CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. HP
  5. HPE6-A68

Free HPE6-A68 Exam Braindumps (page: 9)

Page 8 of 30
PDF with 116 Questions

A ClearPass administrator wants to make Enforcement decisions during 802.1x authentication based on a client's Onguard posture token.
Which Enforcement profile should be used on the health check service?

  1. RADIUS CoA
  2. Quarantine VLAN
  3. Full Access VLAN
  4. RADIUS Accept
  5. RADIUS Reject

Answer(s): A

Explanation:

The Health Check Service requires a profile to terminate the session so that the RADIUS 802.1X authentication Service can use the posture token in a new authentication routine. The terminate session profile will utilize the Change of Authorization feature to force a re-authentication.
See step 6) below.
Navigate to the list of Enforcement Profiles by selecting, Configuration > Enforcement > Profiles.
2. Click the + Add link in the upper right hand corner.
3. From the Template dropdown menu, choose RADIUS Change of Authorization (CoA).
4. Name the policy.
This example uses Dell Terminate Session as the profile name.
5. Leave all the other settings as default, and click Next > to move to the Attributes tab.
6. On the dropdown menu for Select RADIUS CoA Template, choose IETF-Terminate-Session-IETF.
7. Click Next > and review the Summary tab (Figure 22).
8. Click Save.


Reference:

ClearPass NAC and Posture Assessment for
Campus Networks Configuring ClearPass OnGuard, Switching, and Wireless (v1.0) (September 2015), page 22
http://en.community.dell.com/cfs-file/__key/telligent-evolution-components-attachments/13-4629- 00-00-20-44-16-18/ClearPass-NAC-and-Posture-Assessment-for-Campus- Networks.pdf?forcedownload=true



Refer to the exhibit.



Based on the Endpoint information shown, which collectors were used to profile the device as Apple iPad? (Select two.)

  1. HTTP User-Agent
  2. SNMP
  3. DHCP fingerprinting
  4. SmartDevice
  5. Onguard Agent

Answer(s): A,C

Explanation:

HTTP User-Agent
In some cases, DHCP fingerprints alone cannot fully classify a device. A common example is the Apple family of smart devices; DHCP fingerprints cannot distinguish between an Apple iPad and an iPhone. In these scenarios, User-Agent strings sent by browsers in the HTTP protocol are useful to further refine classification results.
User-Agent strings are collected from:
* ClearPass Guest
* ClearPass Onboard
* Aruba controller through IF-MAP interface
Note: Collectors are network elements that provide data to profile endpoints. The following collectors send endpoint attributes to Profile:
* DHCP
DHCP snooping
Span ports
* ClearPass Onboard
* HTTP User-Agent
*MAC OUI ­ Acquired via various auth mechanisms such as 802.1X, MAC auth, etc.
* ActiveSync plugin
* CPPM OnGuard

*SNMP
* Subnet Scanner
* IF-MAP
* Cisco Device Sensor (Radius Accounting)
* MDM


Reference:

Tech Note: ClearPass Profiling (2014), page 11 https://community.arubanetworks.com/aruba/attachments/aruba/ForoenEspanol/653/1/ClearPass %20Profiling%20TechNote.pdf



Refer to the exhibit.



A user who is tagged with the ClearPass roles of Role_Engineer and developer, but not testqa, connects to the network with a corporate Windows laptop.
Which Enforcement Profile is applied?

  1. WIRELESS_GUEST_NETWORK
  2. WIRELESS_CAPTIVE_NETWORK
  3. WIRELESS_HANDHELD_NETWORK
  4. Deny Access
  5. WIRELESS_EMPLOYEE_NETWORK

Answer(s): E

Explanation:

MATCHES_ANY: For list data types, true if any of the run-time values in the list match one of the configured values.
Example: Tips:Role MATCHES_ANY HR,ENG,FINANCE


Reference:

http://www.arubanetworks.com/techdocs/ClearPass/Aruba_CPPMOnlineHelp/Content/CPPM_User Guide/Rules/Operators.htm



An SNMP probe is sent from ClearPass to a network access device, but ClearPass is unable to obtain profiling information.
What are likely causes? (Select three.)

  1. Only SNMP read has been configured but SNMP write is needed for profiling information.
  2. An external firewall is blocking SNMP traffic.
  3. SNMP is not enabled on the NAD.
  4. SNMP community string in the ClearPass and NAD configuration is mismatched.
  5. SNMP probing is not supported between ClearPass and NADs.

Answer(s): B,C,D

Explanation:

Verify firewall port 162 (default) is open between AMP and the controller.
SNMP must be enabled on the NAD.
The community string that ClearPass is using to access the NAD might be wrong.


Reference:

https://community.arubanetworks.com/t5/Monitoring-Management-Location/SNMP- Get-Failed-quot-error-message/ta-p/169774






Post your Comments and Discuss HP HPE6-A68 exam with other Community members:

HPE6-A68 Discussions & Posts