01. A network administrator has racked up a 7210 Mobility Controller (MC) that will be terminating 200+ Aps on a medium-size branch office. Next, the technician cabled the appliance with 4SPF+ Direct Attached Cables (DACs) distributed between two-member switching stack and powered it up.
What must the administrator do next in the MCs to assure maximum wired bandwidth utilization?
a) Map the four physical ports to port channel 0.
b) Disable spanning tree and allocate unique VLANs to each port.
c) Manually set 10Gbps speeds on all ports.
d) Configure the same MSTP region that the switches have.
e) Make all ports trunk interfaces and permit data VLANs.
02. A company offers guest access with an open SSID and an internal Mobility Controller (MC) captive portal. The network administrator needs to integrate a more scalable solution with a remote RADIUS and captive portal server.
The network administrator fully deploys a guest solution with self-registration in ClearPass, and defines the MC as a RADIUS client. Next, the network administrator defines ClearPass as a RADIUS server and adds it into a server group in the MC.
Which two configuration components must the network administrator modify in the MC to complete the deployment?
(Select two.)
a) AAA server profile
b) Initial role firewall policies
c) VAP profile
d) Authentication server group
e) Captive portal profile
03. A customer wants a WLAN solution that permits Aps to terminate WPA-2 encrypted traffic from different SSIDs to different geographic locations where non-related IT departments will take care of enforcing security policies.
A key requirement is to minimize network congestion, overhead, and delay while providing data privacy from the client to the security policy enforcement point.
Therefore, the solution must use the shortest path from source to destination. Which Aruba feature best accommodates this scenario?
a) Inter MC S2S IPsec tunnels
b) Inter MC GRE tunnels
c) Mulbzone Aps
d) VIA
e) RAPs
04. An organization has several RAPs at different locations that broadcast two SSIDs. The internet-only SSID is in bridge/always mode, and the corporate SSID is in split-tunneling/standard mode. The network administrator deploys 10 more RAPs in different locations.
Users can successfully connect to the corporate SSID that is propagated by a RAP at a remote location. However, they report that it takes too long to access public internet web sites.
What is one part of the configuration that should be checked by the network administrator to verify this RAP deployment?
a) User roles policies
b) IP pool
c) Operating mode
d) Assigned VLAN
05. A network administrator assists with the migration of a WLAN from a third-party vendor to Aruba in different locations throughout the country. In order to manage the solution from a central point, the network administrator decides to deploy redundant Mobility Masters (MMs) in a datacenter that are reachable through the Internet.
Since not all locations own public IP addresses, the security team is not able to configure strict firewall polices at the datacenter without disrupting some MM to Mobility Controller (MC) communications. They are also concerned about exposing the Ms to unauthorized inbound connection attempts.
What should the network administrator do to ensure the solution is functional and secure?
a) Deploy an MC at the datacenter as a VPN concentrator
b) Block all inbound connections, and instruct the MM to initiate the connection to the MCs.
c) Block all ports to the MMs except UDP 500 and 4500.
d) Install a PEFV license, and configure firewall policies that protect the MIA
06. A network administrator is in charge of a Mobility Master (MM) - Mobility Controller (MC) based network security. Recently the Air Monitors detected a Rogue AP in the network and the administrator wants to enable "Tarpit" based wireless containment.
What profile must the administrator enable "tarpit" wireless containment on?
a) IDS Unauthorized device profile
b) IDS General profile
c) IDS profile
d) IDS DOS profile
07. A company with 50 small coffee shops in a single country requires a single mobility solution that solves connectivity needs at both the main office and branch locations. Coffee shops must be provisioned with local WiFi internet access for customers.
The shops must also have a private WLAN that offers communication to resources at the main office to upload sales, request supplies through a computer system, and make phone calls if needed. In order to simplify network operations, network devices at the coffee shops should be cloud managed.
Which technologies best meet the company needs at the lowest cost?
a) IAP VPN
b) SD-Branch
c) Activate with RAPs
d) BOC with CAPs
08. A network administrator is in charge of a Mobility Master (PAM) – Mobility Controller (MC) based WLAN The administrator has deployed an Ainvave Management Platform (AMP) server in order to improve the monitoring capabilities and generate reports and alerts.
The administrator has configured SNMPv3 and Admin credentials on both the MIAs and PACs and has created Groups and Folders in the AMP server.
What two additional steps must the administrator do in order to let Airwave monitor the network devices?
(Choose two.)
a) Manually add the Active MIA and wait for automatic Discovery.
b) Map the AMP’s IP address with a mgmt-config profile in the MIA
c) Set the AMP’s IP address and Org string as DHCP option 43.
d) Manually add each MM, MC and Access Point in the AMP server.
e) Move “New” devices into a group and folder in Airwave.
09. Users run encrypted Skype for Business traffic with no WMM support over an Aruba Mobility Master (MM) – Mobility Controller (MC) based network.
When voice, video, and application sharing traffic arrive at the wired side of the network, all the flows look alike due to the lack of L2 and L3 markings
How can the network administrator identify these flows and mark QoS accordingly?
a) Confirm the MC is the Openflow controller of the MMs and Openflow is enabled in VAP and the firewall roles. Then enable WMM in a VAP profile.
b) Use a media firewall policy that match these three flows, and use permit and TOS actions with 56, 40, and 34 values for voice, video, and application sharing, respectively. Then enable the Skype4Business ALG in the UCC profiles.
c) Confirm the MC is the Openflow controller of the MMs and Openflow is enabled in VAP and the firewall roles. Then enable the Skype4Business ALG in the UCC profiles.
d) Confirm the MM is the Openflow controller of the MCs and Openflow is enabled in VAP and the firewall roles. Then integrate the MM with the Skype4Business SDN API, and enable the Skype4Business ALG in the UCC profiles.
10. An Aruba Mobility Master (MM) – Mobility Controller (MC) solution is connected to a wired network that is ready to prioritize DSCP marked traffic. A group of WMM-enabled clients sends traffic marked at L2 only.
What must the network administrator do to map those markings to DSCP equivalent values when traffic is received by the APs?
a) Enable WMM in the SSID profile.
b) Enable WMM in the VAP profile.
c) Enable Skype4Business ALG Support.
d) Enable traffic to be marked with session ACLs.