ExamGecko
Search Search Login
Home Home / HP / HPE6-A68

HP HPE6-A68 Practice Test - Questions Answers, Page 4

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A bank would like to deploy ClearPass Guest with web login authentication so that their customers can selfregister on the network to get network access when they have meetings with bank employees. However, they're concerned about security. What is true? (Choose three.)
A customer wants all guests who access a company's guest network to have their accounts approved by the receptionist, before they are given access to the network. How should the network administrator set this up in ClearPass? (Select two.)
Which statement is true about the configuration of a generic LDAP server as an External Authentication server in ClearPass? (Choose three.)
Refer to the exhibit. Based on the Aruba TACACS+ dictionary shown, how is the Aruba-Role attribute used?
What must be configured to enable RADIUS authentication with ClearPass on a network access device (NAD)? (Select two.)
Which authentication protocols can be used for authenticating Windows clients that are Onboarded? (Select two.)
Which licenses are included in the built-in Starter kit for ClearPass?
Refer to the exhibit. An Enforcement Profile has been created in the Policy Manager as shown. Which action will ClearPass take based on this Enforcement Profile?
Refer to the exhibit. In the Aruba RADIUS dictionary shown, what is the purpose of the RADIUS attributes? In the Aruba RADIUS dictionary shown, what is the purpose of the RADIUS attributes?
Refer to the exhibit. Based on the Authentication sources configuration shown, which statement accurately describes the outcome if the user is not found?

Question 31

Report
Export
Collapse

Refer to the exhibit.

A user who is tagged with the ClearPass roles of Role_Engineer and developer, but not testqa, connects to the network with a corporate Windows laptop.

Which Enforcement Profile is applied?

A.
WIRELESS_GUEST_NETWORK
A.
WIRELESS_GUEST_NETWORK
Answers
B.
WIRELESS_CAPTIVE_NETWORK
B.
WIRELESS_CAPTIVE_NETWORK
Answers
C.
WIRELESS_HANDHELD_NETWORK
C.
WIRELESS_HANDHELD_NETWORK
Answers
D.
Deny Access
D.
Deny Access
Answers
E.
WIRELESS_EMPLOYEE_NETWORK
E.
WIRELESS_EMPLOYEE_NETWORK
Answers
Suggested answer: E

Explanation:

MATCHES_ANY: For list data types, true if any of the run-time values in the list match one of the configured values.

Example: Tips:Role MATCHES_ANY HR,ENG,FINANCE

Reference: http://www.arubanetworks.com/techdocs/ClearPass/Aruba_CPPMOnlineHelp/Content/CPPM_User Guide/Rules/Operators.htm

Question 32

Report
Export
Collapse

An SNMP probe is sent from ClearPass to a network access device, but ClearPass is unable to obtain profiling information.

What are likely causes? (Select three.)

A.
Only SNMP read has been configured but SNMP write is needed for profiling information.
A.
Only SNMP read has been configured but SNMP write is needed for profiling information.
Answers
B.
An external firewall is blocking SNMP traffic.
B.
An external firewall is blocking SNMP traffic.
Answers
C.
SNMP is not enabled on the NAD.
C.
SNMP is not enabled on the NAD.
Answers
D.
SNMP community string in the ClearPass and NAD configuration is mismatched.
D.
SNMP community string in the ClearPass and NAD configuration is mismatched.
Answers
E.
SNMP probing is not supported between ClearPass and NADs.
E.
SNMP probing is not supported between ClearPass and NADs.
Answers
Suggested answer: B, C, D

Explanation:

Verify firewall port 162 (default) is open between AMP and the controller.

SNMP must be enabled on the NAD.

The community string that ClearPass is using to access the NAD might be wrong.

Reference: https://community.arubanetworks.com/t5/Monitoring-Management-Location/SNMPGet-Failed-quot-error-message/ta-p/169774

Question 33

Report
Export
Collapse

Which database in the Policy Manager contains the device attributes derived by profiling?

A.
Endpoints Repository
A.
Endpoints Repository
Answers
B.
Client Repository
B.
Client Repository
Answers
C.
Local Users Repository
C.
Local Users Repository
Answers
D.
Onboard Devices Repository
D.
Onboard Devices Repository
Answers
E.
Guest User Repository
E.
Guest User Repository
Answers
Suggested answer: A

Explanation:

Configure [Endpoints Repository] as Authorization Source. Endpoint profile attributes derived by Profile are available through the '[Endpoint Repository]' authorization source.

These attributes can be used in role-mapping or enforcement policies to control network access. Available attributes are:

Authorization:[Endpoints Repository]:MAC Vendor

Authorization:[Endpoints Repository]:Category

Authorization:[Endpoints Repository]:OS Family

Authorization:[Endpoints Repository]:Name

Reference: ClearPass Profiling TechNote (2014), page 29

https://community.arubanetworks.com/aruba/attachments/aruba/ForoenEspanol/653/1/ClearPass%20Profiling%20TechNote.pdf

Question 34

Report
Export
Collapse

When a third party Mobile Device Management server is integrated with ClearPass, where is the endpoint information from the MDM server stored in ClearPass?

A.
Endpoints repository
A.
Endpoints repository
Answers
B.
Onboard Device repository
B.
Onboard Device repository
Answers
C.
MDM repository
C.
MDM repository
Answers
D.
Guest User repository
D.
Guest User repository
Answers
E.
Local User repository
E.
Local User repository
Answers
Suggested answer: A

Explanation:

A service running in CPPM periodically polls MDM servers using their exposed APIs. Device attributes obtained from MDM are added as endpoint tags. Profiler related attributes are send to profiler which uses these attributes to derive final profile.

Reference: ClearPass Profiling TechNote (2014), page 23

https://community.arubanetworks.com/aruba/attachments/aruba/ForoenEspanol/653/1/ClearPass%20Profiling%20TechNote.pdf

Question 35

Report
Export
Collapse

Refer to the exhibit.

Based on the network topology diagram shown, how many clusters are needed for this deployment?

A.
1
A.
1
Answers
B.
2
B.
2
Answers
C.
3
C.
3
Answers
D.
4
D.
4
Answers
E.
8
E.
8
Answers
Suggested answer: D

Explanation:

Reference: http://www.arubanetworks.com/techdocs/ClearPass/Aruba_DeployGd_HTML/Content/5%20Cluster %20Deployment/Design_guidelines.htm

Question 36

Report
Export
Collapse

Refer to the exhibit.

Which statements accurately describe the cp82 ClearPass node? (Select two.)

A.
It becomes the Publisher when the primary Publisher fails.
A.
It becomes the Publisher when the primary Publisher fails.
Answers
B.
It operates as a Publisher in the same cluster as the primary Publisher when the primary is active.
B.
It operates as a Publisher in the same cluster as the primary Publisher when the primary is active.
Answers
C.
It operates as a Publisher in a separate cluster when the Publisher is active.
C.
It operates as a Publisher in a separate cluster when the Publisher is active.
Answers
D.
It operates as a Subscriber when the Publisher is active.
D.
It operates as a Subscriber when the Publisher is active.
Answers
E.
It stays as a Subscriber when the Publisher fails.
E.
It stays as a Subscriber when the Publisher fails.
Answers
Suggested answer: A, D

Explanation:

ClearPass Policy Manager allows you to designate one of the subscriber nodes in a cluster to be the Standby Publisher, thereby providing for that subscriber node to be automatically promoted to active Publisher status in the event that the

Publisher goes out of service. This ensures that any service degradation is limited to an absolute minimum.

When a Publisher failure is detected, the designated subscriber node is promoted to active Publisher status.

Reference: http://www.arubanetworks.com/techdocs/ClearPass/Aruba_DeployGd_HTML/Content/5%20Cluster %20Deployment/Standby_publisher.htm

Question 37

Report
Export
Collapse

Refer to the exhibit.

A customer wants to enable Publisher redundancy.

Based on the network topology diagram shown, which node should the network administrator configure as the standby Publisher for the Publisher in the main data center?

A.
Subscriber in the main data center
A.
Subscriber in the main data center
Answers
B.
Publisher in the regional office
B.
Publisher in the regional office
Answers
C.
Any of the other three Publishers
C.
Any of the other three Publishers
Answers
D.
Publisher in the mid-size branch
D.
Publisher in the mid-size branch
Answers
E.
Publisher in the DMZ
E.
Publisher in the DMZ
Answers
Suggested answer: A

Explanation:

ClearPass Policy Manager allows you to designate one of the subscriber nodes in a cluster to be the Standby Publisher, thereby providing for that subscriber node to be automatically promoted to active Publisher status in the event that the

Publisher goes out of service. This ensures that any service degradation is limited to an absolute minimum.

Reference: http://www.arubanetworks.com/techdocs/ClearPass/Aruba_DeployGd_HTML/Content/5%20Cluster %20Deployment/Standby_publisher.htm

Question 38

Report
Export
Collapse

A customer wants to implement Virtual IP redundancy, such that in case of a ClearPass server outage, 802.1x authentications will not be interrupted. The administrator has enabled a single Virtual IP address on two ClearPass servers.

Which statements accurately describe next steps? (Select two.)

A.
The NAD should be configured with the primary node IP address for RADIUS authentication on the 802.1x network.
A.
The NAD should be configured with the primary node IP address for RADIUS authentication on the 802.1x network.
Answers
B.
A new Virtual IP address should be created for each NAD.
B.
A new Virtual IP address should be created for each NAD.
Answers
C.
Both the primary and secondary nodes will respond to authentication requests sent to the Virtual IP address when the primary node is active.
C.
Both the primary and secondary nodes will respond to authentication requests sent to the Virtual IP address when the primary node is active.
Answers
D.
The primary node will respond to authentication requests sent to the Virtual IP address when the primary node is active.
D.
The primary node will respond to authentication requests sent to the Virtual IP address when the primary node is active.
Answers
E.
The NAD should be configured with the Virtual IP address for RADIUS authentications on the 802.1x network.
E.
The NAD should be configured with the Virtual IP address for RADIUS authentications on the 802.1x network.
Answers
Suggested answer: D, E

Explanation:

In an Aruba network, APs are controlled by a controller. The APs tunnel all data to the controller for processing, including encryption/decryption and bridging/forwarding data. Local controller redundancy provides APs with failover to a backup controller if a controller becomes unavailable.

Local controller redundancy is provided by running VRRP between a pair of controllers. The APs are then configured to connect to the "virtual-IP" configured for the VRRP instance.

Reference: http://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Content/ArubaFrameStyles/VRR P/Redundancy_Parameters.htm

Question 39

Report
Export
Collapse

ClearPass and a wired switch are configured for 802.1x authentication with RADIUS CoA (RFC 3576) on UDP port 3799. This port has been blocked by a firewall between the wired switch and ClearPass.

What will be the outcome of this state?

A.
RADIUS Authentications will fail because the wired switch will not be able to reach the ClearPass server.
A.
RADIUS Authentications will fail because the wired switch will not be able to reach the ClearPass server.
Answers
B.
During RADIUS Authentication, certificate exchange between the wired switch and ClearPass will fail.
B.
During RADIUS Authentication, certificate exchange between the wired switch and ClearPass will fail.
Answers
C.
RADIUS Authentications will timeout because the wired switch will not be able to reach the ClearPass server.
C.
RADIUS Authentications will timeout because the wired switch will not be able to reach the ClearPass server.
Answers
D.
RADIUS Authentication will succeed, but Post-Authentication Disconnect-Requests from ClearPass to the wired switch will not be delivered.
D.
RADIUS Authentication will succeed, but Post-Authentication Disconnect-Requests from ClearPass to the wired switch will not be delivered.
Answers
E.
RADIUS Authentication will succeed, but RADIUS Access-Accept messages from ClearPass to the wired switch for Change of Role will not be delivered.
E.
RADIUS Authentication will succeed, but RADIUS Access-Accept messages from ClearPass to the wired switch for Change of Role will not be delivered.
Answers
Suggested answer: D

Question 40

Report
Export
Collapse

Which statement accurately describes configuration of Data and Management ports on the ClearPass appliance? (Select two.)

A.
Static IP addresses are only allowed on the management port.
A.
Static IP addresses are only allowed on the management port.
Answers
B.
Configuration of the data port is mandatory.
B.
Configuration of the data port is mandatory.
Answers
C.
Configuration on the management port is mandatory.
C.
Configuration on the management port is mandatory.
Answers
D.
Configuration of the data port if optional.
D.
Configuration of the data port if optional.
Answers
E.
Configuration of the management port is optional.
E.
Configuration of the management port is optional.
Answers
Suggested answer: C, D

Explanation:

The Management port (ethernet 0) provides access for cluster administration and appliance maintenance using the WebUI, CLI, or internal cluster communication. This configuration is mandatory.

The configuration of the data port is optional. If this port is not configured, requests are redirected to the Management port.

Reference: http://www.arubanetworks.com/techdocs/ClearPass/Aruba_DeployGd_HTML/Content/1%20About %20ClearPass/Hardware_Appliance.htm

Total 116 questions
Go to page: of 12
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms