Download Free Latest HPE6-A81 Test Questions and Answers

test2022-01-04T03:16:42+00:00

Aruba Certified ClearPass Expert (ACCX) certification validates that the candidate is able to design, configure, and troubleshoot various ClearPass products commonly used in large scale customer deployments. This included ClearPass policy manager, Guest, Profiling, Onboarding, Onguard, Posture, Clustering, Redundancy, and external server integration.

Before preparing for HPE6-A81 exam, you may check out a free HPE6-A81 demo to see what the questions are like. FreeTestShare offers a free practice test for the Aruba Certified ClearPass Expert Written Exam to demonstrate the dump validity. To assist you in making the best decision, the HPE6-A81 demo thoroughly describes what you will get in the HPE6-A81 test questions.

Page 1 of 2

1. You art deploying Cleat Pass Policy Manager with Guest functionality for a customer with multiple Aruba Networks Mobility Controllers. The customer wants to avoid SSL errors during guest access but due to company security policy cannot use a wildcard certificate on ClearPass or the Controllers.

What is the most efficient way to configure the customer's guest solution? (Select two.)

Install the same public certificate on all Controllers with the common name "controller. {company domain)

Build multiple Web Login pages with vendor settings configured for each controller

Build one Web Login page with vendor settings for captiveportal-controller (company domain)

Build one Web Login page with vendor settings for controller (company domain)

Install multiple public certificates with a different Common Name on each controller

2. A customer has a Clear Pass cluster deployment with four servers, two servers at the data center and two servers at a large remote site connected over an SO-WAN solution. The customer would like to implement OnGuard. Guest Self-Registration, and 802.1 X authentication across their entire environment. During testing the customer is complaining that users connecting to an Instant Cluster Employee S5ID at the remote site, with the OnGuard Persistent Agent installed are randomly getting their health check missed.

What could be a possible cause of this behavior?

The traffic on the TCP port 6658 is congested due to the fact that this port is also used by the IPSec keep-alive packets of the SO-WAN solution.

The OnGuard Clients are automatically mapped to the Policy Manager Zone based on their IP range but an ACL on the switch could be blocking access.

The Aruba-user-role received by the IAP is filtering the TCP port 6658 to the Clear Pass servers and after 10 seconds the SSL fallback gets activated and randomly generates the issue

The ClearPass Policy Manager zones have been defined but the local IP subnets have not but properly mapped to the zones and the OnGuard Agent might connect to any of the servers in the cluster.

3. Refer to the exhibit.

A customer is trying to configure a TACACS Authentication Service for administrative what could be the reason for the Login Status REJECT?

The password used by the administrative user is wrong.

The Enforcement profile used is not a TACACS profile.

The Read-only Administrator role does not exist on the Controller.

The Enforcement profile is not designed to be used on Aruba Controller

4. You have designed a ClearPass solution for an Information Technology Business Park with 50,377 concurrent sessions including the visitors. The deployment includes eight ClearPass servers handling RADIUS authentication. Guest Self-Registration. Onboard and OnGuard. CPPM1 is acting as Publisher. CPPM2 to CPPM8 are added as subscriber nodes CPPM4 is the designated Standby Publisher. Servers CPPM2 and CPPM3 will be handling the Guest and Onboard HTTPS traffic. On a few devices, Corporate users will perform username and password based authentication with Active Directory accounts and on few devices, they will be using private CA signed TLS certificates to do the authentication The customer has three Active Directories (AD1, AD2 and A03) part of Multi-Domain Forest. To provide authentication redundancy, the customer has configured multiple Virtual IP settings between ClearPass servers in a cluster.

On all the Network Access Devices (NAD), the primary authentication server is configured as the VIP IP address and the secondary authentication server rs configured as CPPM1 MGMT IP address.

Based on the information provided, which ClearPass nodes will you join to the AD domain

Join CPPM1. CPPM4 to CPPM7 servers to the AD root domain

Join CPPM2 to CPPM7 ClearPass servers to the AD root domain.

Join all the eight ClearPass servers to AD1, AD2 and AD3 domains.

Join CPPM1. CPPM4 to CPPM8 to the AD1. AD2 and AD3 domains.

5. A customer has created a Guest Self-Registration page that they would like to use it as 'template' for all the new pages that are going to be created from now on. Their goal is to ensure that the header and footer on every page are the same, and any edits made to them are automatically reflected on every Self-Registration Page.

What should be configured in order to accomplish this request?

Save the "template" page as Master Self'Registration page.

Copy the "template" page and edit it each time a new Self-Registration Page is needed.

Create child pages when creating new Self-Registration pages and select the "template" as Parent.

Save this "template" page as a new Skin to be used on other Self-Registration pages.

6. 1. Refer to the exhibit.

A customer has just configured a Posture Policy and the T 2 -Health check Service. Next they installed the OnGuard Agent on a test client connected to the Secure_Employee SSID. When they check Access Tracker they see many WEBAUTH requests are being triggered.

What could be the reason?

The OnGuard Agent trigger the events based on changing the Health Status.

The OnGuard Agent is connecting to the Data Port interface on ClearPass.

TCP port 6658 is not allowed between the client and the ClearPass server.

OnGuard Web-Based Health Check interval has been configured to three minutes.

7. Which statement is true about Radius IETF attributes Called-Stat ion-Id and Calling-Station-ld?

Called-Station-ld contains the mac address of the supplicant while Calling-Station-ld contains the mac address of the authenticator.

Called-Station-Id contains the mac address of the supplicant and SSID name while Calling-Station-Id contains the mac address of the authenticator.

Called-Station-ld contains the mac address of the authenticator while Calling-Station-Id contains the mac address of the supplicant.

Called-Station-ld contains the mac address of the authenticator while Calling-Station-ld contains the mac address of the supplicant and SSID name.

8. A customer has acquired another company that has its own Active Directory infrastructure. The 802 1X PEAP authentication works with the customer's original Active Directory servers but the customer would like to authenticate users from the acquired company as well.

What steps are required, in regards to the Authentication Sources, in order to support this request? (Select two.)

Create a new Authentication Source, type Active Directory.

Create a new Authentication Source, type Generic LDA

Add the new AD server(s) as backup into the existing Authentication Source.

There is no need to join ClearPass to the new AD domain.

Join the ClearPass server(s) to the new AD domain.

9. Which using Allow All MAC AUTH, which authentication source should be mapped to the service?

Static Host List

Endpoint Database

Guest Device Database

Any Authentication source

10. A customer would like to allow only the AD users with the "Manager" title from the "HO" location to Onboard their personal devices. Any other AD users should not be authorized to pass beyond the initial device provisioning page .

Which Onboard service will you use to implement this requirement?

Onboard Authorization service

Onboard Pre-Auth service

Onboard Provisioning service

Onboard CP login service

Page 2 of 2

11. A customer is planning to implement machine and user authentication on infrastructure with one Aruba Controller and a single ClearPass Server .

What should the customer consider while designing this solution? (Select three.)

The customer does not need to worry about Multi-Master Catht Survivability because the Controller will also cache the machine state.

The Windows User must log off. restart or disconnect their machine to initiate a machine authentication before the cache expires.

The machine authentication status rs written in the Multi-master cache on the ClearPass Server for 24 hrs

The Customer should enable Multi-Master Cache Survivability as the Aruba Controller will not cache the machine state.

Machine Authentication only uses EAP TL

as such a PKI infrastructure should be in place for machine authentication.

Onboard must be used to install the Certificates on the personal devices to do the user and machine authentication

12. Refer to the exhibit.

A customer is doing a new ClearPass installation and is setting up clustering between two ClearPass servers running a 6.8.6 version. The ClearPass server failed to add the subscriber node. The customer was able to login to the console of the ClearPass server with the same CLI password used during the cluster setup. The customer has sent you the screenshots seeking your support.

Why did an attempt to add a subscriber node failed showing that error?

The data and time in the subscriber was not synchronized with the NTP server

The subscriber server is running with a default self -signed HTTPS certificate

The default database certificate used in the publisher server is not a valid certificate

The subscriber server is running with a public signed and trusted HTTPS certificate

13. What is used to validate the EAP Certificate? (Select two.)

Key usage

Date

Server Identity

SAN entries

Common Name

14. When building an SNMP-based enforcement profile what option can you assign to the user as actions? (Select three).

Enforce a VLAN ID for the client

Set a session timeout for the client

Enforce Firewall policies

Send captive portal web re-direct URL

ClearPass Downloadable Role

Reset the connection after the settings has been pushed

15. Refer to the exhibit.

A customer has incomplete information for endpoints in the Endpoint Repository. In order to make accurate decisions about what types of devices are connecting to the network. ClearPass is enabled to process the device information from IF-MAP interface, but no updates are received .

What can the customer do to update those endpoints using IF-MAP?

Configure ClearPass Management IP in the DHCP Helper address

Configure IF-MAP on all networking devices to send additional information to ClearPass

Configure IF-MAP only on Aruba Mobility Controller, providing ClearPass username and password

Configure the authentication service to Audit the endpoints using, the embedded Nmap Server

Download Free Latest HPE6-A81 Test Questions and Answers

Download Free Latest HPE6-A81 Test Questions and Answers

Share this post

Author

Leave a Reply Cancel reply

Related Posts