Independence Day Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Certensure Logo
  1. Home
  2. HP
  3. HPE Aruba Certified
  4. HPE6-A68 - Aruba Certified ClearPass Professional (ACCP) V6.7

HP HPE6-A68 Aruba Certified ClearPass Professional (ACCP) V6.7 Exam Practice Test

Demo: 17 questions
Total 116 questions
Get HPE6-A68 Full Access Download HPE6-A68 PDF

Aruba Certified ClearPass Professional (ACCP) V6.7 Questions and Answers

Question 1

If the “Alerts” tab in an access tracker entry shows the following error message: “Access denied by policy”, what could be a possible cause for authentication failure?

Options:

A.

Configuration of the Enforcement Policy.

B.

An error in the role mapping policy.

C.

Failure to select an appropriate authentication method for the authentication request.

D.

Implementation of a firewall policy on ClearPass.

E.

Failure to find an appropriate service to process the authentication request.

Question 2

Use the arrows to sort the steps to request a Policy Service on the left into the order they are performed on the right.

Options:

Question 3

An Android device goes through the single-SSID Onboarding process and successfully connects using EAP-TLS to the secure network.

What is the order in which services are triggered?

Options:

A.

Onboard Authorization, Onboard Provisioning, Onboard Authorization

B.

Onboard Provisioning, Onboard Pre-Auth, Onboard Authorization, Onboard Provisioning

C.

Onboard Provisioning, Onboard Authorization, Onboard Pre-Auth

D.

Onboard Provisioning, Onboard Authorization, Onboard Provisioning

E.

Onboard Provisioning, Onboard Pre-Auth, Onboard Authorization

Question 4

Refer to the exhibit.

A user logged in to the Self-Service Portal as shown.

What do the traffic received and sent statistics present?

Options:

A.

These show the total amount of traffic the guest transmitted, as seen through RADIUS CoA packets from the NAD to ClearPass.

B.

These show the total amount of traffic the NAD transmitted to ClearPass, as seen through RADIUS accounting messages from the NAD to ClearPass.

C.

These show the total amount of traffic the guest transmitted after account expiration, as seen through RADIUS accounting messages sent from the NAD to ClearPass.

D.

These show the total amount of traffic the guest transmitted, as seen through RADIUS CoA packets from the client to ClearPass.

E.

These show the total amount of traffic the guest transmitted, as seen through RADIUS accounting messages sent from the NAD to ClearPass.

Question 5

Which types of files are stored in the Local Shared Folders database in ClearPass? (Select two.)

Options:

A.

Software image

B.

Backup files

C.

Log files

D.

Device fingerprint dictionaries

E.

Posture dictionaries

Question 6

Refer to the exhibit.

A guest connects to the Guest SSID and authenticates successfully using the guest.php web login page.

Based on the MAC Caching service information shown, which statement about the guests’ MAC address is accurate?

Options:

A.

It will be visible in the Guest User Repository with Unknown Status

B.

It will be deleted from the Endpoint table.

C.

It will be visible in the Guest User Repository with Known Status.

D.

It will be visible in the Endpoints table with Known Status.

E.

It will be visible in the Endpoints table with Unknown Status.

Question 7

Which statement is true about the databases in ClearPass?

Options:

A.

Entries in the guest user database do not expire.

B.

A Static host list can only contain a list of IP addresses.

C.

Entries in the guest user database can be deleted.

D.

Entries in the local user database cannot be modified.

E.

The endpoints database can only be populated by manually adding MAC addresses to the table.

Question 8

When is the RADIUS server certificate used? (Select two.)

Options:

A.

During dual SSID onboarding, when the client connects to the Guest network

B.

During EAP-PEAP authentication in single SSID onboarding

C.

During post-Onboard EAP-TLS authentication, when the client verifies the server certificate

D.

During Onboard Web Login Pre-Auth, when the client loads the Onboarding web page

E.

During post-Onboard EAP-TLS authentication, when the server verifies the client certificate

Question 9

Refer to the exhibit.

Based on the ClearPass and Aruba Controller configuration settings for Onboarding shown, which statement accurately describes an employee’s new personal device connecting to the Onboarding network? (Select two.)

Options:

A.

Post-Onboarding, the device will be assigned the BYOD-Provision firewall role in the Aruba Controller.

B.

Pre-Onboarding, the device will be redirected to the ‘Onboarding Page’ Captive Portal.

C.

The BYOD-Provision role is a ClearPass internal role and exists in ClearPass.

D.

The device will not be redirected to any Onboarding page.

E.

Pre-Onboarding, the device will be assigned the BYOD-Provision firewall role in the Aruba Controller.

Question 10

Refer to the exhibit.

The ClearPass Event Viewer displays an error when a user authenticates with EAP-TLS to ClearPass through an Aruba Controller Wireless Network.

What is the cause of this error?

Options:

A.

The controller’s shared secret used during the certificate exchange is incorrect.

B.

The NAS source interface IP is incorrect.

C.

The client sent an incorrect shared secret for the 802.1X authentication.

D.

The controller used an incorrect shared secret for the RADIUS authentication.

E.

The client’s shared secret used during the certificate exchange is incorrect.

Question 11

A ClearPass administrator wants to make Enforcement decisions during 802.1x authentication based on a client’s Onguard posture token.

Which Enforcement profile should be used on the health check service?

Options:

A.

RADIUS CoA

B.

Quarantine VLAN

C.

Full Access VLAN

D.

RADIUS Accept

E.

RADIUS Reject

Question 12

Refer to the exhibit.

What does the Cache Timeout Value refer to?

Options:

A.

The amount of time the Policy Manager caches the user credentials stored in the Active Directory.

B.

The amount of time the Policy Manager waits for a response from the Active Directory before checking the backup authentication source.

C.

The amount of time the Policy Manager caches the user attributes fetched from Active Directory.

D.

The amount of time the Policy Manager waits for response from the Active Directory before sending a timeout message to the Network Access Device.

E.

The amount of time the Policy Manager caches the user\s client certificate.

Question 13

Why is a terminate session enforcement profile used during posture checks with 802.1x authentication?

Options:

A.

To send a RADIUS CoA message from the ClearPass server to the client

B.

To disconnect the user for 30 seconds when they are in an unhealthy posture state

C.

To blacklist the user when they are in an unhealthy posture state

D.

To force the user to re-authenticate and run through the service flow again

E.

To remediate the client applications and firewall do that updates can be installed

Question 14

Which components of a ClearPass is mandatory?

Options:

A.

Authorization Source

B.

Profiler

C.

Role Mapping Policy

D.

Enforcement

E.

Posture

Question 15

A customer wants all guests who access a company’s guest network to have their accounts approved by the receptionist, before they are given access to the network.

How should the network administrator set this up in ClearPass? (Select two.)

Options:

A.

Enable sponsor approval confirmation in Receipt actions.

B.

Configure SMTP messaging in the Policy Manager.

C.

Configure a MAC caching service in the Policy Manager.

D.

Configure a MAC auth service in the Policy Manager.

E.

Enable sponsor approval in the captive portal authentication profile on the NAD.

Question 16

Which use cases will require a ClearPass Guest application license? (Select two.)

Options:

A.

Guest device fingerprinting

B.

Guest endpoint health assessment

C.

Sponsor based guest user access

D.

Guest user self-registration for access

E.

Guest personal device onboarding

Question 17

What does a Windows client need for it to perform EAS-PEAP successfully when ‘Validate server Certificate’ is not enabled?

Options:

A.

Pre-shared key

B.

Client Certificate

C.

WPA2-PSK

D.

Username and Password

E.

Server Certificate

Load More HPE6-A68 Questions
Demo: 17 questions
Total 116 questions
Get HPE6-A68 Full Access Download HPE6-A68 PDF