This page was exported from IT Certification Exam Braindumps [ http://blog.braindumpsit.com ]

Export date:Sat Apr 5 5:35:42 2025 / +0000 GMT

___________________________________________________


Title: Latest HP HPE6-A68 Practice Test Questions, Aruba Certified ClearPass Professional Exam Exam Dumps [Q17-Q37]

---------------------------------------------------



 Latest HP HPE6-A68 Practice Test Questions, Aruba Certified ClearPass Professional Exam Exam Dumps
Dec-2022 Pass HP HPE6-A68 Exam in First Attempt Easily


QUESTION 17Which steps are required to use ClearPass as a TACACS+ Authentication server for a network device? (Select two.)
 Configure a TACACS Enforcement Profile on ClearPass for the desired privilege level.
 Configure a RADIUS Enforcement Profile on ClearPass for the desired privilege level.
 Configure ClearPass as an Authentication server on the network device.
 Configure ClearPass roles on the network device.
 Enable RADIUS accounting on the NAD.
ExplanationYou need to make sure you modify your policy (Configuration Enforcement Policies) Edit – [Admin Network Login Policy]) and add your AD group settings in to the corresponding privilege level.QUESTION 18Refer to the exhibit.An employee connects a corporate laptop to the network and authenticates for the first time using EAP-TLS.Based on the Enforcement Policy configuration shown, which Enforcement Profile will be sent?
 Onboard Post-Provisioning – Aruba
 Onboard Pre-Provisioning – Aruba
 Deny Access Profile
 Onboard Device Repository
QUESTION 19Refer to the exhibit.An Enforcement Profile has been created in the Policy Manager as shown.Which action will ClearPass take based on the Enforcement Profile?
 it will count down 600 seconds and send a RADIUS CoA message to the NAD to end the user’s session after this time is up
 it will send the Session-Timeout attribute in the RADIUS Access-Request packet to the NAD and the NAD will end the user’s session after 600 seconds
 it will count down 600 seconds and send a RADIUS CoA message to the user to end the user’s session after this time is up
 it will send the Session-Timeout attribute in the RADIUS Access-Request packet to the user and the user’s session will be terminated after 600 seconds
ExplanationSession Timeout (in seconds) – Configure the agent session timeout interval to re-evaluate the system health again. OnGuard triggers auto-remediation using this value to enable or disable AV-RTP status check on endpoint. Agent re-authentication is determined based on session-time out value. You can specify the session timeout interval from 60 – 600 seconds. Setting the lower value for session timeout interval results numerous authentication requests in Access Tracker page. The default value is 0.References:http://www.arubanetworks.com/techdocs/ClearPass/Aruba_CPPMOnlineHelp/Content/CPPM_UserGuide/EnforQUESTION 20Which authorization servers are supported by ClearPass? (Select two.)
 Aruba Controller
 LDAP server
 Cisco Controller
 Active Directory
 Aruba Mobility Access Switch
Authentication Sources can be one or more instances of the following examples:* Active Directory* LDAP Directory* SQL DB* Token Server* Policy Manager local DBReferences: ClearPass Policy Manager 6.5 User Guide (October 2015), page 114https://community.arubanetworks.com/aruba/attachments/aruba/SoftwareUserReferenceGuides/52/1/ClearPass%20Policy%20Manager%206.5%20User%20Guide.pdfQUESTION 21Why can the Onguard posture check not be performed during 802.1x authentication?
 Health Checks cannot be used with 802.1x.
 Onguard uses RADIUS, so an additional service must be created.
 Onguard uses HTTPS, so an additional service must be created.
 Onguard uses TACACS, so an additional service must be created.
 802.1x is already secure, so Onguard is not needed.
OnGuard uses HTTPS to send posture information to the ClearPass appliance. For OnGuard to use HTTPS, it must have access to the network. If a customer requires 802.1x authentication on the wired switch, a separate 802.1x authentication must be used prior to the OnGuard posture check. In this example, an 802.1x PEAP-EAP-MSCHAPv2 authentication is completed first. A separate WebAuth service must be setup with posture checks to use the OnGuard agent.References: MAC Authentication and OnGuard Posture Enforcement using Dell WSeries ClearPass and Dell Networking Switches (August 2013), page 21QUESTION 22Which types of files are stored in the Local Shared Folders database in ClearPass? (Select two.)
 Software image
 Backup files
 Log files
 Device fingerprint dictionaries
 Posture dictionaries
QUESTION 23Refer to the exhibit.An Enforcement Profile has been created in the Policy Manager as shown.Which action will ClearPass take based on the Enforcement Profile?
 It will send the Session-Timeout attribute in the RADIUS Access-Request packet to the NAD and the NAD will end the user’s session after 600 seconds.
 It will send the Session-Timeout attribute in the RADIUS Access-Accept packet to the User and the user’s session will be terminated after 600 seconds.
 It will count down 600 seconds and send a RADUIS CoA message to the NAD to end the user’s session after this time is up.
 It will count down 600 seconds and send a RADUIUS CoA message to the user to end the user’s session after this time is up.
 It will send the session -Timeout attribute in the RADIUS Access-Accept packet to the NAD and the NAD will end the user’s session after 600 seconds.
QUESTION 24What is a benefit of ClearPass Onguard?
 It enables organizations to run advanced endpoint posture assessments.
 It allows a receptionist in a hotel to create accounts for guest users.
 It allows employees to self-provision their personal devices on the corporate network.
 It offers an easy way for users to self-configure their devices to support 802.1X authentication on wired and wireless networks.
 It allows employees to create temporary accounts for Wi-Fi access.
QUESTION 25Refer to the exhibit.Which statement accurately describes the cp82 ClearPass node? (Choose two.)
 It stays as a Subscriber when the Publisher fails.
 It becomes the Publisher when the primary Publisher fails.
 It operates as a Publisher in a separate cluster when the Publisher is active.
 It operates as a Publisher in the same cluster as the primary Publisher when the primary is active.
 It operates as a Subscriber when the Publisher is active.
QUESTION 26An SNMP probe is sent from ClearPass to a network access device but ClearPass is unable to get profiling information.What could be a valid cause? (Choose three.)
 Mismatching SNMP community string in the ClearPass and NAD configuration.
 Only SNMP read has been configured but SNMP write is needed for profiling information.
 SNMP is not enabled on the NAD.
 An external firewall is blocking SNMP traffic.
 SNMP probing is not supported between ClearPass and NADs.
QUESTION 27A client’s authentication is failing and there are no entries in the ClearPass Access tracker.What is a possible reason for the authentication failure?
 The user account has expired.
 The client used a wrong password.
 The shared secret between the NAD and ClearPass does not match.
 The user’s certificate is invalid.
 The user is not found in the database.
QUESTION 28Which statement is true about the databases in ClearPass?
 Entries in the guest user database do not expire.
 A Static host list can only contain a list of IP addresses.
 Entries in the guest user database can be deleted.
 Entries in the local user database cannot be modified.
 The endpoints database can only be populated by manually adding MAC addresses to the table.
QUESTION 29Why is a terminate session enforcement profile used during posture checks with 802.1x authentication?
 To send a RADIUS CoA message from the ClearPass server to the client
 To disconnect the user for 30 seconds when they are in an unhealthy posture state
 To blacklist the user when they are in an unhealthy posture state
 To force the user to re-authenticate and run through the service flow again
 To remediate the client applications and firewall do that updates can be installed
QUESTION 30Refer to the exhibit.Based on the network topology diagram shown, how many clusters are needed for this deployment?
 1
 2
 3
 4
 8
References: http://www.arubanetworks.com/techdocs/ClearPass/Aruba_DeployGd_HTML/Content/5%20Cluster%20Deployment/Design_guidelines.htmQUESTION 31Which devices support Apple over-the-air provisioning? (Select two.)
 IOS 5
 Laptop running Mac OS X 10.8
 Laptop running Mac OS X 10.6
 Android 2.2
 Windows XP
ExplanationApple over-the-air provisioning is supported by IOS and OSX above version 10.6.References:https://community.arubanetworks.com/aruba/attachments/aruba/tkb@tkb/286/1/BYODwithClearPass_Cameron_QUESTION 32Refer to the exhibit.An administrator logs in to the Guest module in ClearPass and ‘Manage Accounts’ displays as shown.When a user with username donald@disney.com attempts to access the Web Login page, what will be the outcome?
 The user will be able to log in and authenticate successfully but will then be immediate disconnected.
 The user will be able to log in for the next 4.9. days, but then will no longer be able to log in.
 The user will not be able to log in and authenticate.
 The user will be able to log in and authenticate successfully, but will then get a quarantine role.
 The user will not be able to access the Web Login page.
QUESTION 33Refer to the exhibit.Based on the Attribute configuration shown, which statement accurately describes the status of attribute values?
 Only the attribute values of department and memberOf can be used in role mapping policies.
 The attribute values of department, title, memberOf, telephoneNumber, and mail are directly applied as ClearPass.
 Only the attribute value of company can be used in role mapping policies, not the other attributes.
 The attribute values of department and memberOf are directly applied as ClearPass roles.
 Only the attribute values of title, telephoneNumber, and mail can be used in role mapping policies.
QUESTION 34What is the purpose of the Audit Viewer in the Monitoring section of ClearPass Policy Manager?
 to audit client authentications
 to display changes made to the ClearPass configuration
 to display the entire configuration of the ClearPass Policy Manager
 to audit the network for PCI compliance
 to display system events like high CPU usage.
QUESTION 35Refer to the exhibit.What is the purpose of the ‘Clock Skew Allowance’ setting? (Choose tow.)
 to ensure server certificate validation does not fail due to client clock sync issues
 to set expiry time in client certificate to a few minutes longer that the default setting
 to adjust clock time on client device to a few minutes before current time
 to ensure client certificate validation does not fail due to client clock sync issues
 to set start time in client certificate to a few minutes before current time
QUESTION 36An employee authenticates using a corporate laptop and runs the persistent Onguard agent to send a health check back the Policy Manager. Based on the health of the device, a VLAN is assigned to the corporate laptop.Which licenses are consumed in this scenario?
 1 Policy Manager license, 1 Onboard License
 2 Policy Manager licenses, 1 Onguard License
 1 Policy Manager license, 1 Profile License
 2 Policy Manager licenses, 2 Onguard licenses
 1 Policy Manager license, 1 Onguard License
QUESTION 37A customer wants to implement Virtual IP redundancy, such that in case of a ClearPass server outage, 802.1x authentications will not be interrupted. The administrator has enabled a single Virtual IP address on two ClearPass servers.Which statements accurately describe next steps? (Select two.)
 The NAD should be configured with the primary node IP address for RADIUS authentication on the802.1x network.
 A new Virtual IP address should be created for each NAD.
 Both the primary and secondary nodes will respond to authentication requests sent to the Virtual IP address when the primary node is active.
 The primary node will respond to authentication requests sent to the Virtual IP address when the primary node is active.
 The NAD should be configured with the Virtual IP address for RADIUS authentications on the 802.1x network.
ExplanationIn an Aruba network, APs are controlled by a controller. The APs tunnel all data to the controller for processing, including encryption/decryption and bridging/forwarding data. Local controller redundancy provides APs with failover to a backup controller if a controller becomes unavailable. Local controller redundancy is provided by running VRRP between a pair of controllers. The APs are then configured to connect to the “virtual-IP” configured for the VRRP instance.References:http://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Content/ArubaFrameStyles/VRRP/Redundan Loading …






	
	

Free HPE6-A68 Exam Files Downloaded Instantly 100% Dumps & Practice Exam: https://www.braindumpsit.com/HPE6-A68_real-exam.html


---------------------------------------------------


Images: https://blog.braindumpsit.com/wp-content/plugins/watu/loading.gif
https://blog.braindumpsit.com/wp-content/plugins/watu/loading.gif


---------------------------------------------------




---------------------------------------------------


Post date: 2022-12-24 14:06:43

Post date GMT: 2022-12-24 14:06:43

Post modified date: 2022-12-24 14:06:43

Post modified date GMT: 2022-12-24 14:06:43