[Nov-2021] Use Real HPE6-A77 Dumps Free Sample Questions and Practice Test Engine [Q18-Q42]

[Nov-2021] Use Real HPE6-A77 Dumps Free Sample Questions and Practice Test Engine

Pass HP HPE6-A77 exam - questions - convert Tets Engine to PDF

HP HPE6-A77 Exam Syllabus Topics:

Topic	Details
Topic 1	Configuration and enforcement of webauth service for posture Authentication Sources Including Active Directory
Topic 2	Customized Admin Privileges for the Policy Manager Self-Registration both with and without sponsorship
Topic 3	Implimenting Guest Access on both wired and wireless infrastructure Understand Service Selection Rules Guest Access Design and Implementation
Topic 4	ClearPass Admin Login service processing and profile mapping Secure Access Services and Enforcement, Role Mapping

 

NEW QUESTION 18
A customer is planning to implement machine and user authentication on infrastructure with one Aruba Controller and a single ClearPass Server What should the customer consider while designing this solution?
(Select three.)

• A. The Windows User must log off, restart or disconnect their machine to initiate a machine authentication before the cache expires.
• B. The customer does not need to worry about Multi-Master Cache Survivability because the Controller will also cache the machine state.
• C. Machine Authentication only uses EAP TLS, as such a PKI infrastructure should be in place for machine authentication.
• D. Onboard must be used to install the Certificates on the personal devices to do the user and machine authentication.
• E. The machine authentication status is written in the Multi-master cache on the ClearPass Server for 24 hrs.
• F. The Customer should enable Multi-Master Cache Survivability as the Aruba Controller will not cache the machine state.

Answer: C,D,E

 

NEW QUESTION 19
Refer to the exhibit:




After the helpdesk revoked the certificate of a device reported to be lost oy an employee, the lost device was seen as connected successfully to the secure network. Further testing has shown that device revocation is not working.
What steps should you follow to make device revocations work?

• A. copy the default [EAP-TLS with OSCP Enabled] authentication method and set the verify certificate using OSCP: option as "required" then configure the correct OSCF URL link for the OnBoard CA.
  Remove EAP-TLS and map the new [EAP-TLS with OSCP Enabled] method to the 802 1X Radius Service.
• B. Edit the default [EAP-TLS with OSCP Enabled] authentication method and set the Verify certificate using OSCP option as required then update the correct OSCP URL link of the OnBoard CA Remove EAP-TLS and map the new [EAP-TLS with OSCP Enabled] method to the OnBoard Provisioning Service.
• C. Copy the default [EAP-TLS with OSCP Enabled] authentication method and set The Verify certificate using OSCP option as required then update the correct OSCP URL link of the OnBoard CA. Remove EAP-TLS and map the custom created method to the OnBoard Authorization Service.
• D. Remove the EAP-TLS authentication method configuration changes are required and add "EAP-TLS with OCSP Enabled" authentication method in the OnBoard Provisioning service.
  No other configuration changes are required.

Answer: D

 

NEW QUESTION 20
Refer to the exhibit:

A customer with multiple Aruba Controllers has just installed a new certificate for "*.customerdomain com" on all Aruba Controllers. While testing the existing guest Self-Registration page the customer noticed that the logins are failing. While troubleshooting they are finding no entries in the Event Viewer or Access Tracker for the tests. Suspecting that the Aruba Controllers may not be properly posting the credentials from the guest browser, they open the NAS Vendor Settings for the Guest Self-Registration Page. From the screen shown, how can you fix the errors?

• A. Change the "Secure Login:" field to "Use Vendor Default".
• B. Add PTR records on the DNS server for "securelogin.arubanetworks.com".
• C. Change the "IP Address: field to" securelogin.customerdomain.com.
• D. Change the "IP Address field to "captiveportal-login.customerdomain.com".

Answer: A

 

NEW QUESTION 21
While configuring a guest solution, the customer is requesting that guest user receive accessfor four hours from their first login.Which Guest Account Expiration would you select?

• A. expire_after
• B. do_expire
• C. expire_time
• D. expire_ postlogin

Answer: A

 

NEW QUESTION 22
Refer to the exhibit:





You have configured an Onboard portal for single SSID provision. During testing you notice that the QuickConnect Application did not display the "Connect" button, only the finish button. To get connected the test user had to manually connect to the secure-HS-5007 SSID but was prompted for a username and password.
Using the screenshots as a reference, how would you fix this issue?

• A. Check the network settings for the correct SSID name spelling.
• B. Install a public signedHTTPs web server certificate on the ClearPass server.
• C. Change the network settings to use EAP-TLS for the authentication protocol.
• D. Configure the SSID to support both EAP-PEAP and EAP-TLS authentication method.

Answer: A

 

NEW QUESTION 23
You have Integrated ClearPass Onboard with Active Directory Certificate Services (ADCS) web enrollment to sign the Anal device TLS certificates The Onboard provisioning process completes successfully but when the user finally clicks connect, the user falls to connect to the network with an unknown_ca certificate error.
What steps will you follow to complete the requirement?

• A. Make sure that the ClearPass servers are using the default self-signed certificates for both SSL and RADIUS server identity
• B. Export the self-signed certificate from the ClearPass servers and manually add them as trusted certificates in clients
• C. Add the ADCS root certificate to both the CPPM Certificate trust list and to the Onboard Certificate Store trust list
• D. Make sure both the ClearPass servers have different certificates used for both SSL and RADIUS server identity.

Answer: A

 

NEW QUESTION 24
Refer to the exhibit:





You have configured Onboard andcannot get it working The customer has sentyouthe above screenshots How would you resolve the issue?

• A. Copy the [EAP-TLS with OSCP Enabled] authentication method and set the correct OCSP URL
• B. Install a public signed server authentication certificate on the ClearPass server for EAP
• C. Re-provision the client by running the QuickConnect application as Administrator
• D. Reconnect the client and select the correct certificate when prompted

Answer: C

 

NEW QUESTION 25
Which statements are true about Aruba downloadable user roles? (Select three.)

• A. Aruba downloadable user role are universally available across the environment
• B. Can use these roles for other authentication methods not involving ClearPass
• C. Can be applied only on ports or WLAN users authenticated by ClearPass.
• D. Aruba downloadable user role is a built in enforcementtemplate in ClearPass
• E. Downloadable role names must be defined in Aruba switch or controller
• F. Administering downloadable user roles can be difficult for a large enterprise

Answer: B,C,E

 

NEW QUESTION 26
A customer has completed all the required configurations in the Windows server in order for Active Directory Certificate Services (ADCS) to sign Onboard device TLS certificates. The Onboard portal and the Onboard services are also configured. Testing shows that the Client certificates ate still signed by the Onboard Certificate Authority and not ADCS.
How can you help the customer with the situation?

• A. Enable access to SCEP servers from the Certificate Authority to make ClearPass Onboard to use of the Active Directory Certificate Services (ADCS) web enrollment to sign the device TLS certificates.
• B. Configure
  the identity certificate signer as Active Directory Certificate Services and enter the ADCS URL
  http://ADCSVVeoEnrollmentServemostname/certsrv in the OnBoard Provisioning settings.
• C. Enable access to EST servers from the Certificate Authority to make ClearPass Onboard to use of the Active Directory Certificate Services (ADCS) web enrollment to sign the device TLS certificates.
• D. Educate the customer that, when integrating with Active Directory Certificate Services (ADCS) the Onboard CA will the same authority used for signing me final TLS certificate of the device.

Answer: C

 

NEW QUESTION 27
Refer to the exhibit:

A customer has configured onboard in a cluster with two nodes All devices were onboarded in the network through node1but those clients tail to authenticate through node2 with the error shown. What steps would you suggest to make provisioning and authentication work across the entire cluster? (Select three.)

• A. Make sure that the EAP certificates on both nodes are issued by one common root Certificate Authority (CA).
• B. Configure the Onboard Root CA to trust the Policy Manager EAP certificate root.
• C. Make sure that the HTTPS certificate on both nodes is issued as a Code Signing certificate
• D. Have all of the BYOD clients re-run the Onboard process
• E. Configure the Network Settings in Onboard to trust the Policy Manager EAP certificate
• F. Have all of the BYOD clients disconnect and reconnect to me network

Answer: A,B,E

 

NEW QUESTION 28
A Customer has these requirements:
* 2.000 loT endpoints that use MAC authentication
* 6,000 endpoints using a mix of username/password and certificate (Corporate/BYOD) based authentication
* 1,000 guest endpoints at peak usage that use guest self-registration
* 1500 BYOD devices estimated as 3 devices per User (500 users)
* 2,500 endpoints that have OnGuard installed and connect on a daily basis What licenses should be installed to meet customer requirements?

• A. 11,500 Access, 1,500 Onboard, 2.500 Onguard
• B. 9,000 Access, 500 Onboard. 2.500 Onguard
• C. 13.000 Access, 1.500 Onboard, 2,500 Onguard
• D. 11,500 Access, 500 Onboard, 2,500 Onguard

Answer: A

 

NEW QUESTION 29
You are integrating a Postgres SQL server with the ClearPass Policy Manager What steps will you follow to complete the integration process? (Select three)

• A. Specify a new filter with filter queries to fetch authentication and authorization attributes.
• B. Create a new Endpoint context server andadd the SQL server IP, credentilas and the database name.
• C. Click on the default filter name with pre-defined filter queries and check box to enable as role.
• D. Alias Name under filter configuration must match one of the columns being requested from the database table.
• E. Attribute Name under filter configuration must match one of the columns being requested from the database table.
• F. Create a new authentication source and add the SQL server IP, credentials and the database name.

Answer: A,B,F

 

NEW QUESTION 30
How does the RadSec improve the RADIUS message exchange? (Select two.)

• A. It uses UDP to exchange the radius packets.
• B. It builds a TTLS tunnel between the NAD and ClearPass.
• C. It encrypts the entire RADIUS message.
• D. Only the NAD needs to trust the ClearPass Certificate.
• E. It can be used on an unsecured network or the Internet.

Answer: A,C

 

NEW QUESTION 31
Under Onboard management and control, which option will deny the user from re-provisioning the device a second time?

• A. Revoke & Delete certificate
• B. Revoke certificate
• C. Delete user
• D. Delete certificate

Answer: D

 

NEW QUESTION 32
What is the Open SSID (otherwise referred to as Dual SSID) Onboard deployment service workflow?

• A. OnBoard Pre-Auth Application service, OnBoard Authorization Application service. OnBoard Provisioning RADIUS service
• B. OnBoard Authorization Application service, OnBoard Pre-Auth Application service, OnBoard Provisioning RADIUS service
• C. OnBoard Authorization RADIUS service, OnBoard Pre-Auth Application service, OnBoard Provisioning RADIUS service
• D. OnBoard Pre-Auth RADIUS service. OnBoard Authorization Application service. OnBoard Provisioning RADIUS service

Answer: B

 

NEW QUESTION 33
What is used to validate the EAP Certificate? (Select three.)

• A. Common Name
• B. Server Identity
• C. SAN entries
• D. Key usage
• E. Trust chain
• F. Date

Answer: A,D,E

 

NEW QUESTION 34
Refer to the exhibit:


A customer has configured a Guest Self registration page for their Cisco Wireless network with the settings shown. What should be changed in order to successfully authenticate guests users?

• A. Login Method should be Controller-initiated - using HTTPs form submit
• B. Change \he IP Address to the Cisco Controller DNS name
• C. Secure Login should use HTTP
• D. Change the Vendor Settings to Airespace Networks

Answer: B

 

NEW QUESTION 35
What is the Secure SSID {otherwise referred to as Single SSID) OnBoard deployment service workflow?

• A. OnBoard Provisioning RADIUS service, OnBoard Authorization Application service, OnBoard Pre-Auth Application service, OnBoard Provisioning RADIUS service
• B. OnBoard Provisioning RADIUS service, OnBoard Pre-Auth RADIUS service, OnBoard Authorization Application service. OnBoard Provisioning RADIUS service
• C. OnBoard Provisioning RADIUS service, OnBoard Authorization RADIUS service. OnBoard Pre-Auth Application service, OnBoard Provisioning RADIUS service
• D. OnBoard Provisioning RADIUS service, OnBoard Pre-Auth Application service. OnBoard Authorization Application service, OnBoard Provisioning RADIUS service

Answer: C

 

NEW QUESTION 36
Refer to the Exhibit:


A customer wants to integrate posture validationinto an Aruba Wireless 802.1X authentication service During testing, the client connects to the Aruba Employee Secure SSID and is redirected to the Captive Portal page where the user can download the OnGuard Agent After the Agent is installed, the client receives the Healthy token the client remains connected to the Captive Portal page ClearPass is assigning the endpoint the following roles: T2-Staff-User. (Machine Authenticated! and T2-SOL-Device.
What could cause this behavior?

• A. The Enforcement Policy conditions for rule 1 are not configured correctly.
• B. RFC-3576 Is not configured correctly on the Aruba Controller and does not update the role.
• C. The Enforcement Profile should bounce the connection instead of a Terminate session
• D. Used Cached Results: has not been enabled In the Aruba 802.1X Wireless Service

Answer: D

 

NEW QUESTION 37
A customer is complaining that some ofthe devices, in their manufacturing network, are not getting profiled while other loT devices from the same subnet have been correctly profiled. The network switches have been configured for DHCP IP helpers and IF-MAP has been configured on the Aruba Controllers. What can the customer do to discover those devices as well? (Select two.)

• A. Allow time for IF-MAP service on the controller to discover the new devices as well.
• B. Update the Fingerprints Dictionary to the latest in case new devices have been added.
• C. Open a TAC case to help you troubleshoot the DHCP device profile functionality.
• D. Add the ClearPass Server IP as an IP helper address on the default gateway as well.
• E. Manually create a new device fingerprint for the devices that are not being profiled.

Answer: A,E

 

NEW QUESTION 38
Refer to the exhibit:




Your company has a postgres SQL database with the MAC addresses of the company-owned tablets You have configured a role mapping condition to tag the SQL devices. When one of the tablets connects to the network, it does not get the correct role and receives a deny access profile.
How would you resolve the issue?

• A. Edit the SQL authentication source niter attributes and modify the SQL server filter query.
• B. Enable authorization tab in the service and add the SQL server as an authorization source.
• C. Remove SQL condition from role mapping policy and add it under the enforcement policy conditions.
• D. Add the SQL server as an authentication source and map .t under the authentication tab in the service.

Answer: A

 

NEW QUESTION 39
You have integrated ClearPass Onboard with Active Directory Certificate Services (ADCS) web enrollment to sign the final device TLS certificates. The customer wouldalso like to use ADCS for centralized management of TLS certificates including expiration, revocation, and deletion through ADCS.
What steps will you follow to complete the requirement?

• A. Edit the [EAP-TLS with OSCP Enabled) authentication method and set the correct ADCS server OCSP URL. remove EAP-TLS and map the [EAP-TLS with OSCP Enabled) method to the Onboard Provisioning Service.
• B. Copy the default [EAP-TLS with OSCP Enabled] authentication method and update the correct ADCS server OCSP URL. remove EAP-TLS and map the custom created method to the OnBoard Authorization Service.
• C. Remove the EAP-TLS authentication method and add "EAP-TLS with OCSP Enabled' authentication method in the OnBoard Provisioning service. No other configuration changes are required.
• D. Copy the [EAP-TLS with OSCP Enabled) authentication method and set the correct ADCS server OCSP URL, remove EAP-TLS and map the custom created method to the Onboard Provisioning Service.

Answer: C

 

NEW QUESTION 40
When is it recommendedto use a certificate with multiple entries on the Subject Alternative Name?

• A. The ClearPass servers are placed in different OnGuard zones to allow the client agent to send SHV updates.
• B. Using the same certificate to Onboard clients and the Guest Captive Portal on a single ClearPass server.
• C. The primary authentication server Is not available to authenticate the users.
• D. The ClearPass server will be hosting captive portal pages for multiple FQDN entries

Answer: A

 

NEW QUESTION 41
There is an Aruba Controller configured to send Guest AAA requests to ClearPass. If the customer would like the most effective way to ensure the lowest license usage counts, how should the controller be configured?

• A. Configure EAP Termination on the Aruba Controller and the client will send a stop message.
• B. Aruba Controller will send stop messages only if EAP termination and Interim accounting are enabled.
• C. Aruba Controller will send stop messages only if both accounting and interim accounting are enabled.
• D. Aruba Controller will send stop messages if RADIUS Accounting Server Group is defined in the authentication profile.

Answer: A

 

NEW QUESTION 42
......

Pass Your HPE6-A77 Exam Easily - Real HPE6-A77 Practice Dump Updated Nov 21, 2021: https://www.actual4exams.com/HPE6-A77-valid-dump.html