HPE6-A77 Online Practice Questions and Answers

Refer to the exhibit:

A customer is deploying Guest Self-Registration with Sponsor Approval but does not like the format of the sponsor email. Where can you change the sponsor email?

A. in the Receipt Page - Actions

B. in the Sponsor Confirmation section

C. in me Configuration - Receipts - Email Receipts

D. in the Configuration - Receipts - Templates

You have configured a Guest SSID with Captive-portal Web Authentication and MAC authentication The MAC caching expiry time set to 12 hours and the Guest Account expiration time is set to 8 hours. What will happen if the guest were to disconnect from the SSID and re-connect 9 hours later?

A. The client will tail the MAC authentication and be denied access to the Guest SSID.

B. The client will successfully pass the mac authentication until the mac caching time expires.

C. The client will successfully pass the MAC authentication but still be redirected to captive portal page.

D. The client will fail the MAC authentication and will be redirected to the Captive-portal login page.

What is used to validate the EAP Certificate? (Select three.)

A. Common Name

B. Date

C. Key usage

D. Server Identity

E. SAN entries

F. Trust chain

You have integrated ClearPass Onboard with Active Directory Certificate Services (ADCS) web enrollment

to sign the final device TLS certificates. The customer would also like to use ADCS for centralized

management of TLS certificates including expiration, revocation, and deletion through ADCS.

What steps will you follow to complete the requirement?

A. Remove the EAP-TLS authentication method and add "EAP-TLS with OCSP Enabled' authentication method in the OnBoard Provisioning service. No other configuration changes are required.

B. Copy the [EAP-TLS with OSCP Enabled) authentication method and set the correct ADCS server OCSP URL, remove EAP-TLS and map the custom created method to the Onboard Provisioning Service.

C. Copy the default [EAP-TLS with OSCP Enabled] authentication method and update the correct ADCS server OCSP URL. remove EAP-TLS and map the custom created method to the OnBoard Authorization Service.

D. Edit the [EAP-TLS with OSCP Enabled) authentication method and set the correct ADCS server OCSP URL. remove EAP-TLS and map the [EAP-TLS with OSCP Enabled) method to the Onboard Provisioning Service.

You have Integrated ClearPass Onboard with Active Directory Certificate Services (ADCS) web enrollment to sign the Anal device TLS certificates The Onboard provisioning process completes successfully but when the user finally clicks connect, the user falls to connect to the network with an unknown_ca certificate error. What steps will you follow to complete the requirement?

A. Make sure that the ClearPass servers are using the default self-signed certificates for both SSL and RADIUS server identity

B. Add the ADCS root certificate to both the CPPM Certificate trust list and to the Onboard Certificate Store trust list

C. Make sure both the ClearPass servers have different certificates used for both SSL and RADIUS server identity.

D. Export the self-signed certificate from the ClearPass servers and manually add them as trusted certificates in clients

A customer has acquired another company that has its own Active Directory infrastructure The 802 1X authentication works with the customers original Active Directory servers but the customer would like to authenticate users from the acquired company as well. What steps are required, in regards to the Authentication Sources, in order to support this request? (Select two.)

A. Create a new Authentication Source, type Active Directory.

B. Join the ClearPass server(s) to the new AD domain.

C. Add the new AD server(s) as backup into the existing Authentication Source.

D. There is no need to Join ClearPass to the new AD domain.

E. Create a new Authentication Source, type Generic LDAP.

A customer is looking to implement a Web-Based Health Check solution with the following requirements:

for the HR user's client devices, check if a USB stick is mounted.

for the RandD user's client devices, check if the hard disk is fully encrypted.

The Web-Based Health Check service has been configured but the customer it is not sure how to design

the Profile Policy.

How can be accomplished this customer request?

A. create two Posture Policies and customize the OnGuard Agent (Persistent or Dissolvable) to select the correct SHV checks

B. create one Posture Policy and define Rules Conditions that will apply different Tokens for each SHV check condition

C. create two Posture Policies and use the Restrict by Roles option to filter for HR and RandD user roles and apply the correct SHV checks

D. create one Posture Policy to check the HR users client devices and use the NAP Agent to check RandD users client devices

Where is the following information stored in ClearPass?

1.

Roles and Posture for Connected Clients

2.

System Health for OnGuard

3.

Machine authentication State

4.

CoA session info

5.

Mapping of connected clients to NAS/NAD

A. Multi-Master cache

B. Endpoint database

C. insight database

D. ClearPass system cache

Refer to the exhibit:

Your company has a postgres SQL database with the MAC addresses of the company-owned tablets You

have configured a role mapping condition to tag the SQL devices. When one of the tablets connects to the

network, it does not get the correct role and receives a deny access profile.

How would you resolve the issue?

A. Remove SQL condition from role mapping policy and add it under the enforcement policy conditions.

B. Edit the SQL authentication source niter attributes and modify the SQL server filter query.

C. Add the SQL server as an authentication source and map .t under the authentication tab in the service.

D. Enable authorization tab in the service and add the SQL server as an authorization source.

You are integrating a Postgres SQL server with the ClearPass Policy Manager. What steps will you follow to complete the integration process? (Select three)

A. Click on the default filter name with pre-defined filter queries and check box to enable as role.

B. Specify a new filter with filter queries to fetch authentication and authorization attributes.

C. Attribute Name under filter configuration must match one of the columns being requested from the database table.

D. Create a new Endpoint context server and add the SQL server IP, credentilas and the database name.

E. Alias Name under filter configuration must match one of the columns being requested from the database table.

F. Create a new authentication source and add the SQL server IP, credentials and the database name.