IT認証試験問題集
毎月、ITshikenは1500人以上の受験者が試験準備を助けて、試験に合格するために受験者にご協力します
 ホームページ / HPE6-A15 問題集  / HPE6-A15 問題練習

HP HPE6-A15 問題練習

Aruba Certified Clearpass Professional 6.5 試験

最新更新時間: 2019/05/10,合計81問。

平成から令和へ:HPE6-A15 最新真題を買う時、日本語版と英語版両方を同時に獲得できます。

実際の問題集を練習し、試験のポイントを了解し、テストに申し込むするかどうかを決めることができます。

さらに試験準備時間の35%を節約するには、HPE6-A15 問題集を使用してください。

 / 6

Question No : 1
Refer to the exhibit.



A user who is tagged with the ClearPass roles of Role_Engineer and developer, but not testqa, connects to the network with a corporate Windows laptop.
Which Enforcement Profile is applied?

正解:
Explanation:
MATCHES_ANY: For list data types, true if any of the run-time values in the list match one of the configured values. Example: Tips:Role MATCHES_ANY HR,ENG,FINANCE
References: http://www.arubanetworks.com/techdocs/ClearPass/Aruba_CPPMOnlineHelp/Content/ CPPM_UserGuide/Rules/Operators.htm

Question No : 2
Refer to the exhibit.



Based on the Endpoint information shown, which collectors were used to profile the device as Apple iPad? (Select two.)

正解:
Explanation:
HTTP User-Agent In some cases, DHCP fingerprints alone cannot fully classify a device. A common example is the Apple family of smart devices; DHCP fingerprints cannot distinguish between an Apple iPad and an iPhone. In these scenarios, User-Agent strings sent by browsers in the HTTP protocol are useful to further refine classification results.
User-Agent strings are collected from:
* ClearPass Guest
* ClearPass Onboard
* Aruba controller through IF-MAP interface
Note: Collectors are network elements that provide data to profile endpoints.
The following collectors send endpoint attributes to Profile:
* DHCP DHCP snooping Span ports
* ClearPass Onboard
* HTTP User-Agent
* MAC OUI C Acquired via various auth mechanisms such as 802.1X, MAC auth, etc.
* ActiveSync plugin
* CPPM OnGuard *SNMP
* Subnet Scanner
* IF-MAP
* Cisco Device Sensor (Radius Accounting)
* MDM
References: Tech Note: ClearPass Profiling (2014), page 11 https://community.arubanetworks.com/aruba/attachments/aruba/ForoenEspanol/653/1/ClearPass% 20Profiling%20TechNote.pdf

Question No : 3
A ClearPass administrator wants to make Enforcement decisions during 802.1x authentication based on a client’s Onguard posture token.
Which Enforcement profile should be used on the health check service?

正解:
Explanation:
The Health Check Service requires a profile to terminate the session so that the RADIUS 802.1X authentication Service can use the posture token in a new authentication routine. The terminate session profile will utilize the Change of Authorization feature to force a re-authentication.
See step 6) below.
Navigate to the list of Enforcement Profiles by selecting, Configuration > Enforcement > Profiles.
Click the + Add link in the upper right hand corner.
From the Template dropdown menu, choose RADIUS Change of Authorization (CoA).
Name the policy. This example uses Dell Terminate Session as the profile name.
Leave all the other settings as default, and click Next > to move to the Attributes tab.
On the dropdown menu for Select RADIUS CoA Template, choose IETF-Terminate-Session-IETF.
Click Next > and review the Summary tab (Figure 22).
Click Save.
References: ClearPass NAC and Posture Assessment for Campus Networks Configuring ClearPass OnGuard, Switching, and Wireless (v1.0) (September 2015), page 22 http://en.community.dell.com/cfs-file/__key/telligent-evolution-components-attachments/13-4629-00-00-20­44-16-18/ClearPass-NAC-and-Posture-Assessment-for-Campus-Networks.pdf?forcedownload=true

Question No : 4
Refer to the exhibit.



Based on the Enforcement Profile configuration shown, which statement accurately describes what is sent?

正解:
Explanation:
The OnGuard Agent enforcement policy retrieves the posture token. If the token is HEALTHY it returns a healthy message to the agent and bounces the session. If the token is UNHEALTHY it returns an unhealthy message to the agent and bounces the session.
References: CLEARPASS ONGUARD CONFIGURATION GUIDE (July 2015), page 27

Question No : 5
Why can the Onguard posture check not be performed during 802.1x authentication?

正解:
Explanation:
OnGuard uses HTTPS to send posture information to the ClearPass appliance. For OnGuard to use HTTPS, it must have access to the network. If a customer requires 802.1x authentication on the wired switch, a separate 802.1x authentication must be used prior to the OnGuard posture check. In this example, an 802.1x PEAP-EAP-MSCHAPv2 authentication is completed first. A separate WebAuth service must be setup with posture checks to use the OnGuard agent.
References: MAC Authentication and OnGuard Posture Enforcement using Dell WSeries ClearPass and Dell Networking Switches (August 2013), page 21

Question No : 6
Refer to the exhibit.



Based on the Access Tracker output for the user shown, which statement describes the status?

正解:
Explanation:
We see System Posture Status: HEALTHY(0)
End systems that pass all SHV tests receive a Healthy Posture Token, if they fail a single test they receive a Quarantine Posture Token.
References: CLEARPASS ONGUARD CONFIGURATION GUIDE (July 2015), page 13 https://community.arubanetworks.com/aruba/attachments/aruba/aaa-nac-guest-access-byod/21122/1/ OnGuard%20config%20Tech%20Note%20v1.pdf

Question No : 7
Refer to the exhibit.



Based on the Enforcement Policy configuration shown, when a user with Role Remote Worker connects to the network and the posture token assigned is quarantine, which Enforcement Profile will be applied?

正解:
Explanation:
The first rule will match, and the Remote Employee ACL will be used.

Question No : 8
A customer with an Aruba Controller wants it to work with ClearPass Guest.
How should the customer configure ClearPass as an authentication server in the controller so that guests are able to authenticate successfully?

正解:
Explanation:

Question No : 9
Refer to the exhibit.



Based on the information shown, what is the purpose of using [Time Source] for authorization?

正解:

Question No : 10
Refer to the exhibit.



An Enforcement Profile has been created in the Policy Manager as shown.
Which action will ClearPass take based on the Enforcement Profile?

正解:
Explanation:
Session Timeout (in seconds) - Configure the agent session timeout interval to re-evaluate the system health again. OnGuard triggers auto-remediation using this value to enable or disable AV-RTP status check on endpoint. Agent re-authentication is determined based on session-time out value. You can specify the session timeout interval from 60 C 600 seconds. Setting the lower value for session timeout interval results numerous authentication requests in Access Tracker page. The default value is 0.
References: http://www.arubanetworks.com/techdocs/ClearPass/Aruba_CPPMOnlineHelp/Content/ CPPM_UserGuide/Enforce/EPAgent_Enforcement.htm

Question No : 11
A hotel chain deployed ClearPass Guest. When hotel guests connect to the Guest SSID, launch a web browser and enter the address www.google.com, they are unable to immediately see the web login page.
What are the likely causes of this? (Select two.)

正解:
Explanation:
You would need a publicly signed certificate.
References: http://community.arubanetworks.com/t5/Security/Clearpass-Guest-certificate-error-for-guest­visitors/td-p/221992

Question No : 12
Refer to the exhibit.



Based on the information shown, which field in the Captive Portal Authentication profile should be changed so that guest users are redirected to a page on ClearPass when they connect to the Guest SSID?

正解:
Explanation:
The Login page is the URL of the page that appears for the user logon. This can be set to any URL. The Welcome page is the URL of the page that appears after logon and before redirection to the web URL. This can be set to any URL.
References: http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Content/ ArubaFrameStyles/Captive_Portal/Captive_Portal_Authentic.htm

Question No : 13
Refer to the exhibit.



Based on the configuration of the create_user form shown, which statement accurately describes the status?

正解:
Explanation:
References: https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/expire-timezone­field-is-not-showing-up-on-the-create-user-form/ta-p/250230

Question No : 14
Refer to the exhibit.



A user logged in to the Self-Service Portal as shown.
What do the traffic received and sent statistics present?

正解:

Question No : 15
Refer to the exhibit.



Based on the guest Self-Registration with Sponsor Approval workflow shown, at which stage is an email request sent to the sponsor?

正解:
Explanation:
There's the Self Service part of provisioning one's information. Then the sponsor/operator part to confirm that guest is valid. Then the enablement via the sponsor/operator clicking 'confirm'.



References: https://community.arubanetworks.com/t5/Security/Guest-Captive-Portal-sponsor-approval­architecture/td-p/267625

 / 6