HPE6-A81 Online Practice Questions and Answers

While configuring a guest solution, the customer is requesting that guest user receive access for four hours from their first login. Which Guest Account Expiration would you select?

A. expire_after

B. do_expire

C. expire_time

D. expire_ postlogin

When is it recommended to use a certificate with multiple entries on the Subject Alternative Name?

A. The ClearPass servers are placed in different OnGuard zones to allow the client agent to send SHV updates.

B. Using the same certificate to Onboard clients and the Guest Captive Portal on a single ClearPass server.

C. The primary authentication server Is not available to authenticate the users.

D. The ClearPass server will be hosting captive portal pages for multiple FQDN entries

How does the RadSec improve the RADIUS message exchange? (Select two.)

A. It can be used on an unsecured network or the Internet.

B. It builds a TTLS tunnel between the NAD and ClearPass.

C. Only the NAD needs to trust the ClearPass Certificate.

D. It encrypts the entire RADIUS message.

E. It uses UDP to exchange the radius packets.

Refer to the exhibit:

The customer complains that the user shown cannot log into the ClearPass Server as an administrator using the [Policy Manager Admin Network Login Service]. What could be the reason for this?

A. The user might be used for a TACACS authentication

B. The account created does not fit this purpose.

C. The mapping on the role should be changed to [RADIUS Super Admin]

D. The local user authentication might be disabled

Under Onboard management and control, which option will deny the user from re-provisioning the device a second time?

A. Revoke and Delete certificate

B. Delete user

C. Revoke certificate

D. Delete certificate

Refer to the exhibit: Your customer configured a ClearPass server to process the Guest and Secure SSIDs broadcasting from both Aruba and Cisco WLAN controllers When an Employee connects to Aruba or Cisco secure SSID, the authentication hits the guest service causing the client to fail the connection to the network. What change can be implemented to make both the secure and guest services created for Aruba and Cisco devices to work correctly?

A. Move the HS-Guest User Authentication with MAC Caching service to the first position.

B. Modify the service rule matching algorithm to ALL in HS-Guest User Authentication service.

C. Disable HS-Guest User Authentication service and move HS-Guest MAC Authentication to seventh position.

D. Move the HS_Building Aruba 802.1x service to the second position in the service order.

Refer to the exhibit:

When creating a new report, there is an option to send report Notifications by Email. Where is the email server configured?

A. In the ClearPass Policy Manager Endpoint Context servers under Administration.

B. In the Insight Reports Interface under Administration on the sidebar menu.

C. In the insight report on the next screen of the report definition.

D. In the ClearPass Policy Manager Messaging setup under Administration.

Refer to the exhibit:

Your company has a postgres SQL database with the MAC addresses of the company-owned tablets You

have configured a role mapping condition to tag the SQL devices. When one of the tablets connects to the

network, it does not get the correct role and receives a deny access profile.

How would you resolve the issue?

A. Remove SQL condition from role mapping policy and add it under the enforcement policy conditions.

B. Edit the SQL authentication source niter attributes and modify the SQL server filter query.

C. Add the SQL server as an authentication source and map .t under the authentication tab in the service.

D. Enable authorization tab in the service and add the SQL server as an authorization source.

Refer to the exhibit: A customer has configured a Guest Self registration page for their Cisco Wireless network with the settings shown. What should be changed in order to successfully authenticate guests users?

A. Secure Login should use HTTP

B. Change the Vendor Settings to Airespace Networks

C. Change \he IP Address to the Cisco Controller DNS name

D. Login Method should be Controller-initiated - using HTTPs form submit

A customer would like to allow only the AD users with the "Manager" title from the "HQ" location to

Onboard their personal devices. Any other AD users should not be authorized to pass beyond the initial

device provisioning page.

Which Onboard service will you use to implement this requirement?

A. Onboard CP login service

B. Onboard Authorization service

C. Onboard Provisioning service

D. Onboard Pre-Auth service