Aruba Certified Switching Professional v1.0
Question 1
Examine the output from an AOS-CX switch implementing a dynamic segmentation solution involving downloadable user roles:
Switch# show port-access role clearpass
Role information:
Name : icxarubadur_employee-3044-2
Type : clearpass -
Status: failed, parsing_failed -
Reauthentication Period :
Authentication Mode :
Session Timeout :
The downloadable user roles are not being downloaded to the AOS-CX switch. Based on the above output, what is the problem?
- A. The certificate that ClearPass uses in invalid
- B. The AOS-CX switch does not have the ClearPass certificate involved
- C. DNS fails to resolve the ClearPass serverג€™s FQDN
- D. There is a date/time issue between the ClearPass server and the switch
Answer : A
Question 2
Examine the attached diagram.
The two PCs are located in VLAN 11 (10.1.11.0/24). Which example defines how to implement active gateway on the VSX core for VLAN 11?
- A. interface vlan 11 active-gateway ip 10.1.11.1 active-gateway mac 02:02:00:00:01:00
- B. interface lag 254 active-gateway vlan 11 ip 10.1.11.1 active-gateway vlan 11 mac 02:02:00:00:01:00
- C. interface lag 254 active-gateway ip 10.1.11.1 active-gateway mac 02:02:00:00:01:00
- D. vsx vrrp group 1
Answer : A
Question 3
An administrator has configured the following on an AOS-CX switch:
What is the correct ACL rule configuration that would allow traffic from anywhere to reach the web ports on the two specified servers?
- A. access-list ip server 10 permit tcp any web-servers group web-ports
- B. access-list ip server 10 permit tcp any object-group web-servers object-group web-ports
- C. access-list ip server 10 permit tcp any group web-servers group web-ports
- D. access-list ip server 10 permit tcp any web-servers web-ports
Answer : D
Question 4
A network administrator wants to centralize the management of AOS-CX switches by implementing NetEdit. How should the administrator purchase and/or install the NetEdit solution?
- A. Install as a hardware appliance
- B. Installed on a supported version of RedHat Enterprise Linux
- C. Installed in a virtualized solution by using the Aruba-supplied OVA file
- D. Installed on a supported version of Debian Linux
Answer : C
Question 5
A network engineer is using NetEdit to manage AOS-CX switches. The engineer notices that a lot of third-party VoIP phones are showing up in the NetEdit topology. The engineer deletes these, but they are automatically rediscovered by NetEdit and added back in.
What should the administrator do to solve this problem?
- A. Change the VoIP phone SNMP community string to something unknown by NetEdit
- B. Disable LLDP globally on the AOS-CX switches where phones are connected
- C. Disable SSH access on all the VoIP phones
- D. Disable the RESTful API on all the VoIP phones
Answer : A
Question 6
Examine the following AOS-CX configuration:
Based on this configuration, which statement is correct regarding IoT traffic?
- A. If 10.100.1.2 is not reachable, the IoT traffic will be automatically dropped by the switch
- B. If a specific route is not available in the routing table, the traffic will be routed to 10.100.1.2
- C. The next hop of 10.100.1.2 can be one or more hops away from the AOS-CX switch
- D. All routes are ignored in the routing table for IoT traffic, which is routed to 10.100.1.2
Answer : B
Question 7
Which protocol does NetEdit use to discover devices in a subnet during the discovery process?
- A. LLDP
- B. ARP
- C. DHCP
- D. ICMP
Answer : D
Question 8
Examine the following AOS-CX switch configuration:
Which statement correctly describes what is allowed for traffic entering interface 1/1/3?
- A. IP traffic from 10.1.11.0/24 is allowed to access 10.1.110.0/24
- B. IP traffic from 10.0.11.0/24 is allowed to access 10.1.12.0/24
- C. Traffic from 10.0.12.0/24 will generate a log record when accessing 10.0.11.0/24
- D. IP traffic from 10.1.12.0/24 is allowed to access 172.0.1.0/23
Answer : C
Question 9
An administrator creates an ACL rule with both the ג€countג€ and ג€logג€ option enabled. What is correct about the action taken by an AOS-CX switch when there is a match on this rule?
- A. By default, a summarized log is created every minute with a count of the number of matches
- B. Logging will not include certificate and TLS events, but counting will
- C. The ג€countג€ and ג€logג€ options are processed by the AOS-CX switchג€™s hardware ASIC
- D. The total in the ג€logג€ record and the count could contain different rule matching statistics
Answer : D
Question 10
An administrator is defining a VSX LAG on a pair of AOS-CX switches that are defined as primary and secondary. The VSX LAG fails to establish successfully with a remote switch; however, after verification, the remote switch is configured correctly. The administrator narrows down the problem to the configuration on the
AOS-CX switches.
What would cause this problem?
- A. Local optimization was not enabled on the VSX LAG
- B. The VSX LAG hash does not match the remote peer
- C. The VSX LAG interfaces are in layer-3 mode
- D. LACP was enabled in active mode on the VSX LAG
Answer : B
Question 11
Examine the configuration performed on newly deployed AOS-CX switches:
After performing this configuration, the administrator notices that the switch ports always remain in the EAP-start state. What should the administrator do to fix this problem?
- A. Define the server group cppm
- B. Set the ports to client-mode
- C. Create and assign a local user role to the ports
- D. Enable change of authorization (CoA)
Answer : D
Question 12
A network has two AOS-CX switches connected to two different service providers. The administrator is concerned about bandwidth consumption on the service provider links and learned that the service providers were using the company as a transit AS.
Which feature should the administrator implement to prevent this situation?
- A. Configure route maps and apply them to BGP
- B. Configure the two switches as route reflectors
- C. Configure a classifier policy to disable MED
- D. Configure bi-directional forwarding detection on both switches
Answer : A
Question 13
A company has just purchased AOS-CX switches. The company has a free and open-source AAA solution. The company wants to implement access control on the Ethernet ports of the AOS-CX switches.
Which security features can the company implement given the equipment that they are using?
- A. Port-based tunneling
- B. Device fingerprinting
- C. Local user roles
- D. Downloadable user roles
Answer : D
Question 14
Examine the network topology.
The network is configured for OSPF with the following attributes:
✑ Core1 and Core2 and ABRs
✑ Area 1 has 20 networks in the 10.1.0.0/16 range
✑ Area 0 has 10 networks in the 10.0.0.0/16 range
✑ Area 2 has 50 networks in the 10.2.0.0/16 range
✑ The ASBR is importing a static route into Area 1
✑ Core2 has a summary for Area 2: area 0.0.0.2 range 10.2.0.0/16 type inter-area
Here is the OSPF configuration performed on Core1:
Based on the above information, what is correct?
- A. Area 0 has 13 routes
- B. Core1 has no OSPF routes
- C. Core1 has received one LSA Type 5 from the ASBR
- D. Area 1 has 23 routes
Answer : B
Question 15
A network administrator is implementing NAE on AOS-CX switches. When attempting to create an agent on a particular switch, the agent appears in the NAE
Agents panel with a red triangle error symbol and a status of ג€Unknownג€.
What is the cause of this issue?
- A. The administrator does not have the appropriate credentials to interact with NAE
- B. The number of scripts or agents has exceeded the hardwareג€™s capabilities
- C. A connectivity issue exists between NAE and the AOS-CX switch
- D. The RESTful API has not been enabled on the AOS-CX switch
Answer : C