• Home
  • Articles
  • Aruba Certified ClearPass Expert (ACCX) HPE6-A77 Dumps Full Questions with Free PDF Questions to Pass [Q22-Q46]

Aruba Certified ClearPass Expert (ACCX) HPE6-A77 Dumps Full Questions with Free PDF Questions to Pass [Q22-Q46]

Share

Aruba Certified ClearPass Expert (ACCX) HPE6-A77 Dumps Full Questions with Free PDF Questions to Pass

100% Updated HP HPE6-A77 Enterprise PDF Dumps


HP HPE6-A77 Exam Syllabus Topics:

TopicDetails
Topic 1
  • ClearPass Admin Login service processing and profile mapping
  • Secure Access Services and Enforcement, Role Mapping
Topic 2
  • TACACS authentication from Network Access Devices
  • Integration of Authorization Sources and External Context Servers into Enforcement
Topic 3
  • Quarantine and remediation based on Posture Token and the status of the agent
  • Implimentation of both Server and Controller Initiated Captive Portal Authentication
Topic 4
  • Implimenting Guest Access on both wired and wireless infrastructure
  • Understand Service Selection Rules
  • Guest Access Design and Implementation
Topic 5
  • Customized Admin Privileges for the Policy Manager
  • Self-Registration both with and without sponsorship
Topic 6
  • Configuration and enforcement of webauth service for posture
  • Authentication Sources Including Active Directory
Topic 7
  • High Availability and Redundancy Design, including Virtual IP addressing and Standby Publisher
  • Secure Access Design and Implementation
Topic 8
  • Integration of Endpoint Profiling into Enforcement
  • Cluster Layout positioning of Publisher and Subscribers, Use of Policy Manager Zones
Topic 9
  • Integration of Posture results in secure service Enforcement
  • Authentication Methods and OCSP to insure proper Certificate revocation

NEW QUESTION 22
Refer to the exhibit:




Your company has a postgres SQL database with the MAC addresses of the company-owned tablets You have configured a role mapping condition to tag the SQL devices. When one of the tablets connects to the network, it does not get the correct role and receives a deny access profile.
How would you resolve the issue?

  • A. Enable authorization tab in the service and add the SQL server as an authorization source.
  • B. Add the SQL server as an authentication source and map .t under the authentication tab in the service.
  • C. Remove SQL condition from role mapping policy and add it under the enforcement policy conditions.
  • D. Edit the SQL authentication source niter attributes and modify the SQL server filter query.

Answer: D

 

NEW QUESTION 23
Refer to the exhibit:

A customer has configured onboard in a cluster with two nodes All devices were onboarded in the network through node1but those clients tail to authenticate through node2 with the error shown. What steps would you suggest to make provisioning and authentication work across the entire cluster? (Select three.)

  • A. Configure the Onboard Root CA to trust the Policy Manager EAP certificate root.
  • B. Have all of the BYOD clients disconnect and reconnect to me network
  • C. Make sure that the HTTPS certificate on both nodes is issued as a Code Signing certificate
  • D. Make sure that the EAP certificates on both nodes are issued by one common root Certificate Authority (CA).
  • E. Have all of the BYOD clients re-run the Onboard process
  • F. Configure the Network Settings in Onboard to trust the Policy Manager EAP certificate

Answer: A,D,F

 

NEW QUESTION 24
A customer is looking to implement a Web-Based Health Check solution with the following requirements:
* for the HR user's client devices, check if a USB stick is mounted.
* for the R&D user's client devices, check if the hard disk is fully encrypted.
The Web-Based Health Check service has been configured but the customer it is not sure how to design the Profile Policy How can be accomplished this customer request?

  • A. create two Posture Policies and customize the OnGuard Agent (Persistent or Dissolvable) to select the correct SHV checks
  • B. create two Posture Policies and use the Restrict by Roles option to filter for HR and R&D user roles and apply the correct SHV checks
  • C. create one Posture Policy and define Rules Conditions that will apply different Tokens for each SHV check condition
  • D. create one Posture Policy to check the HR users client devices and use the NAP Agent to check R&D users client devices

Answer: A

 

NEW QUESTION 25
You have Integrated ClearPass Onboard with Active Directory Certificate Services (ADCS) web enrollment to sign the Anal device TLS certificates The Onboard provisioning process completes successfully but when the user finally clicks connect, the user falls to connect to the network with an unknown_ca certificate error.
What steps will you follow to complete the requirement?

  • A. Make sure that the ClearPass servers are using the default self-signed certificates for both SSL and RADIUS server identity
  • B. Make sure both the ClearPass servers have different certificates used for both SSL and RADIUS server identity.
  • C. Export the self-signed certificate from the ClearPass servers and manually add them as trusted certificates in clients
  • D. Add the ADCS root certificate to both the CPPM Certificate trust list and to the Onboard Certificate Store trust list

Answer: A

 

NEW QUESTION 26
A customer has created a Guest Sett-Registration page that they would like to use it as'template'for all the new pages that are going to be created from now on. Their goal is to ensure that the header and footer on every page are the same, and any edits made to them are automatically reflected on every Self-Registration Page.
What should be configured in order to accomplish this request?

  • A. Save the "template" page as Master Self-Registration page
  • B. Create child pages when creating new Self-Registration pages and select the "template" as Parent
  • C. Save this "template" page as a new Skin to be used on other Self-Registration pages
  • D. Copy the "template" page and edit it each time a new Self-Registration Page is needed

Answer: C

 

NEW QUESTION 27
A Customer has these requirements:
* 2.000 loT endpoints that use MAC authentication
* 6,000 endpoints using a mix of username/password and certificate (Corporate/BYOD) based authentication
* 1,000 guest endpoints at peak usage that use guest self-registration
* 1500 BYOD devices estimated as 3 devices per User (500 users)
* 2,500 endpoints that have OnGuard installed and connect on a daily basis What licenses should be installed to meet customer requirements?

  • A. 11,500 Access, 500 Onboard, 2,500 Onguard
  • B. 13.000 Access, 1.500 Onboard, 2,500 Onguard
  • C. 9,000 Access, 500 Onboard. 2.500 Onguard
  • D. 11,500 Access, 1,500 Onboard, 2.500 Onguard

Answer: D

 

NEW QUESTION 28
You have recently implemented a serf-registration portal in ClearPass Guest to be used on a Guest SSID broadcast from an Aruba controller. Your customer has started complaining that the users are not able to reliably access the internet after clicking the login button on the receipt page. They tell you that the users willclick the login button multiple times and alter about a minute they gain access.
What could be causing this issue?

  • A. The guest users are assigned a firewall user role that has a rate limit.
  • B. The self-registration page is configured with a 1 minute login delay.
  • C. The enforcement profile on ClearPass is set up with an lETF:session delay.
  • D. The guest client is delayed getting an IP address from the DHCP server.

Answer: B

 

NEW QUESTION 29
Refer to the exhibit:




After the helpdesk revoked the certificate of a device reported to be lost oy an employee, the lost device was seen as connected successfully to the secure network. Further testing has shown that device revocation is not working.
What steps should you follow to make device revocations work?

  • A. copy the default [EAP-TLS with OSCP Enabled] authentication method and set the verify certificate using OSCP: option as "required" then configure the correct OSCF URL link for the OnBoard CA.
    Remove EAP-TLS and map the new [EAP-TLS with OSCP Enabled] method to the 802 1X Radius Service.
  • B. Remove the EAP-TLS authentication method configuration changes are required and add "EAP-TLS with OCSP Enabled" authentication method in the OnBoard Provisioning service.
    No other configuration changes are required.
  • C. Edit the default [EAP-TLS with OSCP Enabled] authentication method and set the Verify certificate using OSCP option as required then update the correct OSCP URL link of the OnBoard CA Remove EAP-TLS and map the new [EAP-TLS with OSCP Enabled] method to the OnBoard Provisioning Service.
  • D. Copy the default [EAP-TLS with OSCP Enabled] authentication method and set The Verify certificate using OSCP option as required then update the correct OSCP URL link of the OnBoard CA. Remove EAP-TLS and map the custom created method to the OnBoard Authorization Service.

Answer: B

 

NEW QUESTION 30
Refer to the exhibit:




A customer is trying to configure a TACACS Authentication Service for administrative access to the Aruba Controller, During testing the authentication is not successful Given the screen shot what could be the reason for the Login status REJECT?

  • A. The password used by the administrative user,user is wrong.
  • B. The Read-only Administrator role does not exist on the Controller.
  • C. The Enforcement profile is not designed to be used on Aruba Controller.
  • D. The Enforcement profile used is not a TACACS profile.

Answer: A

 

NEW QUESTION 31
Refer to the exhibit:




A customer has configured the Aruba Controller for administrative authentication using ClearPass as a TACACS server. During testing, the read-only user is getting the root access role. What could be a possible reason for this behavior? (Select two.)

  • A. The read-only enforcement profile is mapped to the root role
  • B. The Controller Server Group Match Rules are changing the user role
  • C. On the Controller, the TACAC$ authentication server Is not configured for Session authorization
  • D. The ClearPass user role associated to the read-only user is wrong
  • E. The Controllers Admin Authentication Options Default role is mapped to toot.

Answer: B,C

 

NEW QUESTION 32
Refer to the exhibit:


A customer has configured a service with the Onboard Devices Repository as an Authentication Source and an Active Directory Domain Server as an Authorization Source. What will happen if the client certificate is still valid and the user account associated with the certificate is disabled in Active Directory?

  • A. ClearPass will block network access to the device
  • B. ClearPass will allow the device to access the network.
  • C. Enforcement will apply the [Deny Access Profile]
  • D. ClearPass will redirect the client to Onboard again
  • E. ClearPass will not process the request

Answer: A

 

NEW QUESTION 33
There is an Aruba Controller configured to send Guest AAA requests to ClearPass. If the customer would like the most effective way to ensure the lowest license usage counts, how should the controller be configured?

  • A. Aruba Controller will send stop messages only if EAP termination and Interim accounting are enabled.
  • B. Aruba Controller will send stop messages only if both accounting and interim accounting are enabled.
  • C. Configure EAP Termination on the Aruba Controller and the client will send a stop message.
  • D. Aruba Controller will send stop messages if RADIUS Accounting Server Group is defined in the authentication profile.

Answer: C

 

NEW QUESTION 34
Refer to the exhibit:




What could be causing the error message received on the OnGuard client?

  • A. The client'sOnGuardAgent has not been configured with the correct Policy Manager Zone
  • B. The Web-BasedHealth Check service needs to be configured to use the Posture Policy
  • C. There is a firewall policy not allowing the OnGuard Agent to connect to ClearPass
  • D. The Service Selection Rules for the service are not configured correctly

Answer: A

 

NEW QUESTION 35
Refer to the exhibit:

When creating a new report, there is an option to send report Notifications by Email. Where is the email server configured?

  • A. In the insight report on the next screen of the report definition.
  • B. In the ClearPass Policy Manager Messaging setup under Administration.
  • C. In the Insight Reports Interface under Administration on the sidebar menu.
  • D. In the ClearPass Policy Manager Endpoint Context servers under Administration.

Answer: C

 

NEW QUESTION 36

What are valid options for Network Access Device Settings? (Select two.)

  • A. On the Attributes tab. you can enable the service to write attributes like Location and Device type based on policy.
  • B. You can configure SNMP Write Settings to send commands to the devices that do not support other methods.
  • C. You can configure SNMP Read Settings to monitor the load of a NAD in order not to overload it with the requests.
  • D. The OnConnect Enforcement allows you to enable specific ports that trigger Enforcement when any device connects.
  • E. In CLI settings, you can define the access credentials and the command templates that will be used.

Answer: A,D

 

NEW QUESTION 37
Refer to the exhibit:

A customer with multiple Aruba Controllers has just installed a new certificate for "*.customerdomain com" on all Aruba Controllers. While testing the existing guest Self-Registration page the customer noticed that the logins are failing. While troubleshooting they are finding no entries in the Event Viewer or Access Tracker for the tests. Suspecting that the Aruba Controllers may not be properly posting the credentials from the guest browser, they open the NAS Vendor Settings for the Guest Self-Registration Page. From the screen shown, how can you fix the errors?

  • A. Change the "Secure Login:" field to "Use Vendor Default".
  • B. Change the "IP Address: field to" securelogin.customerdomain.com.
  • C. Change the "IP Address field to "captiveportal-login.customerdomain.com".
  • D. Add PTR records on the DNS server for "securelogin.arubanetworks.com".

Answer: A

 

NEW QUESTION 38
Refer to the exhibit:



You are doing a ClearPass PoC at a customer site with a single Aruba Mobility Controller. The customer asked for a demonstration of a simple Web Login functionality. You used a service template to create the guest services. During testing, the usergets redirected back to the weblogin page with an Authentication failed message. The guest configurations on the Aruba Mobility Controller are configured correctly.
Why would the guest fail to authenticate successfully?

  • A. The authentication source mapped in the service is incorrect, it should be mapped as (Guest Device Repository] [Local SQL DB].
  • B. The username and/or password used for authentication is incorrect Re-enter the correct password on the weblogin page.
  • C. The username used for authentication does not exist in the Guest User Database Create a new user and authenticate again.
  • D. The Unique-Device-Count does not allow any Client devices.Update the Enforcement policy condition:
    Unique-Device-Count.

Answer: A

 

NEW QUESTION 39
A customer has configured Onboard with Single SSID provision for Aruba IAP Windows devices work as expected but cannot get the Apple iOS devices to work. The Apple iOS devices automatically get redirected to a blank page and do not get the Onboard portal page. What would you check to fix the issue?

  • A. Verify if the Onboard URL is updated correctly in the external captive portal profile.
  • B. Verify if Onboard Pre-Provisioning enforcement profile sends the correct Aruba user role.
  • C. Verify if the checkbox "Enable bypassing the Apple Captive Network Assistant" is checked.
  • D. Verify if the external captive portal profile is enabled to use HTTPS with port 443.

Answer: A

 

NEW QUESTION 40
Refer to the exhibit:


You configuring an 802 1x service endpoint profiling. When the client connects to the network, ClearPass successfully profiles the client and sends Radius Change of Authorization (RCoA) but Radius Change of Authorization {RCoA) fails for the client You manually clicked on the Change Status button in the access tracker to force an RCoA but that failed too.
What must you check to ensure that the RCoA will work? (Select two.)

  • A. RFC 3576 option is enabled for Aruba Controller under Network devicein ClearPass.
  • B. The RFC 3576 shared secret on ClearPass should match the Authentication Server shared secret
  • C. RFC 3576 server IPs and the Authentication server IPs should be same in the AAA profile
  • D. RFC 3576 server should be mapped in the server group on the Aruba Controller

Answer: A,B

 

NEW QUESTION 41
Which statements are true about Aruba downloadable user roles? (Select three.)

  • A. Can use these roles for other authentication methods not involving ClearPass
  • B. Aruba downloadable user role are universally available across the environment
  • C. Can be applied only on ports or WLAN users authenticated by ClearPass.
  • D. Downloadable role names must be defined in Aruba switch or controller
  • E. Administering downloadable user roles can be difficult for a large enterprise
  • F. Aruba downloadable user role is a built in enforcementtemplate in ClearPass

Answer: A,C,D

 

NEW QUESTION 42
What is the Secure SSID {otherwise referred to as Single SSID) OnBoard deployment service workflow?

  • A. OnBoard Provisioning RADIUS service, OnBoard Authorization RADIUS service. OnBoard Pre-Auth Application service, OnBoard Provisioning RADIUS service
  • B. OnBoard Provisioning RADIUS service, OnBoard Pre-Auth Application service. OnBoard Authorization Application service, OnBoard Provisioning RADIUS service
  • C. OnBoard Provisioning RADIUS service, OnBoard Authorization Application service, OnBoard Pre-Auth Application service, OnBoard Provisioning RADIUS service
  • D. OnBoard Provisioning RADIUS service, OnBoard Pre-Auth RADIUS service, OnBoard Authorization Application service. OnBoard Provisioning RADIUS service

Answer: A

 

NEW QUESTION 43
Under Onboard management and control, which option will deny the user from re-provisioning the device a second time?

  • A. Delete certificate
  • B. Delete user
  • C. Revoke & Delete certificate
  • D. Revoke certificate

Answer: A

 

NEW QUESTION 44
You have configured a Guest SSID with Captive-portal Web Authentication and MAC authentication The MAC caching expiry time set to 12 hours and the Guest Account expiration time is set to 8 hours. What will happen if the guest were to disconnect from the SSID and re-connect 9 hours later?

  • A. The client will fail the MAC authentication and will be redirected to the Captive-portal login page.
  • B. The client will tail the MAC authentication and be denied access to the Guest SSID.
  • C. The client will successfully pass the mac authentication until the mac caching time expires.
  • D. The client will successfully pass the MAC authentication but still be redirected to captive portal page.

Answer: D

 

NEW QUESTION 45
While configuring a guest solution, the customer is requesting that guest user receive accessfor four hours from their first login.Which Guest Account Expiration would you select?

  • A. expire_ postlogin
  • B. expire_after
  • C. expire_time
  • D. do_expire

Answer: B

 

NEW QUESTION 46
......

Use Valid Exam HPE6-A77 by Free4Dump Books For Free Website: https://www.free4dump.com/HPE6-A77-braindumps-torrent.html

Related Articles

more
HP HPE6-A77 Certification Practice Exam