1. Home
  2. HP
  3. HPE6-A81

Aruba Certified ClearPass Expert Written

Exam Details

  • Exam Code
    :HPE6-A81
  • Exam Name
    :Aruba Certified ClearPass Expert Written
  • Certification
    :HP Certifications
  • Vendor
    :HP
  • Total Questions
    :60 Q&As
  • Last Updated
    :Mar 28, 2025

HP HP Certifications HPE6-A81 Questions & Answers

  • Question 21:

    A customer has a ClearPass cluster deployment with four servers, two servers at the data center and two servers at a large remote site connected over an SD-WAN solution The customer would like to implement OnGuard, Guest Self-Registration, and 802.1x authentication across their entire environment. During testing the customer is complaining that users connecting to an Instant Cluster Employee SSID at the remote site, with the OnGuard Persistent Agent installed are randomly getting their health check missed. What could be a possible cause of this behavior?

    A. The OnGuard Clients are automatically mapped to the Policy Manager Zone based on their IP range but an ACL on the switch could be blocking access.

    B. The traffic on the TCP port 6658 is congested due to the fact that this port is also used by the IPsec keep-alive packets of the SD-WAN solution.

    C. The ClearPass Policy Manager zones have been defined but the local IP sub-nets have not been property mapped to the zones and the OnGuard Agent might connect to any of the servers in the cluster.

    D. The Aruba-user-role received by the IAP is filtering the TCP port 6658 to the ClearPass servers and after 10 seconds the SSL fallback gets activated and randomly generates the issue.

  • Question 22:

    There is an Aruba Controller configured to send Guest AAA requests to ClearPass. If the customer would like the most effective way to ensure the lowest license usage counts, how should the controller be configured?

    A. Aruba Controller will send stop messages only if EAP termination and Interim accounting are enabled.

    B. Aruba Controller will send stop messages if RADIUS Accounting Server Group is defined in the authentication profile.

    C. Aruba Controller will send stop messages only if both accounting and interim accounting are enabled.

    D. Configure EAP Termination on the Aruba Controller and the client will send a stop message.

  • Question 23:

    Refer to the exhibit: You configuring an 802 1x service endpoint profiling. When the client connects to the network, ClearPass successfully profiles the client and sends Radius Change of Authorization (RCoA) but Radius Change of Authorization {RCoA) fails for the client You manually clicked on the Change Status button in the access tracker to force an RCoA but that failed too. What must you check to ensure that the RCoA will work? (Select two.)

    A. RFC 3576 option is enabled for Aruba Controller under Network device in ClearPass.

    B. RFC 3576 server should be mapped in the server group on the Aruba Controller

    C. The RFC 3576 shared secret on ClearPass should match the Authentication Server shared secret

    D. RFC 3576 server IPs and the Authentication server IPs should be same in the AAA profile

  • Question 24:

    You have Integrated ClearPass Onboard with Active Directory Certificate Services (ADCS) web enrollment to sign the Anal device TLS certificates The Onboard provisioning process completes successfully but when the user finally clicks connect, the user falls to connect to the network with an unknown_ca certificate error. What steps will you follow to complete the requirement?

    A. Make sure that the ClearPass servers are using the default self-signed certificates for both SSL and RADIUS server identity

    B. Add the ADCS root certificate to both the CPPM Certificate trust list and to the Onboard Certificate Store trust list

    C. Make sure both the ClearPass servers have different certificates used for both SSL and RADIUS server identity.

    D. Export the self-signed certificate from the ClearPass servers and manually add them as trusted certificates in clients

  • Question 25:

    Refer to the exhibit:

    The customer configured an 802.1x service with different enforcement actions for personal and corporate

    laptops. The corporate laptops are always being redirected to the BYOD Portal. The customer has sent

    you the above screenshots.

    How would you resolve the issue? (Select two)

    A. Modify the enforcement policy and change the rule evaluation algorithm to select first match

    B. Modify the enforcement policy and re-order the condition with posture not_equals to healthy as the sixth condition

    C. Modify the enforcement policy and re-order the EAP-PEAP with [user authenticated] rule to the last condition.

    D. Modify the enforcement policy and re-order the condition with Posture - Unknown as the fifth condition

    E. Remove the EAP-PEAP with [user authenticated] condition for Onboard and create another service

  • Question 26:

    Refer to the exhibit: A customer has configured Onboard in a cluster. After the Primary server's failure, the BYOD devices fail to connect to the network. What would you do to troubleshoot?

    A. Verify the OSCP URL under TLS authentication method is mapped to http://localhost/ guestmdps_ocsp.php/2

    B. Reboot the active ClearPass server and reconnect the client to the SSID by selecting the correct certificate when prompted

    C. Check EAP certificate on the secondary node is issued by the same common root Certificate Authority (CA)

    D. Check if a DNS entry is available for the ClearPass hostname in the certificate, resolvable from the DNS server assigned to the client

  • Question 27:

    Refer to the exhibit: A customer has configured a service with the Onboard Devices Repository as an Authentication Source and an Active Directory Domain Server as an Authorization Source. What will happen if the client certificate is still valid and the user account associated with the certificate is disabled in Active Directory?

    A. ClearPass will not process the request

    B. Enforcement will apply the [Deny Access Profile]

    C. ClearPass will redirect the client to Onboard again

    D. ClearPass will block network access to the device

    E. ClearPass will allow the device to access the network.

  • Question 28:

    Refer to the exhibit:

    After the helpdesk revoked the certificate of a device reported to be lost oy an employee, the lost device

    was seen as connected successfully to the secure network. Further testing has shown that device

    revocation is not working.

    What steps should you follow to make device revocations work?

    A. Copy the default [EAP-TLS with OSCP Enabled] authentication method and set The Verify certificate using OSCP option as required then update the correct OSCP URL link of the OnBoard CA. Remove EAP-TLS and map the custom created method to the OnBoard Authorization Service.

    B. copy the default [EAP-TLS with OSCP Enabled] authentication method and set the verify certificate using OSCP: option as "required" then configure the correct OSCF URL link for the OnBoard CA. Remove EAP-TLS and map the new [EAP-TLS with OSCP Enabled] method to the 802 1X Radius Service.

    C. Remove the EAP-TLS authentication method configuration changes are required and add "EAP-TLS with OCSP Enabled" authentication method in the OnBoard Provisioning service. No other configuration changes are required.

    D. Edit the default [EAP-TLS with OSCP Enabled] authentication method and set the Verify certificate using OSCP option as required then update the correct OSCP URL link of the OnBoard CA Remove EAP-TLS and map the new [EAP-TLS with OSCP Enabled] method to the OnBoard Provisioning Service.

  • Question 29:

    Refer to the exhibit:

    What could be causing the error message received on the OnGuard client?

    A. The Service Selection Rules for the service are not configured correctly

    B. The Web-Based Health Check service needs to be configured to use the Posture Policy

    C. There is a firewall policy not allowing the OnGuard Agent to connect to ClearPass

    D. The client's OnGuard Agent has not been configured with the correct Policy Manager Zone

  • Question 30:

    Refer to the exhibit:

    You have configured Onboard and cannot get it working The customer has sent you the above

    screenshots.

    How would you resolve the issue?

    A. Re-provision the client by running the QuickConnect application as Administrator

    B. Install a public signed server authentication certificate on the ClearPass server for EAP

    C. Reconnect the client and select the correct certificate when prompted

    D. Copy the [EAP-TLS with OSCP Enabled] authentication method and set the correct OCSP URL

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only HP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your HPE6-A81 exam preparations and HP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.