This page was exported from IT Certification Exam Braindumps [ http://blog.braindumpsit.com ] Export date:Sat Apr 12 19:10:06 2025 / +0000 GMT ___________________________________________________ Title: [UPDATED 2022] HP HPE6-A68 Questions Prepare with Free Demo of PDF [Q52-Q74] --------------------------------------------------- [UPDATED 2022] HP HPE6-A68 Questions Prepare with Free Demo of PDF NEW 2022 Certification Sample Questions HPE6-A68 Dumps & Practice Exam NEW QUESTION 52Refer to the exhibit.Based on the Translation Rule configuration shown, what will be the outcome?  An AD user from group Administrators will be assigned the operator profile of IT Administrators.  All ClearPass Policy Manager admin users who are members of the Administrators AD group will be assigned the TACACS profile of IT Administrators.  All active directory users will be assigned the operator profile of IT Administrators.  A user from AD group MatchAdmin will be assigned the operator profile of IT Administrators. NEW QUESTION 53Refer to the exhibit.What can be concluded from the Access Tracker output shown?  The client used incorrect credentials to authenticate to the network.  ClearPass does not have a service enabled for MAC authentication.  The client MAC address is not present in the Endpoints table in the CrearPass database.  The RADIUS client on the Windows server failed to categorize the service correctly.  The client wireless profile is incorrectly setup. NEW QUESTION 54Why can’t the Onguard posture check be done during 802.1x authentication?  Onguard uses TACACS so an additional service must be created.  802.1x is already secure so Onguard is not needed.  Health Checks can’t be used with 802.1x.  Onguard uses RADIUS so an additional service must be created.  Onguard uses HTTPS so an additional service must be created. NEW QUESTION 55What is the purpose of RADIUS CoA (RFC 3576)?  to force the client to re-authenticate upon roaming to a new Controller  to apply firewall policies based on authentication credentials  to validate a host MAC address against a whitelist or a blacklist  to authenticate users or devices before granting them access to a network  to transmit messages to the NAD/NAS to modify a user’s session status ExplanationCoA messages modify session authorization attributes such as data filters.References: https://tools.ietf.org/html/rfc3576NEW QUESTION 56During a web login authentication, what is expected to happen as part of the Automated NAS login?  NAD sends TACACS+ request to ClearPass.  ClearPass sends TACACS+ request to NAD.  Client device sends RADIUS request to NAD.  NAD sends RADIUS request to ClearPass.  ClearPass sends RADIUS request to NAD. NEW QUESTION 57Refer to the exhibit.Based on the Enforcement Policy configuration shown, which Enforcement Profile will an employee receive when connecting an IOS device to the network or the first time using EAP-PEAP?  Deny Access Profile  Onboard Device Repository  Cannot be determined  Onboard Post-Provisioning – Aruba  Onboard Pre-Provisioning – Aruba NEW QUESTION 58Refer to the exhibit.Which statements accurately describe the status of the Onboarded devices in the configuration for the network settings shown? (Select two.)  They will connect to Employee_Secure SSID after provisioning.  They will connect to Employee_Secure SSID for provisioning their devices.  They will use WPA2-PSK with AES when connecting to the SSID.  They will connect to secure_emp SSID after provisioning.  They will perform 802.1X authentication when connecting to the SSID. NEW QUESTION 59Refer to the exhibit.An AD user’s department attribute value is configured as “Product Management”. The user connects on Monday to a NAD that belongs to the Device Group HQ.Which role is assigned to the user in ClearPass?  HR Local  [Guest]  [Employee]  Linux User  Executive ExplanationThe conditions of the Executive Role is met.NEW QUESTION 60Which licenses are included in the built-in Starter kit for ClearPass?  10 ClearPass Guest licenses, 10 ClearPass Onguard licenses and 10 ClearPass Onboard licenses  25 ClearPass Profiler licenses  25 ClearPass Enterprise licenses  10 ClearPass Enterprise licenses  25 ClearPass Redundancy licenses ExplanationAll CPPM’s comes bundled with 25 Enterprise application licenses so you can test the functionality of the Applications as this license can be used for any of them.References:http://community.arubanetworks.com/t5/Security/ClearPass-licensing-explained-August-MHC/td-p/195719NEW QUESTION 61Refer to the exhibit.Based on the Guest Role Mapping Policy shown, what is the purpose of the Role Mapping Policy?  to display a role name on the Self-registration receipt page  to send a firewall role back to the controller based on the Guest User’s Role ID  to assign Controller roles to guests  to assign three roles of [Contractor], [Guest] and [Employee] to every guest user  to create additional account roles for guest administrators to assign to guest accounts NEW QUESTION 62Refer to the exhibit.In the Aruba RADIUS dictionary shown, what is the purpose of the RADIUS attributes?  to gather and send Aruba NAD information to ClearPass  to gather information about Aruba NADs for ClearPass  to send information via RADIUS packets to Aruba NADs  to send information via RADIUS packets to clients  to send CoA packets from ClearPass to the Aruba NAD NEW QUESTION 63Refer to the exhibit.Based on the Attribute configuration shown, which statement accurately describes the status of attribute values?  The attribute values of department, title, memberOf, telephoneNumber, mail are directly applied as ClearPass roles.  The attribute values of department and memberOf are directly applied as ClearPass roles.  Only the attribute value of company can be used in role mapping policies, not other attributes.  Only the attribute value of department and memberOf can be used in role mapping policies.  Only the attribute value of title, memberOf, telephoneNumber can be used in role mapping policies. NEW QUESTION 64What must be configured to enable RADIUS authentication with ClearPass on a network access device (NAD)? (Select two.)  the ClearPass server must have the network device added as a valid NAD  the ClearPass server certificate must be installed on the NAD  a matching shared secret must be configured on both the ClearPass server and NAD  an NTP server needs to be set up on the NAD  a bind username and bind password must be provided NEW QUESTION 65A bank would like to deploy ClearPass Guest with web login authentication so that their customers can selfregister on the network to get network access when they have meetings with bank employees. However, they’re concerned about security.What is true? (Choose three.)  If HTTPS is used for the web login page, after authentication is completed guest Internet traffic will all be encrypted as well.  During web login authentication, if HTTPS is used for the web login page, guest credentials will be encrypted.  After authentication, an IPSEC VPN on the guest’s client be used to encrypt Internet traffic.  HTTPS should never be used for Web Login Page authentication.  If HTTPS is used for the web login page, after authentication is completed some guest Internet traffic may be unencrypted. NEW QUESTION 66Refer to the exhibit.Which statements accurately describe the status of the Onboarded devices in the configuration for the network settings shown? (Choose two.)  They will use WPA2-PSK with AES when connecting to the SSID.  They will to Employee_Secure SSID for provisioning their devices.  They will to Employee_Secure SSID after provisioning.  They will perform 802.1 authentication when connecting to the SSID.  They will connect to secure_emp SSID after provisioning. NEW QUESTION 67Refer to the exhibit.When configuring a Web Login Page in ClearPass Guest, the information shown is displayed.What is the Address field value ‘securelogin.arubanetworks.com’ used for?  For the client to POST the user credentials to the NAD.  For ClearPass to send a RADIUS request to the NAD.  For ClearPass to send a TACACS+ request to the NAD.  For appending to the Web Login URL, after the page name.  For appending to the Web Login URL, before the page name. Explanation/Reference:NEW QUESTION 68Refer to the exhibit.Based on the Access Tracker output for the user shown, which statement describes the status?  The Aruba Terminate Session enforcement profile as applied because the posture check failed.  A Healthy Posture Token was sent to the Policy Manager.  A RADIUS-Access-Accept message is sent back to the Network Access Device.  The authentication method used is EAP-PEAP.  A NAP agent was used to obtain the posture token for the user. ExplanationWe see System Posture Status: HEALTHY(0)End systems that pass all SHV tests receive a Healthy Posture Token, if they fail a single test they receive a Quarantine Posture Token.References: CLEARPASS ONGUARD CONFIGURATION GUIDE (July 2015), page 13https://community.arubanetworks.com/aruba/attachments/aruba/aaa-nac-guest-access-byod/21122/1/OnGuard%2NEW QUESTION 69Refer to the exhibit.Which statement accurately describes the cp82 ClearPass node? (Choose two.)  It stays as a Subscriber when the Publisher fails.  It becomes the Publisher when the primary Publisher fails.  It operates as a Publisher in a separate cluster when the Publisher is active.  It operates as a Publisher in the same cluster as the primary Publisher when the primary is active.  It operates as a Subscriber when the Publisher is active. NEW QUESTION 70Refer to the exhibit.Based on the Enforcement Policy configuration shown, when a user with Role Remote Worker connects to the network and the posture token assigned is quarantine, which Enforcement Profile will be applied?  RestrictedACL  Remote Employee ACL  [Deny Access Profile]  EMPLOYEE_VLAN  HR VLAN ExplanationThe first rule will match, and the Remote Employee ACL will be used.NEW QUESTION 71Refer to the exhibit.An Enforcement Profile has been created in the Policy Manager as shown.Which action will ClearPass take based on the Enforcement Profile?  it will count down 600 seconds and send a RADIUS CoA message to the NAD to end the user’s session after this time is up  it will send the Session-Timeout attribute in the RADIUS Access-Request packet to the NAD and the NAD will end the user’s session after 600 seconds  it will count down 600 seconds and send a RADIUS CoA message to the user to end the user’s session after this time is up  it will send the Session-Timeout attribute in the RADIUS Access-Request packet to the user and the user’s session will be terminated after 600 seconds ExplanationSession Timeout (in seconds) – Configure the agent session timeout interval to re-evaluate the system health again. OnGuard triggers auto-remediation using this value to enable or disable AV-RTP status check on endpoint. Agent re-authentication is determined based on session-time out value. You can specify the session timeout interval from 60 – 600 seconds. Setting the lower value for session timeout interval results numerous authentication requests in Access Tracker page. The default value is 0.References:http://www.arubanetworks.com/techdocs/ClearPass/Aruba_CPPMOnlineHelp/Content/CPPM_UserGuide/EnforNEW QUESTION 72Which licenses are included in the built-in Starter kit for ClearPass?  10 ClearPass Guest licenses, 10 ClearPass Onguard licenses and 10 ClearPass Onboard licenses  25 ClearPass Profiler licenses  25 ClearPass Enterprise licenses  10 ClearPass Enterprise licenses  25 ClearPass Redundancy licenses All CPPM’s comes bundled with 25 Enterprise application licenses so you can test the functionality of the Applications as this license can be used for any of them.References: http://community.arubanetworks.com/t5/Security/ClearPass-licensing-explained-August-MHC/td-p/195719NEW QUESTION 73When a third party Mobile Device Management server is integrated with ClearPass, where is the endpoint information from the MDM server stored in ClearPass?  Endpoints repository  Onboard Device repository  MDM repository  Guest User repository  Local User repository A service running in CPPM periodically polls MDM servers using their exposed APIs. Device attributes obtained from MDM are added as endpoint tags. Profiler related attributes are send to profiler which uses these attributes to derive final profile.References: ClearPass Profiling TechNote (2014), page 23https://community.arubanetworks.com/aruba/attachments/aruba/ForoenEspanol/653/1/ClearPass%20Profiling%20TechNote.pdfNEW QUESTION 74Which statement is true about the databases in ClearPass?  Entries in the guest user database do not expire.  A Static host list can only contain a list of IP addresses.  Entries in the guest user database can be deleted.  Entries in the local user database cannot be modified.  The endpoints database can only be populated by manually adding MAC addresses to the table.  Loading … HPE6-A68 Deluxe Study Guide with Online Test Engine: https://www.braindumpsit.com/HPE6-A68_real-exam.html --------------------------------------------------- Images: https://blog.braindumpsit.com/wp-content/plugins/watu/loading.gif https://blog.braindumpsit.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2022-11-28 10:59:21 Post date GMT: 2022-11-28 10:59:21 Post modified date: 2022-11-28 10:59:21 Post modified date GMT: 2022-11-28 10:59:21