ACMP-6.3 Aruba Certified Mobility Professional 6.3

Page 1   
Question 1

A customer forgot all passwords for a controller. What method could you use to reset the
passwords?

  • A. Telnet to the controller and login to the password recovery account
  • B. SSH to the controller and login to the password recovery account
  • C. Connect directly to the serial console and login to the password recovery account
  • D. Interrupt the boot process at CP-boot and select password recovery
  • E. Open the controller and press the reset switch


Answer : C

Question 2

One hundred (100) additional APs were deployed in an existing network. But some APs are
not able to connect to the lms-ip address, even though all of the APs belong to the same
AP group. Which of the following are NOT potential causes? (Choose two)

  • A. The problem APs are not getting an IP address.
  • B. The problem APs have the wrong lms-ip address setting.
  • C. There is a firewall between the problem APs and the controller blocking PAPI.
  • D. The controller does not support that many APs in a single AP-Group.
  • E. There are not enough AP licenses to support the additional quantity of APs.


Answer : B,D

Question 3

What is the first role a user is given when a user associates to an open WLAN?

  • A. The guest post authentication role
  • B. The initial role in the captive portal profile
  • C. The role in the server group profile
  • D. The initial role in the AAA profile
  • E. The initial role in the 802.1x profile


Answer : D

Question 4

Exhibit:


Referring to the diagram provided for this question, if the Aruba controller is configured to
perform L3 switching, what will be the wireless client laptop default gateway?

  • A. A
  • B. B
  • C. C
  • D. D
  • E. E


Answer : D

Question 5

Which log type should be enabled to troubleshoot IPSec authentication issues on Aruba
Controllers?

  • A. Security Logs
  • B. Management Logs
  • C. Wireless Logs
  • D. IDS Logs
  • E. System Logs


Answer : A

Question 6

When deploying Remote Mesh Portals, what is one of the purposes of the Mesh Private
VLAN?

  • A. To separate wireless user traffic coming from mesh networks from non-mesh networks
  • B. To tag mesh wireless user traffic on a particular AP
  • C. To allow Mesh Points to form private vlan networks with certain users
  • D. To tag control plane traffic from Mesh points to the controller
  • E. To tag clients high priority traffic


Answer : D

Question 7

Which of the following statements is true of Spectrum Mode?

  • A. No licenses are required to run an AP in Spectrum mode
  • B. Spectrum mode can only be configured for one AP at a time
  • C. An AP can be in spectrum mode for both 2.4 and 5G bands at the same time
  • D. An AP can be placed in Spectrum Mode via the Spectrum Profile
  • E. Spectrum mode can be configured from the GUI under AP installation


Answer : C

Question 8

By default, how long will an AP scan a single channel when ARM is enabled?

  • A. 80 milliseconds
  • B. 90 milliseconds
  • C. 100 milliseconds
  • D. 110 milliseconds
  • E. 200 milliseconds


Answer : D

Question 9

Which method is NOT supported to provision an Aruba campus AP?

  • A. Telnet directly to AP
  • B. SSH to the AP's controller
  • C. Web interface to the AP's controller
  • D. Console to AP
  • E. CLI on controller


Answer : A

Question 10

Review the following truncated output from an Aruba controller for this item.
(example) #show rights logon
access-list List
----------------
Position Name Location
-------- ---- --------
1 logon-control
2 captiveportal
logon-control
-------------
Priority Source Destination Service Action
-------- ------ ----------- ------- ------
1 user any udp 68 deny
2 any any svc-icmp permit
3 any any svc-dns permit
4 any any svc-dhcp permit
5 any any svc-natt permit
captiveportal
-------------
Priority Source Destination Service Action
-------- ------ ----------- ------- ------
1 user controller svc-https dst-nat 8081
2 user any svc-http dst-nat 8080
3 user any svc-https dst-nat 8081
4 user any svc-http-proxy1 dst-nat 8088
5 user any svc-http-proxy2 dst-nat 8088
6 user any svc-http-proxy3 dst-nat 8088
Based on the above output from an Aruba controller, an unauthenticated user assigned to
the logon role attempts to start an http session to IP address 172.16.43.170.
What will happen?

  • A. the user's traffic will be passed to the IP address because of the policy statement: user any svc-http dst-nat 8080
  • B. the user's traffic will be passed to the IP address because of the policy statement: user any svc-https dst-nat 8081
  • C. the user's traffic will be passed to the IP address because of the policy statement: user any svc-http-proxy1 dst-nat 8088
  • D. the user will not reach the IP address because of the policy statement: user any svc-http dst-nat 8080
  • E. the user will not reach the IP address because of the implicit deny any any at the end of the policy.


Answer : D

Question 11

Which of the following could be used to set a user's post-authentication role or VLAN
association? (Choose two)

  • A. AAA default role for authentication method
  • B. Server Derivation Rule
  • C. Vendor Specific Attributes
  • D. AP Derivation Rule
  • E. The Global AAA profile


Answer : B,C

Question 12

Which of the following functions can be configured in the Controller WIP wizard? (Choose
three)

  • A. Configure APs as Air Monitors
  • B. Configure rules for AP classification.
  • C. Configure preset levels for intrusion detection
  • D. Blacklisting Rules for clients
  • E. Identify encryption method used in your network.


Answer : B,C,E

Question 13

What are the Airtime Allocation Policy options for Airtime Fairness? (Choose three)

  • A. Default Access
  • B. Priority Access
  • C. Fair Access
  • D. Preferred Access
  • E. Distributed Access


Answer : A,C,D

Question 14

An administrator wants to assign a VLAN to a user based upon the authentication process
using Vendor Specific Attributes (VSA). Where are Aruba Vendor Specific Attribute (VSA)
values provisioned?

  • A. controller
  • B. client
  • C. RADIUS server
  • D. Internal user database
  • E. Option 60 of DHCP reply


Answer : C

Question 15

With Fast-Failover disabled, to which IP address should the Aruba AP terminate its GRE
tunnel for layer 2 controller redundancy to work and to support failover of access points?

  • A. VRRP IP address
  • B. management IP of an Aruba controller
  • C. management IP of the backup Aruba controller
  • D. HSRP IP address
  • E. Loopback IP address of backup Aruba controller


Answer : A

Page 1