HP HPE6-A68 Exam Practice Test Instant Access

Question 1

Which components of a ClearPass is mandatory?

AAuthorization Source

BProfiler

CRole Mapping Policy

DEnforcement

EPosture

Answer : D

An enforcement policy is a way to organize enforcement profiles and apply them to users or Policy Manager roles. Based on the enforcement policy assigned to the role, enforcement profiles are applied to the service request.

Question 2

In a single SSID Onboarding, which method can be used in the Enforcement Policy to distinguish between a provisioned device and a device that has not gone through the Onboard workflow?

AActive Directory Attributes

BNetwork Access Device used

CEndpoint OS Category

DOnguard Agent used

EAuthentication Method used

Answer : E

Question 3

Refer to the exhibit.

Based on the network topology diagram shown, how many clusters are needed for this deployment?

Answer : D

Question 4

Refer to the exhibit.

When configuring a Web Login Page in ClearPass Guest, the information shown is displayed.

What is the Address field value 'securelogin.arubanetworks.com' used for?

Afor ClearPass to send a TACACS+ request to the NAD

Bfor appending to the Web Login URL, before the page name

Cfor the client to POST the user credentials to the NAD

Dfor ClearPass to send a RADIUS request to the NAD

Efor appending to the Web Login URL, after the page name.

Answer : C

Question 5

A university wants to deploy ClearPass with the Guest module. The university has two types that need to use web login authentication. The first type of users are students whose accounts are in an Active Directory server. The second type of users are friends of students who need to self-register to access the network.

How should the service be set up in the Policy Manager for this network?

AGuest User Repository and Active Directory server both as authentication sources

BActive Directory server as the authentication source, and Guest User Repository as the authorization source

CGuest User Repository as the authentication source, and Guest User Repository and Active Directory server as authorization sources

DEither the Guest User Repository or Active Directory server should be the single authentication source

EGuest User Repository as the authentication source and the Active Directory server as the authorization source

Answer : A

Question 6

Refer to the exhibit.

Based on the Access Tracker output for the user shown, which statement describes the status?

AThe Aruba Terminate Session enforcement profile as applied because the posture check failed.

BA Healthy Posture Token was sent to the Policy Manager.

CA RADIUS-Access-Accept message is sent back to the Network Access Device.

DThe authentication method used is EAP-PEAP.

EA NAP agent was used to obtain the posture token for the user.

Answer : B

We see System Posture Status: HEALTHY(0)

End systems that pass all SHV tests receive a Healthy Posture Token, if they fail a single test they receive a Quarantine Posture Token.

https://community.arubanetworks.com/aruba/attachments/aruba/aaa-nac-guest-access-byod/21122/1/OnGuard%20config%20Tech%20Note%20v1.pdf

Question 7

A client's authentication is failing and there are no entries in the ClearPass Access tracker.

What is a possible reason for the authentication failure?

AThe user account has expired.

BThe client used a wrong password.

CThe shared secret between the NAD and ClearPass does not match.

DThe user's certificate is invalid.

EThe user is not found in the database.

Answer : C

HPE6-A68 Aruba Certified Clearpass Professional 6.7 Exam Practice Test