Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

HP HPE6-A81 - Aruba Certified ClearPass Expert Written Exam

HP HPE6-A81 Premium Access     Download Demo    
Page: 1 / 2
Total 60 questions

A customer has deployed an OnGuard Solution to all the corporate devices using a group policy result to push the OnGuard Agtnts. The network administrator is complaining that soma of the agents are communicating to the ClearPass server that is located in a DMZ. outside the firewall The network administrator wants all of the agents System Health Validation traffic to stay inside the Management subnets.

What can the ClearPass administrator do to move the traffic only to the ClearPass Management Ports?

A.

Select the correct OnGuard Agent installer, and use the one configured for Management Port for the clients.

B.

Filter TCP port 6658 on the firewall, forcing the OnGuard agent to use the ClearPass Management port.

C.

Configure a Policy Manager Zone mapping so the OnGuard agent will use the Management Port IP.

D.

Edit the agent.conf file being deployed to the clients to use the ClearPass Management Port for SHV updates

Refer to the exhibit.

A customer has incomplete information for endpoints in the Endpoint Repository. In order to make accurate decisions about what types of devices are connecting to the network. ClearPass is enabled to process the device information from IF-MAP interface, but no updates are received. What can the customer do to update those endpoints using IF-MAP?

A.

Configure ClearPass Management IP in the DHCP Helper address

B.

Configure IF-MAP on all networking devices to send additional information to ClearPass

C.

Configure IF-MAP only on Aruba Mobility Controller, providing ClearPass username and password

D.

Configure the authentication service to Audit the endpoints using, the embedded Nmap Server

Refer to the exhibit.

A customer has configured Onboard in a cluster. After the Primary server's failure, the BYOD devices fail to connect to the network. Which step below is the best starting point when troubleshooting'

A.

Verify the CPPM hostname in OSCP URL under TLS authentication method is updated to localhost instead of primary server's hostname.

B.

Reboot the active ClearPass server and reconnect the client to the SSID by selecting the correct certificate when prompted.

C.

Check if a DNS entry is available for the ClearPass hostname in the certificate, resolvable from the DNS server assigned to the client.

D.

Check EAP certificate on the secondary node is issued by the same common root Certificate Authority (CA).

A customer has acquired another company that has its own Active Directory infrastructure. The 802 1X PEAP authentication works with the customer's original Active Directory servers but the customer would like to authenticate users from the acquired company as well.

What steps are required, in regards to the Authentication Sources, in order to support this request? (Select two.)

A.

Create a new Authentication Source, type Active Directory.

B.

Create a new Authentication Source, type Generic LDAP.

C.

Add the new AD server(s) as backup into the existing Authentication Source.

D.

There is no need to join ClearPass to the new AD domain.

E.

Join the ClearPass server(s) to the new AD domain.

The customer would like to add a default common self-registration sponsor email under the initial value on all the ten self-registration pages created for different locations except for the guest registration page created for Sunnyvale location to use a different sponsor email in initial value. Under self-registration form fields, you have "Edit" and "Edit Base Field"

Which edit options will you choose to make minimal configuration changes to implement the customer's requirement? (Select two)

A.

Update the common sponsor email by clicking the "Edit" option of the sponsor email form field on the one of the self-registration register form page

B.

Update the sponsor email by clicking on both "Edit" and "Edit Base Field" options of the sponsor_email filed on the Sunnyvale register page

C.

Update the specific sponsor email by clicking on "Edit Base Field" option of the sponsor_email form filed on the Sunnyvale location register form page

D.

Update the common sponsor email by clicking the "Edit Base Field" option of the sponsor_email form field on the one of the self-registration form page

E.

Update the specific sponsor email by clicking on the "Edit" option of the sponsor_email form filed on the Sunnyvale self-registration register form page

Refer to the exhibit.

You are doing a ClearPass PoC at a customer site with a single Aruba Mobility Controller. The customer asked for a demonstration of a simple Web Login functionality. You used a service template to create the guest services. During testing, the user gets redirected back to the weblogin page with an Authentication failed message The guest configurations on the Aruba Mobility Controller are configured correctly Why would the guest fail to authenticate successfully?

A.

The authentication source mapped in the service is incorrect It should be mapped as [Guest Device Repository! (Local SQL DB].

B.

The Unique-Device- Count does not allow any Client devices. Update the Enforcement policy condition: Unique-Device-Count.

C.

The username and/or password used for authentication is incorrect Re-enter the correct password on the weblogin page.

D.

The username used for authentication does not exist in the Guest User Database. Create a new user and authenticate again

Refer to the exhibit.

A customer has configured Onboard in a cluster with two nodes. All devices were onboarded in the network through node1 but those clients fail to authenticate through node2 with the error shown What steps would you suggest to make provisioning and authentication work across the entire cluster? (Select three)

A.

Configure the Network Settings in Onboard to trust the Policy Manager EAP certificate.

B.

Have all of the BYOO clients disconnect and reconnect to the network.

C.

Configure the Onboard Root CA to trust the Policy Manager EAP certificate root.

D.

Make sure that the EAP certificates on both nodes are issued by one common root Certificate Authority (CA).

Refer to the exhibit.

Your customer has configured the 802.1 X service enforcement conditions with the Endpoint profiling data. When the client connects to the network. ClearPass successfully profiles the client but the client always receives an incorrect enforcement profile The configurations in the Aruba controller are completed correctly What is the cause of the issue?

A.

An additional authorization source should be configured for profiling to work.

B.

The enforcement policy rules evaluation algorithm is not configured correctly.

C.

The option, use cached roles and posture from previous sessions should be enabled.

D.

The enforcement policy conditions configured with profiling data are not correct

Which statements art true about Aruba down loadable user roles? (select three)

A.

Administering downloadable user roles can be difficult for a large enterprise.

B.

Can be applied only on ports or WLAN users authenticated by ClearPass.

C.

Can use these result for other authentication methods not involving ClearPass.

D.

Aruba downloadable user role are universally available across the environment.

E.

Aruba downloadable user role is a built in enforcement template in ClearPass.

F.

Downloadable role names must be defined in Aruba switch or controller.

Which statements are true about that integration between ClearPass Policy Manager and ClearPass Device Insight? (Select two)

A.

Policy Manager stops using ClearPass Profiler for fingerprinting and uses Device Insight Analyzer instead for endpoint in-depth data analysis.

B.

ClearPass Device Insight updates ClearPass Policy Manager every 60 minutes if it detects a change in device classification like device spoofing.

C.

To provide enhanced profiling and reporting. additional configuration is required to transmit data in both directions between CPPM and Device Insight.

D.

When Device Insight integration mode is enabled. you can still use Update Fingerprint button to Update Endpoints at Configuration > Identity > Endpoints

E.

An attribute named Device Insight Tags art added to the Endpoints that art available to use in service, role-mapping, and enforcement policy Rules