Pass HPE6-A77 Exam with Updated HPE6-A77 Exam Dumps PDF 2022
HPE6-A77 Exam Dumps - Free Demo & 365 Day Updates
HP HPE6-A77 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
NEW QUESTION 33
Refer to the exhibit:
A customer with multiple Aruba Controllers has just installed a new certificate for "*.customerdomain com" on all Aruba Controllers. While testing the existing guest Self-Registration page the customer noticed that the logins are failing. While troubleshooting they are finding no entries in the Event Viewer or Access Tracker for the tests. Suspecting that the Aruba Controllers may not be properly posting the credentials from the guest browser, they open the NAS Vendor Settings for the Guest Self-Registration Page. From the screen shown, how can you fix the errors?
- A. Change the "Secure Login:" field to "Use Vendor Default".
- B. Add PTR records on the DNS server for "securelogin.arubanetworks.com".
- C. Change the "IP Address: field to" securelogin.customerdomain.com.
- D. Change the "IP Address field to "captiveportal-login.customerdomain.com".
Answer: A
NEW QUESTION 34
Refer to the Exhibit:
A customer wants to integrate posture validationinto an Aruba Wireless 802.1X authentication service During testing, the client connects to the Aruba Employee Secure SSID and is redirected to the Captive Portal page where the user can download the OnGuard Agent After the Agent is installed, the client receives the Healthy token the client remains connected to the Captive Portal page ClearPass is assigning the endpoint the following roles: T2-Staff-User. (Machine Authenticated! and T2-SOL-Device.
What could cause this behavior?
- A. The Enforcement Policy conditions for rule 1 are not configured correctly.
- B. RFC-3576 Is not configured correctly on the Aruba Controller and does not update the role.
- C. The Enforcement Profile should bounce the connection instead of a Terminate session
- D. Used Cached Results: has not been enabled In the Aruba 802.1X Wireless Service
Answer: D
NEW QUESTION 35
A customer has a ClearPass cluster deployment with four servers, two servers at the data center and two servers at a large remote site connected over an SD-WAN solution The customer would like to implement OnGuard, Guest Self-Registration, and 802.1x authentication across their entire environment. During testing the customer is complaining that users connecting to an Instant Cluster Employee SSID at the remote site, with the OnGuard Persistent Agent installed are randomly getting their health check missed.
What could be a possible cause of this behavior?
- A. The OnGuard Clients are automatically mapped to the Policy Manager Zone based on their IP range but an ACL on the switch could be blocking access.
- B. The traffic on the TCP port 6658 is congested due to the fact that this port is also used by the IPsec keep-alive packets of the SD-WAN solution.
- C. The ClearPass Policy Manager zones have been defined but the local IP sub-nets have not been property mapped to the zones and the OnGuard Agent might connect to any of the servers in the cluster.
- D. The Aruba-user-role received by the IAP is filtering the TCP port 6658 to the ClearPass servers and after 10 seconds the SSL fallback gets activated and randomly generates the issue.
Answer: D
NEW QUESTION 36
Refer to the exhibit:
You configured the 802 1 x service enforcement conditions with the Endpoint profiling data. When the client connects to the network. ClearPass successfully profiles the client but the client always receives an incorrect enforcement profile The configurations in the Aruba controller are completed correctly.
What is the cause of the issue?
- A. An additional authorization source should be configured for profiling to work.
- B. The enforcement policy rules evaluation algorithm Is not configured correctly.
- C. The enforcement policy conditions configured with profiling data are not correct.
- D. The option, use cached roles and posture from previous sessions should be enabled.
Answer: C
NEW QUESTION 37
Refer to the exhibit:
A customer has configured onboard in a cluster with two nodes All devices were onboarded in the network through node1but those clients tail to authenticate through node2 with the error shown. What steps would you suggest to make provisioning and authentication work across the entire cluster? (Select three.)
- A. Make sure that the EAP certificates on both nodes are issued by one common root Certificate Authority (CA).
- B. Configure the Onboard Root CA to trust the Policy Manager EAP certificate root.
- C. Make sure that the HTTPS certificate on both nodes is issued as a Code Signing certificate
- D. Have all of the BYOD clients re-run the Onboard process
- E. Configure the Network Settings in Onboard to trust the Policy Manager EAP certificate
- F. Have all of the BYOD clients disconnect and reconnect to me network
Answer: A,B,E
NEW QUESTION 38
Refer to the exhibit:
You have configured an Onboard portal for single SSID provision. During testing you notice that the QuickConnect Application did not display the "Connect" button, only the finish button. To get connected the test user had to manually connect to the secure-HS-5007 SSID but was prompted for a username and password.
Using the screenshots as a reference, how would you fix this issue?
- A. Check the network settings for the correct SSID name spelling.
- B. Install a public signedHTTPs web server certificate on the ClearPass server.
- C. Change the network settings to use EAP-TLS for the authentication protocol.
- D. Configure the SSID to support both EAP-PEAP and EAP-TLS authentication method.
Answer: A
NEW QUESTION 39
Refer to the exhibit:
Your company has a postgres SQL database with the MAC addresses of the company-owned tablets You have configured a role mapping condition to tag the SQL devices. When one of the tablets connects to the network, it does not get the correct role and receives a deny access profile.
How would you resolve the issue?
- A. Edit the SQL authentication source niter attributes and modify the SQL server filter query.
- B. Enable authorization tab in the service and add the SQL server as an authorization source.
- C. Remove SQL condition from role mapping policy and add it under the enforcement policy conditions.
- D. Add the SQL server as an authentication source and map .t under the authentication tab in the service.
Answer: A
NEW QUESTION 40
Refer to the exhibit:
A customer is trying to configure a TACACS Authentication Service for administrative access to the Aruba Controller, During testing the authentication is not successful Given the screen shot what could be the reason for the Login status REJECT?
- A. The password used by the administrative user,user is wrong.
- B. The Enforcement profile used is not a TACACS profile.
- C. The Read-only Administrator role does not exist on the Controller.
- D. The Enforcement profile is not designed to be used on Aruba Controller.
Answer: A
NEW QUESTION 41
Refer to the exhibit:
The customer configured an 802.1x service with different enforcement actions for personal and corporate laptops. The corporate laptops are always being redirected to the BYOD Portal. The customer has sent you the above screenshots.
How would you resolve the issue? (Select two)
- A. Remove the EAP-PEAP with [user authenticated] condition for Onboard and create another service
- B. Modify the enforcement policy and change the rule evaluation algorithm to select first match
- C. Modify the enforcement policy and re-order the EAP-PEAP with [user authenticated] rule to the last condition.
- D. Modify the enforcement policy and re-order the condition with Posture - Unknown as the fifth condition
- E. Modify the enforcement policy and re-order the condition with posture not_equals to healthy as the sixth condition
Answer: C,D
NEW QUESTION 42
Refer to the exhibit:
Your customer configured a ClearPass server to process the Guest and Secure SSIDs broadcastingfrom both Aruba and Cisco WLAN controllers When an Employee connects to Aruba or Cisco secure SSID, the authentication hits the guest service causing the client to fail the connection to the network.
What change can be implemented to make both the secure and guest services created for Aruba and Cisco devices to work correctly?
- A. Move the HS_Building Aruba 802.1x service to the second position in the service order.
- B. Move the HS-Guest User Authentication with MAC Caching service to the first position.
- C. Modify the service rule matching algorithm to ALLin HS-GuestUser Authentication service.
- D. Disable HS-Guest User Authentication service and move HS-Guest MAC Authentication to seventh position.
Answer: B
NEW QUESTION 43
A Customer has these requirements:
* 2.000 loT endpoints that use MAC authentication
* 6,000 endpoints using a mix of username/password and certificate (Corporate/BYOD) based authentication
* 1,000 guest endpoints at peak usage that use guest self-registration
* 1500 BYOD devices estimated as 3 devices per User (500 users)
* 2,500 endpoints that have OnGuard installed and connect on a daily basis What licenses should be installed to meet customer requirements?
- A. 11,500 Access, 1,500 Onboard, 2.500 Onguard
- B. 9,000 Access, 500 Onboard. 2.500 Onguard
- C. 13.000 Access, 1.500 Onboard, 2,500 Onguard
- D. 11,500 Access, 500 Onboard, 2,500 Onguard
Answer: A
NEW QUESTION 44
A customer would like to allow only the AD users with the "Manager" title from the "HQ" location to Onboard their personal devices. Any other AD users should not be authorized to pass beyond the initial device provisioning page. Which Onboard service will you use to implement this requirement?
- A. Onboard Authorization service
- B. Onboard Pre-Auth service
- C. Onboard Provisioning service
- D. Onboard CP login service
Answer: D
NEW QUESTION 45
You have recently implemented a serf-registration portal in ClearPass Guest to be used on a Guest SSID broadcast from an Aruba controller. Your customer has started complaining that the users are not able to reliably access the internet after clicking the login button on the receipt page. They tell you that the users willclick the login button multiple times and alter about a minute they gain access.
What could be causing this issue?
- A. The guest client is delayed getting an IP address from the DHCP server.
- B. The guest users are assigned a firewall user role that has a rate limit.
- C. The self-registration page is configured with a 1 minute login delay.
- D. The enforcement profile on ClearPass is set up with an lETF:session delay.
Answer: C
NEW QUESTION 46
Refer to the exhibit:
You have configured Onboard but me customer could not onboard one of his devices and has sent you the above screenshots. How could you resolve the issue?
- A. Increase the maximum number ofdevices allowed by the individual user account.
- B. Instruct the user to delete the profile on one of their other BYOD devices.
- C. Instruct the user to run the Quick connect application in Sponsor Mode.
- D. Increase the maximum number ofdevices that all users can provision to 3.
Answer: D
NEW QUESTION 47
Refer to the exhibit:
A customer has configured Onboard and Windows devices workas expected but cannot get the Apple iOS devices to Onboard successfully. Where would you look to troubleshoot the Issued (Select two)
- A. Check if the customer has installed the sameinternal PKl signed RADIUS server certificate as the HTTPS server certificate.
- B. Check if the customer has Instated a custom HTTPS certificate for IDS and another internal PKl HTTPS certificate for other devices.
- C. Check if the ClearPass HTTPS server certificate installed in the server is issued by a trusted commercial certificate authority.
- D. Check if the customer installed the internal PKl Root certificate presented by the ClearPass during the provisioning process.
- E. Check if a DNS entryis available for the ClearPass hostname in the certificate, resolvable from the DNS server assigned to the client.
Answer: C,E
NEW QUESTION 48
A corporate ClearPass Cluster with two servers located at a single site, has both Management and Data port IP addresses configured. The Management port IPs are in the DataCenter networks subnet, while the Data port IPs are in the DMZ. What is the difference between using one Virtual IP for the AAA traffic versus sending AAA requests to the physical IPs for each server? (Select two.)
- A. One Virtual IP can be used together with the individual server IPs for load balancing.
- B. The Individual IPs can provide failover and load balancing.
- C. The failover can be accomplished only by using Virtual IP.
- D. By using the Virtual IP, the failover convergence is faster than using individual server IPs.
- E. Using the one Virtual IP can provide failover and load balancing.
Answer: B,E
NEW QUESTION 49
What is the Secure SSID {otherwise referred to as Single SSID) OnBoard deployment service workflow?
- A. OnBoard Provisioning RADIUS service, OnBoard Authorization Application service, OnBoard Pre-Auth Application service, OnBoard Provisioning RADIUS service
- B. OnBoard Provisioning RADIUS service, OnBoard Pre-Auth RADIUS service, OnBoard Authorization Application service. OnBoard Provisioning RADIUS service
- C. OnBoard Provisioning RADIUS service, OnBoard Authorization RADIUS service. OnBoard Pre-Auth Application service, OnBoard Provisioning RADIUS service
- D. OnBoard Provisioning RADIUS service, OnBoard Pre-Auth Application service. OnBoard Authorization Application service, OnBoard Provisioning RADIUS service
Answer: C
NEW QUESTION 50
A customer has created a Guest Sett-Registration page that they would like to use it as'template'for all the new pages that are going to be created from now on. Their goal is to ensure that the header and footer on every page are the same, and any edits made to them are automatically reflected on every Self-Registration Page.
What should be configured in order to accomplish this request?
- A. Save this "template" page as a new Skin to be used on other Self-Registration pages
- B. Save the "template" page as Master Self-Registration page
- C. Copy the "template" page and edit it each time a new Self-Registration Page is needed
- D. Create child pages when creating new Self-Registration pages and select the "template" as Parent
Answer: A
NEW QUESTION 51
A customer is planning to implement machine and user authentication on infrastructure with one Aruba Controller and a single ClearPass Server What should the customer consider while designing this solution?
(Select three.)
- A. The Windows User must log off, restart or disconnect their machine to initiate a machine authentication before the cache expires.
- B. The customer does not need to worry about Multi-Master Cache Survivability because the Controller will also cache the machine state.
- C. Machine Authentication only uses EAP TLS, as such a PKI infrastructure should be in place for machine authentication.
- D. Onboard must be used to install the Certificates on the personal devices to do the user and machine authentication.
- E. The machine authentication status is written in the Multi-master cache on the ClearPass Server for 24 hrs.
- F. The Customer should enable Multi-Master Cache Survivability as the Aruba Controller will not cache the machine state.
Answer: C,D,E
NEW QUESTION 52
When is it recommendedto use a certificate with multiple entries on the Subject Alternative Name?
- A. The ClearPass servers are placed in different OnGuard zones to allow the client agent to send SHV updates.
- B. Using the same certificate to Onboard clients and the Guest Captive Portal on a single ClearPass server.
- C. The primary authentication server Is not available to authenticate the users.
- D. The ClearPass server will be hosting captive portal pages for multiple FQDN entries
Answer: A
NEW QUESTION 53
Where is the following information stored in ClearPass?
- Roles and Posture for Connected Clients - System Health for OnGuard - Machine authentication State - CoA session info - Mapping of connected clients to NAS/NAD
- A. ClearPass system cache
- B. Multi-Master cache
- C. Endpoint database
- D. insight database
Answer: A
NEW QUESTION 54
A customer is complaining that some ofthe devices, in their manufacturing network, are not getting profiled while other loT devices from the same subnet have been correctly profiled. The network switches have been configured for DHCP IP helpers and IF-MAP has been configured on the Aruba Controllers. What can the customer do to discover those devices as well? (Select two.)
- A. Allow time for IF-MAP service on the controller to discover the new devices as well.
- B. Update the Fingerprints Dictionary to the latest in case new devices have been added.
- C. Open a TAC case to help you troubleshoot the DHCP device profile functionality.
- D. Add the ClearPass Server IP as an IP helper address on the default gateway as well.
- E. Manually create a new device fingerprint for the devices that are not being profiled.
Answer: A,E
NEW QUESTION 55
You are integrating a Postgres SQL server with the ClearPass Policy Manager What steps will you follow to complete the integration process? (Select three)
- A. Specify a new filter with filter queries to fetch authentication and authorization attributes.
- B. Create a new Endpoint context server andadd the SQL server IP, credentilas and the database name.
- C. Click on the default filter name with pre-defined filter queries and check box to enable as role.
- D. Alias Name under filter configuration must match one of the columns being requested from the database table.
- E. Attribute Name under filter configuration must match one of the columns being requested from the database table.
- F. Create a new authentication source and add the SQL server IP, credentials and the database name.
Answer: A,B,F
NEW QUESTION 56
......
HPE6-A77 Dumps - Pass Your Certification Exam: https://freecert.test4sure.com/HPE6-A77-exam-materials.html