HP HPE6-A81 Exam Practice Test Instant Access

Question 1

A customer is troubleshooting a user that has complained about randomly having issues connecting the network with EAP PEAP using the Corporate Laptop. The initial checks are showing a number of authentication failures but no sign of issues with the ClearPass server or AD.

What can the Customer do to monitor this user Authentication trend closely over the next few days?

Aconfigure a Report using Radius Failed Authentication template and schedule it to run every 5 mins

Bconfigure an Alert using Failed Authentication template with Threshold 1. Interval 5 mins

Cadd the user name in the Insight/Alert/Watchlitst and get the authentication failures notifications within 30 seconds

Dadd to ClearPass Insight Dashboard the Authentication Status widget for this specific user

Answer : C

Question 2

Refer to the exhibit.

A customer has configured Onboard in a cluster. After the Primary server's failure, the BYOD devices fail to connect to the network. Which step below is the best starting point when troubleshooting'

AVerify the CPPM hostname in OSCP URL under TLS authentication method is updated to localhost instead of primary server's hostname.

BReboot the active ClearPass server and reconnect the client to the SSID by selecting the correct certificate when prompted.

CCheck if a DNS entry is available for the ClearPass hostname in the certificate, resolvable from the DNS server assigned to the client.

DCheck EAP certificate on the secondary node is issued by the same common root Certificate Authority (CA).

Answer : A

Question 3

Refer to the exhibit.

You configured the Wired MAC - Auth service enforcement conditions with the Endpoint profiling data When mac-auth based clients connect to the network, ClearPass assigns Deny access profile. The customer has sent you the above screenshots How would you resolve the issue?

AChange the Rules evaluation algorithm in the Enforcement policy of HPE ArubaOS Mac auth policy as 'select all matches' and add the CoA action as HPE Bounce switch port in the profiler tab.

BCreate a new condition in last position with Type and operator as Tips:Role EQUALS [User Authenticated] with action as Allow access profile permitting any services and any ports to do profiling.

CCreate a new condition in first position with Type and operator as Authorization (Endpoint Repository]:Category NOT_EXISTS with action as Limited access profile allowing only DHCP service.

DCreate a new condition in the first position with Type and operator as Authorization [Endpoint Repository] Category NOT_EXISTS with action as Limited access profile and ArubaOS wireless terminate session

Answer : A

Question 4

Where is the following information stored in Clear Pass?

- Roles and Posture for Connected Clients - System Health for OnGuard - Machine authentication State - CoA session info - Mapping of connected clients to NAS/NAD

AClearPass system cache

BMulti-Master cache

CInsight database

DEndpoint database

Answer : C

Question 5

A customer is planning to implement machine and user authentication on infrastructure with one Aruba Controller and a single ClearPass Server. What should the customer consider while designing this solution? (Select three.)

AThe customer does not need to worry about Multi-Master Catht Survivability because the Controller will also cache the machine state.

BThe Windows User must log off. restart or disconnect their machine to initiate a machine authentication before the cache expires.

CThe machine authentication status rs written in the Multi-master cache on the ClearPass Server for 24 hrs

DThe Customer should enable Multi-Master Cache Survivability as the Aruba Controller will not cache the machine state.

EMachine Authentication only uses EAP TLS. as such a PKI infrastructure should be in place for machine authentication.

FOnboard must be used to install the Certificates on the personal devices to do the user and machine authentication

Answer : B, C, F

Question 6

Your customer has recently implemented a seIf-registration portal in ClearPass Guest to be used on a Guest SSID broadcast from an Aruba controller Your customer has started complaining that the users are not able to reliably access the Internet after clicking the login button on the receipt page They tell you that the users will click the login button multiple times and after about a minute they gam access.

What could be causing this issue?

AThe enforcement profile on ClearPass is set up with an IETF:session delay.

BThe self-registration page is configured with a 1 minute login delay.

CThe guest users are assigned a firewall user role that has a rate limit.

DThe guest users are assigned multiple DNS servers delaying DNS response.

Answer : A

Question 7

Refer to the exhibit.

You are doing a ClearPass PoC at a customer site with a single Aruba Mobility Controller. The customer asked for a demonstration of a simple Web Login functionality. You used a service template to create the guest services. During testing, the user gets redirected back to the weblogin page with an Authentication failed message The guest configurations on the Aruba Mobility Controller are configured correctly Why would the guest fail to authenticate successfully?

AThe authentication source mapped in the service is incorrect It should be mapped as [Guest Device Repository! (Local SQL DB].

BThe Unique-Device- Count does not allow any Client devices. Update the Enforcement policy condition: Unique-Device-Count.

CThe username and/or password used for authentication is incorrect Re-enter the correct password on the weblogin page.

DThe username used for authentication does not exist in the Guest User Database. Create a new user and authenticate again

Answer : B

HPE6-A81 Aruba Certified ClearPass Expert Written Exam Practice Test