HP HPE6-A68 Exam Questions Instant Access

Question 1

Refer to the exhibit.

Which statements accurately describe the cp82 ClearPass node? (Select two.)

AIt becomes the Publisher when the primary Publisher fails.

BIt operates as a Publisher in the same cluster as the primary Publisher when the primary is active.

CIt operates as a Publisher in a separate cluster when the Publisher is active.

DIt operates as a Subscriber when the Publisher is active.

EIt stays as a Subscriber when the Publisher fails.

Answer : A, D

ClearPass Policy Manager allows you to designate one of the subscriber nodes in a cluster to be the Standby Publisher, thereby providing for that subscriber node to be automatically promoted to active Publisher status in the event that the Publisher goes out of service. This ensures that any service degradation is limited to an absolute minimum.

When a Publisher failure is detected, the designated subscriber node is promoted to active Publisher status.

Question 2

What is the purpose of RADIUS CoA (RFC 3576)?

Ato force the client to re-authenticate upon roaming to a new Controller

Bto apply firewall policies based on authentication credentials

Cto validate a host MAC address against a whitelist or a blacklist

Dto authenticate users or devices before granting them access to a network

Eto transmit messages to the NAD/NAS to modify a user's session status

Answer : E

CoA messages modify session authorization attributes such as data filters.

Question 3

What does Authorization allow users to do in a Policy Service?

ATo use attributes in databases in role mapping and Enforcement.

BTo use attributes stored in databases in Enforcement only, but not role mapping.

CTo use attributes stored in external databases for Enforcement, but not internal databases.

DTo use attributes stored in databases in role mapping only, but not Enforcement.

ETo use attributes sored in internal databases for Enforcement, but not external databases.

Answer : A

Question 4

Refer to the exhibit.

An AD user's department attribute value is configured as ''Product Management''. The user connects on Monday to a NAD that belongs to the Device Group HQ.

Which role is assigned to the user in ClearPass?

AHR Local

B[Guest]

C[Employee]

DLinux User

EExecutive

Answer : E

The conditions of the Executive Role is met.

Question 5

Refer to the exhibit.

The ClearPass Event Viewer displays an error when a user authenticates with EAP-TLS to ClearPass through an Aruba Controller Wireless Network.

What is the cause of this error?

AThe controller's shared secret used during the certificate exchange is incorrect.

BThe NAS source interface IP is incorrect.

CThe client sent an incorrect shared secret for the 802.1X authentication.

DThe controller used an incorrect shared secret for the RADIUS authentication.

EThe client's shared secret used during the certificate exchange is incorrect.

Answer : D

Question 6

Refer to the exhibit.

Based on the Attribute configuration shown, which statement accurately describes the status of attribute values?

AOnly the attribute values of department and memberOf can be used in role mapping policies.

BThe attribute values of department, title, memberOf, telephoneNumber, and mail are directly applied as ClearPass.

COnly the attribute value of company can be used in role mapping policies, not the other attributes.

DThe attribute values of department and memberOf are directly applied as ClearPass roles.

EOnly the attribute values of title, telephoneNumber, and mail can be used in role mapping policies.

Answer : D

Question 7

A customer wants all guests who access a company's guest network to have their accounts approved by the receptionist, before they are given access to the network.

How should the network administrator set this up in ClearPass? (Select two.)

AEnable sponsor approval confirmation in Receipt actions.

BConfigure SMTP messaging in the Policy Manager.

CConfigure a MAC caching service in the Policy Manager.

DConfigure a MAC auth service in the Policy Manager.

EEnable sponsor approval in the captive portal authentication profile on the NAD.

Answer : A, D

A: Sponsored self-registration is a means to allow guests to self-register, but not give them full access until a sponsor (could even be a central help desk) has approved the request. When the registration form is completed by the guest/user, an on screen message is displayed for the guest stating the account requires approval.

Guests are disabled upon registration and need to wait on the receipt page for the confirmation until the login button gets enabled.

D: Device Mac Authentication is designed for authenticating guest devices based on their MAC address.

https://community.arubanetworks.com/aruba/attachments/aruba/SoftwareUserReferenceGuides/52/1/ClearPass%20Policy%20Manager%206.5%20User%20Guide.pdf

HP Aruba Certified Clearpass Professional 6.7 HPE6-A68 Exam Questions