HP HPE6-A81 Exam Practice Test Instant Access

Question 1

Refer to the exhibit.

A customer has incomplete information for endpoints in the Endpoint Repository. In order to make accurate decisions about what types of devices are connecting to the network. ClearPass is enabled to process the device information from IF-MAP interface, but no updates are received. What can the customer do to update those endpoints using IF-MAP?

AConfigure ClearPass Management IP in the DHCP Helper address

BConfigure IF-MAP on all networking devices to send additional information to ClearPass

CConfigure IF-MAP only on Aruba Mobility Controller, providing ClearPass username and password

DConfigure the authentication service to Audit the endpoints using, the embedded Nmap Server

Answer : A

Question 2

A customer has multiple Aruba Controllers integrated with ClearPass for guest access using a controller-initialed login method. The customer is aware that a public CA-signed captive portal certificate is required in Aruba controllers for controller-initiated workflows. The customer has purchased unique public CA-signed server certificates for each controller.

What configuration steps would you suggest to the customer to complete the deployment? (Select three.)

AFrom the weblogin/ self-registration page NAS Vendor settings, enable the check box for 'The controller will send the IP to submit credentials' under Dynamic address.

BEdit the HTML header in the weblogin/ self-registration register page with a script to match the controllers IP and captive portal certificate CN names respectively.

CFrom the Aruba controller, enable the option 'Add switch IP address in the redirection URL' under the respective L3 Authentication profile mapped in the initial role

DFrom the Aruba controller, enable the option 'Add switch ip address in the redirection URL' under the respective guest AAA profile mapped in the VAP profile.

EAdd all the controller IP address and its certificate common names in the DNS server's Forward Lookup Zones and Reverse Lookup Zones to resolve queries from client.

FFrom the weblogin/ self-registration page Login form settings, enable the check box for 'The controller will send the IP to submit credentials' under Dynamic address.

Answer : A, D, F

Question 3

You have configured a factory default Aruba controller with Clear Pass for guest access and the NAS vendor settings - Address field in the guest weblogin page is configured with Aruba controller's default self-signed certificate common name "securelogin.arubanetworks.com" that the client will use to submit the authentication request.

What happens when the client sends a DNS request to securelogin aruba networks com?

AThe controller will intercept the ONS request sent to its HTTPS certificate common name and return its own IP address.

BAddress field in the web login vendor settings should be set to IP address of the controller instead of certificate CN name.

CClient does not send the DNS request, the ClearPass resolves the hostname in the NAS vendor settings Address field.

DThe controller will pass the request to the DNS server and server returns the IP of the controller from the DNS records.

Answer : B

Question 4

Refer to the exhibit.

A customer is trying to configure a TACACS Authentication Service for administrative what could be the reason for the Login Status REJECT?

AThe password used by the administrative user is wrong.

BThe Enforcement profile used is not a TACACS profile.

CThe Read-only Administrator role does not exist on the Controller.

DThe Enforcement profile is not designed to be used on Aruba Controller

Answer : C

Question 5

While configuring the service rule conditions which NAS-Port-Type value should be used to differentiate the service for wired and wireless authentication?

AEthernet (5) and Wireless-802 11 (9)

BEthernet (15) and Wireless-802 II (19)

CEthernet (O)and W.reless-802 11 (1)

DEthernet (19) and Wireless-802 11(18)

Answer : A

Question 6

Refer to the exhibit.

You have integrated the Cisco switch with ClearPass to do MAC-Auth for Cisco IP Phones. The phones connect to the network successfully but when you try to change the status of the device from the access tracker, you see only the ArubaOS Radius terminate session options and not the Cisco vendor terminate session options. What will you check to fix this issue?

AVerify if the ClearPass supports RADIUS Dynamic Authorization for the Cisco IP Phones doing MAC.AUTH.

BVerify if the Cisco IP Phone is actively connected to the switch to get the Cisco CoA options from ClearPass.

CVerify if the Enable RADIUS Dynamic Authorization option is checked for the Cisco switch added under the network devices.

DVerify that Cisco is chosen as the vendor name while adding the Cisco Switch under network devices.

Answer : D

Question 7

A customer is troubleshooting a user that has complained about randomly having issues connecting the network with EAP PEAP using the Corporate Laptop. The initial checks are showing a number of authentication failures but no sign of issues with the ClearPass server or AD.

What can the Customer do to monitor this user Authentication trend closely over the next few days?

Aconfigure a Report using Radius Failed Authentication template and schedule it to run every 5 mins

Bconfigure an Alert using Failed Authentication template with Threshold 1. Interval 5 mins

Cadd the user name in the Insight/Alert/Watchlitst and get the authentication failures notifications within 30 seconds

Dadd to ClearPass Insight Dashboard the Authentication Status widget for this specific user

Answer : C

HPE6-A81 Aruba Certified ClearPass Expert Written Exam Practice Test