Pass Your Exam With 100% Verified HPE6-A77 Exam Questions [Q19-Q36]

Pass Your Exam With 100% Verified HPE6-A77 Exam Questions

HPE6-A77 Dumps PDF - HPE6-A77 Real Exam Questions Answers

HP HPE6-A77 Exam Syllabus Topics:

Topic	Details
Topic 1	TACACS authentication from Network Access Devices Integration of Authorization Sources and External Context Servers into Enforcement
Topic 2	High Availability and Redundancy Design, including Virtual IP addressing and Standby Publisher Secure Access Design and Implementation
Topic 3	Integration of Posture results in secure service Enforcement Authentication Methods and OCSP to insure proper Certificate revocation
Topic 4	Quarantine and remediation based on Posture Token and the status of the agent Implimentation of both Server and Controller Initiated Captive Portal Authentication
Topic 5	Integration of Endpoint Profiling into Enforcement Cluster Layout positioning of Publisher and Subscribers, Use of Policy Manager Zones
Topic 6	Customized Admin Privileges for the Policy Manager Self-Registration both with and without sponsorship
Topic 7	Implimenting Guest Access on both wired and wireless infrastructure Understand Service Selection Rules Guest Access Design and Implementation
Topic 8	ClearPass Admin Login service processing and profile mapping Secure Access Services and Enforcement, Role Mapping
Topic 9	Configuration and enforcement of webauth service for posture Authentication Sources Including Active Directory

 

NEW QUESTION 19
Refer to the exhibit:

A customer is deploying Guest Self-Registration with Sponsor Approval but does not like the format of the sponsor email. Where can you change the sponsor email?

• A. in the Sponsor Confirmation section
• B. in the Configuration - Receipts - Templates
• C. in the Receipt Page - Actions
• D. in me Configuration - Receipts - Email Receipts

Answer: A

 

NEW QUESTION 20
Refer to the exhibit:



You are doing a ClearPass PoC at a customer site with a single Aruba Mobility Controller. The customer asked for a demonstration of a simple Web Login functionality. You used a service template to create the guest services. During testing, the usergets redirected back to the weblogin page with an Authentication failed message. The guest configurations on the Aruba Mobility Controller are configured correctly.
Why would the guest fail to authenticate successfully?

• A. The authentication source mapped in the service is incorrect, it should be mapped as (Guest Device Repository] [Local SQL DB].
• B. The username and/or password used for authentication is incorrect Re-enter the correct password on the weblogin page.
• C. The username used for authentication does not exist in the Guest User Database Create a new user and authenticate again.
• D. The Unique-Device-Count does not allow any Client devices.Update the Enforcement policy condition:
  Unique-Device-Count.

Answer: A

 

NEW QUESTION 21
Refer to the exhibit:




You have been asked to help a Customer troubleshoot an issue. They have configured an Aruba OS switch (Aruba 2930 with 16.09) to do MAC authentication with profiling using ClearPass as the authentication source. They cannot get it working.
Using the screenshots as a reference, how will you fix the issue?

• A. Change the Vendor settings for the Aruba OS switch to "Aruba" so that the enforcement will use the correct VSAs
• B. Modifythe enforcement profile conditions with Aruba Vendor specific attributes and Aruba-user-roles
• C. Delete the initial role in the Aruba OS switch to force the device to get the server derived user roles
• D. Use a CoA to bounce the switch port to force the port to change tothe correct Aruba user role
• E. User-roles are case sensitive, update the correct role with correct case in the enforcement profile

Answer: B

 

NEW QUESTION 22
Refer to the exhibit:

You have configured Onboard but me customer could not onboard one of his devices and has sent you the above screenshots. How could you resolve the issue?

• A. Instruct the user to delete the profile on one of their other BYOD devices.
• B. Increase the maximum number ofdevices that all users can provision to 3.
• C. Increase the maximum number ofdevices allowed by the individual user account.
• D. Instruct the user to run the Quick connect application in Sponsor Mode.

Answer: B

 

NEW QUESTION 23

What are valid options for Network Access Device Settings? (Select two.)

• A. On the Attributes tab. you can enable the service to write attributes like Location and Device type based on policy.
• B. You can configure SNMP Write Settings to send commands to the devices that do not support other methods.
• C. You can configure SNMP Read Settings to monitor the load of a NAD in order not to overload it with the requests.
• D. The OnConnect Enforcement allows you to enable specific ports that trigger Enforcement when any device connects.
• E. In CLI settings, you can define the access credentials and the command templates that will be used.

Answer: A,D

 

NEW QUESTION 24
Refer to the exhibit:


A customer has configured a Guest Self registration page for their Cisco Wireless network with the settings shown. What should be changed in order to successfully authenticate guests users?

• A. Login Method should be Controller-initiated - using HTTPs form submit
• B. Change the Vendor Settings to Airespace Networks
• C. Change \he IP Address to the Cisco Controller DNS name
• D. Secure Login should use HTTP

Answer: C

 

NEW QUESTION 25
A customer has a ClearPass cluster deployment with one Publisher and one Subscriber configured as a Standby Publisher at the Headquarters DataCenter They also have a large remote site that is connected with an Aruba SD Branch solution over a two Mbps Internet connection. The Remote Site has two ClearPass servers acting as Subscribers. The solution implemented for the customer includes OnGuard, Guest Self Registration, and Employee 802. ix authentication. The client is complaining that users connecting to an IAP Clusters Guest SSID located at the Remote Site are experiencing a significant delay in accessing the Guest Captive Portal page.
What could be a possible cause of this behavior?

• A. The configuration of the captive portal is pointing to a link located on one of the servers in the Headquarters
• B. The ClearPass Cluster has no zones defined and the guest captive portal request is being redirected to the Publisher
• C. The captive portal page was only created on the Publisher and requests are getting redirected to a Subscriber
• D. The guest page is not optimized to work with the client browser and a proper theme should be applied

Answer: A

 

NEW QUESTION 26
A customer has deployed an OnGuard Solution to all the corporate devices using a group policy rule to push the OnGuard Agents. The network administrator is complaining that some of the agents are communicating to the ClearPass server that is located in a DMZ, outside the firewall The network administrator wants all of the agents System Health Validation traffic to stay inside the Management subnets.
What can the ClearPass administrator do to move the traffic only to the ClearPass Management Ports?

• A. Filter TCP port 6658 on the firewall, forcing the OnGuard agent to use the ClearPass Management port.
• B. Edit the agent.conf file being deployed to the clients to use the ClearPass Management Port for SHV updates.
• C. Configure a Policy Manager Zone mapping so the OnGuard agent will use the Management Port IP.
• D. Select the correct OnGuard Agent installer, and use the one configured for Management Port for the clients.

Answer: C

 

NEW QUESTION 27
You have configured a Guest SSID with Captive-portal Web Authentication and MAC authentication The MAC caching expiry time set to 12 hours and the Guest Account expiration time is set to 8 hours. What will happen if the guest were to disconnect from the SSID and re-connect 9 hours later?

• A. The client will fail the MAC authentication and will be redirected to the Captive-portal login page.
• B. The client will tail the MAC authentication and be denied access to the Guest SSID.
• C. The client will successfully pass the mac authentication until the mac caching time expires.
• D. The client will successfully pass the MAC authentication but still be redirected to captive portal page.

Answer: D

 

NEW QUESTION 28
Refer to the exhibit:

A customer has configured onboard in a cluster with two nodes All devices were onboarded in the network through node1but those clients tail to authenticate through node2 with the error shown. What steps would you suggest to make provisioning and authentication work across the entire cluster? (Select three.)

• A. Configure the Onboard Root CA to trust the Policy Manager EAP certificate root.
• B. Have all of the BYOD clients disconnect and reconnect to me network
• C. Make sure that the HTTPS certificate on both nodes is issued as a Code Signing certificate
• D. Make sure that the EAP certificates on both nodes are issued by one common root Certificate Authority (CA).
• E. Have all of the BYOD clients re-run the Onboard process
• F. Configure the Network Settings in Onboard to trust the Policy Manager EAP certificate

Answer: A,D,F

 

NEW QUESTION 29
Refer to the exhibit:





You configured the 802 1 x service enforcement conditions with the Endpoint profiling data. When the client connects to the network. ClearPass successfully profiles the client but the client always receives an incorrect enforcement profile The configurations in the Aruba controller are completed correctly.
What is the cause of the issue?

• A. The option, use cached roles and posture from previous sessions should be enabled.
• B. The enforcement policy rules evaluation algorithm Is not configured correctly.
• C. An additional authorization source should be configured for profiling to work.
• D. The enforcement policy conditions configured with profiling data are not correct.

Answer: D

 

NEW QUESTION 30
What is used to validate the EAP Certificate? (Select three.)

• A. Common Name
• B. Date
• C. Server Identity
• D. SAN entries
• E. Trust chain
• F. Key usage

Answer: A,E,F

 

NEW QUESTION 31
Refer to the exhibit:



Your customer configured a ClearPass server to process the Guest and Secure SSIDs broadcastingfrom both Aruba and Cisco WLAN controllers When an Employee connects to Aruba or Cisco secure SSID, the authentication hits the guest service causing the client to fail the connection to the network.
What change can be implemented to make both the secure and guest services created for Aruba and Cisco devices to work correctly?

• A. Modify the service rule matching algorithm to ALLin HS-GuestUser Authentication service.
• B. Disable HS-Guest User Authentication service and move HS-Guest MAC Authentication to seventh position.
• C. Move the HS-Guest User Authentication with MAC Caching service to the first position.
• D. Move the HS_Building Aruba 802.1x service to the second position in the service order.

Answer: C

 

NEW QUESTION 32
Refer to the exhibit:





A year ago, your customer deployed an Aruba ClearPass Policy Manager Server for a Guest SSIC hosted in an IAP Cluster.The customer just created a new Web Login Page forthe Guest SSID. Even though the previous Web Login page worked test with the new Web Login Page are falling and the customer has forwarded you the above screenshots What recommendation would you give the customer to tix the issue?

• A. The customer should reset the password tor the username accx@exam com using Guest Manage Accounts
• B. The Address filed under the WebLogin Vendor settings is not configured correctly, it should be set to instantarubanetworks.com
• C. The service type configured is not correct. The Guest authentication should De an Application authentication type of service.
• D. The WebLogin Pre-Auth Check is set to Aruba Application Authentication which requires a separate application service on the policy manager

Answer: C

 

NEW QUESTION 33
A customer has created a Guest Sett-Registration page that they would like to use it as'template'for all the new pages that are going to be created from now on. Their goal is to ensure that the header and footer on every page are the same, and any edits made to them are automatically reflected on every Self-Registration Page.
What should be configured in order to accomplish this request?

• A. Save the "template" page as Master Self-Registration page
• B. Create child pages when creating new Self-Registration pages and select the "template" as Parent
• C. Save this "template" page as a new Skin to be used on other Self-Registration pages
• D. Copy the "template" page and edit it each time a new Self-Registration Page is needed

Answer: C

 

NEW QUESTION 34
There is an Aruba Controller configured to send Guest AAA requests to ClearPass. If the customer would like the most effective way to ensure the lowest license usage counts, how should the controller be configured?

• A. Aruba Controller will send stop messages only if EAP termination and Interim accounting are enabled.
• B. Aruba Controller will send stop messages only if both accounting and interim accounting are enabled.
• C. Configure EAP Termination on the Aruba Controller and the client will send a stop message.
• D. Aruba Controller will send stop messages if RADIUS Accounting Server Group is defined in the authentication profile.

Answer: C

 

NEW QUESTION 35
What is the Open SSID (otherwise referred to as Dual SSID) Onboard deployment service workflow?

• A. OnBoard Pre-Auth Application service, OnBoard Authorization Application service. OnBoard Provisioning RADIUS service
• B. OnBoard Authorization RADIUS service, OnBoard Pre-Auth Application service, OnBoard Provisioning RADIUS service
• C. OnBoard Authorization Application service, OnBoard Pre-Auth Application service, OnBoard Provisioning RADIUS service
• D. OnBoard Pre-Auth RADIUS service. OnBoard Authorization Application service. OnBoard Provisioning RADIUS service

Answer: C

 

NEW QUESTION 36
......

HPE6-A77 Dumps 100 Pass Guarantee With Latest Demo: https://www.pdfdumps.com/HPE6-A77-valid-exam.html