HPE6-A82 Online Practice Questions and Answers
A customer is setting up Guest access with ClearPass. They are considering using 802.1X for both the Employee network and the Guest network.
What are two issues the customer may encounter when deploying 802.1X with the Guest network? (Choose two.)
A. ClearPass will not be able to enforce individual Access Control policies.
B. difficult to maintain in an environment with a large number of transient guest users.
C. the lack of encryption during the authentication process.
D. Guests will not be able to be uniquely identified.
E. the high level of complexity for users to join the guest network.
Refer to the exhibit.
What does Search Base Dn do when joining an Active Directory domain? (Choose two.)
A. validates the connection details entered in the Connection Details
B. searches for the Base DN (Distinguished Name) based on what was typed in the field
C. sets the starting point in the directory tree for the Base DN (Distinguished Name) search
D. updates the Base DN (Distinguished Name) in Active Directory if no match is found
E. runs an Active Directory query that returns all results along with any matching the entered Base DN (Distinguished Name)
What is the purpose of service rules in ClearPass?
A. selects the Enforcement Profiles used in a service
B. selects the Service to process a request
C. selects the Authentication Source for the client
D. selects the Posture Policy used with OnGuard
Refer to the exhibit.
Which user authentication request will match the service rules of the Policy Service shown?
A. a wireless user connection would fail because of miss-configured service rules
B. a wireless user connected to any SSID named "CORP"
C. a wireless user connecting to any SSID on an Aruba Controller
D. a wireless user connecting to an Aruba IAP on the SSID "CORP"
What are "known" endpoints in ClearPass?
A. "Known" endpoints have be fingerprinted to determine their operating system and manufacturer.
B. These are endpoints whose beacons have been detected but have never completed authentication.
C. The label "Known" indicates rogue endpoints labeled as "friendly" or "ignore".
D. "Known" endpoints can be authenticated based on MAC address to bypass the captive portal login.
What is RADIUS Change of Authorization (CoA)?
A. It is a mechanism that enables ClearPass to assigned a User-Based Tunnel (UBT) between a switch and controller for Dynamic Segmentation.
B. It allows clients to issue a privilege escalation request to ClearPass using RADIUS to switch to TACACS+.
C. It allows ClearPass to transmit messages to the Network Attached Device/Network Attached Server (NAD/NAS) to modify a user's session status.
D. It forces the client to re-authenticate upon roaming to an access point controlled by a foreign mobility controller.
Which items can be obtained from device profiling? (Choose three.)
A. Device Category
B. Device Family
C. Device Health
D. Device Type
E. Device Location
When using Guest Authentication with MAC Caching service template, which statements are true? (Choose two.)
A. The guest authentication is provided better security than without using MAC caching.
B. The endpoint status of the client will be treated as "known" the first time the client associates to the network.
C. Which wireless SSID and wireless controller must be indicated when configuring the template.
D. The client will be required to re-enter their credentials even if still within the MAC-Auth Expiry term.
What services are recommended to be allowed by the pre-authenticated role assigned to the Client during the Captive Portal process? (Choose three.)
A. DHCP options 43 and 150
B. RADIUS to ClearPass
C. HTTPS to ClearPass
D. HTTPS to the Internet
E. DHCP address assignment
F. DNS resolution
Which Authorization Source support device profile enforcement?
A. OnGuard Repository
B. Local user Repository
C. Guest User Repository
D. Endpoint Repository