HP HPE6-A81 Exam Practice Test Instant Access

Question 1

When building an SNMP-based enforcement profile what option can you assign to the user as actions? (Select three).

AEnforce a VLAN ID for the client

ASet a session timeout for the client

BEnforce Firewall policies

CSend captive portal web re-direct URL

DClearPass Downloadable Role

EReset the connection after the settings has been pushed

Answer : A, A, B, D

Question 2

Refer to the exhibit.

You have set up a home lab for ACCX exam preparation with Aruba Clear Pass integrated with Aruba Controller and Instant Access Point Guest Mac Caching functionality is configured only for Aruba Controller's guest SSID and a common Web Login page is configured for both NAD devices You tested and verified the mac caching functionality for a client by connecting it to the Aruba Controller's guest SSID.

What will happen when you disconnect the client from Aruba Controller's guest SSID and connect it to Instant APs guest SSID?

AThe client will bypass the captive portal authentication by completing the MAC authentication.

BThe client will fail the mac authentication and will be redirected to the captive portal page.

CThe client does not have to complete any authentication as the re-connection was immediate.

DThe client will be redirected to the captive portal page to complete the web authentication.

Answer : A

Question 3

Refer to the exhibit.

Your customer has configured the 802.1 X service enforcement conditions with the Endpoint profiling dat

a. When the client connects to the network. ClearPass successfully profiles the client but the client always receives an incorrect enforcement profile The configurations in the Aruba controller are completed correctly What is the cause of the issue?

AAn additional authorization source should be configured for profiling to work.

BThe enforcement policy rules evaluation algorithm is not configured correctly.

CThe option, use cached roles and posture from previous sessions should be enabled.

DThe enforcement policy conditions configured with profiling data are not correct

Answer : C

Question 4

Refer to the exhibit.

A customer has just configured a Posture Policy and the T 2 -Health check Service. Next they installed the OnGuard Agent on a test client connected to the Secure_Employee SSID. When they check Access Tracker they see many WEBAUTH requests are being triggered What could be the reason'

AThe OnGuard Agent trigger the events based on changing the Health Status.

BThe OnGuard Agent is connecting to the Data Port interface on ClearPass.

CTCP port 6658 is not allowed between the client and the ClearPass server.

DOnGuard Web-Based Health Check interval has been configured to three minutes.

Answer : D

Question 5

A customer is troubleshooting the OnGuard Client Activity and is looking into the Live Monitoring -> OnGuard Activity section. What is the Status field representing for this client ?

Athe Client health status is HEALTHY

Bthe Client has been successfully profiled

Cthe Client is online and sends keep-alive messages

Dthe Client is successful authenticated

Answer : B

Question 6

A Customer has these requirements:

* 2.000 loT endpoints that use MAC authentication

* 6.000 endpoints using a mix of username/password and certificate (Corporate/BYOD) based authentication

* 1.000 guest endpoints at peak usage that use guest self-registration

* 1500 BYOD devices estimated as 3 devices per User (500 users)

* 2.500 endpoints that have OnGuard installed and connect on a daily basis

What licenses should be installed to meet customer requirements?

A11.500 Access. 1.500 Onboard. 2.500 OnGuard

B13.000 Access. 1.500 Onboard. 2.500 OnGuard

C9.000 Access. 500 Onboard. 2.500 OnGuard

D11.500 Access. 500 Onboard. 2.500 OnGuard

Answer : A

Question 7

A customer has a Clear Pass cluster deployment with four servers, two servers at the data center and two servers at a large remote site connected over an SO-WAN solution. The customer would like to implement OnGuard. Guest Self-Registration, and 802.1 X authentication across their entire environment. During testing the customer is complaining that users connecting to an Instant Cluster Employee S5ID at the remote site, with the OnGuard Persistent Agent installed are randomly getting their health check missed.

What could be a possible cause of this behavior?

AThe traffic on the TCP port 6658 is congested due to the fact that this port is also used by the IPSec keep-alive packets of the SO-WAN solution.

BThe OnGuard Clients are automatically mapped to the Policy Manager Zone based on their IP range but an ACL on the switch could be blocking access.

CThe Aruba-user-role received by the IAP is filtering the TCP port 6658 to the Clear Pass servers and after 10 seconds the SSL fallback gets activated and randomly generates the issue

DThe ClearPass Policy Manager zones have been defined but the local IP subnets have not but properly mapped to the zones and the OnGuard Agent might connect to any of the servers in the cluster.

Answer : A

HPE6-A81 Aruba Certified ClearPass Expert Written Exam Practice Test