HPE6-A77 Certification – Valid Exam Dumps Questions Study Guide! (Updated 60 Questions)
HPE6-A77 Dumps are Available for Instant Access using TroytecDumps
HP HPE6-A77 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
| Topic 9 |
|
NEW QUESTION 29
A customer has configured Onboard with Single SSID provision for Aruba IAP Windows devices work as expected but cannot get the Apple iOS devices to work. The Apple iOS devices automatically get redirected to a blank page and do not get the Onboard portal page. What would you check to fix the issue?
- A. Verify if the Onboard URL is updated correctly in the external captive portal profile.
- B. Verify if Onboard Pre-Provisioning enforcement profile sends the correct Aruba user role.
- C. Verify if the checkbox "Enable bypassing the Apple Captive Network Assistant" is checked.
- D. Verify if the external captive portal profile is enabled to use HTTPS with port 443.
Answer: A
NEW QUESTION 30
You have configured a Guest SSID with Captive-portal Web Authentication and MAC authentication The MAC caching expiry time set to 12 hours and the Guest Account expiration time is set to 8 hours. What will happen if the guest were to disconnect from the SSID and re-connect 9 hours later?
- A. The client will fail the MAC authentication and will be redirected to the Captive-portal login page.
- B. The client will tail the MAC authentication and be denied access to the Guest SSID.
- C. The client will successfully pass the mac authentication until the mac caching time expires.
- D. The client will successfully pass the MAC authentication but still be redirected to captive portal page.
Answer: D
NEW QUESTION 31
A customer is looking to implement a Web-Based Health Check solution with the following requirements:
* for the HR user's client devices, check if a USB stick is mounted.
* for the R&D user's client devices, check if the hard disk is fully encrypted.
The Web-Based Health Check service has been configured but the customer it is not sure how to design the Profile Policy How can be accomplished this customer request?
- A. create two Posture Policies and customize the OnGuard Agent (Persistent or Dissolvable) to select the correct SHV checks
- B. create two Posture Policies and use the Restrict by Roles option to filter for HR and R&D user roles and apply the correct SHV checks
- C. create one Posture Policy and define Rules Conditions that will apply different Tokens for each SHV check condition
- D. create one Posture Policy to check the HR users client devices and use the NAP Agent to check R&D users client devices
Answer: A
NEW QUESTION 32
You have integrated ClearPass Onboard with Active Directory Certificate Services (ADCS) web enrollment to sign the final device TLS certificates. The customer wouldalso like to use ADCS for centralized management of TLS certificates including expiration, revocation, and deletion through ADCS.
What steps will you follow to complete the requirement?
- A. Remove the EAP-TLS authentication method and add "EAP-TLS with OCSP Enabled' authentication method in the OnBoard Provisioning service. No other configuration changes are required.
- B. Edit the [EAP-TLS with OSCP Enabled) authentication method and set the correct ADCS server OCSP URL. remove EAP-TLS and map the [EAP-TLS with OSCP Enabled) method to the Onboard Provisioning Service.
- C. Copy the [EAP-TLS with OSCP Enabled) authentication method and set the correct ADCS server OCSP URL, remove EAP-TLS and map the custom created method to the Onboard Provisioning Service.
- D. Copy the default [EAP-TLS with OSCP Enabled] authentication method and update the correct ADCS server OCSP URL. remove EAP-TLS and map the custom created method to the OnBoard Authorization Service.
Answer: A
NEW QUESTION 33
Refer to the exhibit:


Your customer configured a ClearPass server to process the Guest and Secure SSIDs broadcastingfrom both Aruba and Cisco WLAN controllers When an Employee connects to Aruba or Cisco secure SSID, the authentication hits the guest service causing the client to fail the connection to the network.
What change can be implemented to make both the secure and guest services created for Aruba and Cisco devices to work correctly?
- A. Modify the service rule matching algorithm to ALLin HS-GuestUser Authentication service.
- B. Disable HS-Guest User Authentication service and move HS-Guest MAC Authentication to seventh position.
- C. Move the HS-Guest User Authentication with MAC Caching service to the first position.
- D. Move the HS_Building Aruba 802.1x service to the second position in the service order.
Answer: C
NEW QUESTION 34
Where is the following information stored in ClearPass?
- Roles and Posture for Connected Clients - System Health for OnGuard - Machine authentication State - CoA session info - Mapping of connected clients to NAS/NAD
- A. insight database
- B. Endpoint database
- C. ClearPass system cache
- D. Multi-Master cache
Answer: C
NEW QUESTION 35
How does the RadSec improve the RADIUS message exchange? (Select two.)
- A. Only the NAD needs to trust the ClearPass Certificate.
- B. It uses UDP to exchange the radius packets.
- C. It builds a TTLS tunnel between the NAD and ClearPass.
- D. It encrypts the entire RADIUS message.
- E. It can be used on an unsecured network or the Internet.
Answer: B,D
NEW QUESTION 36
You have recently implemented a serf-registration portal in ClearPass Guest to be used on a Guest SSID broadcast from an Aruba controller. Your customer has started complaining that the users are not able to reliably access the internet after clicking the login button on the receipt page. They tell you that the users willclick the login button multiple times and alter about a minute they gain access.
What could be causing this issue?
- A. The guest users are assigned a firewall user role that has a rate limit.
- B. The self-registration page is configured with a 1 minute login delay.
- C. The enforcement profile on ClearPass is set up with an lETF:session delay.
- D. The guest client is delayed getting an IP address from the DHCP server.
Answer: B
NEW QUESTION 37
Refer to the exhibit:


The customer configured an 802.1x service with different enforcement actions for personal and corporate laptops. The corporate laptops are always being redirected to the BYOD Portal. The customer has sent you the above screenshots.
How would you resolve the issue? (Select two)
- A. Modify the enforcement policy and change the rule evaluation algorithm to select first match
- B. Modify the enforcement policy and re-order the condition with posture not_equals to healthy as the sixth condition
- C. Remove the EAP-PEAP with [user authenticated] condition for Onboard and create another service
- D. Modify the enforcement policy and re-order the EAP-PEAP with [user authenticated] rule to the last condition.
- E. Modify the enforcement policy and re-order the condition with Posture - Unknown as the fifth condition
Answer: D,E
NEW QUESTION 38
When is it recommendedto use a certificate with multiple entries on the Subject Alternative Name?
- A. The ClearPass server will be hosting captive portal pages for multiple FQDN entries
- B. Using the same certificate to Onboard clients and the Guest Captive Portal on a single ClearPass server.
- C. The ClearPass servers are placed in different OnGuard zones to allow the client agent to send SHV updates.
- D. The primary authentication server Is not available to authenticate the users.
Answer: C
NEW QUESTION 39
Which statements are true about Aruba downloadable user roles? (Select three.)
- A. Can use these roles for other authentication methods not involving ClearPass
- B. Aruba downloadable user role are universally available across the environment
- C. Can be applied only on ports or WLAN users authenticated by ClearPass.
- D. Downloadable role names must be defined in Aruba switch or controller
- E. Administering downloadable user roles can be difficult for a large enterprise
- F. Aruba downloadable user role is a built in enforcementtemplate in ClearPass
Answer: A,C,D
NEW QUESTION 40
Refer to the exhibit:
A customer has configured Onboard in a cluster. After the Primary server's failure, the BYOD devices fail to connect to the network. What would you do to troubleshoot?
- A. Check EAP certificate on the secondary node is issued by the same common root Certificate Authority (CA)
- B. Verify
the OSCP URL under TLS authentication method is mapped to http://localhost/guestmdps_ocsp.php/2 - C. Check if a DNS entry is available for the ClearPass hostname in the certificate, resolvable from the DNS server assigned to the client
- D. Reboot the active ClearPass server and reconnect the client to the SSID by selecting the correct certificate when prompted
Answer: D
NEW QUESTION 41
Refer to the exhibit:



After the helpdesk revoked the certificate of a device reported to be lost oy an employee, the lost device was seen as connected successfully to the secure network. Further testing has shown that device revocation is not working.
What steps should you follow to make device revocations work?
- A. copy the default [EAP-TLS with OSCP Enabled] authentication method and set the verify certificate using OSCP: option as "required" then configure the correct OSCF URL link for the OnBoard CA.
Remove EAP-TLS and map the new [EAP-TLS with OSCP Enabled] method to the 802 1X Radius Service. - B. Remove the EAP-TLS authentication method configuration changes are required and add "EAP-TLS with OCSP Enabled" authentication method in the OnBoard Provisioning service.
No other configuration changes are required. - C. Edit the default [EAP-TLS with OSCP Enabled] authentication method and set the Verify certificate using OSCP option as required then update the correct OSCP URL link of the OnBoard CA Remove EAP-TLS and map the new [EAP-TLS with OSCP Enabled] method to the OnBoard Provisioning Service.
- D. Copy the default [EAP-TLS with OSCP Enabled] authentication method and set The Verify certificate using OSCP option as required then update the correct OSCP URL link of the OnBoard CA. Remove EAP-TLS and map the custom created method to the OnBoard Authorization Service.
Answer: B
NEW QUESTION 42 
What are valid options for Network Access Device Settings? (Select two.)
- A. On the Attributes tab. you can enable the service to write attributes like Location and Device type based on policy.
- B. You can configure SNMP Write Settings to send commands to the devices that do not support other methods.
- C. You can configure SNMP Read Settings to monitor the load of a NAD in order not to overload it with the requests.
- D. The OnConnect Enforcement allows you to enable specific ports that trigger Enforcement when any device connects.
- E. In CLI settings, you can define the access credentials and the command templates that will be used.
Answer: A,D
NEW QUESTION 43
A customer has a ClearPass cluster deployment with one Publisher and one Subscriber configured as a Standby Publisher at the Headquarters DataCenter They also have a large remote site that is connected with an Aruba SD Branch solution over a two Mbps Internet connection. The Remote Site has two ClearPass servers acting as Subscribers. The solution implemented for the customer includes OnGuard, Guest Self Registration, and Employee 802. ix authentication. The client is complaining that users connecting to an IAP Clusters Guest SSID located at the Remote Site are experiencing a significant delay in accessing the Guest Captive Portal page.
What could be a possible cause of this behavior?
- A. The configuration of the captive portal is pointing to a link located on one of the servers in the Headquarters
- B. The ClearPass Cluster has no zones defined and the guest captive portal request is being redirected to the Publisher
- C. The captive portal page was only created on the Publisher and requests are getting redirected to a Subscriber
- D. The guest page is not optimized to work with the client browser and a proper theme should be applied
Answer: A
NEW QUESTION 44
Refer to the Exhibit:

A customer wants to integrate posture validationinto an Aruba Wireless 802.1X authentication service During testing, the client connects to the Aruba Employee Secure SSID and is redirected to the Captive Portal page where the user can download the OnGuard Agent After the Agent is installed, the client receives the Healthy token the client remains connected to the Captive Portal page ClearPass is assigning the endpoint the following roles: T2-Staff-User. (Machine Authenticated! and T2-SOL-Device.
What could cause this behavior?
- A. The Enforcement Policy conditions for rule 1 are not configured correctly.
- B. The Enforcement Profile should bounce the connection instead of a Terminate session
- C. Used Cached Results: has not been enabled In the Aruba 802.1X Wireless Service
- D. RFC-3576 Is not configured correctly on the Aruba Controller and does not update the role.
Answer: C
NEW QUESTION 45
A Customer has these requirements:
* 2.000 loT endpoints that use MAC authentication
* 6,000 endpoints using a mix of username/password and certificate (Corporate/BYOD) based authentication
* 1,000 guest endpoints at peak usage that use guest self-registration
* 1500 BYOD devices estimated as 3 devices per User (500 users)
* 2,500 endpoints that have OnGuard installed and connect on a daily basis What licenses should be installed to meet customer requirements?
- A. 11,500 Access, 500 Onboard, 2,500 Onguard
- B. 13.000 Access, 1.500 Onboard, 2,500 Onguard
- C. 9,000 Access, 500 Onboard. 2.500 Onguard
- D. 11,500 Access, 1,500 Onboard, 2.500 Onguard
Answer: D
NEW QUESTION 46
While configuring a guest solution, the customer is requesting that guest user receive accessfor four hours from their first login.Which Guest Account Expiration would you select?
- A. expire_ postlogin
- B. expire_after
- C. expire_time
- D. do_expire
Answer: B
NEW QUESTION 47
Refer to the exhibit:
You have configured Onboard but me customer could not onboard one of his devices and has sent you the above screenshots. How could you resolve the issue?
- A. Instruct the user to delete the profile on one of their other BYOD devices.
- B. Increase the maximum number ofdevices that all users can provision to 3.
- C. Increase the maximum number ofdevices allowed by the individual user account.
- D. Instruct the user to run the Quick connect application in Sponsor Mode.
Answer: B
NEW QUESTION 48
Refer to the exhibit:



You have been asked to help a Customer troubleshoot an issue. They have configured an Aruba OS switch (Aruba 2930 with 16.09) to do MAC authentication with profiling using ClearPass as the authentication source. They cannot get it working.
Using the screenshots as a reference, how will you fix the issue?
- A. Change the Vendor settings for the Aruba OS switch to "Aruba" so that the enforcement will use the correct VSAs
- B. Modifythe enforcement profile conditions with Aruba Vendor specific attributes and Aruba-user-roles
- C. Delete the initial role in the Aruba OS switch to force the device to get the server derived user roles
- D. Use a CoA to bounce the switch port to force the port to change tothe correct Aruba user role
- E. User-roles are case sensitive, update the correct role with correct case in the enforcement profile
Answer: B
NEW QUESTION 49
Refer to the exhibit:
A customer has configured Onboard and Windows devices workas expected but cannot get the Apple iOS devices to Onboard successfully. Where would you look to troubleshoot the Issued (Select two)
- A. Check if the customer has Instated a custom HTTPS certificate for IDS and another internal PKl HTTPS certificate for other devices.
- B. Check if the ClearPass HTTPS server certificate installed in the server is issued by a trusted commercial certificate authority.
- C. Check if the customer installed the internal PKl Root certificate presented by the ClearPass during the provisioning process.
- D. Check if the customer has installed the sameinternal PKl signed RADIUS server certificate as the HTTPS server certificate.
- E. Check if a DNS entryis available for the ClearPass hostname in the certificate, resolvable from the DNS server assigned to the client.
Answer: B,E
NEW QUESTION 50
......
HP HPE6-A77 Exam Practice Test Questions: https://www.troytecdumps.com/HPE6-A77-troytec-exam-dumps.html