HP HPE6-A68 Exam Practice Test Instant Access

Question 1

In which ways can ClearPass derive client roles during policy service processing? (Select two.)

AFrom the attributes configured in Active Directory

BFrom the server derivation rule in the Aruba Controller server group for the client

CFrom the Aruba Network Access Device

DFrom the attributes configured in a Network Access Device

EThrough a role mapping policy

Answer : A, E

Question 2

Refer to the exhibit.

Based on the Endpoint information shown, which collectors were used to profile the device as Apple iPad? (Select two.)

AHTTP User-Agent

BSNMP

CDHCP fingerprinting

DSmartDevice

EOnguard Agent

Answer : A, C

HTTP User-Agent

In some cases, DHCP fingerprints alone cannot fully classify a device. A common example is the Apple family of smart devices; DHCP fingerprints cannot distinguish between an Apple iPad and an iPhone. In these scenarios, User-Agent strings sent by browsers in the HTTP protocol are useful to further refine classification results.

User-Agent strings are collected from:

* ClearPass Guest

* ClearPass Onboard

* Aruba controller through IF-MAP interface

Note: Collectors are network elements that provide data to profile endpoints.

The following collectors send endpoint attributes to Profile:

* DHCP

DHCP snooping

Span ports

* ClearPass Onboard

* HTTP User-Agent

*MAC OUI -- Acquired via various auth mechanisms such as 802.1X, MAC auth, etc.

* ActiveSync plugin

* CPPM OnGuard

*SNMP

* Subnet Scanner

* IF-MAP

* Cisco Device Sensor (Radius Accounting)

* MDM

https://community.arubanetworks.com/aruba/attachments/aruba/ForoenEspanol/653/1/ClearPass%20Profiling%20TechNote.pdf

Question 3

Which CLI command is used to upgrade the image of a ClearPass server?

AImage update

BSystem upgrade

CUpgrade image

DReboot

EUpgrade software

Answer : B

When logged in as appadmin, you can manually install the Upgrade and Patch binaries imported via the CLI using the

following commands:

* system update (for patches)

* system upgrade (for upgrades)

https://community.arubanetworks.com/aruba/attachments/aruba/SoftwareUserReferenceGuides/52/1/ClearPass%20Policy%20Manager%206.5%20User%20Guide.pdf

Question 4

A ClearPass administrator wants to make Enforcement decisions during 802.1x authentication based on a client's Onguard posture token.

Which Enforcement profile should be used on the health check service?

ARADIUS CoA

BQuarantine VLAN

CFull Access VLAN

DRADIUS Accept

ERADIUS Reject

Answer : A

The Health Check Service requires a profile to terminate the session so that the RADIUS 802.1X authentication Service can use the posture token in a new authentication routine. The terminate session profile will utilize the Change of Authorization feature to force a re-authentication.

See step 6) below.

Navigate to the list of Enforcement Profiles by selecting, Configuration > Enforcement > Profiles.

2. Click the + Add link in the upper right hand corner.

3. From the Template dropdown menu, choose RADIUS Change of Authorization (CoA).

4. Name the policy.

This example uses Dell Terminate Session as the profile name.

5. Leave all the other settings as default, and click Next > to move to the Attributes tab.

6. On the dropdown menu for Select RADIUS CoA Template, choose IETF-Terminate-Session-IETF.

7. Click Next > and review the Summary tab (Figure 22).

8. Click Save.

Campus Networks Configuring ClearPass OnGuard, Switching, and Wireless (v1.0) (September 2015), page 22

http://en.community.dell.com/cfs-file/__key/telligent-evolution-components-attachments/13-4629-00-00-20-44-16-18/ClearPass-NAC-and-Posture-Assessment-for-Campus-Networks.pdf?forcedownload=true

Question 5

Refer to the exhibit.

What information can be drawn from the audit row detail shown? (Select two.)

Aradius01 was deleted from the list of authentication sources.

BThe policy service was moved to position number 4.

Cradius01 was moved to position number 4.

DThe policy service was moved to position number 3.

Eraduis01 was added as an authentication source.

Answer : A, B

Question 6

Refer to the exhibit.

An AD user's department attribute value is configured as ''Product Management''. The user connects on Monday to a NAD that belongs to the Device Group HQ.

Which role is assigned to the user in ClearPass?

AHR Local

B[Guest]

C[Employee]

DLinux User

EExecutive

Answer : E

The conditions of the Executive Role is met.

Question 7

What is the purpose of RADIUS CoA (RFC 3576)?

Ato force the client to re-authenticate upon roaming to a new Controller

Bto apply firewall policies based on authentication credentials

Cto validate a host MAC address against a whitelist or a blacklist

Dto authenticate users or devices before granting them access to a network

Eto transmit messages to the NAD/NAS to modify a user's session status

Answer : E

CoA messages modify session authorization attributes such as data filters.

HP Aruba Certified Clearpass Professional 6.7 HPE6-A68 Exam Practice Test