ExamGecko
Search Search Login
Home Home / HP / HPE6-A68

HP HPE6-A68 Practice Test - Questions Answers, Page 3

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A bank would like to deploy ClearPass Guest with web login authentication so that their customers can selfregister on the network to get network access when they have meetings with bank employees. However, they're concerned about security. What is true? (Choose three.)
Which authentication protocols can be used for authenticating Windows clients that are Onboarded? (Select two.)
A customer wants all guests who access a company's guest network to have their accounts approved by the receptionist, before they are given access to the network. How should the network administrator set this up in ClearPass? (Select two.)
Which statement is true about the configuration of a generic LDAP server as an External Authentication server in ClearPass? (Choose three.)
Refer to the exhibit. Based on the Aruba TACACS+ dictionary shown, how is the Aruba-Role attribute used?
What must be configured to enable RADIUS authentication with ClearPass on a network access device (NAD)? (Select two.)
Which licenses are included in the built-in Starter kit for ClearPass?
Refer to the exhibit. An Enforcement Profile has been created in the Policy Manager as shown. Which action will ClearPass take based on this Enforcement Profile?
Refer to the exhibit. In the Aruba RADIUS dictionary shown, what is the purpose of the RADIUS attributes? In the Aruba RADIUS dictionary shown, what is the purpose of the RADIUS attributes?
Refer to the exhibit. Based on the Authentication sources configuration shown, which statement accurately describes the outcome if the user is not found?

Question 21

Report
Export
Collapse

A hotel chain deployed ClearPass Guest. When hotel guests connect to the Guest SSID, launch a web browser and enter the address www.google.com, they are unable to immediately see the web login page.

What are the likely causes of this? (Select two.)

A.
The ClearPass server has a trusted server certificate issued by Verisign.
A.
The ClearPass server has a trusted server certificate issued by Verisign.
Answers
B.
The ClearPass server has an untrusted server certificate issued by the internal Microsoft Certificate server.
B.
The ClearPass server has an untrusted server certificate issued by the internal Microsoft Certificate server.
Answers
C.
The ClearPass server does not recognize the client's certificate.
C.
The ClearPass server does not recognize the client's certificate.
Answers
D.
The DNS server is not replying with an IP address for www.google.com.
D.
The DNS server is not replying with an IP address for www.google.com.
Answers
Suggested answer: B, D

Explanation:

You would need a publicly signed certificate.

Reference: http://community.arubanetworks.com/t5/Security/Clearpass-Guest-certificate-error-forguest-visitors/td-p/221992

Question 22

Report
Export
Collapse

Refer to the exhibit.

An Enforcement Profile has been created in the Policy Manager as shown.

Which action will ClearPass take based on this Enforcement Profile?

A.
ClearPass will count down 600 seconds and send a RADIUS CoA message to the user to end the user's session after this time is up.
A.
ClearPass will count down 600 seconds and send a RADIUS CoA message to the user to end the user's session after this time is up.
Answers
B.
ClearPass will send the Session-Timeout attribute in the RADIUS Access-Accept packet to the NAD and the NAD will end the user's session after 600 seconds.
B.
ClearPass will send the Session-Timeout attribute in the RADIUS Access-Accept packet to the NAD and the NAD will end the user's session after 600 seconds.
Answers
C.
ClearPass will count down 600 seconds and send a RADIUS CoA message to the NAD to end the user's session after this time is up.
C.
ClearPass will count down 600 seconds and send a RADIUS CoA message to the NAD to end the user's session after this time is up.
Answers
D.
ClearPass will send the Session-Timeout attribute in the RADIUS Access-Request packet to the NAD and the NAD will end the user's session after 600 seconds.
D.
ClearPass will send the Session-Timeout attribute in the RADIUS Access-Request packet to the NAD and the NAD will end the user's session after 600 seconds.
Answers
E.
ClearPass will send the Session-Timeout attribute in the RADIUS Access-Accept packet to the User and the user's session will be terminated after 600 seconds.
E.
ClearPass will send the Session-Timeout attribute in the RADIUS Access-Accept packet to the User and the user's session will be terminated after 600 seconds.
Answers
Suggested answer: E

Explanation:

Session Timeout (in seconds) - Configure the agent session timeout interval to re-evaluate the system health again. OnGuard triggers auto-remediation using this value to enable or disable AV-RTP status check on endpoint. Agent re-authentication is determined based on session-time out value.

You can specify the session timeout interval from 60 – 600 seconds. Setting the lower value for session timeout interval results numerous authentication requests in Access Tracker page. The default value is 0.

Reference: http://www.arubanetworks.com/techdocs/ClearPass/Aruba_CPPMOnlineHelp/Content/CPPM_User Guide/Enforce/EPAgent_Enforcement.htm

Question 23

Report
Export
Collapse

Refer to the exhibit.

Based on the information shown, what is the purpose of using [Time Source] for authorization?

A.
to check how long it has been since the last login authentication
A.
to check how long it has been since the last login authentication
Answers
B.
to check whether the guest account expired
B.
to check whether the guest account expired
Answers
C.
to check whether the MAC address is in the MAC Caching repository
C.
to check whether the MAC address is in the MAC Caching repository
Answers
D.
to check whether the MAC address status is known in the endpoints table
D.
to check whether the MAC address status is known in the endpoints table
Answers
E.
to check whether the MAC address status is unknown in the endpoints table
E.
to check whether the MAC address status is unknown in the endpoints table
Answers
Suggested answer: D

Question 24

Report
Export
Collapse

A customer with an Aruba Controller wants it to work with ClearPass Guest.

How should the customer configure ClearPass as an authentication server in the controller so that guests are able to authenticate successfully?

A.
Add ClearPass as a RADIUS CoA server.
A.
Add ClearPass as a RADIUS CoA server.
Answers
B.
Add ClearPass as a RADIUS authentication server.
B.
Add ClearPass as a RADIUS authentication server.
Answers
C.
Add ClearPass as a TACACS+ authentication server.
C.
Add ClearPass as a TACACS+ authentication server.
Answers
D.
Add ClearPass as an HTTPS authentication server.
D.
Add ClearPass as an HTTPS authentication server.
Answers
Suggested answer: B

Explanation:

5. Configuring the Aruba Controller

5.1 Add Clearpass as RADIUS Server

Navigate to Configuration > SECURITY > Authentication > Servers

Click on RADIUS Server and enter the Name of your Clearpass Server: myClearpass Click Add Click on myClearpass in the Server List Etc.

Reference: https://community.arubanetworks.com/t5/Security/Step-by-Step-Controller-CPPM-6-5-Captive-Portal-authentication/td-p/229740

Question 25

Report
Export
Collapse

Refer to the exhibit.

Based on the Enforcement Policy configuration shown, when a user with Role Remote Worker connects to the network and the posture token assigned is quarantine, which Enforcement Profile will be applied?

A.
RestrictedACL
A.
RestrictedACL
Answers
B.
Remote Employee ACL
B.
Remote Employee ACL
Answers
C.
[Deny Access Profile]
C.
[Deny Access Profile]
Answers
D.
EMPLOYEE_VLAN
D.
EMPLOYEE_VLAN
Answers
E.
HR VLAN
E.
HR VLAN
Answers
Suggested answer: B

Explanation:

The first rule will match, and the Remote Employee ACL will be used.

Question 26

Report
Export
Collapse

Refer to the exhibit.

Based on the Access Tracker output for the user shown, which statement describes the status?

A.
The Aruba Terminate Session enforcement profile as applied because the posture check failed.
A.
The Aruba Terminate Session enforcement profile as applied because the posture check failed.
Answers
B.
A Healthy Posture Token was sent to the Policy Manager.
B.
A Healthy Posture Token was sent to the Policy Manager.
Answers
C.
A RADIUS-Access-Accept message is sent back to the Network Access Device.
C.
A RADIUS-Access-Accept message is sent back to the Network Access Device.
Answers
D.
The authentication method used is EAP-PEAP.
D.
The authentication method used is EAP-PEAP.
Answers
E.
A NAP agent was used to obtain the posture token for the user.
E.
A NAP agent was used to obtain the posture token for the user.
Answers
Suggested answer: B

Explanation:

We see System Posture Status: HEALTHY(0)

End systems that pass all SHV tests receive a Healthy Posture Token, if they fail a single test they receive a Quarantine Posture Token.

Reference: CLEARPASS ONGUARD CONFIGURATION GUIDE (July 2015), page 13

https://community.arubanetworks.com/aruba/attachments/aruba/aaa-nac-guest-accessbyod/21122/1/OnGuard%20config%20Tech%20Note%20v1.pdf

Question 27

Report
Export
Collapse

Why can the Onguard posture check not be performed during 802.1x authentication?

A.
Health Checks cannot be used with 802.1x.
A.
Health Checks cannot be used with 802.1x.
Answers
B.
Onguard uses RADIUS, so an additional service must be created.
B.
Onguard uses RADIUS, so an additional service must be created.
Answers
C.
Onguard uses HTTPS, so an additional service must be created.
C.
Onguard uses HTTPS, so an additional service must be created.
Answers
D.
Onguard uses TACACS, so an additional service must be created.
D.
Onguard uses TACACS, so an additional service must be created.
Answers
E.
802.1x is already secure, so Onguard is not needed.
E.
802.1x is already secure, so Onguard is not needed.
Answers
Suggested answer: C

Explanation:

OnGuard uses HTTPS to send posture information to the ClearPass appliance. For OnGuard to use

HTTPS, it must have access to the network. If a customer requires 802.1x authentication on the wiredswitch, a separate 802.1x authentication must be used prior to the OnGuard posture check. In thisexample, an 802.1x PEAP-EAP-

MSCHAPv2 authentication is completed first. A separate WebAuthservice must be setup with posture checks to use the OnGuard agent.

Reference: MAC Authentication and OnGuard Posture Enforcement using Dell WSeries ClearPass and Dell Networking Switches (August 2013), page 21

Question 28

Report
Export
Collapse

Refer to the exhibit.

Based on the Enforcement Profile configuration shown, which statement accurately describes what is sent?

A.
A limited access VLAN value is sent to the Network Access Device.
A.
A limited access VLAN value is sent to the Network Access Device.
Answers
B.
An unhealthy role value is sent to the Network Access Device.
B.
An unhealthy role value is sent to the Network Access Device.
Answers
C.
A message is sent to the Onguard Agent on the client device.
C.
A message is sent to the Onguard Agent on the client device.
Answers
D.
A RADIUS CoA message is sent to bounce the client.
D.
A RADIUS CoA message is sent to bounce the client.
Answers
E.
A RADIUS access-accept message is sent to the Controller
E.
A RADIUS access-accept message is sent to the Controller
Answers
Suggested answer: C

Explanation:

The OnGuard Agent enforcement policy retrieves the posture token. If the token is HEALTHY it returns a healthy message to the agent and bounces the session. If the token is UNHEALTHY it returns an unhealthy message to the agent and bounces the session.

Reference: CLEARPASS ONGUARD CONFIGURATION GUIDE (July 2015), page 27

Question 29

Report
Export
Collapse

A ClearPass administrator wants to make Enforcement decisions during 802.1x authentication based on a client's Onguard posture token.

Which Enforcement profile should be used on the health check service?

A.
RADIUS CoA
A.
RADIUS CoA
Answers
B.
Quarantine VLAN
B.
Quarantine VLAN
Answers
C.
Full Access VLAN
C.
Full Access VLAN
Answers
D.
RADIUS Accept
D.
RADIUS Accept
Answers
E.
RADIUS Reject
E.
RADIUS Reject
Answers
Suggested answer: A

Explanation:

The Health Check Service requires a profile to terminate the session so that the RADIUS 802.1X authentication Service can use the posture token in a new authentication routine. The terminate session profile will utilize the Change of

Authorization feature to force a re-authentication.

See step 6) below.

Navigate to the list of Enforcement Profiles by selecting, Configuration > Enforcement > Profiles.

2. Click the + Add link in the upper right hand corner.

3. From the Template dropdown menu, choose RADIUS Change of Authorization (CoA).

4. Name the policy.

This example uses Dell Terminate Session as the profile name.

5. Leave all the other settings as default, and click Next > to move to the Attributes tab.

6. On the dropdown menu for Select RADIUS CoA Template, choose IETF-Terminate-Session-IETF.

7. Click Next > and review the Summary tab (Figure 22).

8. Click Save.

Reference: ClearPass NAC and Posture Assessment for Campus Networks Configuring ClearPass OnGuard, Switching, and Wireless (v1.0) (September 2015), page 22 http://en.community.dell.com/cfs-file/__key/telligent-evolution-components-attachments/13-4629- 00-00-20-44-16-18/

ClearPass-NAC-and-Posture-Assessment-for-Campus- Networks.pdf?forcedownload=true

Question 30

Report
Export
Collapse

Refer to the exhibit.

Based on the Endpoint information shown, which collectors were used to profile the device as Apple iPad? (Select two.)

A.
HTTP User-Agent
A.
HTTP User-Agent
Answers
B.
SNMP
B.
SNMP
Answers
C.
DHCP fingerprinting
C.
DHCP fingerprinting
Answers
D.
SmartDevice
D.
SmartDevice
Answers
E.
Onguard Agent
E.
Onguard Agent
Answers
Suggested answer: A, C

Explanation:

HTTP User-Agent

In some cases, DHCP fingerprints alone cannot fully classify a device. A common example is the Apple family of smart devices; DHCP fingerprints cannot distinguish between an Apple iPad and an iPhone. In these scenarios, User-Agent strings sent by browsers in the HTTP protocol are useful to further refine classification results.

User-Agent strings are collected from:

* ClearPass Guest

* ClearPass Onboard

* Aruba controller through IF-MAP interface

Note: Collectors are network elements that provide data to profile endpoints.

The following collectors send endpoint attributes to Profile:

* DHCP

DHCP snooping

Span ports

* ClearPass Onboard

* HTTP User-Agent

*MAC OUI – Acquired via various auth mechanisms such as 802.1X, MAC auth, etc.

* ActiveSync plugin

* CPPM OnGuard

*SNMP

* Subnet Scanner

* IF-MAP

* Cisco Device Sensor (Radius Accounting)

* MDM

Reference: Tech Note: ClearPass Profiling (2014), page 11

https://community.arubanetworks.com/aruba/attachments/aruba/ForoenEspanol/653/1/ClearPass%20Profiling%20TechNote.pdf

Total 116 questions
Go to page: of 12
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms