1. Home
  2. HP
  3. HPE6-A77

Aruba Certified ClearPass Expert Written

Exam Details

  • Exam Code
    :HPE6-A77
  • Exam Name
    :Aruba Certified ClearPass Expert Written
  • Certification
    :HP Certifications
  • Vendor
    :HP
  • Total Questions
    :60 Q&As
  • Last Updated
    :Mar 26, 2025

HP HP Certifications HPE6-A77 Questions & Answers

  • Question 11:

    A customer has deployed an OnGuard Solution to all the corporate devices using a group policy rule to push the OnGuard Agents. The network administrator is complaining that some of the agents are communicating to the ClearPass server that is located in a DMZ, outside the firewall The network administrator wants all of the agents System Health Validation traffic to stay inside the Management subnets. What can the ClearPass administrator do to move the traffic only to the ClearPass Management Ports?

    A. Edit the agent.conf file being deployed to the clients to use the ClearPass Management Port for SHV updates.

    B. Select the correct OnGuard Agent installer, and use the one configured for Management Port for the clients.

    C. Configure a Policy Manager Zone mapping so the OnGuard agent will use the Management Port IP.

    D. Filter TCP port 6658 on the firewall, forcing the OnGuard agent to use the ClearPass Management port.

  • Question 12:

    You are integrating a Postgres SQL server with the ClearPass Policy Manager. What steps will you follow to complete the integration process? (Select three)

    A. Click on the default filter name with pre-defined filter queries and check box to enable as role.

    B. Specify a new filter with filter queries to fetch authentication and authorization attributes.

    C. Attribute Name under filter configuration must match one of the columns being requested from the database table.

    D. Create a new Endpoint context server and add the SQL server IP, credentilas and the database name.

    E. Alias Name under filter configuration must match one of the columns being requested from the database table.

    F. Create a new authentication source and add the SQL server IP, credentials and the database name.

  • Question 13:

    Refer to the exhibit:

    Your company has a postgres SQL database with the MAC addresses of the company-owned tablets You

    have configured a role mapping condition to tag the SQL devices. When one of the tablets connects to the

    network, it does not get the correct role and receives a deny access profile.

    How would you resolve the issue?

    A. Remove SQL condition from role mapping policy and add it under the enforcement policy conditions.

    B. Edit the SQL authentication source niter attributes and modify the SQL server filter query.

    C. Add the SQL server as an authentication source and map .t under the authentication tab in the service.

    D. Enable authorization tab in the service and add the SQL server as an authorization source.

  • Question 14:

    Refer to the exhibit:

    A customer with multiple Aruba Controllers has just installed a new certificate for "*.customerdomain com" on all Aruba Controllers. While testing the existing guest Self-Registration page the customer noticed that the logins are failing. While troubleshooting they are finding no entries in the Event Viewer or Access Tracker for the tests. Suspecting that the Aruba Controllers may not be properly posting the credentials from the guest browser, they open the NAS Vendor Settings for the Guest Self-Registration Page. From the screen shown, how can you fix the errors?

    A. Change the "IP Address: field to" securelogin.customerdomain.com.

    B. Change the "Secure Login:" field to "Use Vendor Default".

    C. Change the "IP Address field to "captiveportal-login.customerdomain.com".

    D. Add PTR records on the DNS server for "securelogin.arubanetworks.com".

  • Question 15:

    Refer to the exhibit: You are doing a ClearPass PoC at a customer site with a single Aruba Mobility Controller. The customer asked for a demonstration of a simple Web Login functionality. You used a service template to create the guest services. During testing, the user gets redirected back to the weblogin page with an Authentication failed message. The guest configurations on the Aruba Mobility Controller are configured correctly. Why would the guest fail to authenticate successfully?

    A. The authentication source mapped in the service is incorrect, it should be mapped as (Guest Device Repository] [Local SQL DB].

    B. The username and/or password used for authentication is incorrect Re-enter the correct password on the weblogin page.

    C. The username used for authentication does not exist in the Guest User Database Create a new user and authenticate again.

    D. The Unique-Device-Count does not allow any Client devices. Update the Enforcement policy condition: Unique-Device-Count.

  • Question 16:

    Where is the following information stored in ClearPass?

    1.

    Roles and Posture for Connected Clients

    2.

    System Health for OnGuard

    3.

    Machine authentication State

    4.

    CoA session info

    5.

    Mapping of connected clients to NAS/NAD

    A. Multi-Master cache

    B. Endpoint database

    C. insight database

    D. ClearPass system cache

  • Question 17:

    Refer to the exhibit:

    You have been asked to help a Customer troubleshoot an issue. They have configured an Aruba OS

    switch (Aruba 2930 with 16.09) to do MAC authentication with profiling using ClearPass as the

    authentication source. They cannot get it working.

    Using the screenshots as a reference, how will you fix the issue?

    A. Delete the initial role in the Aruba OS switch to force the device to get the server derived user roles

    B. Use a CoA to bounce the switch port to force the port to change to the correct Aruba user role

    C. Change the Vendor settings for the Aruba OS switch to "Aruba" so that the enforcement will use the correct VSAs

    D. Modify the enforcement profile conditions with Aruba Vendor specific attributes and Aruba-user- roles

    E. User-roles are case sensitive, update the correct role with correct case in the enforcement profile

  • Question 18:

    A customer is looking to implement a Web-Based Health Check solution with the following requirements:

    for the HR user's client devices, check if a USB stick is mounted.

    for the RandD user's client devices, check if the hard disk is fully encrypted.

    The Web-Based Health Check service has been configured but the customer it is not sure how to design

    the Profile Policy.

    How can be accomplished this customer request?

    A. create two Posture Policies and customize the OnGuard Agent (Persistent or Dissolvable) to select the correct SHV checks

    B. create one Posture Policy and define Rules Conditions that will apply different Tokens for each SHV check condition

    C. create two Posture Policies and use the Restrict by Roles option to filter for HR and RandD user roles and apply the correct SHV checks

    D. create one Posture Policy to check the HR users client devices and use the NAP Agent to check RandD users client devices

  • Question 19:

    Refer to the exhibit: You configured a new Wireless 802.1X service for a Cisco WLC broadcasting the Secure-ADM-5007 SSID. The client falls to connect to the SSID. Using the screenshots as a reference, how would you fix this issue? (Select two.)

    A. Update the service condition Radius:IETF Called-Station-ld CONTAINS secure-adm-5007

    B. Make sure that the Network Devices entry for the Cisco WLC has a vendor setting of "Airspace"

    C. Remove the service condition Radius:lETF Service-Type BELONGSJTO Login-User (1). 2. 8

    D. Change the service condition to Radius:lETF Calling-Station-ld EQUALS Secure-ADM-5007

  • Question 20:

    A customer has acquired another company that has its own Active Directory infrastructure The 802 1X authentication works with the customers original Active Directory servers but the customer would like to authenticate users from the acquired company as well. What steps are required, in regards to the Authentication Sources, in order to support this request? (Select two.)

    A. Create a new Authentication Source, type Active Directory.

    B. Join the ClearPass server(s) to the new AD domain.

    C. Add the new AD server(s) as backup into the existing Authentication Source.

    D. There is no need to Join ClearPass to the new AD domain.

    E. Create a new Authentication Source, type Generic LDAP.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only HP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your HPE6-A77 exam preparations and HP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.