When performing live firmware upgrades on Aruba APs. which technology partitions all the APs based on RF neighborhood data minimizing the impact on clients?

Correct Answer:C
Aruba AirMatch is a feature that optimizes RF Radio Frequency. RF is any frequency within the electromagnetic spectrum associated with radio wave propagation. When an RF current is supplied to an antenna, an electromagnetic field is created that then is able to propagate through space. performance and user experience by using machine learning algorithms and historical data to dynamically adjust AP power levels, channel assignments, and channel width. AirMatch performs live firmware upgrades on Aruba APs by partitioning all the APs based on RFneighborhood data and minimizing the impact on clients. AirMatch uses a rolling upgrade process that upgrades one partition at a time while ensuring that adjacent partitions are not upgraded simultaneously. References: https://www.arubanetworks.com/assets/ds/DS_AirMatch.pdfhttps://www.arubanetworks.co m/techdocs/ArubaOS_86_Web_Help/Content/arubaos-solutions/arm/AirMatch.htm

What does WPA3-Personal use as the source to generate a different Pairwise Master Key (PMK) each time a station connects to the wireless network?

Correct Answer:A
The source that WPA3-Personal uses to generate a different Pairwise Master Key (PMK) each time a station connects to the wireless network is session-specific information (MACs and nonces). WPA3-Personal uses Simultaneous Authentication of Equals (SAE) to replace PSK authentication in WPA2-Personal. SAE is a secure key establishment protocol that uses a Diffie-Hellman key exchange to derive a shared secret between two parties without revealing it to an eavesdropper. SAE involves the following steps:
✑ The station and the access point exchange Commit messages that contain their
MAC addresses and random numbers called nonces.
✑ The station and the access point use their own passwords and the received MAC addresses and nonces to calculate a shared secret called SAE Password Element (PE).
✑ The station and the access point use their own PE and the received MAC addresses and nonces to calculate a shared secret called SAE Key Seed (KS).
✑ The station and the access point use their own KS and the received MAC addresses and nonces to calculate a shared secret called SAE Key Confirmation Key (KCK).
✑ The station and the access point use their own KCK and the received MAC addresses and nonces to calculate a confirmation value called SAE Confirm.
✑ The station and the access point exchange Confirm messages that contain their SAE Confirm values.
✑ The station and the access point verify that the received SAE Confirm values match their own calculated values. If they match, the authentication is successful and the station and the access point have established a shared secret called SAE PMK.
The SAE PMK is different for each session because it depends on the MAC addresses and nonces that are exchanged in each authentication process. The SAE PMK is used as an input for the 4-way handshake that generates the Pairwise Temporal Key (PTK) for encrypting data frames.
The other options are not sources that WPA3-Personal uses to generate a different PMK each time a station connects to the wireless network because:
✑ Opportunistic Wireless Encryption (OWE): OWE is a feature that provides
encryption for open networks without requiring authentication or passwords. OWE uses a similar key establishment protocol as SAE, but it does not generate a PMK. Instead, it generates a Pairwise Secret (PS) that is used as an input for the 4-way handshake that generates the PTK.
✑ Simultaneous Authentication of Equals (SAE): SAE is not a source, but a protocol
that uses session-specific information as a source to generate a different PMK
each time a station connects to the wireless network.
✑ Key Encryption Key (KEK): KEK is not a source, but an output of the 4-way handshake that generates the PTK. KEK is used to encrypt group keys that are distributed by the access point.
References: https://www.wi-fi.org/discover-wi-fi/wi-fi-certified-6e https://www.wi-fi.org/file/wi- fi-alliance-unlicensed-spectrum-in-the-us https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9100ax-access- points/wpa3-dep-guide-og.html https://info.support.huawei.com/info- finder/encyclopedia/en/WPA3.html https://rp.os3.nl/2019-2020/p99/presentation.pdf

Based on the "snow ip route" output on an AruDaCX 8400. what type of route is "10.1 20
0/24, vrf default via 10.1.12.2. [1/0]"?

Correct Answer:B
A static route is a route that is manually configured on a router or switch and does not change unless it is modified by an administrator. Static routes are used to specify how traffic should reach specific destinations that are not directly connected to the device or that are not reachable by dynamic routing protocols. In Aruba CX switches, static routes can be configured using the ip route command in global configuration mode. Based on the ??show ip route?? output on an Aruba CX 8400 switch, the route ??10.1 20 0/24, vrf default via 10.1.12.2, [1/0]?? is a static route because it has an administrative distance of 1 and a metric of 0, which are typical values for static routes. References: https://en.wikipedia.org/wiki/Static_routing https://www.arubanetworks.com/techdocs/AOS- CX_10_04/NOSCG/Content/cx-noscg/ip-routing/static- routes.htmhttps://www.arubanetworks.com/techdocs/AOS-CX_10_04/NOSCG/Content/cx- noscg/ip-routing/show-ip-route.htm

Which statement about manual switch provisioning with Aruba Central is correct?

Correct Answer:B
Manual provisioning is a method to add switches to Aruba Central without using DHCP or DNS. It requires the user to enter the switch serial number, MAC address, and activation code in Aruba Central, and then configure the switch with the same activation code and Aruba Central??s IP address. References:https://help.central.arubanetworks.com/latest/documentation/online_help/conte nt/devices/switches/provisioning/manual-provisioning.htm

When measuring signal strength, dBm is commonly used and 0 dBm corresponds to 1 mW power.
What does -20 dBm correspond to?

Correct Answer:B
dBm is a unit of power that measures the ratio of a given power level to 1 mW. The formula to convert dBm to mW is: P(mW) = 1mW * 10^(P(dBm)/10). Therefore, - 20 dBm corresponds to 0.01 mW, as follows: P(mW) = 1mW * 10^(-20/10) = 0.01 mW References:https://www.rapidtables.com/convert/power/dBm_to_mW.html

You are in a meeting with a customer where you are asked to explain the network redundancy feature Multiple Spanning Tree (MSTP). What is the correct statement for this feature?

Correct Answer:B
MSTP Multiple Spanning Tree Protocol. MSTP is an IEEE standard protocol for preventing loops in a network with multiple VLANs. MSTP allows multiple VLANs to be mapped to a reduced number of spanning-tree instances. configuration ID consists of two parameters: name and revision. The name is a 32-byte ASCII string that identifies the MSTP region, which is a group of switches that share the same configuration ID and VLAN- to-instance mapping. The revision is a 16-bit number that indicates the version of the configuration ID. By default, the MSTP configuration ID name is set to the switch IMC address, which is a unique identifier derived from the MAC address Media Access Control address. MAC address is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment. of the switch. References:https://www.arubanetworks.com/techdocs/ArubaOS_86_Web_Help/Content/ar ubaos-solutions/mstp/mstp.htm