HPE6-A77 Updated Exam Dumps [2021] Practice Valid Exam Dumps Question [Q34-Q51]

Share

HPE6-A77 Updated Exam Dumps [2021] Practice Valid Exam Dumps Question

HPE6-A77 Sample with Accurate & Updated Questions


HP HPE6-A77 Exam Syllabus Topics:

TopicDetails
Topic 1
  • High Availability and Redundancy Design, including Virtual IP addressing and Standby Publisher
  • Secure Access Design and Implementation
Topic 2
  • Quarantine and remediation based on Posture Token and the status of the agent
  • Implimentation of both Server and Controller Initiated Captive Portal Authentication
Topic 3
  • Implimenting Guest Access on both wired and wireless infrastructure
  • Understand Service Selection Rules
  • Guest Access Design and Implementation
Topic 4
  • Customized Admin Privileges for the Policy Manager
  • Self-Registration both with and without sponsorship
Topic 5
  • Configuration and enforcement of webauth service for posture
  • Authentication Sources Including Active Directory
Topic 6
  • ClearPass Admin Login service processing and profile mapping
  • Secure Access Services and Enforcement, Role Mapping
Topic 7
  • Integration of Posture results in secure service Enforcement
  • Authentication Methods and OCSP to insure proper Certificate revocation
Topic 8
  • Integration of Endpoint Profiling into Enforcement
  • Cluster Layout positioning of Publisher and Subscribers, Use of Policy Manager Zones
Topic 9
  • TACACS authentication from Network Access Devices
  • Integration of Authorization Sources and External Context Servers into Enforcement

 

NEW QUESTION 34
A customer has deployed an OnGuard Solution to all the corporate devices using a group policy rule to push the OnGuard Agents. The network administrator is complaining that some of the agents are communicating to the ClearPass server that is located in a DMZ, outside the firewall The network administrator wants all of the agents System Health Validation traffic to stay inside the Management subnets.
What can the ClearPass administrator do to move the traffic only to the ClearPass Management Ports?

  • A. Filter TCP port 6658 on the firewall, forcing the OnGuard agent to use the ClearPass Management port.
  • B. Edit the agent.conf file being deployed to the clients to use the ClearPass Management Port for SHV updates.
  • C. Configure a Policy Manager Zone mapping so the OnGuard agent will use the Management Port IP.
  • D. Select the correct OnGuard Agent installer, and use the one configured for Management Port for the clients.

Answer: C

 

NEW QUESTION 35
Refer to the exhibit:




A customer is trying to configure a TACACS Authentication Service for administrative access to the Aruba Controller, During testing the authentication is not successful Given the screen shot what could be the reason for the Login status REJECT?

  • A. The password used by the administrative user,user is wrong.
  • B. The Read-only Administrator role does not exist on the Controller.
  • C. The Enforcement profile is not designed to be used on Aruba Controller.
  • D. The Enforcement profile used is not a TACACS profile.

Answer: A

 

NEW QUESTION 36
Refer to the exhibit:



You are doing a ClearPass PoC at a customer site with a single Aruba Mobility Controller. The customer asked for a demonstration of a simple Web Login functionality. You used a service template to create the guest services. During testing, the usergets redirected back to the weblogin page with an Authentication failed message. The guest configurations on the Aruba Mobility Controller are configured correctly.
Why would the guest fail to authenticate successfully?

  • A. The authentication source mapped in the service is incorrect, it should be mapped as (Guest Device Repository] [Local SQL DB].
  • B. The username and/or password used for authentication is incorrect Re-enter the correct password on the weblogin page.
  • C. The username used for authentication does not exist in the Guest User Database Create a new user and authenticate again.
  • D. The Unique-Device-Count does not allow any Client devices.Update the Enforcement policy condition:
    Unique-Device-Count.

Answer: A

 

NEW QUESTION 37
Where is the following information stored in ClearPass?
- Roles and Posture for Connected Clients - System Health for OnGuard - Machine authentication State - CoA session info - Mapping of connected clients to NAS/NAD

  • A. insight database
  • B. Endpoint database
  • C. ClearPass system cache
  • D. Multi-Master cache

Answer: C

 

NEW QUESTION 38
A Customer has these requirements:
* 2.000 loT endpoints that use MAC authentication
* 6,000 endpoints using a mix of username/password and certificate (Corporate/BYOD) based authentication
* 1,000 guest endpoints at peak usage that use guest self-registration
* 1500 BYOD devices estimated as 3 devices per User (500 users)
* 2,500 endpoints that have OnGuard installed and connect on a daily basis What licenses should be installed to meet customer requirements?

  • A. 11,500 Access, 500 Onboard, 2,500 Onguard
  • B. 13.000 Access, 1.500 Onboard, 2,500 Onguard
  • C. 9,000 Access, 500 Onboard. 2.500 Onguard
  • D. 11,500 Access, 1,500 Onboard, 2.500 Onguard

Answer: D

 

NEW QUESTION 39
You are integrating a Postgres SQL server with the ClearPass Policy Manager What steps will you follow to complete the integration process? (Select three)

  • A. Attribute Name under filter configuration must match one of the columns being requested from the database table.
  • B. Alias Name under filter configuration must match one of the columns being requested from the database table.
  • C. Create a new Endpoint context server andadd the SQL server IP, credentilas and the database name.
  • D. Click on the default filter name with pre-defined filter queries and check box to enable as role.
  • E. Create a new authentication source and add the SQL server IP, credentials and the database name.
  • F. Specify a new filter with filter queries to fetch authentication and authorization attributes.

Answer: C,E,F

 

NEW QUESTION 40
Refer to the exhibit:


You configured a new Wireless 802.1X service for a Cisco WLC broadcasting the Secure-ADM-5007 SSID.
The client falls to connect to the SSID. Using the screenshots as a reference, how would you fix this issue?
(Select two.)

  • A. Change the service condition to Radius:lETF Calling-Station-ld EQUALS Secure-ADM-5007
  • B. Remove the service condition Radius:lETF Service-Type BELONGSJTO Login-User (1). 2. 8
  • C. Make sure that the Network Devices entry for the Cisco WLC has a vendor setting of "Airspace"
  • D. Update the service condition Radius:IETF Called-Station-ld CONTAINS secure-adm-5007

Answer: B,D

 

NEW QUESTION 41
Refer to the exhibit:


A customer has configured a service with the Onboard Devices Repository as an Authentication Source and an Active Directory Domain Server as an Authorization Source. What will happen if the client certificate is still valid and the user account associated with the certificate is disabled in Active Directory?

  • A. ClearPass will block network access to the device
  • B. ClearPass will allow the device to access the network.
  • C. Enforcement will apply the [Deny Access Profile]
  • D. ClearPass will redirect the client to Onboard again
  • E. ClearPass will not process the request

Answer: A

 

NEW QUESTION 42
Refer to the exhibit:


You configuring an 802 1x service endpoint profiling. When the client connects to the network, ClearPass successfully profiles the client and sends Radius Change of Authorization (RCoA) but Radius Change of Authorization {RCoA) fails for the client You manually clicked on the Change Status button in the access tracker to force an RCoA but that failed too.
What must you check to ensure that the RCoA will work? (Select two.)

  • A. RFC 3576 option is enabled for Aruba Controller under Network devicein ClearPass.
  • B. The RFC 3576 shared secret on ClearPass should match the Authentication Server shared secret
  • C. RFC 3576 server IPs and the Authentication server IPs should be same in the AAA profile
  • D. RFC 3576 server should be mapped in the server group on the Aruba Controller

Answer: A,B

 

NEW QUESTION 43
A customer would like to allow only the AD users with the "Manager" title from the "HQ" location to Onboard their personal devices. Any other AD users should not be authorized to pass beyond the initial device provisioning page. Which Onboard service will you use to implement this requirement?

  • A. Onboard Provisioning service
  • B. Onboard Pre-Auth service
  • C. Onboard Authorization service
  • D. Onboard CP login service

Answer: D

 

NEW QUESTION 44
When is it recommendedto use a certificate with multiple entries on the Subject Alternative Name?

  • A. The ClearPass server will be hosting captive portal pages for multiple FQDN entries
  • B. Using the same certificate to Onboard clients and the Guest Captive Portal on a single ClearPass server.
  • C. The ClearPass servers are placed in different OnGuard zones to allow the client agent to send SHV updates.
  • D. The primary authentication server Is not available to authenticate the users.

Answer: C

 

NEW QUESTION 45
Refer to the exhibit:





You have configured Onboard andcannot get it working The customer has sentyouthe above screenshots How would you resolve the issue?

  • A. Re-provision the client by running the QuickConnect application as Administrator
  • B. Install a public signed server authentication certificate on the ClearPass server for EAP
  • C. Copy the [EAP-TLS with OSCP Enabled] authentication method and set the correct OCSP URL
  • D. Reconnect the client and select the correct certificate when prompted

Answer: A

 

NEW QUESTION 46
A customer has a ClearPass cluster deployment with four servers, two servers at the data center and two servers at a large remote site connected over an SD-WAN solution The customer would like to implement OnGuard, Guest Self-Registration, and 802.1x authentication across their entire environment. During testing the customer is complaining that users connecting to an Instant Cluster Employee SSID at the remote site, with the OnGuard Persistent Agent installed are randomly getting their health check missed.
What could be a possible cause of this behavior?

  • A. The OnGuard Clients are automatically mapped to the Policy Manager Zone based on their IP range but an ACL on the switch could be blocking access.
  • B. The traffic on the TCP port 6658 is congested due to the fact that this port is also used by the IPsec keep-alive packets of the SD-WAN solution.
  • C. The Aruba-user-role received by the IAP is filtering the TCP port 6658 to the ClearPass servers and after 10 seconds the SSL fallback gets activated and randomly generates the issue.
  • D. The ClearPass Policy Manager zones have been defined but the local IP sub-nets have not been property mapped to the zones and the OnGuard Agent might connect to any of the servers in the cluster.

Answer: C

 

NEW QUESTION 47
You have Integrated ClearPass Onboard with Active Directory Certificate Services (ADCS) web enrollment to sign the Anal device TLS certificates The Onboard provisioning process completes successfully but when the user finally clicks connect, the user falls to connect to the network with an unknown_ca certificate error.
What steps will you follow to complete the requirement?

  • A. Make sure that the ClearPass servers are using the default self-signed certificates for both SSL and RADIUS server identity
  • B. Make sure both the ClearPass servers have different certificates used for both SSL and RADIUS server identity.
  • C. Export the self-signed certificate from the ClearPass servers and manually add them as trusted certificates in clients
  • D. Add the ADCS root certificate to both the CPPM Certificate trust list and to the Onboard Certificate Store trust list

Answer: A

 

NEW QUESTION 48
Refer to the exhibit:

A customer with multiple Aruba Controllers has just installed a new certificate for "*.customerdomain com" on all Aruba Controllers. While testing the existing guest Self-Registration page the customer noticed that the logins are failing. While troubleshooting they are finding no entries in the Event Viewer or Access Tracker for the tests. Suspecting that the Aruba Controllers may not be properly posting the credentials from the guest browser, they open the NAS Vendor Settings for the Guest Self-Registration Page. From the screen shown, how can you fix the errors?

  • A. Change the "Secure Login:" field to "Use Vendor Default".
  • B. Change the "IP Address: field to" securelogin.customerdomain.com.
  • C. Change the "IP Address field to "captiveportal-login.customerdomain.com".
  • D. Add PTR records on the DNS server for "securelogin.arubanetworks.com".

Answer: A

 

NEW QUESTION 49
You are deploying ClearPass Policy Manager with Guest functionality for a customer withmultiple Aruba Networks Mobility Controllers The customer wants to avoid SSL errors during guest access but due to company security policy cannot use a wildcard certificate on ClearPass or the Controllers.
What is the most efficient way to configure the customers guest solution? (Select two.)

  • A. Install multiple public certificates with a different Common Name on each controller
  • B. Install the same public certificate on all Controllers with the common name "controller {company domain}"
  • C. Build one Web Login page with vendor settings for controller {company domain)
  • D. Build multiple Web Login pages with vendor settings configured for each controller

Answer: B,D

 

NEW QUESTION 50
Refer to the exhibit:



The customer created a new enforcement policy condition to allow VIP Users access without additional security compliance checks hut cannot gel it working. The customer has sent you the above screenshots.
How would you resolve the issue?

  • A. Ask the VIP user to complete the one time webhealthcheck to get the VIP profile.
  • B. Set the Enforcement Policy rules evaluation algorithm to evaluate all.
  • C. Modify the Enforcement Policy and re-order the VIPuser condition to the lop.
  • D. Include VIP User role along with the Healthy posture enforcement condition.

Answer: D

 

NEW QUESTION 51
......

Pass HP HPE6-A77 Premium Files Test Engine pdf - Free Dumps Collection: https://www.fast2test.com/HPE6-A77-premium-file.html

Contact Us

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday

Support: Contact now 

日本語 Deutsch 繁体中文 한국어