2022 HPE6-A77 exam torrent HPE6-A77 Study Guide [Q16-Q34]

2022 HPE6-A77 exam torrent HPE6-A77 Study Guide

Easily pass HPE6-A77 Exam with our Dumps & PDF Test Engine

HP HPE6-A77 Exam Syllabus Topics:

Topic	Details
Topic 1	Quarantine and remediation based on Posture Token and the status of the agent Implimentation of both Server and Controller Initiated Captive Portal Authentication
Topic 2	Implimenting Guest Access on both wired and wireless infrastructure Understand Service Selection Rules Guest Access Design and Implementation
Topic 3	TACACS authentication from Network Access Devices Integration of Authorization Sources and External Context Servers into Enforcement
Topic 4	Configuration and enforcement of webauth service for posture Authentication Sources Including Active Directory
Topic 5	High Availability and Redundancy Design, including Virtual IP addressing and Standby Publisher Secure Access Design and Implementation
Topic 6	Customized Admin Privileges for the Policy Manager Self-Registration both with and without sponsorship
Topic 7	ClearPass Admin Login service processing and profile mapping Secure Access Services and Enforcement, Role Mapping
Topic 8	Integration of Posture results in secure service Enforcement Authentication Methods and OCSP to insure proper Certificate revocation
Topic 9	Integration of Endpoint Profiling into Enforcement Cluster Layout positioning of Publisher and Subscribers, Use of Policy Manager Zones

 

NEW QUESTION 16
Refer to the exhibit:

The customer complains that the user shown cannot log into the ClearPass Server as an administrator using the
[Policy Manager Admin Network Login Service]. What could be the reason for this?

• A. The account created does not fit this purpose.
• B. The mapping on the role should be changed to [RADIUS Super Admin]
• C. The local user authentication might be disabled
• D. The user might be used for a TACACS authentication

Answer: A

 

NEW QUESTION 17
Refer to the exhibit:





You have configured Onboard andcannot get it working The customer has sentyouthe above screenshots How would you resolve the issue?

• A. Re-provision the client by running the QuickConnect application as Administrator
• B. Install a public signed server authentication certificate on the ClearPass server for EAP
• C. Copy the [EAP-TLS with OSCP Enabled] authentication method and set the correct OCSP URL
• D. Reconnect the client and select the correct certificate when prompted

Answer: A

 

NEW QUESTION 18
Under Onboard management and control, which option will deny the user from re-provisioning the device a second time?

• A. Delete certificate
• B. Delete user
• C. Revoke & Delete certificate
• D. Revoke certificate

Answer: A

 

NEW QUESTION 19
What is the Secure SSID {otherwise referred to as Single SSID) OnBoard deployment service workflow?

• A. OnBoard Provisioning RADIUS service, OnBoard Authorization RADIUS service. OnBoard Pre-Auth Application service, OnBoard Provisioning RADIUS service
• B. OnBoard Provisioning RADIUS service, OnBoard Pre-Auth Application service. OnBoard Authorization Application service, OnBoard Provisioning RADIUS service
• C. OnBoard Provisioning RADIUS service, OnBoard Authorization Application service, OnBoard Pre-Auth Application service, OnBoard Provisioning RADIUS service
• D. OnBoard Provisioning RADIUS service, OnBoard Pre-Auth RADIUS service, OnBoard Authorization Application service. OnBoard Provisioning RADIUS service

Answer: A

 

NEW QUESTION 20
There is an Aruba Controller configured to send Guest AAA requests to ClearPass. If the customer would like the most effective way to ensure the lowest license usage counts, how should the controller be configured?

• A. Aruba Controller will send stop messages only if EAP termination and Interim accounting are enabled.
• B. Aruba Controller will send stop messages only if both accounting and interim accounting are enabled.
• C. Configure EAP Termination on the Aruba Controller and the client will send a stop message.
• D. Aruba Controller will send stop messages if RADIUS Accounting Server Group is defined in the authentication profile.

Answer: C

 

NEW QUESTION 21
Refer to the exhibit:




A customer has configured the Aruba Controller for administrative authentication using ClearPass as a TACACS server. During testing, the read-only user is getting the root access role. What could be a possible reason for this behavior? (Select two.)

• A. The read-only enforcement profile is mapped to the root role
• B. The Controller Server Group Match Rules are changing the user role
• C. On the Controller, the TACAC$ authentication server Is not configured for Session authorization
• D. The ClearPass user role associated to the read-only user is wrong
• E. The Controllers Admin Authentication Options Default role is mapped to toot.

Answer: B,C

 

NEW QUESTION 22
While configuring a guest solution, the customer is requesting that guest user receive accessfor four hours from their first login.Which Guest Account Expiration would you select?

• A. expire_ postlogin
• B. expire_after
• C. expire_time
• D. do_expire

Answer: B

 

NEW QUESTION 23
A customer has completed all the required configurations in the Windows server in order for Active Directory Certificate Services (ADCS) to sign Onboard device TLS certificates. The Onboard portal and the Onboard services are also configured. Testing shows that the Client certificates ate still signed by the Onboard Certificate Authority and not ADCS.
How can you help the customer with the situation?

• A. Configure
  the identity certificate signer as Active Directory Certificate Services and enter the ADCS URL
  http://ADCSVVeoEnrollmentServemostname/certsrv in the OnBoard Provisioning settings.
• B. Enable access to SCEP servers from the Certificate Authority to make ClearPass Onboard to use of the Active Directory Certificate Services (ADCS) web enrollment to sign the device TLS certificates.
• C. Educate the customer that, when integrating with Active Directory Certificate Services (ADCS) the Onboard CA will the same authority used for signing me final TLS certificate of the device.
• D. Enable access to EST servers from the Certificate Authority to make ClearPass Onboard to use of the Active Directory Certificate Services (ADCS) web enrollment to sign the device TLS certificates.

Answer: D

 

NEW QUESTION 24
A customer has a ClearPass cluster deployment with four servers, two servers at the data center and two servers at a large remote site connected over an SD-WAN solution The customer would like to implement OnGuard, Guest Self-Registration, and 802.1x authentication across their entire environment. During testing the customer is complaining that users connecting to an Instant Cluster Employee SSID at the remote site, with the OnGuard Persistent Agent installed are randomly getting their health check missed.
What could be a possible cause of this behavior?

• A. The OnGuard Clients are automatically mapped to the Policy Manager Zone based on their IP range but an ACL on the switch could be blocking access.
• B. The traffic on the TCP port 6658 is congested due to the fact that this port is also used by the IPsec keep-alive packets of the SD-WAN solution.
• C. The Aruba-user-role received by the IAP is filtering the TCP port 6658 to the ClearPass servers and after 10 seconds the SSL fallback gets activated and randomly generates the issue.
• D. The ClearPass Policy Manager zones have been defined but the local IP sub-nets have not been property mapped to the zones and the OnGuard Agent might connect to any of the servers in the cluster.

Answer: C

 

NEW QUESTION 25
Refer to the exhibit:




You have been asked to help a Customer troubleshoot an issue. They have configured an Aruba OS switch (Aruba 2930 with 16.09) to do MAC authentication with profiling using ClearPass as the authentication source. They cannot get it working.
Using the screenshots as a reference, how will you fix the issue?

• A. Change the Vendor settings for the Aruba OS switch to "Aruba" so that the enforcement will use the correct VSAs
• B. Modifythe enforcement profile conditions with Aruba Vendor specific attributes and Aruba-user-roles
• C. Delete the initial role in the Aruba OS switch to force the device to get the server derived user roles
• D. Use a CoA to bounce the switch port to force the port to change tothe correct Aruba user role
• E. User-roles are case sensitive, update the correct role with correct case in the enforcement profile

Answer: B

 

NEW QUESTION 26
Refer to the exhibit:

A customer with multiple Aruba Controllers has just installed a new certificate for "*.customerdomain com" on all Aruba Controllers. While testing the existing guest Self-Registration page the customer noticed that the logins are failing. While troubleshooting they are finding no entries in the Event Viewer or Access Tracker for the tests. Suspecting that the Aruba Controllers may not be properly posting the credentials from the guest browser, they open the NAS Vendor Settings for the Guest Self-Registration Page. From the screen shown, how can you fix the errors?

• A. Change the "Secure Login:" field to "Use Vendor Default".
• B. Change the "IP Address: field to" securelogin.customerdomain.com.
• C. Change the "IP Address field to "captiveportal-login.customerdomain.com".
• D. Add PTR records on the DNS server for "securelogin.arubanetworks.com".

Answer: A

 

NEW QUESTION 27
What is the Open SSID (otherwise referred to as Dual SSID) Onboard deployment service workflow?

• A. OnBoard Pre-Auth Application service, OnBoard Authorization Application service. OnBoard Provisioning RADIUS service
• B. OnBoard Authorization RADIUS service, OnBoard Pre-Auth Application service, OnBoard Provisioning RADIUS service
• C. OnBoard Authorization Application service, OnBoard Pre-Auth Application service, OnBoard Provisioning RADIUS service
• D. OnBoard Pre-Auth RADIUS service. OnBoard Authorization Application service. OnBoard Provisioning RADIUS service

Answer: C

 

NEW QUESTION 28
A customer has acquired another company that has its own Active Directory infrastructure The 802 1X authentication works with the customers original Active Directory servers but the customer would like to authenticate users from the acquired company as well. What steps are required, in regards to the Authentication Sources, in order to support this request? (Select two.)

• A. There is no need to Join ClearPass to the new AD domain.
• B. Create a new Authentication Source, type Active Directory.
• C. Add the new AD server(s) as backup into the existing Authentication Source.
• D. Create a new Authentication Source, type Generic LDAP.
• E. Join the ClearPass server(s) to the new AD domain.

Answer: A,E

 

NEW QUESTION 29
Which statements are true about Aruba downloadable user roles? (Select three.)

• A. Can use these roles for other authentication methods not involving ClearPass
• B. Aruba downloadable user role are universally available across the environment
• C. Can be applied only on ports or WLAN users authenticated by ClearPass.
• D. Downloadable role names must be defined in Aruba switch or controller
• E. Administering downloadable user roles can be difficult for a large enterprise
• F. Aruba downloadable user role is a built in enforcementtemplate in ClearPass

Answer: A,C,D

 

NEW QUESTION 30
Refer to the exhibit:

A customer is deploying Guest Self-Registration with Sponsor Approval but does not like the format of the sponsor email. Where can you change the sponsor email?

• A. in the Sponsor Confirmation section
• B. in the Configuration - Receipts - Templates
• C. in the Receipt Page - Actions
• D. in me Configuration - Receipts - Email Receipts

Answer: A

 

NEW QUESTION 31
Refer to the exhibit:





You configured the 802 1 x service enforcement conditions with the Endpoint profiling data. When the client connects to the network. ClearPass successfully profiles the client but the client always receives an incorrect enforcement profile The configurations in the Aruba controller are completed correctly.
What is the cause of the issue?

• A. The option, use cached roles and posture from previous sessions should be enabled.
• B. The enforcement policy rules evaluation algorithm Is not configured correctly.
• C. An additional authorization source should be configured for profiling to work.
• D. The enforcement policy conditions configured with profiling data are not correct.

Answer: D

 

NEW QUESTION 32
You have recently implemented a serf-registration portal in ClearPass Guest to be used on a Guest SSID broadcast from an Aruba controller. Your customer has started complaining that the users are not able to reliably access the internet after clicking the login button on the receipt page. They tell you that the users willclick the login button multiple times and alter about a minute they gain access.
What could be causing this issue?

• A. The guest users are assigned a firewall user role that has a rate limit.
• B. The self-registration page is configured with a 1 minute login delay.
• C. The enforcement profile on ClearPass is set up with an lETF:session delay.
• D. The guest client is delayed getting an IP address from the DHCP server.

Answer: B

 

NEW QUESTION 33
You are integrating a Postgres SQL server with the ClearPass Policy Manager What steps will you follow to complete the integration process? (Select three)

• A. Attribute Name under filter configuration must match one of the columns being requested from the database table.
• B. Alias Name under filter configuration must match one of the columns being requested from the database table.
• C. Create a new Endpoint context server andadd the SQL server IP, credentilas and the database name.
• D. Click on the default filter name with pre-defined filter queries and check box to enable as role.
• E. Create a new authentication source and add the SQL server IP, credentials and the database name.
• F. Specify a new filter with filter queries to fetch authentication and authorization attributes.

Answer: C,E,F

 

NEW QUESTION 34
......

HPE6-A77 PDF Pass Leader, HPE6-A77 Latest Real Test: https://www.actual4exams.com/HPE6-A77-valid-dump.html