HP HPE6-A68 Dumps Updated | Get Prepared HPE6-A68 Exam Material

On By passitdump

Candidates who wish to pass the Aruba Certified ClearPass Professional (ACCP) V6.7 exam can prepare hpe6-A68 exam materials by selecting our updated HPE6-A68 dumps here.

Use PassITDump‘s latest HPE6-A68 dumps question to prepare for the Aruba Certified ClearPass Professional (ACCP) V6.7 exam. Updated dump questions and answers have been validated and they already know all the HPE6-A68 exam objectives.

HPE6-A68Check the following HPE6-A68 free dumps or download HPE6-A68 dumps here.

Question 1:

Refer to the exhibit.

An AD user\’s department attribute value is configured as “QA”. The user authenticates from a laptop running MAC OS X. Which role is assigned to the user in ClearPass?

A. HR Local

B. Remote Employee

C. [Guest]

D. Executive

E. IOS Device

Correct Answer: C

None of the Listed Role Name conditions are met.

Question 2:

Which components can use Active Directory authorization attributes for the decision-making process? (Select two.)

A. Profiling policy

B. Certificate validation policy

C. Role Mapping policy

D. Enforcement policy

E. Posture policy

Correct Answer: CD

C: Role Mappings Page – Rules Editor Page Parameters

D: Enforcement Policy Attributes tab Parameters

References:

http://www.arubanetworks.com/techdocs/ClearPass/Aruba_CPPMOnlineHelp/Content/CPPM_UserGuide/identity/RoleMappingPolicies.html http://www.arubanetworks.com/techdocs/ClearPass/Aruba_CPPMOnlineHelp/Content/

CPPM_UserGuide/PolicySim/PS_Enforcement_Policy.htm

Question 3:

Refer to the exhibit.

Based on the Authentication sources configuration shown, which statement accurately describes the outcome if the user is not found?

A. If the user is not found in the remotelab AD but is present in the local user repository, a reject message is sent back to the NAD.

B. If the user is not found in the local user repository but is present in the remotelab AD, a reject message is sent back to the NAD.

C. If the user is not found in the local user repository a reject message is sent back to the NAD.

D. If the user is not found in the local user repository and remotelab AD, a reject message is sent back to the NAD.

E. If the user is not found in the local user repository a timeout message is sent back to the NAD.

Correct Answer: D

Policy Manager looks for the device or user by executing the first filter associated with the authentication source.

After the device or user is found, Policy Manager then authenticates this entity against this authentication source. The flow is outlined below:

1.

On successful authentication, Policy Manager moves on to the next stage of policy evaluation, which collects role mapping attributes from the authorization sources.

2.

Where no authentication source is specified (for example, for unmanageable devices), Policy Manager passes the request to the next configured policy component for this service.

3.

If Policy Manager does not find the connecting entity in any of the configured authentication sources, it rejects the request.

References: ClearPass Policy Manager 6.5 User Guide (October 2015), page 134 https://community.arubanetworks.com/aruba/attachments/aruba/SoftwareUserReferenceGuides/52/1/ClearPass Policy Manager 6.5 User Guide.pdf

Question 4:

Which authorization servers are supported by ClearPass? (Select two.)

A. Aruba Controller

B. LDAP server

C. Cisco Controller

D. Active Directory

E. Aruba Mobility Access Switch

Correct Answer: BD

Authentication Sources can be one or more instances of the following examples:

1.

Active Directory

2.

LDAP Directory

3.

SQL DB

4.

Token Server

5.

Policy Manager local DB

References: ClearPass Policy Manager 6.5 User Guide (October 2015), page 114 https://community.arubanetworks.com/aruba/attachments/aruba/SoftwareUserReferenceGuides/52/1/ClearPass Policy Manager 6.5 User Guide.pdf

Question 5:

Which steps are required to use ClearPass as a TACACS Authentication server for a network device? (Select two.)

A. Configure a TACACS Enforcement Profile on ClearPass for the desired privilege level.

B. Configure a RADIUS Enforcement Profile on ClearPass for the desired privilege level.

C. Configure ClearPass as an Authentication server on the network device.

D. Configure ClearPass roles on the network device.

E. Enable RADIUS accounting on the NAD.

Correct Answer: AC

You need to make sure you modify your policy (Configuration >> Enforcement >> Policies >> Edit – [Admin Network Login Policy]) and add your AD group settings in to the corresponding privilege level.

Question 6:

What are Operator Profiles used for?

A. to enforce role based access control for Aruba Controllers

B. to enforce role based access control for ClearPass Policy Manager admin users

C. to enforce role based access control for ClearPass Guest Admin users

D. to assign ClearPass roles to guest users

E. to map AD attributes to admin privilege levels in ClearPass Guest

Correct Answer: C

An operator profile determines what actions an operator is permitted to take when using ClearPass Guest.

References:

http://www.arubanetworks.com/techdocs/ClearPass/CPGuest_UG_HTML_6.5/Content/OperatorLog ins/OperatorProfiles.htm

Question 7:

Refer to the exhibit.

In the Aruba RADIUS dictionary shown, what is the purpose of the RADIUS attributes? In the Aruba RADIUS dictionary shown, what is the purpose of the RADIUS attributes?

A. to send information via RADIUS packets to Aruba NADs

B. to gather and send Aruba NAD information to ClearPass

C. to send information via RADIUS packets to clients

D. to gather information about Aruba NADs for ClearPass

E. to send CoA packets from ClearPass to the Aruba NAD

Correct Answer: C

Question 8:

A customer wants all guests who access a company\’s guest network to have their accounts approved by the receptionist, before they are given access to the network. How should the network administrator set this up in ClearPass? (Select two.)

A. Enable sponsor approval confirmation in Receipt actions.

B. Configure SMTP messaging in the Policy Manager.

C. Configure a MAC caching service in the Policy Manager.

D. Configure a MAC auth service in the Policy Manager.

E. Enable sponsor approval in the captive portal authentication profile on the NAD.

Correct Answer: AD

A:

Sponsored self-registration is a means to allow guests to self-register, but not give them full access until a sponsor (could even be a central help desk) has approved the request. When the registration form is completed by the guest/user,

an on screen message is displayed for the guest stating the account requires approval.

Guests are disabled upon registration and need to wait on the receipt page for the confirmation until the login button gets enabled.

D.

Device Mac Authentication is designed for authenticating guest devices based on their MAC address.

References: ClearPass Policy Manager 6.5 User Guide (October 2015), page 94

https://community.arubanetworks.com/aruba/attachments/aruba/SoftwareUserReferenceGuides/52/1/ClearPass Policy Manager 6.5 User Guide.pdf

Question 9:

Refer to the exhibit.

When configuring a Web Login Page in ClearPass Guest, the information shown is displayed. What is the Address field value `securelogin.arubanetworks.com\’ used for?

A. for ClearPass to send a TACACS request to the NAD

B. for appending to the Web Login URL, before the page name

C. for the client to POST the user credentials to the NAD

D. for ClearPass to send a RADIUS request to the NAD

E. for appending to the Web Login URL, after the page name.

Correct Answer: C

Question 10:

Refer to the exhibit.

Based on the guest Self-Registration with Sponsor Approval workflow shown, at which stage is an email request sent to the sponsor?

A. after `Guest Role (7)\’

B. after `Login Message page (5)\’

C. after `Submit form (3)\’

D. after `Automated NAS login (6)\’

E. after `Redirects (1)\’

Correct Answer: C

There\’s the Self Service part of provisioning one\’s information. Then the sponsor/operator part to confirm that guest is valid. Then the enablement via the sponsor/operator clicking \’confirm\’.

References: https://community.arubanetworks.com/t5/Security/Guest-Captive-Portal-sponsor-approval-architecture/td-p/267625

Question 11:

Refer to the exhibit.

A user logged in to the Self-Service Portal as shown. What do the traffic received and sent statistics present?

A. These show the total amount of traffic the guest transmitted, as seen through RADIUS CoA packets from the NAD to ClearPass.

B. These show the total amount of traffic the NAD transmitted to ClearPass, as seen through RADIUS accounting messages from the NAD to ClearPass.

C. These show the total amount of traffic the guest transmitted after account expiration, as seen through RADIUS accounting messages sent from the NAD to ClearPass.

D. These show the total amount of traffic the guest transmitted, as seen through RADIUS CoA packets from the client to ClearPass.

E. These show the total amount of traffic the guest transmitted, as seen through RADIUS accounting messages sent from the NAD to ClearPass.

Correct Answer: E

Question 12:

Refer to the exhibit.

Based on the information shown, which field in the Captive Portal Authentication profile should be changed so that guest users are redirected to a page on ClearPass when they connect to the Guest SSID?

A. both Login and Welcome Page

B. Default Role

C. Welcome Page

D. Default Guest Role

E. Login Page

Correct Answer: E

The Login page is the URL of the page that appears for the user logon. This can be set to any URL. The Welcome page is the URL of the page that appears after logon and before redirection to the web URL. This can be set to any URL.

References:

http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Content/ArubaFrameStyles/Cap tive_Portal/Captive_Portal_Authentic.htm

Question 13:

A hotel chain deployed ClearPass Guest. When hotel guests connect to the Guest SSID, launch a web browser and enter the address www.google.com, they are unable to immediately see the web login page. What are the likely causes of this? (Select two.)

A. The ClearPass server has a trusted server certificate issued by Verisign.

B. The ClearPass server has an untrusted server certificate issued by the internal Microsoft Certificate server.

C. The ClearPass server does not recognize the client\’s certificate.

D. The DNS server is not replying with an IP address for www.google.com.

Correct Answer: BD

You would need a publicly signed certificate.

References: http://community.arubanetworks.com/t5/Security/Clearpass-Guest-certificate-error-for-guest-visitors/td-p/221992

Question 14:

Refer to the exhibit.

An Enforcement Profile has been created in the Policy Manager as shown. Which action will ClearPass take based on this Enforcement Profile?

A. ClearPass will count down 600 seconds and send a RADIUS CoA message to the user to end the user\’s session after this time is up.

B. ClearPass will send the Session-Timeout attribute in the RADIUS Access-Accept packet to the NAD and the NAD will end the user\’s session after 600 seconds.

C. ClearPass will count down 600 seconds and send a RADIUS CoA message to the NAD to end the user\’s session after this time is up.

D. ClearPass will send the Session-Timeout attribute in the RADIUS Access-Request packet to the NAD and the NAD will end the user\’s session after 600 seconds.

E. ClearPass will send the Session-Timeout attribute in the RADIUS Access-Accept packet to the User and the user\’s session will be terminated after 600 seconds.

Correct Answer: E

Session Timeout (in seconds) – Configure the agent session timeout interval to re-evaluate the system health again. OnGuard triggers auto-remediation using this value to enable or disable AV-RTP status check on endpoint. Agent re-

authentication is determined based on session-time out value. You can specify the session timeout interval from 60 ?600 seconds. Setting the lower value for session timeout interval results numerous authentication requests in Access

Tracker page. The default value is 0.

References:

http://www.arubanetworks.com/techdocs/ClearPass/Aruba_CPPMOnlineHelp/Content/CPPM_User Guide/Enforce/EPAgent_Enforcement.htm

Question 15:

A customer with an Aruba Controller wants it to work with ClearPass Guest. How should the customer configure ClearPass as an authentication server in the controller so that guests are able to authenticate successfully?

A. Add ClearPass as a RADIUS CoA server.

B. Add ClearPass as a RADIUS authentication server.

C. Add ClearPass as a TACACS authentication server.

D. Add ClearPass as an HTTPS authentication server.

Correct Answer: B

5. Configuring the Aruba Controller

5.1 Add Clearpass as RADIUS Server

Navigate to Configuration > SECURITY > Authentication > Servers Click on RADIUS Server and enter the Name of your Clearpass Server: myClearpass Click Add Click on myClearpass in the Server List Etc.

References: https://community.arubanetworks.com/t5/Security/Step-by-Step-Controller-CPPM-6-5-Captive-Portal-authentication/td-p/229740