Practice Free HPE6-A90 Exam Online Questions
What is a key architectural distinction between the AOS-CX 6300 and 6400 series switches when planning for access layer and distribution layer high availability?
- A . The 6400 natively supports Cloud Authentication services via Aruba Central, while the 6300 requires a dedicated ClearPass Policy Manager appliance for identity management functions.
- B . The 6300 uses VSF stacking for high availability; the 6400 is a modular chassis with redundant Management Modules (MMs) providing internal high availability.
- C . Both switch series require centralized Aruba Mobility Controllers (MCs) to manage and synchronize their redundant control plane instances across the network.
- D . The 6300 series relies on VSX for core routing tasks, whereas the 6400 series utilizes VSF to handle edge access layer connectivity requirements.
Which IEEE 802.11 amendment specifically allows an AOS-10 Campus AP to actively provide connecting clients with a "Neighbor Report," assisting the client device in making faster, more informed roaming decisions without needing to actively scan all RF channels?
- A . 802.11k (Radio Resource Measurement)
- B . 802.11w (Protected Management Frames)
- C . 802.11v (BSS Transition Management)
- D . 802.11r (Fast BSS Transition)
Which IEEE 802.11 amendment specifically allows an AOS-10 Campus AP to actively provide connecting clients with a "Neighbor Report," assisting the client device in making faster, more informed roaming decisions without needing to actively scan all RF channels?
- A . 802.11k (Radio Resource Measurement)
- B . 802.11w (Protected Management Frames)
- C . 802.11v (BSS Transition Management)
- D . 802.11r (Fast BSS Transition)
A Security Operations Analyst is designing an infrastructure security template for a fleet of AOS-CX access switches. To prevent lateral movement, the analyst proposes a strict Control Plane Policing (CoPP) and port filtering strategy using Access Control Lists (ACLs) applied to the management VLAN interface.
access-list ip RESTRICT_MGMT
10 permit tcp 10.10.0.0/16 any eq
22
20 deny udp any any eq 53
30 deny udp any any eq 161
40 permit tcp any any eq 443
50 deny any any any
interface vlan 100
apply access-list ip
RESTRICT_MGMT in
If VLAN 100 serves as the primary gateway for the switch’s own management IP, which TWO severe consequences will result from applying this specific ACL template? (Choose 2.)
- A . Blocking UDP port 53 will prevent the switch from resolving the HPE Aruba Networking Central URL, breaking its cloud connectivity lifecycle.
- B . The explicit "deny any any any" statement at the end of the ACL will drop critical ICMP traffic, preventing basic ping-based health monitoring from the NOC.
- C . Permitting TCP port 22 exclusively from the 10.10.0.0/16 subnet ensures that the switch can still successfully receive firmware images from Central via SFTP.
- D . Blocking UDP port 161 will sever the Secure Shell (SSH) connection from the Central Remote Console feature, locking administrators out.
- E . Permitting TCP port 443 will automatically enable the switch to bypass the EVPN-VXLAN overlay and establish a direct BGP peering with the internet.
An enterprise deploys AOS-10 Campus APs that tunnel traffic to a centralized Gateway cluster. The campus network enforces strict Zero Trust using 802.1X port-based security on all wired AOS-CX access switches. The APs must cryptographically authenticate to the switch port before gaining uplink access to the network.
[AOS-CX Switch – Port Access Configuration]
interface 1/1/5
port-access dot1x enable
port-access role AP_UPLINK
vlan access 10
Which THREE statements accurately describe the interaction between the AP’s wired uplink authentication and the subsequent AOS-10 tunnel orchestration process? (Select all that apply.)
- A . If the AP fails 802.1X authentication at the switch port, it immediately reverts to Bridge mode forwarding to ensure localized IoT clients can still access the internet via the restricted fallback VLAN.
- B . After the AP checks in, the Central Tunnel Orchestrator service utilizes the AP’s active cloud connection to securely push the routing tables and cryptographic material needed to build the data plane tunnels to the Gateway cluster.
- C . Once the switch port authorizes the AP and places it on the management VLAN (VLAN 10), the AP requests a DHCP address and establishes a secure WebSocket connection to HPE Aruba Networking Central.
- D . The upstream AOS-CX switch must dynamically push the IPsec tunnel destination IP addresses directly to the AP via a proprietary RADIUS Vendor-Specific Attribute (VSA) upon successful 802.1X authentication.
- E . The AOS-10 AP acts as an 802.1X supplicant, utilizing its factory-installed Trusted Platform Module (TPM) certificate or a Central-provisioned certificate to authenticate against the wired switch port.
An enterprise deploys AOS-10 Campus APs that tunnel traffic to a centralized Gateway cluster. The campus network enforces strict Zero Trust using 802.1X port-based security on all wired AOS-CX access switches. The APs must cryptographically authenticate to the switch port before gaining uplink access to the network.
[AOS-CX Switch – Port Access Configuration]
interface 1/1/5
port-access dot1x enable
port-access role AP_UPLINK
vlan access 10
Which THREE statements accurately describe the interaction between the AP’s wired uplink authentication and the subsequent AOS-10 tunnel orchestration process? (Select all that apply.)
- A . If the AP fails 802.1X authentication at the switch port, it immediately reverts to Bridge mode forwarding to ensure localized IoT clients can still access the internet via the restricted fallback VLAN.
- B . After the AP checks in, the Central Tunnel Orchestrator service utilizes the AP’s active cloud connection to securely push the routing tables and cryptographic material needed to build the data plane tunnels to the Gateway cluster.
- C . Once the switch port authorizes the AP and places it on the management VLAN (VLAN 10), the AP requests a DHCP address and establishes a secure WebSocket connection to HPE Aruba Networking Central.
- D . The upstream AOS-CX switch must dynamically push the IPsec tunnel destination IP addresses directly to the AP via a proprietary RADIUS Vendor-Specific Attribute (VSA) upon successful 802.1X authentication.
- E . The AOS-10 AP acts as an 802.1X supplicant, utilizing its factory-installed Trusted Platform Module (TPM) certificate or a Central-provisioned certificate to authenticate against the wired switch port.
A NOC Operations Engineer is preparing for a massive e-sports tournament in a stadium managed by HPE Aruba Networking Central. The engineer wants to ensure that the APs do not execute any automated, sweeping channel changes during the 8-hour event to prevent momentary client disconnects, regardless of the interference generated by the crowd.
Central -> Global -> Devices
-> Access Points -> RF
AirMatch Mode: [Pending
Selection]
Optimization Schedule: 05:00 AM
Daily
Which configuration action in the Central dashboard fulfills this strict operational requirement?
- A . Apply AirMatch "Freeze" to lock channel, width, and EIRP settings for the APs or stadium folder.
- B . Configure the Access Points into "Monitor Only" mode, which turns off client-serving radios and dedicates the hardware to spectrum analysis.
- C . Temporarily demote the AP group architecture from AOS-10 to legacy AOS 8 firmware to reactivate localized ARM scanning capabilities for RF management.
- D . Change the "Optimization Schedule" to run every 15 minutes to ensure AirMatch rapidly counters the crowd’s interference.