• Home
  • Articles
  • [May-2022] HPE6-A81 Pre-Exam Practice Tests Exam Questions and Answers for HPE Aruba Certified Study Guide [Q11-Q33]

[May-2022] HPE6-A81 Pre-Exam Practice Tests Exam Questions and Answers for HPE Aruba Certified Study Guide [Q11-Q33]

Share

[May-2022] HPE6-A81 Pre-Exam Practice Tests | Exam Questions and Answers for HPE Aruba Certified Study Guide

Aruba Certified ClearPass Expert Written Exam Certification Sample Questions

NEW QUESTION 11
Refer to the exhibit.

A customer with multiple Aruba Controllers has just installed a new certificate for "'.customerdomain.com- on all Aruba Controllers While testing the existing guest Self-Registration page the customer noticed that the logins are failing While troubleshooting they are finding no entries in the Event Viewer or Access Tracker for the tests Suspecting that the Aruba Controllers may not be properly posting the credentials from the guest browser, they open the NAS Vendor Settings for the Guest Self-Registration Page.

  • A. Change the 'IP Address field to" securelogin.customerdomain.com
  • B. Change the "Secure Login' field to "Use Vendor Default".
  • C. Change the "IP Address field to "captiveportal-login.customerdomain.com".
  • D. Add PTR records on the DNS server for "securelogin arubanetworks.com".

Answer: C

 

NEW QUESTION 12
Refer to the exhibit.




A year ago. your customer deployed an Aruba ClearPass Policy Manager Server for a Guest SSID hosted in an IAP Cluster The customer just created a new Web Login Page for the Guest SSiD Even though the previous Web Login page worked test with the new Web Login Page are failing and the customer has forwarded you the above screenshots.
What recommendation would you give the customer to fix the issue?

  • A. The customer should reset the password for the username accxCdlexam.com using Guest Manage Accounts.
  • B. The WebLogin Pre-Auth Check is set to Aruba Application Authentication which requires a separate application service on the policy manager
  • C. The service type configured is not correct. The Guest authentication should be an Application authentication type of service.
  • D. The Address filed under the WebLogin Vendor settings is not configured correctly. It should be set to instant, Aruba networks com,

Answer: D

 

NEW QUESTION 13
A Customer has these requirements:
* 2.000 loT endpoints that use MAC authentication
* 6.000 endpoints using a mix of username/password and certificate (Corporate/BYOD) based authentication
* 1.000 guest endpoints at peak usage that use guest self-registration
* 1500 BYOD devices estimated as 3 devices per User (500 users)
* 2.500 endpoints that have OnGuard installed and connect on a daily basis What licenses should be installed to meet customer requirements?

  • A. 11.500 Access. 1.500 Onboard. 2.500 OnGuard
  • B. 9.000 Access. 500 Onboard. 2.500 OnGuard
  • C. 11.500 Access. 500 Onboard. 2.500 OnGuard
  • D. 13.000 Access. 1.500 Onboard. 2.500 OnGuard

Answer: A

 

NEW QUESTION 14
Which statements art true about controller-initiated and server-initiated login method? (Select two)

  • A. Controller-initiated login method should be used of the guest user's network login will be handled by the guest browser to perform the HTTP port when the user attempts a login
  • B. Controller-initiated login method should be used if the guest user's network login will be handled by the controller-based AP to perform the HTTP post when the user attempts a login.
  • C. server-initiated login method should be used if the guest users network login will be handled by the ClearPass by standing a CoA after authentication request is posted to itself when the user attempts a login
  • D. server-in it will login method should be used if the guest user s network login will be handled by the wired switch by standing the authentication request to (PPM when the user attempts a login
  • E. server-initiated login method should be used if the guest user's network login will be handled by ClearPass by sending the authentication request to itself when the user attempts a login

Answer: A,D,E

 

NEW QUESTION 15
The customer would like to add a default common self-registration sponsor email under the initial value on all the ten self-registration pages created for different locations except for the guest registration page created for Sunnyvale location to use a different sponsor email in initial value. Under self-registration form fields, you have "Edit" and "Edit Base Field" Which edit options will you choose to make minimal configuration changes to implement the customer's requirement? (Select two)

  • A. Update the specific sponsor email by clicking on "Edit Base Field" option of the sponsor_email form filed on the Sunnyvale location register form page
  • B. Update the specific sponsor email by clicking on the "Edit" option of the sponsor_email form filed on the Sunnyvale self-registration register form page
  • C. Update the common sponsor email by clicking the "Edit Base Field" option of the sponsor_email form field on the one of the self-registration form page
  • D. Update the sponsor email by clicking on both "Edit" and "Edit Base Field" options of the sponsor_email filed on the Sunnyvale register page
  • E. Update the common sponsor email by clicking the "Edit" option of the sponsor email form field on the one of the self-registration register form page

Answer: D,E

 

NEW QUESTION 16
Refer to the exhibit.

What enforcement profile will be assigned to a client who has successfully completed the user and machine authentication with UNKNOWN posture token?

  • A. Deny Access Profile
  • B. Redirect to Aruba Dissolvable_page Profile
  • C. Redirect to Aruba OnBoard Portal
  • D. Redirect to Aruba Quarantine Profile

Answer: B

 

NEW QUESTION 17
Refer to the exhibit.

You configured the Wired MAC - Auth service enforcement conditions with the Endpoint profiling data When mac-auth based clients connect to the network, ClearPass assigns Deny access profile. The customer has sent you the above screenshots How would you resolve the issue?

  • A. Change the Rules evaluation algorithm in the Enforcement policy of HPE ArubaOS Mac auth policy as "select all matches" and add the CoA action as HPE Bounce switch port in the profiler tab.
  • B. Create a new condition in first position with Type and operator as Authorization (Endpoint Repository]:Category NOT_EXISTS with action as Limited access profile allowing only DHCP service.
  • C. Create a new condition in the first position with Type and operator as Authorization [Endpoint Repository] Category NOT_EXISTS with action as Limited access profile and ArubaOS wireless terminate session
  • D. Create a new condition in last position with Type and operator as Tips:Role EQUALS [User Authenticated] with action as Allow access profile permitting any services and any ports to do profiling.

Answer: A

 

NEW QUESTION 18
Which using Allow All MAC AUTH, which authentication source should be mapped to the service?

  • A. Any Authentication source
  • B. Endpoint Database
  • C. Static Host List
  • D. Guest Device Database

Answer: C

 

NEW QUESTION 19
Refer to the exhibit.

A customer has configured Onboard in a cluster. After the Primary server's failure, the BYOD devices fail to connect to the network. Which step below is the best starting point when troubleshooting'

  • A. Reboot the active ClearPass server and reconnect the client to the SSID by selecting the correct certificate when prompted.
  • B. Check if a DNS entry is available for the ClearPass hostname in the certificate, resolvable from the DNS server assigned to the client.
  • C. Verify the CPPM hostname in OSCP URL under TLS authentication method is updated to localhost instead of primary server's hostname.
  • D. Check EAP certificate on the secondary node is issued by the same common root Certificate Authority (CA).

Answer: C

 

NEW QUESTION 20
What is the Secure SSIO (otherwise referred to as Single SSID) OnBoard deployment service workflow?

  • A. Onboard Authorization Application service. Onboard Provisioning RADIUS service Onboard
  • B. Onboard Provisioning RADIUS service, Onboard Authorization Application service, Onboard Pre-Auth Application service. Onboard Provisioning RADIUS service Onboard Provisioning RADIUS service,
  • C. Onboard Authorization RADIUS service. Onboard Pre-Auth Application service. Onboard Provisioning RADIUS service Onboard Provisioning RADIUS service. Onboard Prt-Auth Application service.
  • D. Provisioning RADIUS service. Onboard Pre-Auth RADIUS service. Onboard Authorization Application service. Onboard Provisioning RADIUS service.

Answer: A

 

NEW QUESTION 21
Refer to the exhibit.

You have configured an Onboard portal for single SSID provision. During testing you notice that the QuickConnect Application did not display the "Connect" button, only the finish button. To get connected the test user had to manually connect to the secure-HS-5007 SSID but was prompted for a username and password. Using the screenshots as a reference, how would you fix this issue?

  • A. Check the network settings for the correct SSID name spelling.
  • B. Install a public signed HTTPS web server certificate on the ClearPass server
  • C. Configure the SSID to support both EAP-PEAP and EAP-TLS authentication method
  • D. Change the network settings to use EAP-TLS for the authentication protocol.

Answer: B

 

NEW QUESTION 22
Refer to the exhibit.

What could be causing the error message received on the OnGuard client?

  • A. The Health-Check service does not have Posture Compliance option enabled
  • B. The Service Selection Rules for the service are not configured correctly
  • C. The client's OnGuard Agent has not been configured with the correct Policy Manager Zone.
  • D. There is a firewall policy not allowing the OnGuard Agent to connect to ClearPass

Answer: B

 

NEW QUESTION 23
What configuration steps should you follow to add terms and conditions page on Guest seIf-registration for CPPM? (Select two).

  • A. Edit the creatoracceprterms form field in receipt page and change HTML section by pointing the hyperlink to the HTML file uploaded
  • B. Create an HTML page with custom terms and condition and upload it to public files under Clearpass Guest -> configuration -> content manager
  • C. Edit the creetoraccepiterms form field in register page and change HTML section by pointing the hyperlink to the HTML file uploaded
  • D. Create an HTML page with custom terms and condition and upload it to private files under Clearpass Guest -> configuration -> content manager
  • E. Edit the accept_terms form field in receipt page and change HTML section by pointing the hyper link to the HTML file uploaded m Guest Manager

Answer: A,B

 

NEW QUESTION 24
Refer to the exhibit.

You are doing a ClearPass PoC at a customer site with a single Aruba Mobility Controller. The customer asked for a demonstration of a simple Web Login functionality. You used a service template to create the guest services. During testing, the user gets redirected back to the weblogin page with an Authentication failed message The guest configurations on the Aruba Mobility Controller are configured correctly Why would the guest fail to authenticate successfully?

  • A. The Unique-Device- Count does not allow any Client devices. Update the Enforcement policy condition: Unique-Device-Count.
  • B. The authentication source mapped in the service is incorrect It should be mapped as [Guest Device Repository! (Local SQL DB].
  • C. The username and/or password used for authentication is incorrect Re-enter the correct password on the weblogin page.
  • D. The username used for authentication does not exist in the Guest User Database. Create a new user and authenticate again

Answer: A

 

NEW QUESTION 25
Refer to the exhibit.

You have set up a home lab for ACCX exam preparation with Aruba Clear Pass integrated with Aruba Controller and Instant Access Point Guest Mac Caching functionality is configured only for Aruba Controller's guest SSID and a common Web Login page is configured for both NAD devices You tested and verified the mac caching functionality for a client by connecting it to the Aruba Controller's guest SSID.
What will happen when you disconnect the client from Aruba Controller's guest SSID and connect it to Instant APs guest SSID?

  • A. The client does not have to complete any authentication as the re-connection was immediate.
  • B. The client will be redirected to the captive portal page to complete the web authentication.
  • C. The client will bypass the captive portal authentication by completing the MAC authentication.
  • D. The client will fail the mac authentication and will be redirected to the captive portal page.

Answer: C

 

NEW QUESTION 26
Where is the following information stored in Clear Pass?
- Roles and Posture for Connected Clients - System Health for OnGuard - Machine authentication State - CoA session info - Mapping of connected clients to NAS/NAD

  • A. Multi-Master cache
  • B. Insight database
  • C. Endpoint database
  • D. ClearPass system cache

Answer: B

 

NEW QUESTION 27
A customer would like to allow only the AD users with the "Manager" title from the "HO" location to Onboard their personal devices. Any other AD users should not be authorized to pass beyond the initial device provisioning page. Which Onboard service will you use to implement this requirement?

  • A. Onboard Authorization service
  • B. Onboard Provisioning service
  • C. Onboard CP login service
  • D. Onboard Pre-Auth service

Answer: C

 

NEW QUESTION 28
Refer to the exhibit.



The users connecting to a wireless SSIO "secure-HS-5007" were being processed by an incorrect 802.1 X service created for VIP access and the user gets deny access. The customer has sent you the screenshot to get your support to resolve the issue What changes will you suggest to fix it?

  • A. Delete the HSBuilding 802 IX service, odd VIP access Aruba-Essid-Name as fourth condition to WSBuilding Aruba 802 1X service
  • B. In the HS_Building 802.1X service, remove the service rule condition with Aruba controller location name and leave it in same position
  • C. In the HSBuilding 802. IXservice. change the Authentication method for AMCAuth for VIP access and leave it in same position
  • D. To the HS_Building 802.1 X service, add another service rule condition with VIP access Aruba-Essid-Name and leave it in same position

Answer: B

 

NEW QUESTION 29
Refer to the exhibit.

A customer has configured Onboard in a cluster with two nodes. All devices were onboarded in the network through node1 but those clients fail to authenticate through node2 with the error shown What steps would you suggest to make provisioning and authentication work across the entire cluster? (Select three)

  • A. Configure the Onboard Root CA to trust the Policy Manager EAP certificate root.
  • B. Make sure that the EAP certificates on both nodes are issued by one common root Certificate Authority (CA).
  • C. Have all of the BYOO clients disconnect and reconnect to the network.
  • D. Configure the Network Settings in Onboard to trust the Policy Manager EAP certificate.

Answer: A,B,C

 

NEW QUESTION 30
You have configured a Guest SSIO with Captive-portaI Web Authentication and MAC authentication. The MAC caching expiry time set to 12 hours and the Guest Account expiration time is set to 8 hours. What will happen if the guest were to disconnect from the SSID and re-connect 9 hours later?

  • A. The client will successfully pass the MAC authentication but still be redirected to captive portal page.
  • B. The client will successfully pass the mac authentication until the mac caching time expires.
  • C. The client will fail to get the MAC Caching role and will be redirected to the captive portal login page
  • D. The client will fail the MAC authentication and be denied access to the Guest SSIO.

Answer: A

 

NEW QUESTION 31
Refer to the exhibit.


A customer is doing a new ClearPass installation and is setting up clustering between two ClearPass servers running a 6.8.6 version. The ClearPass server failed to add the subscriber node. The customer was able to login to the console of the ClearPass server with the same CLI password used during the cluster setup. The customer has sent you the screenshots seeking your support Why did an attempt to add a subscriber node failed showing that error?

  • A. The subscriber server is running with a public signed and trusted HTTPS certificate
  • B. The subscriber server is running with a default self -signed HTTPS certificate
  • C. The default database certificate used in the publisher server is not a valid certificate
  • D. The data and time in the subscriber was not synchronized with the NTP server

Answer: B

 

NEW QUESTION 32
A customer is troubleshooting a user that has complained about randomly having issues connecting the network with EAP PEAP using the Corporate Laptop. The initial checks are showing a number of authentication failures but no sign of issues with the ClearPass server or AD.
What can the Customer do to monitor this user Authentication trend closely over the next few days?

  • A. configure a Report using Radius Failed Authentication template and schedule it to run every 5 mins
  • B. configure an Alert using Failed Authentication template with Threshold 1. Interval 5 mins
  • C. add the user name in the Insight/Alert/Watchlitst and get the authentication failures notifications within 30 seconds
  • D. add to ClearPass Insight Dashboard the Authentication Status widget for this specific user

Answer: C

 

NEW QUESTION 33
......


HP HPE6-A81 Exam Syllabus Topics:

TopicDetails
Topic 1
  • TACACS authentication from Network Access Devices
  • Cluster Layout positioning of Publisher and Subscribers, Use of Policy Manager Zones
Topic 2
  • Authentication Methods and OCSP to insure proper Certificate revocation
  • Authentication Sources Including Active Directory
Topic 3
  • Quarantine and remediation based on Posture Token and the status of the agent
  • The Roles of Data and Management Port related to AAA traffic and HTTP Guest Traffic
Topic 4
  • ClearPass Admin Login service processing and profile mapping
  • Self-Registration both with and without sponsorship
Topic 5
  • Implimenting Guest Access on both wired and wireless infrastructure
  • Integration of Endpoint Profiling into Enforcement
Topic 6
  • Implimentation of both Server and Controller Initiated Captive Portal Authentication
  • High Availability and Redundancy Design, including Virtual IP addressing and Standby Publisher

 

HP Exam Practice Test To Gain Brilliante Result: https://www.testkingfree.com/HP/HPE6-A81-practice-exam-dumps.html

Related Articles

more
HP HPE6-A81 Certification Practice Exam