HPE6-A81 Online Practice Questions and Answers

Refer to the exhibit:

A customer is deploying Guest Self-Registration with Sponsor Approval but does not like the format of the sponsor email. Where can you change the sponsor email?

A. in the Receipt Page - Actions

B. in the Sponsor Confirmation section

C. in me Configuration - Receipts - Email Receipts

D. in the Configuration - Receipts - Templates

While configuring a guest solution, the customer is requesting that guest user receive access for four hours from their first login. Which Guest Account Expiration would you select?

A. expire_after

B. do_expire

C. expire_time

D. expire_ postlogin

Refer to the exhibit:

A year ago, your customer deployed an Aruba ClearPass Policy Manager Server for a Guest SSIC hosted in an IAP Cluster. The customer just created a new Web Login Page for the Guest SSID. Even though the previous Web Login page worked test with the new Web Login Page are falling and the customer has

forwarded you the above screenshots.

What recommendation would you give the customer to tix the issue?

A. The service type configured is not correct. The Guest authentication should De an Application authentication type of service.

B. The customer should reset the password tor the username accx@exam com using Guest Manage Accounts

C. The Address filed under the WebLogin Vendor settings is not configured correctly, it should be set to instant arubanetworks.com

D. The WebLogin Pre-Auth Check is set to Aruba Application Authentication which requires a separate application service on the policy manager

Refer to the exhibit:

A customer has configured Onboard and Windows devices work as expected but cannot get the Apple iOS devices to Onboard successfully. Where would you look to troubleshoot the Issued (Select two)

A. Check if the ClearPass HTTPS server certificate installed in the server is issued by a trusted commercial certificate authority.

B. Check if the customer installed the internal PKl Root certificate presented by the ClearPass during the provisioning process.

C. Check if a DNS entry is available for the ClearPass hostname in the certificate, resolvable from the DNS server assigned to the client.

D. Check if the customer has Instated a custom HTTPS certificate for IDS and another internal PKl HTTPS certificate for other devices.

E. Check if the customer has installed the same internal PKl signed RADIUS server certificate as the HTTPS server certificate.

Refer to the exhibit:

A customer has just configured a Posture Policy and the T2-Healthcheck Service. Next they installed the

OnGuard Agent on Secure_Employee SSID. When they check Access Tracker they see many WEBAUTH

requests are being triggered.

What could be the reason?

A. OnGuard Web-Based Health Check interval has been wrongly configured to three minutes.

B. The OnGuard Agent trigger the events based on changing the Health Status

C. TCP port 6658 is not allowed between the client and the ClearPass server

D. The OnGuard Agent is connecting to the Data Port interface on ClearPass

Under Onboard management and control, which option will deny the user from re-provisioning the device a second time?

A. Revoke and Delete certificate

B. Delete user

C. Revoke certificate

D. Delete certificate

Refer to the exhibit: A customer has configured a service with the Onboard Devices Repository as an Authentication Source and an Active Directory Domain Server as an Authorization Source. What will happen if the client certificate is still valid and the user account associated with the certificate is disabled in Active Directory?

A. ClearPass will not process the request

B. Enforcement will apply the [Deny Access Profile]

C. ClearPass will redirect the client to Onboard again

D. ClearPass will block network access to the device

E. ClearPass will allow the device to access the network.

Refer to the exhibit: A customer has configured Onboard in a cluster. After the Primary server's failure, the BYOD devices fail to connect to the network. What would you do to troubleshoot?

A. Verify the OSCP URL under TLS authentication method is mapped to http://localhost/ guestmdps_ocsp.php/2

B. Reboot the active ClearPass server and reconnect the client to the SSID by selecting the correct certificate when prompted

C. Check EAP certificate on the secondary node is issued by the same common root Certificate Authority (CA)

D. Check if a DNS entry is available for the ClearPass hostname in the certificate, resolvable from the DNS server assigned to the client

There is an Aruba Controller configured to send Guest AAA requests to ClearPass. If the customer would like the most effective way to ensure the lowest license usage counts, how should the controller be configured?

A. Aruba Controller will send stop messages only if EAP termination and Interim accounting are enabled.

B. Aruba Controller will send stop messages if RADIUS Accounting Server Group is defined in the authentication profile.

C. Aruba Controller will send stop messages only if both accounting and interim accounting are enabled.

D. Configure EAP Termination on the Aruba Controller and the client will send a stop message.

A customer has acquired another company that has its own Active Directory infrastructure The 802 1X authentication works with the customers original Active Directory servers but the customer would like to authenticate users from the acquired company as well. What steps are required, in regards to the Authentication Sources, in order to support this request? (Select two.)

A. Create a new Authentication Source, type Active Directory.

B. Join the ClearPass server(s) to the new AD domain.

C. Add the new AD server(s) as backup into the existing Authentication Source.

D. There is no need to Join ClearPass to the new AD domain.

E. Create a new Authentication Source, type Generic LDAP.

Where is the following information stored in ClearPass?

1.

Roles and Posture for Connected Clients

2.

System Health for OnGuard

3.

Machine authentication State

4.

CoA session info

5.

Mapping of connected clients to NAS/NAD

A. Multi-Master cache

B. Endpoint database

C. insight database

D. ClearPass system cache

A customer has configured Onboard with Single SSID provision for Aruba IAP Windows devices work as expected but cannot get the Apple iOS devices to work. The Apple iOS devices automatically get redirected to a blank page and do not get the Onboard portal page. What would you check to fix the issue?

A. Verify if the checkbox "Enable bypassing the Apple Captive Network Assistant" is checked.

B. Verify if the Onboard URL is updated correctly in the external captive portal profile.

C. Verify if Onboard Pre-Provisioning enforcement profile sends the correct Aruba user role.

D. Verify if the external captive portal profile is enabled to use HTTPS with port 443.

Refer to the exhibit: What are valid options for Network Access Device Settings? (Select two.)

A. You can configure SNMP Read Settings to monitor the load of a NAD in order not to overload it with the requests.

B. In CLI settings, you can define the access credentials and the command templates that will be used.

C. You can configure SNMP Write Settings to send commands to the devices that do not support other methods.

D. On the Attributes tab. you can enable the service to write attributes like Location and Device type based on policy.

E. The OnConnect Enforcement allows you to enable specific ports that trigger Enforcement when any device connects.

Refer to the exhibit:

You configured the 802 1 x service enforcement conditions with the Endpoint profiling data. When the client connects to the network. ClearPass successfully profiles the client but the client always receives an incorrect enforcement profile The configurations in the Aruba controller are completed correctly. What is the cause of the issue?

A. An additional authorization source should be configured for profiling to work.

B. The enforcement policy conditions configured with profiling data are not correct.

C. The enforcement policy rules evaluation algorithm Is not configured correctly.

D. The option, use cached roles and posture from previous sessions should be enabled.

What is the Secure SSID {otherwise referred to as Single SSID) OnBoard deployment service workflow?

A. OnBoard Provisioning RADIUS service, OnBoard Authorization RADIUS service. OnBoard Pre-Auth Application service, OnBoard Provisioning RADIUS service

B. OnBoard Provisioning RADIUS service, OnBoard Pre-Auth RADIUS service, OnBoard Authorization Application service. OnBoard Provisioning RADIUS service

C. OnBoard Provisioning RADIUS service, OnBoard Pre-Auth Application service. OnBoard Authorization Application service, OnBoard Provisioning RADIUS service

D. OnBoard Provisioning RADIUS service, OnBoard Authorization Application service, OnBoard Pre- Auth Application service, OnBoard Provisioning RADIUS service