HP hpe6-a81 practice test
Aruba Certified ClearPass Expert Written Exam
Question 1
The customer would like to add a default common self-registration sponsor email under the initial
value on all the ten self-registration pages created for different locations except for the guest
registration page created for Sunnyvale location to use a different sponsor email in initial value.
Under self-registration form fields, you have "Edit" and "Edit Base Field"
Which edit options will you choose to make minimal configuration changes to implement the
customer's requirement? (Select two)
- A. Update the common sponsor email by clicking the "Edit" option of the sponsor email form field on the one of the self-registration register form page
- B. Update the sponsor email by clicking on both "Edit" and "Edit Base Field" options of the sponsor_email filed on the Sunnyvale register page
- C. Update the specific sponsor email by clicking on "Edit Base Field" option of the sponsor_email form filed on the Sunnyvale location register form page
- D. Update the common sponsor email by clicking the "Edit Base Field" option of the sponsor_email form field on the one of the self-registration form page
- E. Update the specific sponsor email by clicking on the "Edit" option of the sponsor_email form filed on the Sunnyvale self-registration register form page
Answer:
AB
Question 2
Refer to the exhibit.
When creating a new report, there is in option to send report Notifications by Email Where is the
email server configured?
- A. In the ClearPass Policy Manager Messaging Setup under Administration.
- B. In the Insight report on the next screen of the report definition
- C. In the Insight Reports Interface under Administration on the sidebar menu
- D. In the ClearPass Policy Manager Endpoint Context Servers under Administration.
Answer:
D
Question 3
Which statement is true about Radius IETF attributes Called-Stat ion-Id and Calling-Station-ld?
- A. Called-Station-ld contains the mac address of the supplicant while Calling-Station-ld contains the mac address of the authenticator.
- B. Called-Station-Id contains the mac address of the supplicant and SSID name while Calling-Station- Id contains the mac address of the authenticator.
- C. Called-Station-ld contains the mac address of the authenticator while Calling-Station-Id contains the mac address of the supplicant.
- D. Called-Station-ld contains the mac address of the authenticator while Calling-Station-ld contains the mac address of the supplicant and SSID name.
Answer:
D
Question 4
Refer to the exhibit.
The customer configured a guest operator access by creating a custom operator profile and the built-
in universal ClearPass profile mapping translation rule. When he tests the setup, he gets
authentication failed. Using the streenshots sent by the customer as a reference, what would suggest
to the customer to fix the issue?
- A. To map the operator profile name HS_Receptionist in the translation rule value field
- B. To re-enter the correct username and password for the Active Directory user Mike07.
- C. To correct the case sensitive attribute name in the enforcement profile to admin_privileges
- D. To verify if the username Mike07 has the Active Directory Title attribute set as Reception.
Answer:
A
Question 5
The customer has configured the guest self-registration with sponsor approval. The guest users that
the sponsor email and the other requested details while registering the account but the users were
able to complete the authentication and access the internet without the sponsor's approval.
What configuration settings will you check to make this setup work?
- A. Check if sponsor name field is enabled in the register form page
- B. Check if sponsor email field is enabled in the register form page
- C. Check if authentication option n is enabled in the self-registration page enabled.
- D. Check if sponsor confirmation is enabled in the self-registration page
Answer:
B
Question 6
There is an Aruba Controller configured to stand Guest AAA requests to ClearPass If the customer
would likt tht most effective way to ensure the lowest license usage counts, how should the
controller be configured?
- A. Aruba Controller will send stop messages only if EAP termination and Interim accounting are enabled.
- B. Configure EAP Termination on the Aruba Controller and the client will send a stop message.
- C. Aruba Controller will send stop messages if RADIUS Accounting Server Group is defined in the authentication profile.
- D. Aruba Controller will send stop messages only if both accounting and Interim accounting are enabled.
Answer:
C
Question 7
A customer is troubleshooting a user that has complained about randomly having issues connecting
the network with EAP PEAP using the Corporate Laptop. The initial checks are showing a number of
authentication failures but no sign of issues with the ClearPass server or AD.
What can the Customer do to monitor this user Authentication trend closely over the next few days?
- A. configure a Report using Radius Failed Authentication template and schedule it to run every 5 mins
- B. configure an Alert using Failed Authentication template with Threshold 1. Interval 5 mins
- C. add the user name in the Insight/Alert/Watchlitst and get the authentication failures notifications within 30 seconds
- D. add to ClearPass Insight Dashboard the Authentication Status widget for this specific user
Answer:
C
Question 8
Refer to the exhibit.
A customer has configured Onboard in a cluster. After the Primary server's failure, the BYOD devices
fail to connect to the network. Which step below is the best starting point when troubleshooting'
- A. Verify the CPPM hostname in OSCP URL under TLS authentication method is updated to localhost instead of primary server's hostname.
- B. Reboot the active ClearPass server and reconnect the client to the SSID by selecting the correct certificate when prompted.
- C. Check if a DNS entry is available for the ClearPass hostname in the certificate, resolvable from the DNS server assigned to the client.
- D. Check EAP certificate on the secondary node is issued by the same common root Certificate Authority (CA).
Answer:
A
Question 9
Refer to the exhibit.
You configured the Wired MAC - Auth service enforcement conditions with the Endpoint profiling
data When mac-auth based clients connect to the network, ClearPass assigns Deny access profile.
The customer has sent you the above screenshots How would you resolve the issue?
- A. Change the Rules evaluation algorithm in the Enforcement policy of HPE ArubaOS Mac auth policy as "select all matches" and add the CoA action as HPE Bounce switch port in the profiler tab.
- B. Create a new condition in last position with Type and operator as Tips:Role EQUALS [User Authenticated] with action as Allow access profile permitting any services and any ports to do profiling.
- C. Create a new condition in first position with Type and operator as Authorization (Endpoint Repository]:Category NOT_EXISTS with action as Limited access profile allowing only DHCP service.
- D. Create a new condition in the first position with Type and operator as Authorization [Endpoint Repository] Category NOT_EXISTS with action as Limited access profile and ArubaOS wireless terminate session
Answer:
A
Question 10
Refer to the exhibit.
A customer hat configured the Aruba Controller for administrative authentication using ClearPass as
A TACAC5 serve' During tasting, the read-only user is getting the root access role What could be a
possible reason for this behavior? (Select two.)
- A. The read-only enforcement profile is mapped to the root role
- B. The ClearPass user role associated to the read-only user is wrong.
- C. On the Controller, the TACACS authentication server is not configured for Session authorization
- D. The Controller's Admin Authentication Options Default role is mapped to root
- E. The Controller Sarver Group Hatch Rules are changing the user role.
Answer:
BD