HP hpe6-a81 practice test

Refer to the exhibit.


You have integrated the Cisco switch with ClearPass to do MAC-Auth for Cisco IP Phones. The phones
connect to the network successfully but when you try to change the status of the device from the
access tracker, you see only the ArubaOS Radius terminate session options and not the Cisco vendor
terminate session options. What will you check to fix this issue?

• A. Verify if the ClearPass supports RADIUS Dynamic Authorization for the Cisco IP Phones doing MAC.AUTH.
• B. Verify if the Cisco IP Phone is actively connected to the switch to get the Cisco CoA options from ClearPass.
• C. Verify if the Enable RADIUS Dynamic Authorization option is checked for the Cisco switch added under the network devices.
• D. Verify that Cisco is chosen as the vendor name while adding the Cisco Switch under network devices.

Refer to the exhibit.

What enforcement profile will be assigned to a client who has successfully completed the user and
machine authentication with UNKNOWN posture token?

• A. Redirect to Aruba OnBoard Portal
• B. Redirect to Aruba Quarantine Profile
• C. Redirect to Aruba Dissolvable_page Profile
• D. Deny Access Profile

Refer to the exhibit.

You have configured an Onboard portal for single SSID provision. During testing you notice that the
QuickConnect Application did not display the "Connect" button, only the finish button. To get
connected the test user had to manually connect to the secure-HS-5007 SSID but was prompted for a
username and password. Using the screenshots as a reference, how would you fix this issue?

• A. Check the network settings for the correct SSID name spelling.
• B. Install a public signed HTTPS web server certificate on the ClearPass server
• C. Change the network settings to use EAP-TLS for the authentication protocol.
• D. Configure the SSID to support both EAP-PEAP and EAP-TLS authentication method

Which statements are true about that integration between ClearPass Policy Manager and ClearPass
Device Insight? (Select two)

• A. Policy Manager stops using ClearPass Profiler for fingerprinting and uses Device Insight Analyzer instead for endpoint in-depth data analysis.
• B. ClearPass Device Insight updates ClearPass Policy Manager every 60 minutes if it detects a change in device classification like device spoofing.
• C. To provide enhanced profiling and reporting. additional configuration is required to transmit data in both directions between CPPM and Device Insight.
• D. When Device Insight integration mode is enabled. you can still use Update Fingerprint button to Update Endpoints at Configuration > Identity > Endpoints
• E. An attribute named Device Insight Tags art added to the Endpoints that art available to use in service, role-mapping, and enforcement policy Rules

A customer has acquired another company that has its own Active Directory infrastructure. The 802
1X PEAP authentication works with the customer's original Active Directory servers but the customer
would like to authenticate users from the acquired company as well.
What steps are required, in regards to the Authentication Sources, in order to support this request?
(Select two.)

• A. Create a new Authentication Source, type Active Directory.
• B. Create a new Authentication Source, type Generic LDAP.
• C. Add the new AD server(s) as backup into the existing Authentication Source.
• D. There is no need to join ClearPass to the new AD domain.
• E. Join the ClearPass server(s) to the new AD domain.

What is used to validate the EAP Certificate? (Select two.)

• A. Key usage
• B. Date
• C. Server Identity
• D. SAN entries
• E. Common Name

You have configured a factory default Aruba controller with Clear Pass for guest access and the NAS
vendor settings - Address field in the guest weblogin page is configured with Aruba controller's
default self-signed certificate common name "securelogin.arubanetworks.com" that the client will
use to submit the authentication request.
What happens when the client sends a DNS request to securelogin aruba networks com?

• A. The controller will intercept the ONS request sent to its HTTPS certificate common name and return its own IP address.
• B. Address field in the web login vendor settings should be set to IP address of the controller instead of certificate CN name.
• C. Client does not send the DNS request, the ClearPass resolves the hostname in the NAS vendor settings Address field.
• D. The controller will pass the request to the DNS server and server returns the IP of the controller from the DNS records.

Refer to the exhibit.

A customer is trying to configure a TACACS Authentication Service for administrative what could be
the reason for the Login Status REJECT?

• A. The password used by the administrative user is wrong.
• B. The Enforcement profile used is not a TACACS profile.
• C. The Read-only Administrator role does not exist on the Controller.
• D. The Enforcement profile is not designed to be used on Aruba Controller

A customer would like to allow only the AD users with the "Manager" title from the "HO" location to
Onboard their personal devices. Any other AD users should not be authorized to pass beyond the
initial device provisioning page. Which Onboard service will you use to implement this requirement?

• A. Onboard Authorization service
• B. Onboard Pre-Auth service
• C. Onboard Provisioning service
• D. Onboard CP login service

Refer to the exhibit.


A customer is doing a new ClearPass installation and is setting up clustering between two ClearPass
servers running a 6.8.6 version. The ClearPass server failed to add the subscriber node. The customer
was able to login to the console of the ClearPass server with the same CLI password used during the
cluster setup. The customer has sent you the screenshots seeking your support Why did an attempt
to add a subscriber node failed showing that error?

• A. The data and time in the subscriber was not synchronized with the NTP server
• B. The subscriber server is running with a default self -signed HTTPS certificate
• C. The default database certificate used in the publisher server is not a valid certificate
• D. The subscriber server is running with a public signed and trusted HTTPS certificate