HPE6-A82 Exam - Aruba Certified ClearPass Associate Exam

NEW QUESTION 1
Your boss suggests configuring a guest self-registration page in ClearPass for an upcoming conference event. What are the benefits of using guest serf-registration'? (Select two)

• A. This will allow conference employees to pre-load additional device information as guests arrive and register.
• B. This strategy effectively stops employees from putting their own corporate devices on the guest network.
• C. This will enable additional information to be gathered about guests during the conference.
• D. This allows guest users to create and manage their own login account.D18912E1457D5D1DDCBD40AB3BF70D5D
• E. This will allow employee personal devices to be Onboarded to the corporate network

Answer: AD

NEW QUESTION 2
What is a function of the posture token in ClearPass OnGuard? (Select two )

• A. Identifies clients that are not security compliant
• B. Initiates the Auto-Remediation process
• C. Controls access to network resources
• D. Denies access to unhealthy clients
• E. indicates the Health Status of the Client

Answer: CD

NEW QUESTION 3
What are two ways to add guest accounts to ClearPass? (Select two.)

• A. Using the "Import Accounts" under ClearPass Guest
• B. Using the "Create Account" or "Create Multiple'' options under ClearPass Guest
• C. Assigning the default role "Lobby Ambassador to a receptionist to then add the accounts
• D. Using the "Sync Accounts'' under ClearPass Guest
• E. importing accounts from Active Directory once ClearPass is added with Admin credentials

Answer: AB

NEW QUESTION 4
What is true regarding Posturing and Profiling?

• A. Both Posturing and Profiling describe the same thing, what is the health of the client endpoinst?
• B. Profiling describes categorizing the user based on their department while Posturing validates the user as authenticated
• C. Posturing and Profiling are role assignments in ClearPass used internally to map to enforcement policies.
• D. Profiling is the act of identifying the endpoint type while Posturing is assigning a status as to the health of the endpoint

Answer: A

NEW QUESTION 5
Refer to the exhibit.

A client is attempting to authenticate using their Windows account with a bad password if the Remote Lab AD server is down for maintenance, what win be the expected result?

• A. ClearPass receives a timeout attempt when trying the Remote Lab AD server firs
• B. It will then try the server Backup 1 and receive a result of Active Directory Authentication faile
• C. No further processing will occur.
• D. ClearPass try either server Backup 1 or Backup 2 depending on which has responded the fastest in prior attempts to authenticate ClearPass will then receive a result of Active Directory Authentication failed.No further processing will occur.
• E. ClearPass receives a timeout attempt when trying the Remote Lab AD server firs
• F. It will then try the server Backup 1 and Backup 2; both will send a result authentication failed.
• G. ClearPass receive a timeout attempt when trying the Remote Lab AD server firs
• H. No further processing will occur until the Remote Lab AD server is marked as "Down" by the Administrator.

Answer: A

NEW QUESTION 6
When ClearPass is communicating with external context servers, which connection protocol is typically used?

• A. YAML
• B. SOAP and XML
• C. REST APIs over HTTPS
• D. FTP over SSH

Answer: B

NEW QUESTION 7
When using Guest Authentication with MAC Caching service template, which statements are true? (Select two.)

• A. The guest authentication is provided better security than without using MAC caching
• B. The guest authentication is provided better security than without using MAC caching
• C. The endpoint status of the client will be treated as "known" the first time the client associates to the network
• D. Which wireless SSID and wireless controller must be indicated when configuring the template
• E. The client will be required to re-enter their credentials even if still within the MAC-Auth Expiry term

Answer: AD

NEW QUESTION 8
A customer is setting up Guest access with ClearPass. They are considering using 802.1X for both the
Employee network and the Guest network. What are two issues the customer may encounter when deploying 802.1X with the Guest network? (Select two)

• A. the lack of encryption during the authentication process
• B. ClearPass win not be able to enforce individual Access Control policies.
• C. the high level of complexity for users to join the guest network
• D. Guests will not be able to be uniquely identified.
• E. difficult to maintain in an environment with a large number of transient guest users

Answer: CE

NEW QUESTION 9
An organization wants to have guests connect their own personal devices to the wireless network without requiring a receptionist setting up a guest account. Which ClearPass feature can be used to meet the organization's requirements?

• A. Guest with self-registration
• B. ClearPass Onboard
• C. MAC authentication with profiling
• D. Policy Manager Enforcement

Answer: A

NEW QUESTION 10
What is the benefit to installing a wild card certificate for captive portal authentication?

• A. Guests no longer are required to validate certificates during captive portal.
• B. Allows different certificates for each controller for increased security
• C. Wild card certificates are provide greater security than normal certificates
• D. Allows the single wild card certificate to be installed on all controllers in the environment

Answer: D

NEW QUESTION 11
Which must be taken into account if a customer wants to use the DHCP collector with 802.1X authentication?

• A. Because DHCP fingerprinted is a Layer-3 function, it cannot t>e used with an 802 1X authentication service.
• B. The client needs to be granted limited access before the enforcement policy can take into account the device type
• C. When a client sends an authentication request to ClearPass, the profiler will also gather DHCPinformation
• D. The client needs to connect to an open network first to be profiled, then shifted to the secure 802.1x network.

Answer: C

NEW QUESTION 12
Which are valid enforcement profile types? (Select two)

• A. Policy Service Enforcement
• B. RADIUS Change of Authorization (CoA)
• C. Aruba Script Enforcement
• D. ClearPass Entity Update Enforcement

Answer: BD

NEW QUESTION 13
When joining ClearPass to an Active Directory (AD) domain, what information is required? (Select two.)

• A. ClearPass Policy Manager (CPPM) enterprise credentials.
• B. Domain Administrator credentials with at least read access
• C. Domain User credentials with read-write access
• D. Cache Timeout value set to at least 10 hours
• E. Fully Qualified Domain Name (FQDN) of the AD Domain Controller.

Answer: BE

NEW QUESTION 14
Which option support DHCP profiling for devices in a network?

• A. enabling DHCP relay on our network access devices so DHCP requests are forwarded to ClearPass
• B. enabling the DHCP server to profile endpoints and forward meta-data to ClearPass
• C. DHCP profiling is enabled on ClearPass by default configuration of the network access devices is not necessary
• D. configuring ClearPass as a DHCP relay for the client

Answer: A

NEW QUESTION 15
Which actions are necessary to set up a ClearPass guest captive portal web login page to execute with no errors? (Select two)

• A. Configure the vendor settings in the Web Login page to match the Network Access Device (NAD).
• B. Install a publicly signed HTTPS certificate in ClearPass and the Network Access Device (NAD).
• C. Install an enterprise Certificate Authority (CA) signed HTTPS certificate in the Network Access Device (NAD).
• D. Install an enterprise Certificate Authority (CA) signed HTTPS certificate in ClearPass and the Network D18912E1457D5D1DDCBD40AB3BF70D5DAccess Device (NAD).
• E. Configure the vendor settings in the Network Access Device (NAD) to match the web login page.

Answer: BE

NEW QUESTION 16
Refer to the Endpoint in the screenshot.

What are possible ways that it was profiled? (Select two)

• A. Cisco Device Sensor
• B. Exchange Plugging agent
• C. 3rd part MDM
• D. DNS fingerprinting
• E. NAD ARP listening handler

Answer: CE

NEW QUESTION 17
What is RADIUS Change of Authorization (CoA)?

• A. It allows ClearPass to transmit messages to the Network Attached Device/Network Attached Server (NAD/NAS) to modify a user’s session status
• B. It allows clients to issue a privilege escalation request to ClearPass using RADIUS to switch to TACACS+
• C. It is a mechanism that enables ClearPass to assigned a User-Based Tunnel (UBT) between a switch and controller for Dynamic Segmentation
• D. It forces the client to re-authenticate upon roaming to an access point controlled by a foreign mobility controller.

Answer: A

Explanation:
Referencehttp://www.arubanetworks.com/techdocs/ClearPass/Aruba_CPPMOnlineHelp/Content/CPPM_UserG

NEW QUESTION 18
Which statement is true about OnGuard? (Select two.)

• A. It is used to identify and remove any malware/viruses
• B. It is used to ensure that Antivirus/Antispyware programs are running
• C. It supports Doth Windows and Mac OS X clients
• D. It only supports 802 1X authentication

Answer: BC

NEW QUESTION 19
Which two are required to add a Network Access Device (NAD) into ClearPass? (Select two.)

• A. ClearPass Admin login credentials
• B. SSH password
• C. Shared Secret
• D. HTTPS certificate
• E. NAD IP address

Answer: CE

NEW QUESTION 20
Which most accurately describes the "Select All Matches" rule evaluation algorithm in Enforcement Policies?

• A. Each rule is checked, and once a match is found, the Enforcement profile assigned to that rule is applied and the rule matching stops.
• B. All rules are checke
• C. And if there is no match no Enforcement profile is applied.
• D. Each rule is checked, and once a match is found, the Enforcement profile assigned to that rule ts applied, along with the default Enforcement profile.
• E. All rules are checked for any matching rules and their respective Enforcement profiles are applied.

Answer: D

NEW QUESTION 21
Which ClearPass fingerprint collectors are valid for active profiling of endpoints? (Select two.)

• A. DHCP fingerprinting
• B. IF-MAP
• C. SNMP
• D. HTTP user agents
• E. NMAP

Answer: CD

NEW QUESTION 22
Refer to the exhibit.

Where will the guests browser be redirected during a captive portal login attempt?

• A. The captive portal page hosted on the Aruba controller
• B. The redirect will time out and fan to resolve
• C. The captive portal page hosted on ClearPass
• D. The captive portal page hosted on Aruba Central in the cloud

Answer: D

NEW QUESTION 23
Sponsorship has been enabled on the guest network A guest user connects and completes the self-registration form indicating a valid sponsor. The guest then clicks submit What is the current state of the guest account?

• A. The guest account is created in a disabled state with the "Log In" button grayed out
• B. The guest account is not yet created and remains in a disabled state There is not "Log in" button yet displayed
• C. The guest account is created in disabled state, the "Log In" button will appear only after the sponsor approval process is completed
• D. The guest account is created in an enabled state with the Tog in" button functional

Answer: C

NEW QUESTION 24
What happens when a client successfully authenticates but does not match any Enforcement Policy rules?

• A. A RADIUS Accept is returned and the default Enforcement Profile is applied.
• B. A RADIUS reject is returned for the client.
• C. A RADIUS Accept is retuned, and the default rule is applied to the device.
• D. A RADIUS Accept is returned with no Enforcement Profile applied

Answer: A

NEW QUESTION 25
......