HP HPE6-A81 Exam Questions Instant Access

Question 1

Refer to the exhibit.

A customer has incomplete information for endpoints in the Endpoint Repository. In order to make accurate decisions about what types of devices are connecting to the network. ClearPass is enabled to process the device information from IF-MAP interface, but no updates are received. What can the customer do to update those endpoints using IF-MAP?

AConfigure ClearPass Management IP in the DHCP Helper address

BConfigure IF-MAP on all networking devices to send additional information to ClearPass

CConfigure IF-MAP only on Aruba Mobility Controller, providing ClearPass username and password

DConfigure the authentication service to Audit the endpoints using, the embedded Nmap Server

Answer : A

Question 2

Which statements art true about the Database server certificate? (Select two)

ADatabase certificate can be created to take a secure backup of the ClearPass database.

BClearPass Policy Manager nodes validates the Database certificate while joining the cluster

CCustom Database certificate requires Subject Alternative Name (SAN) field with the DNS name of the server.

DA change in Database certificate will only be applicable after a reboot of the node

EDatabase server certificate is optional for the ClearPass servers that are part of a Cluster.

Answer : B, C

Question 3

A customer has a Clear Pass cluster deployment with four servers, two servers at the data center and two servers at a large remote site connected over an SO-WAN solution. The customer would like to implement OnGuard. Guest Self-Registration, and 802.1 X authentication across their entire environment. During testing the customer is complaining that users connecting to an Instant Cluster Employee S5ID at the remote site, with the OnGuard Persistent Agent installed are randomly getting their health check missed.

What could be a possible cause of this behavior?

AThe traffic on the TCP port 6658 is congested due to the fact that this port is also used by the IPSec keep-alive packets of the SO-WAN solution.

BThe OnGuard Clients are automatically mapped to the Policy Manager Zone based on their IP range but an ACL on the switch could be blocking access.

CThe Aruba-user-role received by the IAP is filtering the TCP port 6658 to the Clear Pass servers and after 10 seconds the SSL fallback gets activated and randomly generates the issue

DThe ClearPass Policy Manager zones have been defined but the local IP subnets have not but properly mapped to the zones and the OnGuard Agent might connect to any of the servers in the cluster.

Answer : A

Question 4

A customer has acquired another company that has its own Active Directory infrastructure. The 802 1X PEAP authentication works with the customer's original Active Directory servers but the customer would like to authenticate users from the acquired company as well.

What steps are required, in regards to the Authentication Sources, in order to support this request? (Select two.)

ACreate a new Authentication Source, type Active Directory.

BCreate a new Authentication Source, type Generic LDAP.

CAdd the new AD server(s) as backup into the existing Authentication Source.

DThere is no need to join ClearPass to the new AD domain.

EJoin the ClearPass server(s) to the new AD domain.

Answer : B, D

Question 5

Refer to the exhibit.

What could be causing the error message received on the OnGuard client?

AThe Service Selection Rules for the service are not configured correctly

BThe Health-Check service does not have Posture Compliance option enabled

CThe client's OnGuard Agent has not been configured with the correct Policy Manager Zone.

DThere is a firewall policy not allowing the OnGuard Agent to connect to ClearPass

Answer : A

Question 6

A customer has deployed an OnGuard Solution to all the corporate devices using a group policy result to push the OnGuard Agtnts. The network administrator is complaining that soma of the agents are communicating to the ClearPass server that is located in a DMZ. outside the firewall The network administrator wants all of the agents System Health Validation traffic to stay inside the Management subnets.

What can the ClearPass administrator do to move the traffic only to the ClearPass Management Ports?

ASelect the correct OnGuard Agent installer, and use the one configured for Management Port for the clients.

BFilter TCP port 6658 on the firewall, forcing the OnGuard agent to use the ClearPass Management port.

CConfigure a Policy Manager Zone mapping so the OnGuard agent will use the Management Port IP.

DEdit the agent.conf file being deployed to the clients to use the ClearPass Management Port for SHV updates

Answer : B

Question 7

You have designed a ClearPass solution for an Information Technology Business Park with 50,377 concurrent sessions including the visitors. The deployment includes eight ClearPass servers handling RADIUS authentication. Guest Self-Registration. Onboard and OnGuard. CPPM1 is acting as Publisher. CPPM2 to CPPM8 are added as subscriber nodes CPPM4 is the designated Standby Publisher. Servers CPPM2 and CPPM3 will be handling the Guest and Onboard HTTPS traffic. On a few devices, Corporate users will perform username and password based authentication with Active Directory accounts and on few devices, they will be using private CA signed TLS certificates to do the authentication The customer has three Active Directories (AD1, AD2 and A03) part of Multi-Domain Forest. To provide authentication redundancy, the customer has configured multiple Virtual IP settings between ClearPass servers in a cluster.

On all the Network Access Devices (NAD), the primary authentication server is configured as the VIP IP address and the secondary authentication server rs configured as CPPM1 MGMT IP address Based on the information provided, which ClearPass nodes will you join to the AD domain

AJoin CPPM1. CPPM4 to CPPM7 servers to the AD root domain

BJoin CPPM2 to CPPM7 ClearPass servers to the AD root domain.

CJoin all the eight ClearPass servers to AD1, AD2 and AD3 domains.

DJoin CPPM1. CPPM4 to CPPM8 to the AD1. AD2 and AD3 domains.

Answer : D

HP Aruba Certified ClearPass Expert Written HPE6-A81 Exam Questions