HPE6-A68 Online Practice Questions and Answers

What are Operator Profiles used for?

A. to enforce role based access control for Aruba Controllers

B. to enforce role based access control for ClearPass Policy Manager admin users

C. to enforce role based access control for ClearPass Guest Admin users

D. to assign ClearPass roles to guest users

E. to map AD attributes to admin privilege levels in ClearPass Guest

Refer to the exhibit.

When configuring a Web Login Page in ClearPass Guest, the information shown is displayed. What is the page name field used for?

A. for forming the Web Login Page URL

B. for Administrators to access the PHP page, but not guests

C. for Administrators to reference the page only

D. for forming the Web Login Page URL where Administrators add guest users

E. for informing the Web Login Page URL and the page name that guests must configure on their laptop wireless supplicant.

A customer with an Aruba Controller wants it to work with ClearPass Guest. How should the customer configure ClearPass as an authentication server in the controller so that guests are able to authenticate successfully?

A. Add ClearPass as a RADIUS CoA server.

B. Add ClearPass as a RADIUS authentication server.

C. Add ClearPass as a TACACS+ authentication server.

D. Add ClearPass as an HTTPS authentication server.

Refer to the exhibit.

Based on the Enforcement Profile configuration shown, which statement accurately describes what is sent?

A. A limited access VLAN value is sent to the Network Access Device.

B. An unhealthy role value is sent to the Network Access Device.

C. A message is sent to the Onguard Agent on the client device.

D. A RADIUS CoA message is sent to bounce the client.

E. A RADIUS access-accept message is sent to the Controller

A ClearPass administrator wants to make Enforcement decisions during 802.1x authentication based on a client's Onguard posture token. Which Enforcement profile should be used on the health check service?

A. RADIUS CoA

B. Quarantine VLAN

C. Full Access VLAN

D. RADIUS Accept

E. RADIUS Reject

Refer to the exhibit.

A user who is tagged with the ClearPass roles of Role_Engineer and developer, but not testqa, connects to the network with a corporate Windows laptop. Which Enforcement Profile is applied?

A. WIRELESS_GUEST_NETWORK

B. WIRELESS_CAPTIVE_NETWORK

C. WIRELESS_HANDHELD_NETWORK

D. Deny Access

E. WIRELESS_EMPLOYEE_NETWORK

Which database in the Policy Manager contains the device attributes derived by profiling?

A. Endpoints Repository

B. Client Repository

C. Local Users Repository

D. Onboard Devices Repository

E. Guest User Repository

A customer wants to implement Virtual IP redundancy, such that in case of a ClearPass server outage, 802.1x authentications will not be interrupted. The administrator has enabled a single Virtual IP address on two ClearPass servers. Which statements accurately describe next steps? (Select two.)

A. The NAD should be configured with the primary node IP address for RADIUS authentication on the 802.1x network.

B. A new Virtual IP address should be created for each NAD.

C. Both the primary and secondary nodes will respond to authentication requests sent to the Virtual IP address when the primary node is active.

D. The primary node will respond to authentication requests sent to the Virtual IP address when the primary node is active.

E. The NAD should be configured with the Virtual IP address for RADIUS authentications on the 802.1x network.

Refer to the exhibit.

Based on the Enforcement Policy configuration shown, which Enforcement Profile will an employee receive when connecting an IOS device to the network or the first time using EAP-PEAP?

A. Deny Access Profile

B. Onboard Device Repository

C. Cannot be determined

D. Onboard Post-Provisioning - Aruba

E. Onboard Pre-Provisioning - Aruba

Refer to the exhibit.

An employee connects a corporate laptop to the network and authenticates for the first time using EAP-TLS. Based on the Enforcement Policy configuration shown, which Enforcement Profile will be sent?

A. Onboard Post-Provisioning - Aruba

B. Onboard Pre-Provisioning - Aruba

C. Deny Access Profile

D. Onboard Device Repository

Which types of files are stored in the Local Shared Folders database in ClearPass? (Select two.)

A. Software image

B. Backup files

C. Log files

D. Device fingerprint dictionaries

E. Posture dictionaries

What is a benefit of ClearPass Onguard?

A. It enables organizations to run advanced endpoint posture assessments.

B. It allows a receptionist in a hotel to create accounts for guest users.

C. It allows employees to self-provision their personal devices on the corporate network.

D. It offers an easy way for users to self-configure their devices to support 802.1X authentication on wired and wireless networks.

E. It allows employees to create temporary accounts for Wi-Fi access.

Refer to the exhibit.

Which statements accurately describe the status of the Onboarded devices in the configuration for the network settings shown? (Select two.)

A. They will connect to Employee_Secure SSID after provisioning.

B. They will connect to Employee_Secure SSID for provisioning their devices.

C. They will use WPA2-PSK with AES when connecting to the SSID.

D. They will connect to secure_emp SSID after provisioning.

E. They will perform 802.1X authentication when connecting to the SSID.

A bank would like to deploy ClearPass Guest with web login authentication so that their customers can selfregister on the network to get network access when they have meetings with bank employees. However, they're concerned about

security.

What is true? (Choose three.)

A. If HTTPS is used for the web login page, after authentication is completed guest Internet traffic will all be encrypted as well.

B. During web login authentication, if HTTPS is used for the web login page, guest credentials will be encrypted.

C. After authentication, an IPSEC VPN on the guest's client be used to encrypt Internet traffic.

D. HTTPS should never be used for Web Login Page authentication.

E. If HTTPS is used for the web login page, after authentication is completed some guest Internet traffic may be unencrypted.

Which is a valid policy simul-ation types in ClearPass? (Choose three.)

A. Enforcement Policy

B. Posture token derivation

C. Role Mapping

D. Endpoint Profiler

E. Chained simulation