Aruba Certified ClearPass Professional V6.7 (HPE6-… Practice Exam

Join Us Among the Stars

Sign Up & unlock 100% of Exam Questions

Log in / Sign up

No Strings Attached!

84Practice Questions

3Study Modes

Free

TopicSort

Question 1

Clustering and Redundancy

Refer to the exhibit.

Question Image

Which statement accurately describes the cp82 ClearPass node? (Choose two.)

A It stays as a Subscriber when the Publisher fails.
B It becomes the Publisher when the primary Publisher fails.
C It operates as a Publisher in a separate cluster when the Publisher is active.
D It operates as a Publisher in the same cluster as the primary Publisher when the primary is active.
E It operates as a Subscriber when the Publisher is active.

Question 2

Guest

Question 3

ClearPass for AAA

Question 4

Intro to ClearPass

Question 5

ClearPass for AAA

Question 6

ClearPass for AAA

Question 7

Onboard

Question 8

ClearPass for AAA

Question 9

Onboard

Question 10

Guest

Question 11

Posture

Question 12

Posture

Question 13

Guest

Question 14

Guest

Question 15

External Authentication

Question 16

External Authentication

Question 17

Posture

Question 18

Guest

Question 19

Guest

Question 20

External Authentication

Question 21

External Authentication

Question 22

External Authentication

Question 23

Onboard

Question 24

ClearPass for AAA

Question 25

Posture

Page 1 of 4 • Questions 1-25 of 84

1 2 3 4

→

Know a question that should be here? Contribute to this exam

A customer with an Aruba Controller wants to set it up to work with ClearPass Guest.
Hoe should they configure ClearPass as an authentication server in the controller so that guests are able to authenticate successfully?

A Add ClearPass as RADIUS CoA server.
B Add ClearPass as a TACACS+ authentication server.
C Add ClearPass as a RADIUS authentication server.
D Add ClearPass as a HTTPS authentication server.

Refer to the exhibit.

Question Image

In the Aruba RADIUS dictionary shown, what is the purpose of the RADIUS attributes?

A to send information via RADIUS packets to Aruba NADs
B to gather and send Aruba NAD information to ClearPass
C to send information via RADIUS packets to clients
D to gather information about Aruba NADs for ClearPass
E to send CoA packets from ClearPass to the Aruba NAD

Which statement is true about the databases in ClearPass?

A Entries in the guest user database do not expire.
B A Static host list can only contain a list of IP addresses.
C Entries in the guest user database can be deleted.
D Entries in the local user database cannot be modified.
E The endpoints database can only be populated by manually adding MAC addresses to the table.

Refer to the exhibit.

Question Image

Based on the Translation Rule configuration shown, what will be the outcome?

A An AD user from AD group MatchAdmin will be assigned the operator profile of IT Administrators.
B A user from AD group MatchAdmin will be assigned the operator profile of IT Administrators.
C All active directory users will be assigned the operator profile of IT Administrators.
D All ClearPass Policy Manager admin users who are members of the Administrators AD group will be assigned the TACACS profile of IT Administrators.

Question 6

ClearPass for AAA

Question 7

Onboard

Question 8

ClearPass for AAA

Question 9

Onboard

Question 10

Guest

Question 11

Posture

Question 12

Posture

Question 13

Guest

Question 14

Guest

Question 15

External Authentication

Question 16

External Authentication

Question 17

Posture

Question 18

Guest

Question 19

Guest

Question 20

External Authentication

Question 21

External Authentication

Question 22

External Authentication

Question 23

Onboard

Question 24

ClearPass for AAA

Question 25

Posture

Refer to the exhibit.

Question Image

Based on the information, what is the purpose of using [Time Source] for authorization?

A to check how long it has been since the last login authentication
B to check whether the guest account expired
C to check whether the MAC address is in the MAC Caching repository
D to check whether the MAC address status is known in the endpoints table
E to check whether the MAC address status is unknown in the endpoints table

An organization has decided to implement dual SSID Onboarding. An administrator has used the Onboard service template to create services for dual SSID
Onboarding.
Which statement is true?

A The Onboard Authorization service is triggered when the user connects to the secure SSID.
B The Onboard Authorization service is triggered during the Onboarding process.
C The Onboard Authorization service is never triggered.
D The device connects to the secure SSID for provisioning.
E The Onboard Provisioning service is triggered when the user connects to the provisioning SSID to Onboard their device.

Refer to the exhibit.

Question Image

An Enforcement Profile has been created in the Policy Manager as shown.
Which action will ClearPass take based on this Enforcement Profile?

A ClearPass will count down 600 seconds and send a RADIUS CoA message to the user to end the user's session after this time is up.
B ClearPass will send the Session-Timeout attribute in the RADIUS Access-Accept packet to the NAD and the NAD will end the user's session after 600 seconds.
C ClearPass will count down 600 seconds and send a RADIUS CoA message to the NAD to end the user's session after this time is up.
D ClearPass will send the Session-Timeout attribute in the RADIUS Access-Request packet to the NAD and the NAD will end the user's session after 600 seconds.
E ClearPass will send the Session-Timeout attribute in the RADIUS Access-Accept packet to the User and the user's session will be terminated after 600 seconds.

An Android device goes through the single-SSID Onboarding process and successfully connects using EAP-TLS to the secure network.
What is the order in which services are triggered?

A Onboard Provisioning, Onboard Authorization, Onboard Pre-Auth
B Onboard Authorization, Onboard Provisioning, Onboard Authorization
C Onboard Provisioning, Onboard Pre-Auth, Onboard Authorization
D Onboard Provisioning, Onboard Authorization, Onboard Provisioning
E Onboard Provisioning, Onboard Pre-Auth, Onboard Authorization, Onboard Provisioning

A bank would like to deploy ClearPass Guest with web login authentication so that their customers can self-register on the network to get network access when they have meetings with bank employees. However, they're concerned about security.
What is true? (Choose three.)

A If HTTPS is used for the web login page, after authentication is completed guest Internet traffic will all be encrypted as well.
B During web login authentication, if HTTPS is used for the web login page, guest credentials will be encrypted.
C After authentication, an IPSEC VPN on the guest's client be used to encrypt Internet traffic.
D HTTPS should never be used for Web Login Page authentication.
E If HTTPS is used for the web login page, after authentication is completed some guest Internet traffic may be unencrypted.

What does the Posture Token QUARANTINE imply?

A The client is compliant. However, there is an update available to remediate the client to HEALTHY state.
B The posture of the client is unknown.
C The client is infected and is a threat to other systems in the network.
D The client is out of compliance, but has HEALTHY state.
E The client is out of compliance.

A customer wants to make enforcement decisions during 802.1x authentication based on a client's Onguard posture token.
What enforcement profile should be used in the health check service?

A Quarantine VLAN
B RADIUS CoA
C RADIUS Accept
D RADIUS Reject
E Full Access VLAN.

Refer to the exhibit.

Question Image

A user logged in to the Self-Service Portal as shown.
What does the traffic received and sent statistics present?

A These show the total amount of traffic the guest transmitted, as seen through RADIUS CoA packets from the NAD to ClearPass.
B These show the total amount of traffic the NAD transmitted to ClearPass, as seen through RADIUS accounting messages from the NAD to ClearPass.
C These show the total amount of traffic the guest transmitted after account expiration, as seen through RADIUS accounting messages sent from the NAD to ClearPass.
D These show the total amount of traffic the guest transmitted, as seen through RADIUS CoA packets from the client to ClearPass.
E These show the total amount of traffic the guest transmitted, as seen through RADIUS accounting messages sent from the NAD to ClearPass.

Refer to the exhibit.

Question Image

A user who is tagged with the ClearPass roles of Role_Engineer and developer, but not testqa, connects to the network with a corporate Windows laptop.
Which Enforcement Profile is applied?

A WIRELESS_GUEST_NETWORK
B WIRELESS_CAPTIVE_NETWORK
C WIRELESS_HANDHELD_NETWORK
D WIRELESS_EMPLOYEE_NETWORK

Which statement is true about the configuration of a generic LDAP server as an External Authentication server in ClearPass? (Choose three.)

A Generic LDAP Browser can be used to search the Base DN.
B An administrator can customize the selection of attributes fetched from an LDAP server.
C The bind DN can be in the administrator@domain format.
D A maximum of one generic LDAP server can be configured in ClearPass.
E A LDAP Browser can be used to search the Base DN.

Which authorization servers are supported by ClearPass? (Choose two.)

A Active Directory
B Cisco Controller
C Aruba Controller
D LDAP server
E Aruba Mobility Access Switch

Refer to the exhibit.

Question Image

Based on the Enforcement Policy configuration, when a user with Role Engineer connects to the network and the posture token assigned is Unknown, which
Enforcement Profile will be applied?

A RestrictedACL
B HR VLAN
C Remote Employee ACL
D [Deny Access Profile]
E EMPLOYEE_VLAN

Refer to the exhibit.

Question Image

When configuring a Web Login Page in Clear Pass Guest, the information shown is displayed.
What is the page name field used for?

A For Administrators to access the PHP page, but not guests.
B For forming the Web Login Page URL.
C For forming the Web Login Page URL where Administrators add guest users.
D For Administrators to reference the page only.
E For forming the Web Login Page URL and the page name that guests must configure on their laptop wireless supplicant.

Refer to the exhibit.

Question Image

What is the purpose of the "˜Clock Skew Allowance' setting? (Choose tow.)

A to ensure server certificate validation does not fail due to client clock sync issues
B to set expiry time in client certificate to a few minutes longer that the default setting
C to adjust clock time on client device to a few minutes before current time
D to ensure client certificate validation does not fail due to client clock sync issues
E to set start time in client certificate to a few minutes before current time

What is the certificate format PKCS #7, or .p7b, used for?

A Binary encoded X.509 certificate
B Certificate with an encrypted private key
C Certificate chain
D Binary encoded X.509 certificate with public key
E Certificate Signing Request

Which components can use Active Directory authorization attributes for the decision-making process? (Choose two.)

A Posture policy
B Role Mapping policy
C Certificate validation policy
D Profiling policy
E Enforcement policy

Refer to the exhibit.

Question Image

Based on the Attribute configuration shown, which statement accurately describes the status of attribute values?

A The attribute values of department, title, memberOf, telephoneNumber, mail are directly applied as ClearPass roles.
B The attribute values of department and memberOf are directly applied as ClearPass roles.
C Only the attribute value of company can be used in role mapping policies, not other attributes.
D Only the attribute value of department and memberOf can be used in role mapping policies.
E Only the attribute value of title, memberOf, telephoneNumber can be used in role mapping policies.

In single SSID Onboarding, which method can be used in the Enforcement Policy to distinguish between a provisioned device and a device that has not gone through the Onboard workflow?

A Onguard Agent used
B Authentication Method used
C Network Access Device used
D Active Directory Attributes
E Endpoint OS Category

Refer to the exhibit.

Question Image

Based on the Policy configuration shown, which VLAN will be assigned when a user with a ClearPass role Engineer authenticates to the network successfully on
Saturday using connection protocol WEBAUTH?

A Full Access VLAN
B Deny Access
C Employee Vlan
D Internet VLAN

Refer to the exhibit.

Question Image

Based on the Enforcement Profile configuration shown, which statement accurately describes what is sent?

A A limited access VLAN value is sent to the Network Access Device.
B A message is sent to the Onguard Agent on the client device.
C An unhealthy role value is sent to the Network Access Device.
D A RADIUS CoA message is sent to bounce the client.
E A RADIUS access-accept message is sent to the Controller.

Join Us Among the Stars

Aruba Certified ClearPass Professional V6.7 (HPE6-A68)Preview

About the Aruba Certified ClearPass Professional V6.7 (HPE6-A68) Exam

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25