HPE6-A81 : Aruba Certified ClearPass Expert (ACCX) Exam

HPE6-A81 Dumps
HPE6-A81 Braindumps
HPE6-A81 Real Questions
HPE6-A81 Practice Test
HPE6-A81 Actual Questions


HP
HPE6-A81
Aruba Certified ClearPass Expert (ACCX)
https://killexams.com/pass4sure/exam-detail/HPE6-A81
Question: 1
Refer to the exhibit.



A customer has just configured a Posture Policy and the T 2 -Health check Service. Next they installed the OnGuard
Agent on a test client connected to the Secure_Employee SSID. When they check Access Tracker they see many
WEBAUTH requests are being triggered.
What could be the reason?
A. The OnGuard Agent trigger the events based on changing the Health Status.
B. The OnGuard Agent is connecting to the Data Port interface on ClearPass.
C. TCP port 6658 is not allowed between the client and the ClearPass server.
D. OnGuard Web-Based Health Check interval has been configured to three minutes.
Answer: D
Question: 157
Your customer has read about a feature in OnGuard for OnGuard Persistent Agent and Agentless OnGuard that can
display a new Posture Results web page to notify that and users with posture results for unhealthy clients after the
health check is done.
Where do you configure this option?
A. Policy Manager > Configuration > Enforcement > Profiles > Add a new profiles with Agent Enforcement as the
template, and on the Attributes tab add the new Show Posture Results in Guest Page attribute and set the value for the
attribute to true.
B. Policy Manager > Configuration > Enforcement > Profiles > Add new profile with Aruba Radius Enforcement as
the template, and on the Attributes tab add the Aruba-User-Role configured with the captive portal profile mapped
with default Posture Check web page UR
C. Policy Manager > Configuration > Services > Edit the Web-base Health Check Only service, and on the posture tab
under Remediation URL add the default Quarantined Blocked web page URL and complete the service configuration
by hitting save.
D. Policy Manager > Configuration > Services > Edit the Web-base Health Check Only service, and on the posture tab
enable the checkbox for the new option Show Posture Results in Guest Page and complete the service configuration by
hitting save.
Answer: D
Question: 158
A customer would like to allow only the AD users with the "Manager" title from the "HO" location to Onboard their
personal devices. Any other AD users should not be authorized to pass beyond the initial device provisioning page .
Which Onboard service will you use to implement this requirement?
A. Onboard Authorization service
B. Onboard Pre-Auth service
C. Onboard Provisioning service
D. Onboard CP login service
Answer: D
Question: 159
What configuration steps should you follow to add terms and conditions page on Guest seIf-registration for CPPM?
(Select two).
A. Edit the creetoraccepiterms form field in register page and change HTML section by pointing the hyperlink to the
HTML file uploaded
B. Edit the accept_terms form field in receipt page and change HTML section by pointing the hyper link to the HTML
file uploaded m Guest Manager
C. Create an HTML page with custom terms and condition and upload it to public files
under Clearpass Guest -> configuration -> content manager
D. Edit the creatoracceprterms form field in receipt page and change HTML section by pointing the hyperlink to the
HTML file uploaded
E. Create an HTML page with custom terms and condition and upload it to private files under Clearpass Guest ->
configuration -> content manager
Answer: A,C,D
Question: 160
Refer to the exhibit.

When creating a new report, there is in option to send report Notifications by Email Where is the email server
configured?
A. In the ClearPass Policy Manager Messaging Setup under Administration.
B. In the Insight report on the next screen of the report definition
C. In the Insight Reports Interface under Administration on the sidebar menu
D. In the ClearPass Policy Manager Endpoint Context Servers under Administration.
Answer: D
Question: 161
Refer to the exhibit.



A customer it troubleshooting a client not getting the SHV posture updated and the OnGuard agent shows the Health
Status Not Known .
What could the user do to update the health status?
A. connect using an interface that is configured as Managed Interface
B. reinstall the OnGuard agent from the Wired interface
C. change the Policy Manager Zone mapping and add the WIRED interface range
D. modify the agent.conf file and add the WIRED interface to it
Answer: D
Question: 162
A customer has acquired another company that has its own Active Directory infrastructure. The 802 1X PEAP
authentication works with the customer's original Active Directory servers but the customer would like to authenticate
users from the acquired company as well.
What steps are required, in regards to the Authentication Sources, in order to support this request? (Select two.)
A. Create a new Authentication Source, type Active Directory.
B. Create a new Authentication Source, type Generic LDA
C. Add the new AD server(s) as backup into the existing Authentication Source.
D. There is no need to join ClearPass to the new AD domain.
E. Join the ClearPass server(s) to the new AD domain.
Answer: A,B,C
Question: 163
You have designed a ClearPass solution for an Information Technology Business Park with 50,377 concurrent sessions
including the visitors. The deployment includes eight ClearPass servers handling RADIUS authentication. Guest Self-
Registration. Onboard and OnGuard. CPPM1 is acting as Publisher. CPPM2 to CPPM8 are added as subscriber nodes
CPPM4 is the designated Standby Publisher. Servers CPPM2 and CPPM3 will be handling the Guest and Onboard
HTTPS traffic. On a few devices, Corporate users will perform username and password based authentication with
Active Directory accounts and on few devices, they will be using private CA signed TLS certificates to do the
authentication The customer has three Active Directories (AD1, AD2 and A03) part of Multi-Domain Forest. To
provide authentication redundancy, the customer has configured multiple Virtual IP settings between ClearPass servers
in a cluster.
On all the Network Access Devices (NAD), the primary authentication server is configured as the VIP IP address and
the secondary authentication server rs configured as CPPM1 MGMT IP address.
Based on the information provided, which ClearPass nodes will you join to the AD domain
A. Join CPPM1. CPPM4 to CPPM7 servers to the AD root domain
B. Join CPPM2 to CPPM7 ClearPass servers to the AD root domain.
C. Join all the eight ClearPass servers to AD1, AD2 and AD3 domains.
D. Join CPPM1. CPPM4 to CPPM8 to the AD1. AD2 and AD3 domains.
Answer: D
Question: 164
Refer to the exhibit.


A customer has configured Onboard in a cluster with two nodes. All devices were onboarded in the network through
node1 but those clients fail to authenticate through node2 with the error shown.
What steps would you suggest to make provisioning and authentication work across the entire cluster? (Select three)
A. Configure the Network Settings in Onboard to trust the Policy Manager EAP certificate.
B. Have all of the BYOO clients disconnect and reconnect to the network.
C. Configure the Onboard Root CA to trust the Policy Manager EAP certificate root.
D. Make sure that the EAP certificates on both nodes are issued by one common root Certificate Authority (CA).
Answer: A,B,C,D
Question: 165
The customer has a 19.940 loT devices connected to the network and would like to use Allow All Mac Auth to
authenticate the users and enforce the action based on the condition defined with the fingerprint details of the device .
Which Authorization source would you use to decide the access of the devices?
A. Clear Pass Profiler Database
B. Endpoint Database
C. Local User Database
D. Guest Device Database
Answer: D
Question: 166
Refer to the exhibit.



You configured a new Wireless 802.1 X service for a Cisco WLC broadcasting the secure-AOM-5007 SSID. The
client fails to connect to the SSIO.
Using the screenshots as a reference, how would you fix this issue?
A. Change the service condition to Radius:lETF Calling-Station-Id EQUALS Secure-ADM-5007
B. Update the service condition Radws:IETF Called-Stat ion-Id CONTAINS secure-AOM-5007
C. Remove the service condition Radius:IETF Service-Type BEL0NGS_T0 Login-User (1), 2.8
D. Make sure that the Network Devices entry for the Cisco WLC has a vendor setting of "Airespace"
Answer: B
Question: 167
Refer to the exhibit.


What could be causing the error message received on the OnGuard client?
A. The Service Selection Rules for the service are not configured correctly
B. The Health-Check service does not have Posture Compliance option enabled
C. The client's OnGuard Agent has not been configured with the correct Policy Manager Zone.
D. There is a firewall policy not allowing the OnGuard Agent to connect to ClearPass
Answer: A
Question: 168
Your customer has recently implemented a seIf-registration portal in ClearPass Guest to be used on a Guest SSID
broadcast from an Aruba controller Your customer has started complaining that the users are not able to reliably access
the Internet after clicking the login button on the receipt page They tell you that the users will click the login button
multiple times and after about a minute they gam access.
What could be causing this issue?
A. The enforcement profile on ClearPass is set up with an IETF:session delay.
B. The self-registration page is configured with a 1 minute login delay.
C. The guest users are assigned a firewall user role that has a rate limit.
D. The guest users are assigned multiple DNS servers delaying DNS response.
Answer: A
Question: 169
A customer has two different geographical sites deployed with two ClearPass servers in each site. Site A has the
Publisher (CPPM1) and a subscriber (CPPM2) and Site B has two subscribers (CPPM3 S CPPM4) All wired and
wireless authentication requests from the respective sites are handled by respective CPPMs deployed in the sites When
both the CPPM servers in Site B are lost, the authentications from Site B is handled by Site A subscriber (CPPM2). To
control the Multi-Master Cache flush and reduce the amount of inter-site traffic, the customer also created a new
Policy Manager Zone (Zone1) The Site B CPPM3 & CPPM4 are part of Zone! and Site A CPPM2 is also mapped to
Zone1 as it will act as the backup RADIUS server for Site B The corporate laptops are installed with Persistent agent
to run the OnGuard check and the OnGuard settings are also mapped to the Zones The Site A corporate user subnets
are mapped to default zone and the Site 6 corporate user subnets are mapped to Zone1. The customer has the following
issue in the setup: The corporate clients from Site A authenticating against the CPPM2 as their Primary RADIUS
server assigns Quarantine enforcement profile even though the user s health status is Healthy.
What is the cause of this issue?
A. Multi-master cache also contains the roles and posture of the associated and unassociated clients and is shared with
all members part of that Policy Manager Zone. CPPM2 belongs to Zone1 and the OnGuard setting for Site A is part of
the default zone and the system health validation information is sent to one of the nodes that are part of its home zone
As Posture cache for Site A hi not available with CPPM
B. it fails to apply the enforcement profile based on correct health status.
C. Multi-master cache also contains the roles and posture of the connected clients and is shared only with the members
part of that Policy Manager Zone. CPPM2 belongs to Zone1 and the OnGuard setting for Site A is part of the default
zone and the OnGuard system
health validation information is sent to one of the nodes that are part of its home zone only. As Posture cache for Site
A is not available with CPPM2. it fails to apply the enforcement profile based on correct health status.
D. Multi-master cache also contains the roles and posture of the connected clients and is shared across all members
part of the cluster. The OnGuard setting for Site A is part of only the default zone and the system health validation
information is sent to one of the nodes that are part of its home zone only As the OnGuard setting of the Site A
corporate user subset is not mapped with default as well as Zone1. CPPM2 fails to apply the enforcement profile based
on correct health status.
E. Multi-master cache also contains the roles and posture of the connected clients and is shared across all members
part of the cluster. The OnGuard setting for Site A is part of only the default zone and the OnGuard system health
validation information is sent to one of the nodes that is part of its home zone only. As the CPPM2 is also not mapped
to the default zone as well as Zone1, CPPM2 fails to apply the enforcement profile based on correct health status.
Answer: C
Question: 170
Refer to the exhibit.


A customer has configured Onboard in a cluster. After the Primary server's failure, the BYOD devices fail to connect
to the network .
Which step below is the best starting point when troubleshooting'
A. Verify the CPPM hostname in OSCP URL under TLS authentication method is updated
to localhost instead of primary server's hostname.
B. Reboot the active ClearPass server and reconnect the client to the SSID by selecting the correct certificate when
prompted.
C. Check if a DNS entry is available for the ClearPass hostname in the certificate, resolvable from the DNS server
assigned to the client.
D. Check EAP certificate on the secondary node is issued by the same common root Certificate Authority (CA).
Answer: A
Question: 171
A Customer has these requirements:
βΆ 2.000 loT endpoints that use MAC authentication
βΆ 6.000 endpoints using a mix of username/password and certificate (Corporate/BYOD) based authentication
βΆ 1.000 guest endpoints at peak usage that use guest self-registration
βΆ 1500 BYOD devices estimated as 3 devices per User (500 users)
βΆ 2.500 endpoints that have OnGuard installed and connect on a daily basis
What licenses should be installed to meet customer requirements?
A. 11.500 Access. 1.500 Onboard. 2.500 OnGuard
B. 13.000 Access. 1.500 Onboard. 2.500 OnGuard
C. 9.000 Access. 500 Onboard. 2.500 OnGuard
D. 11.500 Access. 500 Onboard. 2.500 OnGuard
Answer: A
Question: 172
Where is the following information stored in Clear Pass?
- Roles and Posture for Connected Clients
- System Health for OnGuard
- Machine authentication State
- CoA session info
- Mapping of connected clients to NAS/NAD
A. ClearPass system cache
B. Multi-Master cache
C. Insight database
D. Endpoint database
Answer: C
Question: 173
When building an SNMP-based enforcement profile what option can you assign to the user as actions? (Select three).
A. Enforce a VLAN ID for the client
B. Set a session timeout for the client
C. Enforce Firewall policies
D. Send captive portal web re-direct URL
E. ClearPass Downloadable Role
F. Reset the connection after the settings has been pushed
Answer: A,B,D
Question: 174
The customer has configured the guest self-registration with sponsor approval. The guest users that the sponsor email
and the other requested details while registering the account but the users were able to complete the authentication and
access the internet without the sponsor's approval.
What configuration settings will you check to make this setup work?
A. Check if sponsor name field is enabled in the register form page
B. Check if sponsor email field is enabled in the register form page
C. Check if authentication option n is enabled in the self-registration page enabled.
D. Check if sponsor confirmation is enabled in the self-registration page
Answer: B
Question: 175
You have configured a factory default Aruba controller with Clear Pass for guest access and the NAS vendor settings -
Address field in the guest weblogin page is configured with
Aruba controller's default self-signed certificate common name "securelogin.arubanetworks.com" that the client will
use to submit the authentication request.
What happens when the client sends a DNS request to securelogin aruba networks com?
A. The controller will intercept the ONS request sent to its HTTPS certificate common name and return its own IP
address.
B. Address field in the web login vendor settings should be set to IP address of the controller instead of certificate CN
name.
C. Client does not send the DNS request, the ClearPass resolves the hostname in the NAS vendor settings Address
field.
D. The controller will pass the request to the DNS server and server returns the IP of the controller from the DNS
records.
Answer: B

User: Tatia***** Killexams.com provides a straightforward and solid question bank that guarantees success in any exam. I am delighted to have passed my HPE6-A81 exam on the first attempt, thanks to their services. Although other question banks are available in the marketplace, I believe that Killexams.com is the best among them. I am confident in their services and will use them for my future tests as well.

User: Harry***** After trying various books, I was unsatisfied with the study material for the HPE6-A81 exam. But Killexams.com Questions and Answers met all my expectations. The material was easy to understand, and I scored 89% in the real exam, which was beyond my expectations. Thanks to their excellent guide.

User: Yuriy***** I am grateful to killexams.com for their helpful study materials, which aided me in attaining a score of 79% on the HPE6-A81 exam. Their resources were instrumental in my success, and I owe them a big thank you.

User: Timofey***** Being in the IT field, I realized the importance of the HPE6-A81 exam for my career growth. However, due to time constraints, it was overwhelming for me to prepare well. Thats when I turned to killexams.com practice tests, and within two weeks of using it, I was able to complete all the questions within the given time limit. The easy-to-understand answers made it easier for me to get prepared, and I was amazed by the results.

User: Alfred***** I want to express my gratitude to Killexams.com for their mock test on hpe6-a81. The test was instrumental in helping me pass the exam without any difficulty. I have also used their mock tests for other exams, and I find them very helpful. Their question bank is useful, and the explanations are excellent, earning them four-star marks from me.

---