CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. HP
  5. HPE6-A68

Free HPE6-A68 Exam Braindumps (page: 8)

Page 7 of 30
PDF with 116 Questions

Refer to the exhibit.



Based on the Enforcement Policy configuration shown, when a user with Role Remote Worker connects to the network and the posture token assigned is quarantine, which Enforcement Profile will be applied?

  1. RestrictedACL
  2. Remote Employee ACL
  3. [Deny Access Profile]
  4. EMPLOYEE_VLAN
  5. HR VLAN

Answer(s): B

Explanation:

The first rule will match, and the Remote Employee ACL will be used.



Refer to the exhibit.



Based on the Access Tracker output for the user shown, which statement describes the status?

  1. The Aruba Terminate Session enforcement profile as applied because the posture check failed.
  2. A Healthy Posture Token was sent to the Policy Manager.
  3. A RADIUS-Access-Accept message is sent back to the Network Access Device.
  4. The authentication method used is EAP-PEAP.
  5. A NAP agent was used to obtain the posture token for the user.

Answer(s): B

Explanation:

We see System Posture Status: HEALTHY(0)
End systems that pass all SHV tests receive a Healthy Posture Token, if they fail a single test they receive a Quarantine Posture Token.


Reference:

CLEARPASS ONGUARD CONFIGURATION GUIDE (July 2015), page 13 https://community.arubanetworks.com/aruba/attachments/aruba/aaa-nac-guest-access- byod/21122/1/OnGuard%20config%20Tech%20Note%20v1.pdf



Why can the Onguard posture check not be performed during 802.1x authentication?

  1. Health Checks cannot be used with 802.1x.
  2. Onguard uses RADIUS, so an additional service must be created.
  3. Onguard uses HTTPS, so an additional service must be created.
  4. Onguard uses TACACS, so an additional service must be created.
  5. 802.1x is already secure, so Onguard is not needed.

Answer(s): C

Explanation:

OnGuard uses HTTPS to send posture information to the ClearPass appliance. For OnGuard to use HTTPS, it must have access to the network. If a customer requires 802.1x authentication on the wired switch, a separate 802.1x authentication must be used prior to the OnGuard posture check. In this example, an 802.1x PEAP-EAP-MSCHAPv2 authentication is completed first. A separate WebAuth service must be setup with posture checks to use the OnGuard agent. Reference:
MAC Authentication and OnGuard Posture Enforcement using Dell WSeries ClearPass and Dell Networking Switches (August 2013), page 21



Refer to the exhibit.



Based on the Enforcement Profile configuration shown, which statement accurately describes what is sent?

  1. A limited access VLAN value is sent to the Network Access Device.
  2. An unhealthy role value is sent to the Network Access Device.
  3. A message is sent to the Onguard Agent on the client device.
  4. A RADIUS CoA message is sent to bounce the client.
  5. A RADIUS access-accept message is sent to the Controller

Answer(s): C

Explanation:

The OnGuard Agent enforcement policy retrieves the posture token. If the token is HEALTHY it returns a healthy message to the agent and bounces the session. If the token is UNHEALTHY it returns an unhealthy message to the agent and bounces the session.


Reference:

CLEARPASS ONGUARD CONFIGURATION GUIDE (July 2015), page 27






Post your Comments and Discuss HP HPE6-A68 exam with other Community members:

HPE6-A68 Discussions & Posts