Download Aruba Certified ClearPass Professional 6.5.HPE6-A15.TestKing.2018-07-01.60q.vcex

Vendor: HP
Exam Code: HPE6-A15
Exam Name: Aruba Certified ClearPass Professional 6.5
Date: Jul 01, 2018
File Size: 8 MB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Purchase
Coupon: EXAM_HUB

Discount: 20%

Demo Questions

Question 1
  
  
Based on the configuration of the create_user form shown, which statement accurately describes the status?
  1. The email field will be visible to guest users when they access the web login page.
  2. The visitor_company field will be visible to operators creating the account.
  3. The visitor_company field will be visible to the guest users when they access the web login page.
  4. The visitor_phone field will be visible to the guest users in the web login page.
  5. The visitor_phone field will be visible to operators creating the account.
Correct answer: A
Explanation:
References: https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/expire-timezone-field-is-not-showing-up-on-the-create-user-form/ta-p/250230
References: https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/expire-timezone-field-is-not-showing-up-on-the-create-user-form/ta-p/250230
Question 2
  
  
Based on the information shown, which field in the Captive Portal Authentication profile should be changed so that guest users are redirected to a page on ClearPass when they connect to the Guest SSID?
  1. both Login and Welcome Page
  2. Default Role
  3. Welcome Page
  4. Default Guest Role
  5. Login Page
Correct answer: E
Explanation:
The Login page is the URL of the page that appears for the user logon. This can be set to any URL. The Welcome page is the URL of the page that appears after logon and before redirection to the web URL. This can be set to any URL. References: http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Content/ArubaFrameStyles/Captive_Portal/Captive_Portal_Authentic.htm
The Login page is the URL of the page that appears for the user logon. This can be set to any URL. 
The Welcome page is the URL of the page that appears after logon and before redirection to the web URL. This can be set to any URL. 
References: http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Content/ArubaFrameStyles/Captive_Portal/Captive_Portal_Authentic.htm
Question 3
A hotel chain deployed ClearPass Guest. When hotel guests connect to the Guest SSID, launch a web browser and enter the address www.google.com, they are unable to immediately see the web login page. 
What are the likely causes of this? (Select two.)
  1. The ClearPass server has a trusted server certificate issued by Verisign.
  2. The ClearPass server has an untrusted server certificate issued by the internal Microsoft Certificate server.
  3. The ClearPass server does not recognize the client’s certificate.
  4. The DNS server is not replying with an IP address for www.google.com.
Correct answer: BD
Explanation:
You would need a publicly signed certificate. References: http://community.arubanetworks.com/t5/Security/Clearpass-Guest-certificate-error-for-guest-visitors/td-p/221992
You would need a publicly signed certificate. 
References: http://community.arubanetworks.com/t5/Security/Clearpass-Guest-certificate-error-for-guest-visitors/td-p/221992
Question 4
  
  
An Enforcement Profile has been created in the Policy Manager as shown. 
Which action will ClearPass take based on the Enforcement Profile?
  1. it will count down 600 seconds and send a RADIUS CoA message to the NAD to end the user’s session after this time is up
  2. it will send the Session-Timeout attribute in the RADIUS Access-Request packet to the NAD and the NAD will end the user’s session after 600 seconds
  3. it will count down 600 seconds and send a RADIUS CoA message to the user to end the user’s session after this time is up
  4. it will send the Session-Timeout attribute in the RADIUS Access-Request packet to the user and the user’s session will be terminated after 600 seconds
Correct answer: D
Explanation:
Session Timeout (in seconds) - Configure the agent session timeout interval to re-evaluate the system health again. OnGuard triggers auto-remediation using this value to enable or disable AV-RTP status check on endpoint. Agent re-authentication is determined based on session-time out value. You can specify the session timeout interval from 60 – 600 seconds. Setting the lower value for session timeout interval results numerous authentication requests in Access Tracker page. The default value is 0. References: http://www.arubanetworks.com/techdocs/ClearPass/Aruba_CPPMOnlineHelp/Content/CPPM_UserGuide/Enforce/EPAgent_Enforcement.htm
Session Timeout (in seconds) - Configure the agent session timeout interval to re-evaluate the system health again. OnGuard triggers auto-remediation using this value to enable or disable AV-RTP status check on endpoint. Agent re-authentication is determined based on session-time out value. You can specify the session timeout interval from 60 – 600 seconds. Setting the lower value for session timeout interval results numerous authentication requests in Access Tracker page. The default value is 0. 
References: http://www.arubanetworks.com/techdocs/ClearPass/Aruba_CPPMOnlineHelp/Content/CPPM_UserGuide/Enforce/EPAgent_Enforcement.htm
Question 5
  
  
Based on the information shown, what is the purpose of using [Time Source] for authorization?
  1. to check whether the MAC address status is unknown in the endpoints table
  2. to check whether the MAC address is in the MAC Caching repository
  3. to check how long it has been since the last web login authentication
  4. to check whether the MAC address status is known in the endpoint table.
Correct answer: D
Question 6
A customer with an Aruba Controller wants it to work with ClearPass Guest. 
How should the customer configure ClearPass as an authentication server in the controller so that guests are able to authenticate successfully?
  1. Add ClearPass as a RADIUS CoA server.
  2. Add ClearPass as a RADIUS authentication server.
  3. Add ClearPass as a TACACS+ authentication server.
  4. Add ClearPass as an HTTPS authentication server.
Correct answer: B
Explanation:
5. Configuring the Aruba Controller 5.1 Add Clearpass as RADIUS Server Navigate to Configuration > SECURITY > Authentication > Servers Click on RADIUS Server and enter the Name of your Clearpass Server: myClearpassClick Add Click on myClearpass in the Server List Etc. References: https://community.arubanetworks.com/t5/Security/Step-by-Step-Controller-CPPM-6-5-Captive-Portal-authentication/td-p/229740
5. Configuring the Aruba Controller 
5.1 Add Clearpass as RADIUS Server 
Navigate to Configuration > SECURITY > Authentication > Servers 
Click on RADIUS Server and enter the Name of your Clearpass Server: myClearpass
Click Add 
Click on myClearpass in the Server List 
Etc. 
References: https://community.arubanetworks.com/t5/Security/Step-by-Step-Controller-CPPM-6-5-Captive-Portal-authentication/td-p/229740
Question 7
  
  
Based on the Enforcement Policy configuration shown, when a user with Role Remote Worker connects to the network and the posture token assigned is quarantine, which Enforcement Profile will be applied?
  1. RestrictedACL
  2. Remote Employee ACL
  3. [Deny Access Profile]
  4. EMPLOYEE_VLAN
  5. HR VLAN
Correct answer: B
Explanation:
The first rule will match, and the Remote Employee ACL will be used.
The first rule will match, and the Remote Employee ACL will be used.
Question 8
  
  
Based on the Access Tracker output for the user shown, which statement describes the status?
  1. The Aruba Terminate Session enforcement profile as applied because the posture check failed.
  2. A Healthy Posture Token was sent to the Policy Manager.
  3. A RADIUS-Access-Accept message is sent back to the Network Access Device.
  4. The authentication method used is EAP-PEAP.
  5. A NAP agent was used to obtain the posture token for the user.
Correct answer: B
Explanation:
We see System Posture Status: HEALTHY(0)End systems that pass all SHV tests receive a Healthy Posture Token, if they fail a single test they receive a Quarantine Posture Token. References: CLEARPASS ONGUARD CONFIGURATION GUIDE (July 2015), page 13https://community.arubanetworks.com/aruba/attachments/aruba/aaa-nac-guest-access-byod/21122/1/OnGuard%20config%20Tech%20Note%20v1.pdf
We see System Posture Status: HEALTHY(0)
End systems that pass all SHV tests receive a Healthy Posture Token, if they fail a single test they receive a Quarantine Posture Token. 
References: CLEARPASS ONGUARD CONFIGURATION GUIDE (July 2015), page 13
https://community.arubanetworks.com/aruba/attachments/aruba/aaa-nac-guest-access-byod/21122/1/OnGuard%20config%20Tech%20Note%20v1.pdf
Question 9
Why can the Onguard posture check not be performed during 802.1x authentication?
  1. Health Checks cannot be used with 802.1x.
  2. Onguard uses RADIUS, so an additional service must be created.
  3. Onguard uses HTTPS, so an additional service must be created.
  4. Onguard uses TACACS, so an additional service must be created.
  5. 802.1x is already secure, so Onguard is not needed.
Correct answer: C
Explanation:
OnGuard uses HTTPS to send posture information to the ClearPass appliance. For OnGuard to use HTTPS, it must have access to the network. If a customer requires 802.1x authentication on the wired switch, a separate 802.1x authentication must be used prior to the OnGuard posture check. In this example, an 802.1x PEAP-EAP-MSCHAPv2 authentication is completed first. A separate WebAuth service must be setup with posture checks to use the OnGuard agent. References: MAC Authentication and OnGuard Posture Enforcement using Dell WSeries ClearPass and Dell Networking Switches (August 2013), page 21
OnGuard uses HTTPS to send posture information to the ClearPass appliance. For OnGuard to use HTTPS, it must have access to the network. If a customer requires 802.1x authentication on the wired switch, a separate 802.1x authentication must be used prior to the OnGuard posture check. In this example, an 802.1x PEAP-EAP-MSCHAPv2 authentication is completed first. A separate WebAuth service must be setup with posture checks to use the OnGuard agent. 
References: MAC Authentication and OnGuard Posture Enforcement using Dell WSeries ClearPass and Dell Networking Switches (August 2013), page 21
Question 10
  
  
Based on the Enforcement Profile configuration shown, which statement accurately describes what is sent?
  1. A limited access VLAN value is sent to the Network Access Device.
  2. An unhealthy role value is sent to the Network Access Device.
  3. A message is sent to the Onguard Agent on the client device.
  4. A RADIUS CoA message is sent to bounce the client.
  5. A RADIUS access-accept message is sent to the Controller
Correct answer: C
Explanation:
The OnGuard Agent enforcement policy retrieves the posture token. If the token is HEALTHY it returns a healthy message to the agent and bounces the session. If the token is UNHEALTHY it returns an unhealthy message to the agent and bounces the session. References: CLEARPASS ONGUARD CONFIGURATION GUIDE (July 2015), page 27
The OnGuard Agent enforcement policy retrieves the posture token. If the token is HEALTHY it returns a healthy message to the agent and bounces the session. If the token is UNHEALTHY it returns an unhealthy message to the agent and bounces the session. 
References: CLEARPASS ONGUARD CONFIGURATION GUIDE (July 2015), page 27
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!