HPE6-A77 Online Practice Questions and Answers

When is it recommended to use a certificate with multiple entries on the Subject Alternative Name?

A. The ClearPass servers are placed in different OnGuard zones to allow the client agent to send SHV updates.

B. Using the same certificate to Onboard clients and the Guest Captive Portal on a single ClearPass server.

C. The primary authentication server Is not available to authenticate the users.

D. The ClearPass server will be hosting captive portal pages for multiple FQDN entries

A customer has created a Guest Sett-Registration page that they would like to use it as `template' for all the new pages that are going to be created from now on. Their goal is to ensure that the header and footer on every page are the same, and any edits made to them are automatically reflected on every Self-Registration Page. What should be configured in order to accomplish this request?

A. Save the "template" page as Master Self-Registration page

B. Create child pages when creating new Self-Registration pages and select the "template" as Parent

C. Save this "template" page as a new Skin to be used on other Self-Registration pages

D. Copy the "template" page and edit it each time a new Self-Registration Page is needed

How does the RadSec improve the RADIUS message exchange? (Select two.)

A. It can be used on an unsecured network or the Internet.

B. It builds a TTLS tunnel between the NAD and ClearPass.

C. Only the NAD needs to trust the ClearPass Certificate.

D. It encrypts the entire RADIUS message.

E. It uses UDP to exchange the radius packets.

You are deploying ClearPass Policy Manager with Guest functionality for a customer with multiple Aruba Networks Mobility Controllers The customer wants to avoid SSL errors during guest access but due to company security policy cannot use a wildcard certificate on ClearPass or the Controllers. What is the most efficient way to configure the customers guest solution? (Select two.)

A. Build multiple Web Login pages with vendor settings configured for each controller

B. Install the same public certificate on all Controllers with the common name "controller {company domain}"

C. Build one Web Login page with vendor settings for controller {company domain)

D. Install multiple public certificates with a different Common Name on each controller

Refer to the exhibit:

A customer is trying to configure a TACACS Authentication Service for administrative access to the Aruba

Controller, During testing the authentication is not successful.

Given the screen shot what could be the reason for the Login status REJECT?

A. The password used by the administrative user, user is wrong.

B. The Enforcement profile is not designed to be used on Aruba Controller.

C. The Read-only Administrator role does not exist on the Controller.

D. The Enforcement profile used is not a TACACS profile.

A corporate ClearPass Cluster with two servers located at a single site, has both Management and Data port IP addresses configured. The Management port IPs are in the DataCenter networks subnet, while the Data port IPs are in the DMZ. What is the difference between using one Virtual IP for the AAA traffic versus sending AAA requests to the physical IPs for each server? (Select two.)

A. The failover can be accomplished only by using Virtual IP.

B. The Individual IPs can provide failover and load balancing.

C. One Virtual IP can be used together with the individual server IPs for load balancing.

D. By using the Virtual IP, the failover convergence is faster than using individual server IPs.

E. Using the one Virtual IP can provide failover and load balancing.

Refer to the exhibit:

When creating a new report, there is an option to send report Notifications by Email. Where is the email server configured?

A. In the ClearPass Policy Manager Endpoint Context servers under Administration.

B. In the Insight Reports Interface under Administration on the sidebar menu.

C. In the insight report on the next screen of the report definition.

D. In the ClearPass Policy Manager Messaging setup under Administration.

Refer to the exhibit:

You have configured Onboard and cannot get it working The customer has sent you the above

screenshots.

How would you resolve the issue?

A. Re-provision the client by running the QuickConnect application as Administrator

B. Install a public signed server authentication certificate on the ClearPass server for EAP

C. Reconnect the client and select the correct certificate when prompted

D. Copy the [EAP-TLS with OSCP Enabled] authentication method and set the correct OCSP URL

A customer has a ClearPass cluster deployment with four servers, two servers at the data center and two servers at a large remote site connected over an SD-WAN solution The customer would like to implement OnGuard, Guest Self-Registration, and 802.1x authentication across their entire environment. During testing the customer is complaining that users connecting to an Instant Cluster Employee SSID at the remote site, with the OnGuard Persistent Agent installed are randomly getting their health check missed. What could be a possible cause of this behavior?

A. The OnGuard Clients are automatically mapped to the Policy Manager Zone based on their IP range but an ACL on the switch could be blocking access.

B. The traffic on the TCP port 6658 is congested due to the fact that this port is also used by the IPsec keep-alive packets of the SD-WAN solution.

C. The ClearPass Policy Manager zones have been defined but the local IP sub-nets have not been property mapped to the zones and the OnGuard Agent might connect to any of the servers in the cluster.

D. The Aruba-user-role received by the IAP is filtering the TCP port 6658 to the ClearPass servers and after 10 seconds the SSL fallback gets activated and randomly generates the issue.

Where is the following information stored in ClearPass?

1.

Roles and Posture for Connected Clients

2.

System Health for OnGuard

3.

Machine authentication State

4.

CoA session info

5.

Mapping of connected clients to NAS/NAD

A. Multi-Master cache

B. Endpoint database

C. insight database

D. ClearPass system cache