• Home
  • Articles
  • [Feb 17, 2022] Free Aruba Certified ClearPass Expert (ACCX) HPE6-A77 Official Cert Guide PDF Download [Q32-Q51]

[Feb 17, 2022] Free Aruba Certified ClearPass Expert (ACCX) HPE6-A77 Official Cert Guide PDF Download [Q32-Q51]

Share

[Feb 17, 2022] Free Aruba Certified ClearPass Expert (ACCX) HPE6-A77 Official Cert Guide PDF Download

HP HPE6-A77 Official Cert Guide PDF

NEW QUESTION 32
What type of EAP certificate are you able to use on ClearPass? (Select two.)

  • A. Self signed, when all the clients are part of the organization domain.
  • B. Private signed, when the clients are onboarded or are part of the organization domain.
  • C. Private signed, when some clients are onboarded and some are not part of the organization.
  • D. Public signed, when not all of the clients are part of the organization domain.
  • E. Self signed, when all the clients are Onboarded with the same Root CA as the Self signed certificate.

Answer: C,D

 

NEW QUESTION 33
Refer to the exhibit:

The customer complains that the user shown cannot log into the ClearPass Server as an administrator using the
[Policy Manager Admin Network Login Service]. What could be the reason for this?

  • A. The local user authentication might be disabled
  • B. The account created does not fit this purpose.
  • C. The mapping on the role should be changed to [RADIUS Super Admin]
  • D. The user might be used for a TACACS authentication

Answer: B

 

NEW QUESTION 34
What is the Secure SSID {otherwise referred to as Single SSID) OnBoard deployment service workflow?

  • A. OnBoard Provisioning RADIUS service, OnBoard Authorization Application service, OnBoard Pre-Auth Application service, OnBoard Provisioning RADIUS service
  • B. OnBoard Provisioning RADIUS service, OnBoard Pre-Auth RADIUS service, OnBoard Authorization Application service. OnBoard Provisioning RADIUS service
  • C. OnBoard Provisioning RADIUS service, OnBoard Authorization RADIUS service. OnBoard Pre-Auth Application service, OnBoard Provisioning RADIUS service
  • D. OnBoard Provisioning RADIUS service, OnBoard Pre-Auth Application service. OnBoard Authorization Application service, OnBoard Provisioning RADIUS service

Answer: C

 

NEW QUESTION 35
You have configured a Guest SSID with Captive-portal Web Authentication and MAC authentication The MAC caching expiry time set to 12 hours and the Guest Account expiration time is set to 8 hours. What will happen if the guest were to disconnect from the SSID and re-connect 9 hours later?

  • A. The client will tail the MAC authentication and be denied access to the Guest SSID.
  • B. The client will successfully pass the MAC authentication but still be redirected to captive portal page.
  • C. The client will successfully pass the mac authentication until the mac caching time expires.
  • D. The client will fail the MAC authentication and will be redirected to the Captive-portal login page.

Answer: B

 

NEW QUESTION 36
You have integrated ClearPass Onboard with Active Directory Certificate Services (ADCS) web enrollment to sign the final device TLS certificates. The customer wouldalso like to use ADCS for centralized management of TLS certificates including expiration, revocation, and deletion through ADCS.
What steps will you follow to complete the requirement?

  • A. Edit the [EAP-TLS with OSCP Enabled) authentication method and set the correct ADCS server OCSP URL. remove EAP-TLS and map the [EAP-TLS with OSCP Enabled) method to the Onboard Provisioning Service.
  • B. Copy the default [EAP-TLS with OSCP Enabled] authentication method and update the correct ADCS server OCSP URL. remove EAP-TLS and map the custom created method to the OnBoard Authorization Service.
  • C. Remove the EAP-TLS authentication method and add "EAP-TLS with OCSP Enabled' authentication method in the OnBoard Provisioning service. No other configuration changes are required.
  • D. Copy the [EAP-TLS with OSCP Enabled) authentication method and set the correct ADCS server OCSP URL, remove EAP-TLS and map the custom created method to the Onboard Provisioning Service.

Answer: C

 

NEW QUESTION 37
A customer has completed all the required configurations in the Windows server in order for Active Directory Certificate Services (ADCS) to sign Onboard device TLS certificates. The Onboard portal and the Onboard services are also configured. Testing shows that the Client certificates ate still signed by the Onboard Certificate Authority and not ADCS.
How can you help the customer with the situation?

  • A. Enable access to SCEP servers from the Certificate Authority to make ClearPass Onboard to use of the Active Directory Certificate Services (ADCS) web enrollment to sign the device TLS certificates.
  • B. Configure
    the identity certificate signer as Active Directory Certificate Services and enter the ADCS URL
    http://ADCSVVeoEnrollmentServemostname/certsrv in the OnBoard Provisioning settings.
  • C. Enable access to EST servers from the Certificate Authority to make ClearPass Onboard to use of the Active Directory Certificate Services (ADCS) web enrollment to sign the device TLS certificates.
  • D. Educate the customer that, when integrating with Active Directory Certificate Services (ADCS) the Onboard CA will the same authority used for signing me final TLS certificate of the device.

Answer: C

 

NEW QUESTION 38
When is it recommendedto use a certificate with multiple entries on the Subject Alternative Name?

  • A. The ClearPass servers are placed in different OnGuard zones to allow the client agent to send SHV updates.
  • B. Using the same certificate to Onboard clients and the Guest Captive Portal on a single ClearPass server.
  • C. The primary authentication server Is not available to authenticate the users.
  • D. The ClearPass server will be hosting captive portal pages for multiple FQDN entries

Answer: A

 

NEW QUESTION 39
Refer to the exhibit:

A customer has just configured a Posture Policy and the T2-Healthcheck Service. Next they installed the OnGuard Agent on Secure_Employee SSID. When they check Access Tracker they see many WEBAUTH requests are being triggered.
What could be the reason?

  • A. OnGuard Web-Based Health Check interval has been wrongly configured to three minutes.
  • B. The OnGuard Agent trigger the events based on changing the Health Status
  • C. TCP port 6658 is not allowed between the client and the ClearPass server
  • D. The OnGuard Agent is connecting to the Data Port interface on ClearPass

Answer: A

 

NEW QUESTION 40
A customer has a ClearPass cluster deployment with one Publisher and one Subscriber configured as a Standby Publisher at the Headquarters DataCenter They also have a large remote site that is connected with an Aruba SD Branch solution over a two Mbps Internet connection. The Remote Site has two ClearPass servers acting as Subscribers. The solution implemented for the customer includes OnGuard, Guest Self Registration, and Employee 802. ix authentication. The client is complaining that users connecting to an IAP Clusters Guest SSID located at the Remote Site are experiencing a significant delay in accessing the Guest Captive Portal page.
What could be a possible cause of this behavior?

  • A. The guest page is not optimized to work with the client browser and a proper theme should be applied
  • B. The captive portal page was only created on the Publisher and requests are getting redirected to a Subscriber
  • C. The ClearPass Cluster has no zones defined and the guest captive portal request is being redirected to the Publisher
  • D. The configuration of the captive portal is pointing to a link located on one of the servers in the Headquarters

Answer: D

 

NEW QUESTION 41
Refer to the exhibit:




After the helpdesk revoked the certificate of a device reported to be lost oy an employee, the lost device was seen as connected successfully to the secure network. Further testing has shown that device revocation is not working.
What steps should you follow to make device revocations work?

  • A. copy the default [EAP-TLS with OSCP Enabled] authentication method and set the verify certificate using OSCP: option as "required" then configure the correct OSCF URL link for the OnBoard CA.
    Remove EAP-TLS and map the new [EAP-TLS with OSCP Enabled] method to the 802 1X Radius Service.
  • B. Edit the default [EAP-TLS with OSCP Enabled] authentication method and set the Verify certificate using OSCP option as required then update the correct OSCP URL link of the OnBoard CA Remove EAP-TLS and map the new [EAP-TLS with OSCP Enabled] method to the OnBoard Provisioning Service.
  • C. Copy the default [EAP-TLS with OSCP Enabled] authentication method and set The Verify certificate using OSCP option as required then update the correct OSCP URL link of the OnBoard CA. Remove EAP-TLS and map the custom created method to the OnBoard Authorization Service.
  • D. Remove the EAP-TLS authentication method configuration changes are required and add "EAP-TLS with OCSP Enabled" authentication method in the OnBoard Provisioning service.
    No other configuration changes are required.

Answer: D

 

NEW QUESTION 42
Refer to the exhibit:




You have been asked to help a Customer troubleshoot an issue. They have configured an Aruba OS switch (Aruba 2930 with 16.09) to do MAC authentication with profiling using ClearPass as the authentication source. They cannot get it working.
Using the screenshots as a reference, how will you fix the issue?

  • A. Modifythe enforcement profile conditions with Aruba Vendor specific attributes and Aruba-user-roles
  • B. User-roles are case sensitive, update the correct role with correct case in the enforcement profile
  • C. Change the Vendor settings for the Aruba OS switch to "Aruba" so that the enforcement will use the correct VSAs
  • D. Use a CoA to bounce the switch port to force the port to change tothe correct Aruba user role
  • E. Delete the initial role in the Aruba OS switch to force the device to get the server derived user roles

Answer: A

 

NEW QUESTION 43
Refer to the exhibit:





You have configured Onboard andcannot get it working The customer has sentyouthe above screenshots How would you resolve the issue?

  • A. Copy the [EAP-TLS with OSCP Enabled] authentication method and set the correct OCSP URL
  • B. Install a public signed server authentication certificate on the ClearPass server for EAP
  • C. Re-provision the client by running the QuickConnect application as Administrator
  • D. Reconnect the client and select the correct certificate when prompted

Answer: C

 

NEW QUESTION 44
Refer to the exhibit:

What is true about the Insight Master Server? {Select two)

  • A. There is no need to configure an insight Master Server when using default reports and alerts.
  • B. It Is recommended to have an insight server for every zone to limit the traffic between sites.
  • C. The Publisher is selected by default as Insight Master Server but It can be changed.
  • D. An insight Master Server should be selectedin order to configure reports and alerts.
  • E. When enabling a server to be the insight Master any existing insight Master is overwritten.

Answer: C,D

 

NEW QUESTION 45
Under Onboard management and control, which option will deny the user from re-provisioning the device a second time?

  • A. Revoke & Delete certificate
  • B. Revoke certificate
  • C. Delete user
  • D. Delete certificate

Answer: D

 

NEW QUESTION 46
A customer has deployed an OnGuard Solution to all the corporate devices using a group policy rule to push the OnGuard Agents. The network administrator is complaining that some of the agents are communicating to the ClearPass server that is located in a DMZ, outside the firewall The network administrator wants all of the agents System Health Validation traffic to stay inside the Management subnets.
What can the ClearPass administrator do to move the traffic only to the ClearPass Management Ports?

  • A. Filter TCP port 6658 on the firewall, forcing the OnGuard agent to use the ClearPass Management port.
  • B. Select the correct OnGuard Agent installer, and use the one configured for Management Port for the clients.
  • C. Edit the agent.conf file being deployed to the clients to use the ClearPass Management Port for SHV updates.
  • D. Configure a Policy Manager Zone mapping so the OnGuard agent will use the Management Port IP.

Answer: D

 

NEW QUESTION 47
Where is the following information stored in ClearPass?
- Roles and Posture for Connected Clients - System Health for OnGuard - Machine authentication State - CoA session info - Mapping of connected clients to NAS/NAD

  • A. ClearPass system cache
  • B. Multi-Master cache
  • C. Endpoint database
  • D. insight database

Answer: A

 

NEW QUESTION 48
You are deploying ClearPass Policy Manager with Guest functionality for a customer withmultiple Aruba Networks Mobility Controllers The customer wants to avoid SSL errors during guest access but due to company security policy cannot use a wildcard certificate on ClearPass or the Controllers.
What is the most efficient way to configure the customers guest solution? (Select two.)

  • A. Install multiple public certificates with a different Common Name on each controller
  • B. Build one Web Login page with vendor settings for controller {company domain)
  • C. Build multiple Web Login pages with vendor settings configured for each controller
  • D. Install the same public certificate on all Controllers with the common name "controller {company domain}"

Answer: C,D

 

NEW QUESTION 49
Refer to the exhibit:


You configuring an 802 1x service endpoint profiling. When the client connects to the network, ClearPass successfully profiles the client and sends Radius Change of Authorization (RCoA) but Radius Change of Authorization {RCoA) fails for the client You manually clicked on the Change Status button in the access tracker to force an RCoA but that failed too.
What must you check to ensure that the RCoA will work? (Select two.)

  • A. The RFC 3576 shared secret on ClearPass should match the Authentication Server shared secret
  • B. RFC 3576 option is enabled for Aruba Controller under Network devicein ClearPass.
  • C. RFC 3576 server should be mapped in the server group on the Aruba Controller
  • D. RFC 3576 server IPs and the Authentication server IPs should be same in the AAA profile

Answer: A,B

 

NEW QUESTION 50
Refer to the exhibit:

When creating a new report, there is an option to send report Notifications by Email. Where is the email server configured?

  • A. In the insight report on the next screen of the report definition.
  • B. In the ClearPass Policy Manager Endpoint Context servers under Administration.
  • C. In the Insight Reports Interface under Administration on the sidebar menu.
  • D. In the ClearPass Policy Manager Messaging setup under Administration.

Answer: C

 

NEW QUESTION 51
......


HP HPE6-A77 Exam Syllabus Topics:

TopicDetails
Topic 1
  • Integration of Endpoint Profiling into Enforcement
  • Cluster Layout positioning of Publisher and Subscribers, Use of Policy Manager Zones
Topic 2
  • Configuration and enforcement of webauth service for posture
  • Authentication Sources Including Active Directory
Topic 3
  • Integration of Posture results in secure service Enforcement
  • Authentication Methods and OCSP to insure proper Certificate revocation
Topic 4
  • TACACS authentication from Network Access Devices
  • Integration of Authorization Sources and External Context Servers into Enforcement

 

Free HPE6-A77 Exam Dumps to Improve Exam Score: https://exam-labs.itpassleader.com/HP/HPE6-A77-dumps-pass-exam.html

Related Articles

more
HP HPE6-A77 Certification Practice Exam
0
0
0
0