Pass Your HPE6-A77 Dumps as PDF Updated on 2022 With 60 Questions
HP HPE6-A77 Real Exam Questions and Answers FREE
HP HPE6-A77 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
| Topic 9 |
|
NEW QUESTION 16
Refer to the exhibit:
You configuring an 802 1x service endpoint profiling. When the client connects to the network, ClearPass successfully profiles the client and sends Radius Change of Authorization (RCoA) but Radius Change of Authorization {RCoA) fails for the client You manually clicked on the Change Status button in the access tracker to force an RCoA but that failed too.
What must you check to ensure that the RCoA will work? (Select two.)
- A. RFC 3576 option is enabled for Aruba Controller under Network devicein ClearPass.
- B. The RFC 3576 shared secret on ClearPass should match the Authentication Server shared secret
- C. RFC 3576 server IPs and the Authentication server IPs should be same in the AAA profile
- D. RFC 3576 server should be mapped in the server group on the Aruba Controller
Answer: A,B
NEW QUESTION 17
A customer has deployed an OnGuard Solution to all the corporate devices using a group policy rule to push the OnGuard Agents. The network administrator is complaining that some of the agents are communicating to the ClearPass server that is located in a DMZ, outside the firewall The network administrator wants all of the agents System Health Validation traffic to stay inside the Management subnets.
What can the ClearPass administrator do to move the traffic only to the ClearPass Management Ports?
- A. Filter TCP port 6658 on the firewall, forcing the OnGuard agent to use the ClearPass Management port.
- B. Edit the agent.conf file being deployed to the clients to use the ClearPass Management Port for SHV updates.
- C. Configure a Policy Manager Zone mapping so the OnGuard agent will use the Management Port IP.
- D. Select the correct OnGuard Agent installer, and use the one configured for Management Port for the clients.
Answer: C
NEW QUESTION 18
Refer to the exhibit:
A customer has configured Onboard in a cluster. After the Primary server's failure, the BYOD devices fail to connect to the network. What would you do to troubleshoot?
- A. Check EAP certificate on the secondary node is issued by the same common root Certificate Authority (CA)
- B. Verify
the OSCP URL under TLS authentication method is mapped to http://localhost/guestmdps_ocsp.php/2 - C. Check if a DNS entry is available for the ClearPass hostname in the certificate, resolvable from the DNS server assigned to the client
- D. Reboot the active ClearPass server and reconnect the client to the SSID by selecting the correct certificate when prompted
Answer: D
NEW QUESTION 19
Refer to the exhibit:
Your company has a postgres SQL database with the MAC addresses of the company-owned tablets You have configured a role mapping condition to tag the SQL devices. When one of the tablets connects to the network, it does not get the correct role and receives a deny access profile.
How would you resolve the issue?
- A. Enable authorization tab in the service and add the SQL server as an authorization source.
- B. Add the SQL server as an authentication source and map .t under the authentication tab in the service.
- C. Remove SQL condition from role mapping policy and add it under the enforcement policy conditions.
- D. Edit the SQL authentication source niter attributes and modify the SQL server filter query.
Answer: D
NEW QUESTION 20
How does the RadSec improve the RADIUS message exchange? (Select two.)
- A. Only the NAD needs to trust the ClearPass Certificate.
- B. It uses UDP to exchange the radius packets.
- C. It builds a TTLS tunnel between the NAD and ClearPass.
- D. It encrypts the entire RADIUS message.
- E. It can be used on an unsecured network or the Internet.
Answer: B,D
NEW QUESTION 21
A customer has acquired another company that has its own Active Directory infrastructure The 802 1X authentication works with the customers original Active Directory servers but the customer would like to authenticate users from the acquired company as well. What steps are required, in regards to the Authentication Sources, in order to support this request? (Select two.)
- A. There is no need to Join ClearPass to the new AD domain.
- B. Create a new Authentication Source, type Active Directory.
- C. Add the new AD server(s) as backup into the existing Authentication Source.
- D. Create a new Authentication Source, type Generic LDAP.
- E. Join the ClearPass server(s) to the new AD domain.
Answer: A,E
NEW QUESTION 22
Refer to the exhibit:
A customer has configured a Guest Self registration page for their Cisco Wireless network with the settings shown. What should be changed in order to successfully authenticate guests users?
- A. Login Method should be Controller-initiated - using HTTPs form submit
- B. Change the Vendor Settings to Airespace Networks
- C. Change \he IP Address to the Cisco Controller DNS name
- D. Secure Login should use HTTP
Answer: C
NEW QUESTION 23
Refer to the exhibit:
After the helpdesk revoked the certificate of a device reported to be lost oy an employee, the lost device was seen as connected successfully to the secure network. Further testing has shown that device revocation is not working.
What steps should you follow to make device revocations work?
- A. copy the default [EAP-TLS with OSCP Enabled] authentication method and set the verify certificate using OSCP: option as "required" then configure the correct OSCF URL link for the OnBoard CA.
Remove EAP-TLS and map the new [EAP-TLS with OSCP Enabled] method to the 802 1X Radius Service. - B. Remove the EAP-TLS authentication method configuration changes are required and add "EAP-TLS with OCSP Enabled" authentication method in the OnBoard Provisioning service.
No other configuration changes are required. - C. Edit the default [EAP-TLS with OSCP Enabled] authentication method and set the Verify certificate using OSCP option as required then update the correct OSCP URL link of the OnBoard CA Remove EAP-TLS and map the new [EAP-TLS with OSCP Enabled] method to the OnBoard Provisioning Service.
- D. Copy the default [EAP-TLS with OSCP Enabled] authentication method and set The Verify certificate using OSCP option as required then update the correct OSCP URL link of the OnBoard CA. Remove EAP-TLS and map the custom created method to the OnBoard Authorization Service.
Answer: B
NEW QUESTION 24
Refer to the exhibit:
The customer configured an 802.1x service with different enforcement actions for personal and corporate laptops. The corporate laptops are always being redirected to the BYOD Portal. The customer has sent you the above screenshots.
How would you resolve the issue? (Select two)
- A. Modify the enforcement policy and change the rule evaluation algorithm to select first match
- B. Modify the enforcement policy and re-order the condition with posture not_equals to healthy as the sixth condition
- C. Remove the EAP-PEAP with [user authenticated] condition for Onboard and create another service
- D. Modify the enforcement policy and re-order the EAP-PEAP with [user authenticated] rule to the last condition.
- E. Modify the enforcement policy and re-order the condition with Posture - Unknown as the fifth condition
Answer: D,E
NEW QUESTION 25
A customer is complaining that some ofthe devices, in their manufacturing network, are not getting profiled while other loT devices from the same subnet have been correctly profiled. The network switches have been configured for DHCP IP helpers and IF-MAP has been configured on the Aruba Controllers. What can the customer do to discover those devices as well? (Select two.)
- A. Update the Fingerprints Dictionary to the latest in case new devices have been added.
- B. Manually create a new device fingerprint for the devices that are not being profiled.
- C. Add the ClearPass Server IP as an IP helper address on the default gateway as well.
- D. Allow time for IF-MAP service on the controller to discover the new devices as well.
- E. Open a TAC case to help you troubleshoot the DHCP device profile functionality.
Answer: B,D
NEW QUESTION 26
A customer is looking to implement a Web-Based Health Check solution with the following requirements:
* for the HR user's client devices, check if a USB stick is mounted.
* for the R&D user's client devices, check if the hard disk is fully encrypted.
The Web-Based Health Check service has been configured but the customer it is not sure how to design the Profile Policy How can be accomplished this customer request?
- A. create two Posture Policies and customize the OnGuard Agent (Persistent or Dissolvable) to select the correct SHV checks
- B. create two Posture Policies and use the Restrict by Roles option to filter for HR and R&D user roles and apply the correct SHV checks
- C. create one Posture Policy and define Rules Conditions that will apply different Tokens for each SHV check condition
- D. create one Posture Policy to check the HR users client devices and use the NAP Agent to check R&D users client devices
Answer: A
NEW QUESTION 27
A corporate ClearPass Cluster with two servers located at a single site, has both Management and Data port IP addresses configured. The Management port IPs are in the DataCenter networks subnet, while the Data port IPs are in the DMZ. What is the difference between using one Virtual IP for the AAA traffic versus sending AAA requests to the physical IPs for each server? (Select two.)
- A. The Individual IPs can provide failover and load balancing.
- B. Using the one Virtual IP can provide failover and load balancing.
- C. The failover can be accomplished only by using Virtual IP.
- D. By using the Virtual IP, the failover convergence is faster than using individual server IPs.
- E. One Virtual IP can be used together with the individual server IPs for load balancing.
Answer: A,B
NEW QUESTION 28
You are integrating a Postgres SQL server with the ClearPass Policy Manager What steps will you follow to complete the integration process? (Select three)
- A. Attribute Name under filter configuration must match one of the columns being requested from the database table.
- B. Alias Name under filter configuration must match one of the columns being requested from the database table.
- C. Create a new Endpoint context server andadd the SQL server IP, credentilas and the database name.
- D. Click on the default filter name with pre-defined filter queries and check box to enable as role.
- E. Create a new authentication source and add the SQL server IP, credentials and the database name.
- F. Specify a new filter with filter queries to fetch authentication and authorization attributes.
Answer: C,E,F
NEW QUESTION 29
Refer to the exhibit:
What could be causing the error message received on the OnGuard client?
- A. The client'sOnGuardAgent has not been configured with the correct Policy Manager Zone
- B. The Web-BasedHealth Check service needs to be configured to use the Posture Policy
- C. There is a firewall policy not allowing the OnGuard Agent to connect to ClearPass
- D. The Service Selection Rules for the service are not configured correctly
Answer: A
NEW QUESTION 30
Refer to the exhibit:
You configured the 802 1 x service enforcement conditions with the Endpoint profiling data. When the client connects to the network. ClearPass successfully profiles the client but the client always receives an incorrect enforcement profile The configurations in the Aruba controller are completed correctly.
What is the cause of the issue?
- A. The option, use cached roles and posture from previous sessions should be enabled.
- B. The enforcement policy rules evaluation algorithm Is not configured correctly.
- C. An additional authorization source should be configured for profiling to work.
- D. The enforcement policy conditions configured with profiling data are not correct.
Answer: D
NEW QUESTION 31
Refer to the exhibit:
What is true about the Insight Master Server? {Select two)
- A. It Is recommended to have an insight server for every zone to limit the traffic between sites.
- B. There is no need to configure an insight Master Server when using default reports and alerts.
- C. The Publisher is selected by default as Insight Master Server but It can be changed.
- D. An insight Master Server should be selectedin order to configure reports and alerts.
- E. When enabling a server to be the insight Master any existing insight Master is overwritten.
Answer: C,D
NEW QUESTION 32
A customer has a ClearPass cluster deployment with one Publisher and one Subscriber configured as a Standby Publisher at the Headquarters DataCenter They also have a large remote site that is connected with an Aruba SD Branch solution over a two Mbps Internet connection. The Remote Site has two ClearPass servers acting as Subscribers. The solution implemented for the customer includes OnGuard, Guest Self Registration, and Employee 802. ix authentication. The client is complaining that users connecting to an IAP Clusters Guest SSID located at the Remote Site are experiencing a significant delay in accessing the Guest Captive Portal page.
What could be a possible cause of this behavior?
- A. The configuration of the captive portal is pointing to a link located on one of the servers in the Headquarters
- B. The ClearPass Cluster has no zones defined and the guest captive portal request is being redirected to the Publisher
- C. The captive portal page was only created on the Publisher and requests are getting redirected to a Subscriber
- D. The guest page is not optimized to work with the client browser and a proper theme should be applied
Answer: A
NEW QUESTION 33
Refer to the exhibit:
A year ago, your customer deployed an Aruba ClearPass Policy Manager Server for a Guest SSIC hosted in an IAP Cluster.The customer just created a new Web Login Page forthe Guest SSID. Even though the previous Web Login page worked test with the new Web Login Page are falling and the customer has forwarded you the above screenshots What recommendation would you give the customer to tix the issue?
- A. The customer should reset the password tor the username accx@exam com using Guest Manage Accounts
- B. The Address filed under the WebLogin Vendor settings is not configured correctly, it should be set to instantarubanetworks.com
- C. The service type configured is not correct. The Guest authentication should De an Application authentication type of service.
- D. The WebLogin Pre-Auth Check is set to Aruba Application Authentication which requires a separate application service on the policy manager
Answer: C
NEW QUESTION 34
Refer to the exhibit:
You have configured Onboard but me customer could not onboard one of his devices and has sent you the above screenshots. How could you resolve the issue?
- A. Instruct the user to delete the profile on one of their other BYOD devices.
- B. Increase the maximum number ofdevices that all users can provision to 3.
- C. Increase the maximum number ofdevices allowed by the individual user account.
- D. Instruct the user to run the Quick connect application in Sponsor Mode.
Answer: B
NEW QUESTION 35
A customer has created a Guest Sett-Registration page that they would like to use it as'template'for all the new pages that are going to be created from now on. Their goal is to ensure that the header and footer on every page are the same, and any edits made to them are automatically reflected on every Self-Registration Page.
What should be configured in order to accomplish this request?
- A. Save the "template" page as Master Self-Registration page
- B. Create child pages when creating new Self-Registration pages and select the "template" as Parent
- C. Save this "template" page as a new Skin to be used on other Self-Registration pages
- D. Copy the "template" page and edit it each time a new Self-Registration Page is needed
Answer: C
NEW QUESTION 36
When is it recommendedto use a certificate with multiple entries on the Subject Alternative Name?
- A. The ClearPass server will be hosting captive portal pages for multiple FQDN entries
- B. Using the same certificate to Onboard clients and the Guest Captive Portal on a single ClearPass server.
- C. The ClearPass servers are placed in different OnGuard zones to allow the client agent to send SHV updates.
- D. The primary authentication server Is not available to authenticate the users.
Answer: C
NEW QUESTION 37
Where is the following information stored in ClearPass?
- Roles and Posture for Connected Clients - System Health for OnGuard - Machine authentication State - CoA session info - Mapping of connected clients to NAS/NAD
- A. insight database
- B. Endpoint database
- C. ClearPass system cache
- D. Multi-Master cache
Answer: C
NEW QUESTION 38
Refer to the exhibit:
A customer has configured Onboard and Windows devices workas expected but cannot get the Apple iOS devices to Onboard successfully. Where would you look to troubleshoot the Issued (Select two)
- A. Check if the customer has Instated a custom HTTPS certificate for IDS and another internal PKl HTTPS certificate for other devices.
- B. Check if the ClearPass HTTPS server certificate installed in the server is issued by a trusted commercial certificate authority.
- C. Check if the customer installed the internal PKl Root certificate presented by the ClearPass during the provisioning process.
- D. Check if the customer has installed the sameinternal PKl signed RADIUS server certificate as the HTTPS server certificate.
- E. Check if a DNS entryis available for the ClearPass hostname in the certificate, resolvable from the DNS server assigned to the client.
Answer: B,E
NEW QUESTION 39
A customer would like to allow only the AD users with the "Manager" title from the "HQ" location to Onboard their personal devices. Any other AD users should not be authorized to pass beyond the initial device provisioning page. Which Onboard service will you use to implement this requirement?
- A. Onboard Provisioning service
- B. Onboard Pre-Auth service
- C. Onboard Authorization service
- D. Onboard CP login service
Answer: D
NEW QUESTION 40
......
Pass HP HPE6-A77 Exam Info and Free Practice Test: https://www.dumpstorrent.com/HPE6-A77-exam-dumps-torrent.html