HP hpe6-a81 practice test
Aruba Certified ClearPass Expert Written Exam
Question 1
The customer would like to add a default common self-registration sponsor email under the initial
value on all the ten self-registration pages created for different locations except for the guest
registration page created for Sunnyvale location to use a different sponsor email in initial value.
Under self-registration form fields, you have "Edit" and "Edit Base Field"
Which edit options will you choose to make minimal configuration changes to implement the
customer's requirement? (Select two)
- A. Update the common sponsor email by clicking the "Edit" option of the sponsor email form field on the one of the self-registration register form page
- B. Update the sponsor email by clicking on both "Edit" and "Edit Base Field" options of the sponsor_email filed on the Sunnyvale register page
- C. Update the specific sponsor email by clicking on "Edit Base Field" option of the sponsor_email form filed on the Sunnyvale location register form page
- D. Update the common sponsor email by clicking the "Edit Base Field" option of the sponsor_email form field on the one of the self-registration form page
- E. Update the specific sponsor email by clicking on the "Edit" option of the sponsor_email form filed on the Sunnyvale self-registration register form page
Answer:
AB
Question 2
Refer to the exhibit.
When creating a new report, there is in option to send report Notifications by Email Where is the
email server configured?
- A. In the ClearPass Policy Manager Messaging Setup under Administration.
- B. In the Insight report on the next screen of the report definition
- C. In the Insight Reports Interface under Administration on the sidebar menu
- D. In the ClearPass Policy Manager Endpoint Context Servers under Administration.
Answer:
D
Question 3
Which statement is true about Radius IETF attributes Called-Stat ion-Id and Calling-Station-ld?
- A. Called-Station-ld contains the mac address of the supplicant while Calling-Station-ld contains the mac address of the authenticator.
- B. Called-Station-Id contains the mac address of the supplicant and SSID name while Calling-Station- Id contains the mac address of the authenticator.
- C. Called-Station-ld contains the mac address of the authenticator while Calling-Station-Id contains the mac address of the supplicant.
- D. Called-Station-ld contains the mac address of the authenticator while Calling-Station-ld contains the mac address of the supplicant and SSID name.
Answer:
D
Question 4
Refer to the exhibit.
The customer configured a guest operator access by creating a custom operator profile and the built-
in universal ClearPass profile mapping translation rule. When he tests the setup, he gets
authentication failed. Using the streenshots sent by the customer as a reference, what would suggest
to the customer to fix the issue?
- A. To map the operator profile name HS_Receptionist in the translation rule value field
- B. To re-enter the correct username and password for the Active Directory user Mike07.
- C. To correct the case sensitive attribute name in the enforcement profile to admin_privileges
- D. To verify if the username Mike07 has the Active Directory Title attribute set as Reception.
Answer:
A
Question 5
The customer has configured the guest self-registration with sponsor approval. The guest users that
the sponsor email and the other requested details while registering the account but the users were
able to complete the authentication and access the internet without the sponsor's approval.
What configuration settings will you check to make this setup work?
- A. Check if sponsor name field is enabled in the register form page
- B. Check if sponsor email field is enabled in the register form page
- C. Check if authentication option n is enabled in the self-registration page enabled.
- D. Check if sponsor confirmation is enabled in the self-registration page
Answer:
B
Question 6
There is an Aruba Controller configured to stand Guest AAA requests to ClearPass If the customer
would likt tht most effective way to ensure the lowest license usage counts, how should the
controller be configured?
- A. Aruba Controller will send stop messages only if EAP termination and Interim accounting are enabled.
- B. Configure EAP Termination on the Aruba Controller and the client will send a stop message.
- C. Aruba Controller will send stop messages if RADIUS Accounting Server Group is defined in the authentication profile.
- D. Aruba Controller will send stop messages only if both accounting and Interim accounting are enabled.
Answer:
C
Question 7
A customer is troubleshooting a user that has complained about randomly having issues connecting
the network with EAP PEAP using the Corporate Laptop. The initial checks are showing a number of
authentication failures but no sign of issues with the ClearPass server or AD.
What can the Customer do to monitor this user Authentication trend closely over the next few days?
- A. configure a Report using Radius Failed Authentication template and schedule it to run every 5 mins
- B. configure an Alert using Failed Authentication template with Threshold 1. Interval 5 mins
- C. add the user name in the Insight/Alert/Watchlitst and get the authentication failures notifications within 30 seconds
- D. add to ClearPass Insight Dashboard the Authentication Status widget for this specific user
Answer:
C
Question 8
Refer to the exhibit.
A customer has configured Onboard in a cluster. After the Primary server's failure, the BYOD devices
fail to connect to the network. Which step below is the best starting point when troubleshooting'
- A. Verify the CPPM hostname in OSCP URL under TLS authentication method is updated to localhost instead of primary server's hostname.
- B. Reboot the active ClearPass server and reconnect the client to the SSID by selecting the correct certificate when prompted.
- C. Check if a DNS entry is available for the ClearPass hostname in the certificate, resolvable from the DNS server assigned to the client.
- D. Check EAP certificate on the secondary node is issued by the same common root Certificate Authority (CA).
Answer:
A
Question 9
Refer to the exhibit.
You configured the Wired MAC - Auth service enforcement conditions with the Endpoint profiling
data When mac-auth based clients connect to the network, ClearPass assigns Deny access profile.
The customer has sent you the above screenshots How would you resolve the issue?
- A. Change the Rules evaluation algorithm in the Enforcement policy of HPE ArubaOS Mac auth policy as "select all matches" and add the CoA action as HPE Bounce switch port in the profiler tab.
- B. Create a new condition in last position with Type and operator as Tips:Role EQUALS [User Authenticated] with action as Allow access profile permitting any services and any ports to do profiling.
- C. Create a new condition in first position with Type and operator as Authorization (Endpoint Repository]:Category NOT_EXISTS with action as Limited access profile allowing only DHCP service.
- D. Create a new condition in the first position with Type and operator as Authorization [Endpoint Repository] Category NOT_EXISTS with action as Limited access profile and ArubaOS wireless terminate session
Answer:
A
Question 10
Refer to the exhibit.
A customer hat configured the Aruba Controller for administrative authentication using ClearPass as
A TACAC5 serve' During tasting, the read-only user is getting the root access role What could be a
possible reason for this behavior? (Select two.)
- A. The read-only enforcement profile is mapped to the root role
- B. The ClearPass user role associated to the read-only user is wrong.
- C. On the Controller, the TACACS authentication server is not configured for Session authorization
- D. The Controller's Admin Authentication Options Default role is mapped to root
- E. The Controller Sarver Group Hatch Rules are changing the user role.
Answer:
BD
Question 11
Refer to the exhibit.
A customer it troubleshooting a client not getting the SHV posture updated and the OnGuard agent
shows the Health Status Not Known. What could the user do to update the health status?
- A. connect using an interface that is configured as Managed Interface
- B. reinstall the OnGuard agent from the Wired interface
- C. change the Policy Manager Zone mapping and add the WIRED interface range
- D. modify the agent.conf file and add the WIRED interface to it
Answer:
D
Question 12
A corporate Clear Pass Cluster with two servers located at a single site, has both Management and
Data port IP addresses configured. The Management port IPs art in the DataCenter networks subnet,
while the Data port IPs are in the DMZ. What is the difference between using one Virtual IP for the
AAA traffic versus sending AAA requests to the physical IPs for each server' (Select two.)
- A. Using the one Virtual IP can provide failover.
- B. One Virtual IP can be used together with the individual server IPs for load balancing.
- C. By using the Virtual IP, the failover wait time is faster than using individual server IPs.
- D. The failover can be accomplished only by using Virtual IP
- E. The Individual IPs can provide failover and load balancing.
Answer:
AC
Question 13
Which statements art true about Aruba down loadable user roles? (select three)
- A. Administering downloadable user roles can be difficult for a large enterprise.
- B. Can be applied only on ports or WLAN users authenticated by ClearPass.
- C. Can use these result for other authentication methods not involving ClearPass.
- D. Aruba downloadable user role are universally available across the environment.
- E. Aruba downloadable user role is a built in enforcement template in ClearPass.
- F. Downloadable role names must be defined in Aruba switch or controller.
Answer:
BCF
Question 14
A customer has created a Guest Self-Registration page that they would like to use it as 'template' for
all the new pages that are going to be created from now on. Their goal is to ensure that the header
and footer on every page are the same, and any edits made to them are automatically reflected on
every Self-Registration Page.
What should be configured in order to accomplish this request?
- A. Save the "template" page as Master Self'Registration page.
- B. Copy the "template" page and edit it each time a new Self-Registration Page is needed.
- C. Create child pages when creating new Self-Registration pages and select the "template" as Parent.
- D. Save this "template" page as a new Skin to be used on other Self-Registration pages.
Answer:
A
Question 15
Where is the following information stored in Clear Pass?
- Roles and Posture for Connected Clients - System Health for OnGuard - Machine authentication
State - CoA session info - Mapping of connected clients to NAS/NAD
- A. ClearPass system cache
- B. Multi-Master cache
- C. Insight database
- D. Endpoint database
Answer:
C