Questions for the HPE6-A81 were updated on : Nov 06 ,2024
You art deploying Cleat Pass Policy Manager with Guest functionality for a customer with multiple
Aruba Networks Mobility Controllers. The customer wants to avoid SSL errors during guest access but
due to company security policy cannot use a wildcard certificate on ClearPass or the Controllers.
What is the most efficient way to configure the customer's guest solution? (Select two.)
DE
Refer to the exhibit.
A customer has configured Onboard in a cluster with two nodes. All devices were onboarded in the
network through node1 but those clients fail to authenticate through node2 with the error shown
What steps would you suggest to make provisioning and authentication work across the entire
cluster? (Select three)
BCD
Refer to the exhibit.
A customer with multiple Aruba Controllers has just installed a new certificate for
"'.customerdomain.com- on all Aruba Controllers While testing the existing guest Self-Registration
page the customer noticed that the logins are failing While troubleshooting they are finding no
entries in the Event Viewer or Access Tracker for the tests Suspecting that the Aruba Controllers may
not be properly posting the credentials from the guest browser, they open the NAS Vendor Settings
for the Guest Self-Registration Page.
D
Refer to the exhibit.
What could be causing the error message received on the OnGuard client?
A
Refer to the exhibit.
A year ago. your customer deployed an Aruba ClearPass Policy Manager Server for a Guest SSID
hosted in an IAP Cluster The customer just created a new Web Login Page for the Guest SSiD Even
though the previous Web Login page worked test with the new Web Login Page are failing and the
customer has forwarded you the above screenshots.
What recommendation would you give the customer to fix the issue?
C
A customer has deployed an OnGuard Solution to all the corporate devices using a group policy result
to push the OnGuard Agtnts. The network administrator is complaining that soma of the agents are
communicating to the ClearPass server that is located in a DMZ. outside the firewall The network
administrator wants all of the agents System Health Validation traffic to stay inside the Management
subnets.
What can the ClearPass administrator do to move the traffic only to the ClearPass Management
Ports?
B
Refer to the exhibit.
The users connecting to a wireless SSIO "secure-HS-5007" were being processed by an incorrect
802.1 X service created for VIP access and the user gets deny access. The customer has sent you the
screenshot to get your support to resolve the issue What changes will you suggest to fix it?
B
A customer has two different geographical sites deployed with two ClearPass servers in each site.
Site A has the Publisher (CPPM1) and a subscriber (CPPM2) and Site B has two subscribers (CPPM3 S
CPPM4) All wired and wireless authentication requests from the respective sites are handled by
respective CPPMs deployed in the sites When both the CPPM servers in Site B are lost, the
authentications from Site B is handled by Site A subscriber (CPPM2). To control the Multi-Master
Cache flush and reduce the amount of inter-site traffic, the customer also created a new Policy
Manager Zone (Zone1) The Site B CPPM3 & CPPM4 are part of Zone! and Site A CPPM2 is also
mapped to Zone1 as it will act as the backup RADIUS server for Site B The corporate laptops are
installed with Persistent agent to run the OnGuard check and the OnGuard settings are also mapped
to the Zones The Site A corporate user subnets are mapped to default zone and the Site 6 corporate
user subnets are mapped to Zone1. The customer has the following issue in the setup: The corporate
clients from Site A authenticating against the CPPM2 as their Primary RADIUS server assigns
Quarantine enforcement profile even though the user s health status is Healthy.
What is the cause of this issue?
C
You have designed a ClearPass solution for an Information Technology Business Park with 50,377
concurrent sessions including the visitors. The deployment includes eight ClearPass servers handling
RADIUS authentication. Guest Self-Registration. Onboard and OnGuard. CPPM1 is acting as Publisher.
CPPM2 to CPPM8 are added as subscriber nodes CPPM4 is the designated Standby Publisher. Servers
CPPM2 and CPPM3 will be handling the Guest and Onboard HTTPS traffic. On a few devices,
Corporate users will perform username and password based authentication with Active Directory
accounts and on few devices, they will be using private CA signed TLS certificates to do the
authentication The customer has three Active Directories (AD1, AD2 and A03) part of Multi-Domain
Forest. To provide authentication redundancy, the customer has configured multiple Virtual IP
settings between ClearPass servers in a cluster.
On all the Network Access Devices (NAD), the primary authentication server is configured as the VIP
IP address and the secondary authentication server rs configured as CPPM1 MGMT IP address Based
on the information provided, which ClearPass nodes will you join to the AD domain
D
Refer to the exhibit.
What enforcement prof lit will be assigned to the Windows 10 MDH enabled devices if it completes
user
authentication
and
is
already
profiled
by
ClearPess?
B
Refer to the exhibit.
You have integrated the Cisco switch with ClearPass to do MAC-Auth for Cisco IP Phones. The phones
connect to the network successfully but when you try to change the status of the device from the
access tracker, you see only the ArubaOS Radius terminate session options and not the Cisco vendor
terminate session options. What will you check to fix this issue?
D
Refer to the exhibit.
What enforcement profile will be assigned to a client who has successfully completed the user and
machine authentication with UNKNOWN posture token?
C
Refer to the exhibit.
You have configured an Onboard portal for single SSID provision. During testing you notice that the
QuickConnect Application did not display the "Connect" button, only the finish button. To get
connected the test user had to manually connect to the secure-HS-5007 SSID but was prompted for a
username and password. Using the screenshots as a reference, how would you fix this issue?
B
Which statements are true about that integration between ClearPass Policy Manager and ClearPass
Device Insight? (Select two)
CD
A customer has acquired another company that has its own Active Directory infrastructure. The 802
1X PEAP authentication works with the customer's original Active Directory servers but the customer
would like to authenticate users from the acquired company as well.
What steps are required, in regards to the Authentication Sources, in order to support this request?
(Select two.)
BD