• Home
  • Articles
  • HPE6-A68 Dumps with Practice Exam Questions Answers [Q55-Q75]

HPE6-A68 Dumps with Practice Exam Questions Answers [Q55-Q75]

Share

HPE6-A68 Dumps with Practice Exam Questions Answers

HPE6-A68 by HPE Aruba Certified Actual Free Exam Practice Test


HP HPE6-A68 Exam Syllabus Topics:

TopicDetails
Topic 1
  • Clustering and Redundancy
  • Intro to ClearPass
Topic 2
  • Endpoint Analysis
  • Operations and Admin Users
Topic 3
  • External Authentication
  • ClearPass for AAA

 

NEW QUESTION 55
Refer to the exhibit.

What does the Cache Timeout Value refer to?

  • A. The amount of time the Policy Manager caches the user\s client certificate.
  • B. The amount of time the Policy Manager waits for a response from the Active Directory before checking the backup authentication source.
  • C. The amount of time the Policy Manager caches the user credentials stored in the Active Directory.
  • D. The amount of time the Policy Manager caches the user attributes fetched from Active Directory.
  • E. The amount of time the Policy Manager waits for response from the Active Directory before sending a timeout message to the Network Access Device.

Answer: D

 

NEW QUESTION 56
Which components can use Active Directory authorization attributes for the decision-making process? (Select two.)

  • A. Certificate validation policy
  • B. Role Mapping policy
  • C. Posture policy
  • D. Profiling policy
  • E. Enforcement policy

Answer: B,E

Explanation:
Explanation
C: Role Mappings Page - Rules Editor Page Parameters

D: Enforcement Policy Attributes tab Parameters

References:
http://www.arubanetworks.com/techdocs/ClearPass/Aruba_CPPMOnlineHelp/Content/CPPM_UserGuide/identi
http://www.arubanetworks.com/techdocs/ClearPass/Aruba_CPPMOnlineHelp/Content/CPPM_UserGuide/Policy

 

NEW QUESTION 57
Which checks are made with Onguard posture evaluation on ClearPass? (Select three.)

  • A. EAP TLS certificate validity
  • B. Peer-to-peer application checks
  • C. Operating System version
  • D. Client role check
  • E. Registry keys

Answer: B,C,E

 

NEW QUESTION 58
Refer to the exhibit.

Under which circumstances will ClearPass select the Policy Service named 'Test device group'?

  • A. when the Aruba access point that the client is associated to is part of the device group HQ
  • B. when the IP address of the NAD is part of the device group HQ
  • C. when an end user IP address is part of the device group HQ
  • D. when the NAD belongs to an Airware device group HQ
  • E. when the ClearPass IP address is part of the device group HQ

Answer: B

 

NEW QUESTION 59
Refer to the exhibit.

Based on the Endpoint information shown, which collectors were used to profile the device as Apple iPad? (Select two.)

  • A. SmartDevice
  • B. HTTP User-Agent
  • C. SNMP
  • D. DHCP fingerprinting
  • E. Onguard Agent

Answer: B,D

Explanation:
HTTP User-Agent
In some cases, DHCP fingerprints alone cannot fully classify a device. A common example is the Apple family of smart devices; DHCP fingerprints cannot distinguish between an Apple iPad and an iPhone. In these scenarios, User-Agent strings sent by browsers in the HTTP protocol are useful to further refine classification results.
User-Agent strings are collected from:
* ClearPass Guest
* ClearPass Onboard
* Aruba controller through IF-MAP interface
Note: Collectors are network elements that provide data to profile endpoints.
The following collectors send endpoint attributes to Profile:
* DHCP
DHCP snooping
Span ports
* ClearPass Onboard
* HTTP User-Agent
*MAC OUI - Acquired via various auth mechanisms such as 802.1X, MAC auth, etc.
* ActiveSync plugin
* CPPM OnGuard
*SNMP
* Subnet Scanner
* IF-MAP
* Cisco Device Sensor (Radius Accounting)
* MDM
References: Tech Note: ClearPass Profiling (2014), page 11
https://community.arubanetworks.com/aruba/attachments/aruba/ForoenEspanol/653/1/ClearPass%20Profiling%20TechNote.pdf

 

NEW QUESTION 60
What are Operator Profiles used for?

  • A. To enforce role based access control for ClearPass Policy Manager users.
  • B. To map AD attributes to admin privilege levels in ClearPass Guest.
  • C. To assign ClearPass roles to guest users.
  • D. To enforce role based access control for Aruba Controllers.
  • E. To enforce role based access control for ClearPass Guest Admin users.

Answer: E

 

NEW QUESTION 61
Refer to the exhibit.

An AD user's department attribute value is configured as "Product Management". The user connects on Monday to a NAD that belongs to the Device Group HQ.
Which role is assigned to the user in ClearPass?

  • A. Linux User
  • B. HR Local
  • C. [Employee]
  • D. [Guest]
  • E. Executive

Answer: E

Explanation:
Explanation
The conditions of the Executive Role is met.

 

NEW QUESTION 62
Refer to the exhibit.

In the Aruba RADIUS dictionary shown, what is the purpose of the RADIUS attributes?

  • A. to send CoA packets from ClearPass to the Aruba NAD
  • B. to send information via RADIUS packets to Aruba NADs
  • C. to gather information about Aruba NADs for ClearPass
  • D. to gather and send Aruba NAD information to ClearPass
  • E. to send information via RADIUS packets to clients

Answer: E

 

NEW QUESTION 63
A client's authentication is failing and there are no entries in the ClearPass Access tracker.
What is a possible reason for the authentication failure?

  • A. The client used a wrong password.
  • B. The shared secret between the NAD and ClearPass does not match.
  • C. The user account has expired.
  • D. The user is not found in the database.
  • E. The user's certificate is invalid.

Answer: B

 

NEW QUESTION 64
When a third party Mobile Device Management server is integrated with ClearPass, where is the endpoint information from the MDM server stored in ClearPass?

  • A. Onboard Device repository
  • B. MDM repository
  • C. Local User repository
  • D. Guest User repository
  • E. Endpoints repository

Answer: E

Explanation:
Explanation
A service running in CPPM periodically polls MDM servers using their exposed APIs. Device attributes obtained from MDM are added as endpoint tags. Profiler related attributes are send to profiler which uses these attributes to derive final profile.
References: ClearPass Profiling TechNote (2014), page 23
https://community.arubanetworks.com/aruba/attachments/aruba/ForoenEspanol/653/1/ClearPass%20Profiling%2

 

NEW QUESTION 65
Refer to the exhibit.

Based on the guest Self-Registration with Sponsor Approval workflow shown, at which stage does the sponsor approve the user's request?

  • A. After the RADIUS Access-Request
  • B. After the RADIUS Access-Response
  • C. Before the user can submit the registration form
  • D. After the NAS login, but before the RADIUS Access-Request
  • E. After the receipt page is displayed, before the NAS login

Answer: E

 

NEW QUESTION 66
Refer to the exhibit.

In the Aruba RADIUS dictionary shown, what is the purpose of the RADIUS attributes?

  • A. to send CoA packets from ClearPass to the Aruba NAD
  • B. to send information via RADIUS packets to Aruba NADs
  • C. to gather information about Aruba NADs for ClearPass
  • D. to gather and send Aruba NAD information to ClearPass
  • E. to send information via RADIUS packets to clients

Answer: B

 

NEW QUESTION 67
Refer to the exhibit.

Based on the Enforcement Profile configuration shown, which statement accurately describes what is sent?

  • A. A limited access VLAN value is sent to the Network Access Device.
  • B. A RADIUS access-accept message is sent to the Controller
  • C. A RADIUS CoA message is sent to bounce the client.
  • D. A message is sent to the Onguard Agent on the client device.
  • E. An unhealthy role value is sent to the Network Access Device.

Answer: D

Explanation:
The OnGuard Agent enforcement policy retrieves the posture token. If the token is HEALTHY it returns a healthy message to the agent and bounces the session. If the token is UNHEALTHY it returns an unhealthy message to the agent and bounces the session.
References: CLEARPASS ONGUARD CONFIGURATION GUIDE (July 2015), page 27

 

NEW QUESTION 68
Refer to the exhibit.

Based on the information shown on a client's laptop, what will happen next?

  • A. The user will be presented with a self-registration receipt.
  • B. The client will send a NAS authentication request to ClearPass.
  • C. the NAD will send an authentication request to ClearPass.
  • D. The web login page will be displayed.
  • E. ClearPass will send a NAS authentication request to the NAD.

Answer: C

 

NEW QUESTION 69
Refer to the exhibit.

Based on the Enforcement Policy configuration shown, which Enforcement Profile will an employee receive when connecting an IOS device to the network or the first time using EAP-PEAP?

  • A. Deny Access Profile
  • B. Cannot be determined
  • C. Onboard Device Repository
  • D. Onboard Post-Provisioning - Aruba
  • E. Onboard Pre-Provisioning - Aruba

Answer: E

 

NEW QUESTION 70
Refer to the exhibit.

Based on the Guest Role Mapping Policy shown, what is the purpose of the Role Mapping Policy?

  • A. to display a role name on the Self-registration receipt page
  • B. to assign three roles of [Contractor], [Guest] and [Employee] to every guest user
  • C. to create additional account roles for guest administrators to assign to guest accounts
  • D. to send a firewall role back to the controller based on the Guest User's Role ID
  • E. to assign Controller roles to guests

Answer: E

 

NEW QUESTION 71
If the "Alerts" tab in an access tracker entry shows the following error message: "Access denied by policy", what could be a possible cause for authentication failure?

  • A. Failure to select an appropriate authentication method for the authentication request.
  • B. Failure to find an appropriate service to process the authentication request.
  • C. An error in the role mapping policy.
  • D. Configuration of the Enforcement Policy.
  • E. Implementation of a firewall policy on ClearPass.

Answer: D

 

NEW QUESTION 72
Which device type supports Exchange ActiveSync configuration with Onboard?

  • A. Linux laptop
  • B. Apple iOS device
  • C. Android device
  • D. Windows laptop
  • E. Mac OS X device

Answer: B

Explanation:
Exchange ActiveSync configurations you define can be used in configuration profiles to automatically configure an email account on an iOS device.
References: http://www.arubanetworks.com/techdocs/ClearPass/6.6/Guest/Content/Onboard/CreateEditActiveSync.htm

 

NEW QUESTION 73
Refer to the exhibit.

Based on the configuration of the create_user form shown, which statement accurately describes the status?

  • A. The visitor_phone field will be visible to operators creating the account.
  • B. The visitor_phone field will be visible to the guest users in the web login page.
  • C. The email field will be visible to guest users when they access the web login page.
  • D. The visitor_company field will be visible to operators creating the account.
  • E. The visitor_company field will be visible to the guest users when they access the web login page.

Answer: C

Explanation:
References: https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/expire-timezone-field-is-not-showing-up-on-the-create-user-form/ta-p/250230

 

NEW QUESTION 74
What is RADIUS CoA (RFC 3576) used for?

  • A. To force the client to re-authenticate upon roaming to a new Controller.
  • B. To transmit messages to the NAD/NAS to modify a user's session status.
  • C. To apply firewall policies based on authentication credentials.
  • D. To authenticate users or devices before granting them access to a network.
  • E. To validate a host address against a whitelist or a blacklist.

Answer: B

 

NEW QUESTION 75
......

Free HPE Aruba Certified HPE6-A68 Exam Question: https://www.itcertmagic.com/HP/real-HPE6-A68-exam-prep-dumps.html

Related Articles

more
HP HPE6-A68 Certification Practice Exam