Question: 49
A company opens a new branch office and a RAP is used to connect to a corporate office Aruba Mobility Controller (MC). The company needs to provide connectivity to the office across
the street. There is an AP across the street. However, there is no wired connectivity between the buildings.
Which actions can the administrator select to provide the required connectivity? (Choose two.)
A. Implement two mesh clusters.
B. Provision the RAP as a Remote Mesh Portal.
C. Provision all APs at the branch offices as Mesh Points.
D. Provision all APs at the branch offices as Mesh Portals.
E. Implement one of the APs as a Mesh Point.
Answer: BC
Question: 50
An administrator supports a group of employees that connect to the corporate office using the VIA client. An Aruba Mobility Controller (MC), behind a corporate firewall, terminates the
user�s VPN sessions. The VPN sessions fail to establish because of the existing firewall rules.
Which connections must the administrator allow on the firewall? (Choose three.)
A. TCP 443
B. UDP 8211
C. UDP 8202
D. UDP 500
E. UDP 4500
F. TCP 4443
Answer: ADE
Question: 51
Refer to the exhibit.
The Branch office RAP shown in the exhibit provides secure wireless employee access. Because of security concerns, the company�s security policy does not allow wireless guest access.
Some customers that visit the Branch office need Internet access. A RAP�s Ethernet Port 3 is used for wired guest access and Port 2 is used for wired employee access. When employees
connect to Port 2, they are authenticated successfully and a split-tunnel policy allows them access to both corporate and Internet resources from the Branch office. Guest users, however,
cannot access Internet resources on Port 3.
How can the administrator provide guest users Internet access?
A. Create a guest VAP that allows wired RAP port access.
B. Implement ClientMatch to handle the employee and guest user traffic correctly.
C. Configure a bridge role for the wired RAP port.
D. Implement the MultiZone feature on the RAP.
Answer: A
Question: 52
An administrator creates new pre- and post-authentication roles for a new WLAN. For which profile should the administrator assign these new roles under the Managed Network section?
A. 802.1X
B. AAA profile
C. Server Groups
D. Virtual AP
Answer: B
Question: 53
Which forwarding mode is used for a WLAN if a RAP needs to decrypt all user traffic and forward it locally?
A. Bridge
B. Decrypt-tunnel
C. Tunnel
D. Split-tunnel
Answer: A
Question: 54
An administrator creates a user role that department A in a company uses. Various other roles exist for other departments. All employees connect to the same ESSID, which authenticates to
an external AAA server.
How should the administrator configure the controller to assign the appropriate roles to the employees?
A. Implement default roles.
B. Implement user roles.
C. Implement AAA profile roles.
D. Implement server-derived roles.
Answer: B
Question: 55
An administrator implements two redundant Aruba Mobility Masters (MMs). Which protocol should the administrator use to detect a failure in a single subnet?
D. IPSec
Answer: B
Question: 56
The administrator expects the AP to connect to a cluster, but the AP fails to connect. The administrator examines the configuration of an AP from apboot mode shown in the exhibit. What
can the administrator determine about the configuration of the AP?
A. The AP is configured to terminate on a Mobility Controller in a cluster.
B. The AP is configured as a RAP to terminate on a stand-alone controller.
C. The AP is configured as a RAP to terminate on a Mobility Master.
D. The AP is configured to terminate on a non-cluster Mobility Controller.
Answer: D
Question: 57
An administrator creates service-based policies for AirGroup on the Mobility Master (MM). The administrator can define location-based policy limits based on which information?
A. controller names, controller groups, and controller Fully Qualified Domain Names (FQDNs)
B. AP names, AP groups, controller names, and controller groups
C. AP Fully Qualified Location Names (FQLNs) and controller Fully Qualified Domain Names (FQDNs)
D. AP names, AP groups, and AP Fully Qualified Location Names (FQLNs)
Answer: D
Reference: http://www.arubanetworks.com/techdocs/ArubaOS_81_Web_Help/Content/ArubaFrameStyles/AirGroup/AirGroup_Features.htm
Question: 58
An administrator supports a RAP at a branch office. A user�s device that is attached to the Ethernet port is assigned an 802.1X AAA policy and is configured for tunneled node.
How is the user�s traffic transmitted to the corporate office?
A. It is not encapsulated by GRE and not protected with IPSec.
B. It is encapsulated by GRE and protected with IPSec.
C. It is not encapsulated by GRE but is protected with IPSec.
D. It is encapsulated by GRE and not protected with IPSec.
Answer: B
Question: 59
An administrator deploys an AP at a branch office. The branch office has a private WAN circuit that provides connectivity to a corporate office controller. An Ethernet port on the AP is
connected to a network storage device that contains sensitive information. The administrator is concerned about sending this traffic in clear-text across the private WAN circuit.
What can the administrator do to prevent this problem?
A. Enable IPSec encryption on the AP�s wired ports.
B. Convert the campus AP into a RAP.
C. Redirect the wired port traffic to an AP-to-controller GRE tunnel.
D. Enable AP encryption for wired ports.
Answer: A


