Labour Day Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dumps65

HP HPE6-A81 Dumps

Page: 1 / 6
Total 60 questions

Aruba Certified ClearPass Expert Written Exam Questions and Answers

Question 1

Refer to the exhibit.

as

Your customer has configured the 802.1 X service enforcement conditions with the Endpoint profiling data. When the client connects to the network. ClearPass successfully profiles the client but the client always receives an incorrect enforcement profile The configurations in the Aruba controller are completed correctly What is the cause of the issue?

Options:

A.

An additional authorization source should be configured for profiling to work.

B.

The enforcement policy rules evaluation algorithm is not configured correctly.

C.

The option, use cached roles and posture from previous sessions should be enabled.

D.

The enforcement policy conditions configured with profiling data are not correct

Question 2

Refer to the exhibit.

as

A customer with multiple Aruba Controllers has just installed a new certificate for "'.customerdomain.com- on all Aruba Controllers While testing the existing guest Self-Registration page the customer noticed that the logins are failing While troubleshooting they are finding no entries in the Event Viewer or Access Tracker for the tests Suspecting that the Aruba Controllers may not be properly posting the credentials from the guest browser, they open the NAS Vendor Settings for the Guest Self-Registration Page.

Options:

A.

Add PTR records on the DNS server for "securelogin arubanetworks.com".

B.

Change the "Secure Login' field to "Use Vendor Default".

C.

Change the 'IP Address field to" securelogin.customerdomain.com

D.

Change the "IP Address field to "captiveportal-login.customerdomain.com".

Question 3

A customer has deployed an OnGuard Solution to all the corporate devices using a group policy result to push the OnGuard Agtnts. The network administrator is complaining that soma of the agents are communicating to the ClearPass server that is located in a DMZ. outside the firewall The network administrator wants all of the agents System Health Validation traffic to stay inside the Management subnets.

What can the ClearPass administrator do to move the traffic only to the ClearPass Management Ports?

Options:

A.

Select the correct OnGuard Agent installer, and use the one configured for Management Port for the clients.

B.

Filter TCP port 6658 on the firewall, forcing the OnGuard agent to use the ClearPass Management port.

C.

Configure a Policy Manager Zone mapping so the OnGuard agent will use the Management Port IP.

D.

Edit the agent.conf file being deployed to the clients to use the ClearPass Management Port for SHV updates

Question 4

A customer has a Clear Pass cluster deployment with four servers, two servers at the data center and two servers at a large remote site connected over an SO-WAN solution. The customer would like to implement OnGuard. Guest Self-Registration, and 802.1 X authentication across their entire environment. During testing the customer is complaining that users connecting to an Instant Cluster Employee S5ID at the remote site, with the OnGuard Persistent Agent installed are randomly getting their health check missed.

What could be a possible cause of this behavior?

Options:

A.

The traffic on the TCP port 6658 is congested due to the fact that this port is also used by the IPSec keep-alive packets of the SO-WAN solution.

B.

The OnGuard Clients are automatically mapped to the Policy Manager Zone based on their IP range but an ACL on the switch could be blocking access.

C.

The Aruba-user-role received by the IAP is filtering the TCP port 6658 to the Clear Pass servers and after 10 seconds the SSL fallback gets activated and randomly generates the issue

D.

The ClearPass Policy Manager zones have been defined but the local IP subnets have not but properly mapped to the zones and the OnGuard Agent might connect to any of the servers in the cluster.

Question 5

Refer to the exhibit.

as

as

as

The users connecting to a wireless SSIO "secure-HS-5007" were being processed by an incorrect 802.1 X service created for VIP access and the user gets deny access. The customer has sent you the screenshot to get your support to resolve the issue What changes will you suggest to fix it?

Options:

A.

To the HS_Building 802.1 X service, add another service rule condition with VIP access Aruba-Essid-Name and leave it in same position

B.

In the HS_Building 802.1X service, remove the service rule condition with Aruba controller location name and leave it in same position

C.

Delete the HSBuilding 802 IX service, odd VIP access Aruba-Essid-Name as fourth condition to WSBuilding Aruba 802 1X service

D.

In the HSBuilding 802. IXservice. change the Authentication method for AMCAuth for VIP access and leave it in same position

Question 6

You have designed a ClearPass solution for an Information Technology Business Park with 50,377 concurrent sessions including the visitors. The deployment includes eight ClearPass servers handling RADIUS authentication. Guest Self-Registration. Onboard and OnGuard. CPPM1 is acting as Publisher. CPPM2 to CPPM8 are added as subscriber nodes CPPM4 is the designated Standby Publisher. Servers CPPM2 and CPPM3 will be handling the Guest and Onboard HTTPS traffic. On a few devices, Corporate users will perform username and password based authentication with Active Directory accounts and on few devices, they will be using private CA signed TLS certificates to do the authentication The customer has three Active Directories (AD1, AD2 and A03) part of Multi-Domain Forest. To provide authentication redundancy, the customer has configured multiple Virtual IP settings between ClearPass servers in a cluster.

as

On all the Network Access Devices (NAD), the primary authentication server is configured as the VIP IP address and the secondary authentication server rs configured as CPPM1 MGMT IP address Based on the information provided, which ClearPass nodes will you join to the AD domain

Options:

A.

Join CPPM1. CPPM4 to CPPM7 servers to the AD root domain

B.

Join CPPM2 to CPPM7 ClearPass servers to the AD root domain.

C.

Join all the eight ClearPass servers to AD1, AD2 and AD3 domains.

D.

Join CPPM1. CPPM4 to CPPM8 to the AD1. AD2 and AD3 domains.

Question 7

Refer to the exhibit.

as

When creating a new report, there is in option to send report Notifications by Email Where is the email server configured?

Options:

A.

In the ClearPass Policy Manager Messaging Setup under Administration.

B.

In the Insight report on the next screen of the report definition

C.

In the Insight Reports Interface under Administration on the sidebar menu

D.

In the ClearPass Policy Manager Endpoint Context Servers under Administration.

Question 8

A customer has acquired another company that has its own Active Directory infrastructure. The 802 1X PEAP authentication works with the customer's original Active Directory servers but the customer would like to authenticate users from the acquired company as well.

What steps are required, in regards to the Authentication Sources, in order to support this request? (Select two.)

Options:

A.

Create a new Authentication Source, type Active Directory.

B.

Create a new Authentication Source, type Generic LDAP.

C.

Add the new AD server(s) as backup into the existing Authentication Source.

D.

There is no need to join ClearPass to the new AD domain.

E.

Join the ClearPass server(s) to the new AD domain.

Question 9

A customer is troubleshooting the OnGuard Client Activity and is looking into the Live Monitoring -> OnGuard Activity section. What is the Status field representing for this client ?

as

Options:

A.

the Client health status is HEALTHY

B.

the Client has been successfully profiled

C.

the Client is online and sends keep-alive messages

D.

the Client is successful authenticated

Page: 1 / 6
Total 60 questions