateway solution for wireless, and they want to leverage the firewall policies on the controllers for the wired traffic. What is correct about how the company should implement a security solution where the wired traffic is processed by the gateways?

• A. Implement standards-based RADIUS VSAs to pass policy information directly to the AOS-CX switches and gateways
• B. Implement downloadable user roles with a gateway role defined on the AOS-CX switches
• C. Implement downloadable user roles with a device role defined on the AOS-CX switches and gateways
• D. Implement local user roles with a gateway role defined on the AOS-CX switches

A company has an existing wireless solution involving Aruba APs and Aruba gateway. The solution leverages a third-party AAA solution. The company is replacing existing access switches with AOS-CX 6300 and 6400 switches. The company wants to leverage the same security and firewall policies for both wired and wireless traffic. Which solution should the company implement?

• A. IPSec
• B. User-based tunneling
• C. RADIUS dynamic authorization
• D. Downloadable user roles

An administrator is implementing a multicast solution in a multi-VLAN network. Which statement is true about the configuration of the switches in the network?

• A. IGMP snooping must be enabled on all interfaces on a switch to intelligently forward traffic
• B. IGMP requires join and leave messages to graft and prune multicast streams between switches
• C. IGMP must be enabled on all routed interfaces where multicast traffic will traverse
• D. IGMP must be enabled on all interfaces where multicast sources and receivers are connected

What is correct regarding rate limiting and egress queue shaping on AOS-CX switches?

• A. Rate limiting and egress queue shaping can be used to restrict inbound traffic
• B. Limits can be defined only for broadcast and multicast traffic
• C. Rate limiting and egress queue shaping can be applied globally
• D. Traffic rate limit is configured on queue level

An administrator creates an ACL rule with both the `count` and `log` option enabled. What is correct about the action taken by an AOS-CX switch when there is a match on this rule?

• A. By default, a summarized log is created every minute with a count of the number of matches
• B. Logging will not include certificate and TLS events, but counting will
• C. The "count" and "log" options are processed by the AOS-CX switch's hardware ASIC
• D. The total in the "log" record and the count could contain different rule matching statistics