BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

HP Exam HPE6-A84 Topic 10 Question 20 Discussion

Actual exam question for HP's HPE6-A84 exam
Question #: 20
Topic #: 10
[All HPE6-A84 Questions]

You are setting up Aruba ClearPass Policy Manager (CPPM) to enforce EAP-TLS authentication with Active Directory as the authentication source. The company wants to prevent users with disabled accounts from connecting even if those users still have valid certificates.

As the first part of meeting these criteria, what should you do to enable CPPM to determine where accounts are enabled in AD or not?

Show Suggested Answer Hide Answer
Suggested Answer: C

According to the ClearPass Policy Manager User Guide1, userAccountControl is a custom attribute in Active Directory that contains a set of flags that define the properties and behavior of user accounts. One of these flags is ACCOUNTDISABLE, which indicates whether the account is disabled or not. By adding this attribute to the filters in the AD authentication source, CPPM can retrieve this attribute for each user and use it as a condition in the enforcement policies to prevent users with disabled accounts from connecting even if they have valid certificates. Therefore, option C is the correct answer.


by Veronika at Jun 02, 2024, 07:34 AM

Limited Time Offer

25%

Off

Get Premium HPE6-A84 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Ashanti
4 months ago
I heard the domain controller has a secret 'disable all accounts' button. Maybe we should just unplug it?
upvoted 0 times
...
Aide
4 months ago
Hmm, I bet the domain controller is just sitting there, waiting to be queried. C is the answer, no doubt!
upvoted 0 times
...
Marion
4 months ago
D sounds like a lot of extra work just to get the account status. Keep it simple with C!
upvoted 0 times
Andrew
4 months ago
Yeah, that sounds like the easiest way to go about it.
upvoted 0 times
...
Tamekia
4 months ago
C) Add a custom attribute for userAccountControl to the filters in the AD authentication source.
upvoted 0 times
...
...
Malcolm
5 months ago
I'm not sure about the others, but B looks like it might be a bit overkill just for checking account status.
upvoted 0 times
Arthur
4 months ago
Yeah, B does seem like it might be too much for just checking account status.
upvoted 0 times
...
Marcos
4 months ago
C) Add a custom attribute for userAccountControl to the filters in the AD authentication source.
upvoted 0 times
...
Twana
4 months ago
A) Add an Endpoint Context Server to the domain controller with actions for querying the domain controller for account status.
upvoted 0 times
...
...
Lilli
5 months ago
I disagree, I believe the answer is C) Add a custom attribute for userAccountControl to the filters in the AD authentication source because it directly relates to checking if accounts are enabled or not.
upvoted 0 times
...
Martha
5 months ago
I think the correct answer is A) Add an Endpoint Context Server to the domain controller with actions for querying the domain controller for account status.
upvoted 0 times
...
Lynette
5 months ago
C is the way to go! Querying the userAccountControl attribute is the best way to check if an AD account is disabled or not.
upvoted 0 times
Della
4 months ago
User 2
upvoted 0 times
...
Emelda
5 months ago
User 1
upvoted 0 times
...
Tammara
5 months ago
I agree, querying the userAccountControl attribute is the way to go.
upvoted 0 times
...
Jackie
5 months ago
It's important to make sure that only active accounts can connect to the network, even if they have valid certificates.
upvoted 0 times
...
Elden
5 months ago
I agree, using the userAccountControl attribute is the most reliable way to determine if an AD account is disabled.
upvoted 0 times
...
Aide
5 months ago
I think C is the best option. It allows us to check if the AD account is disabled.
upvoted 0 times
...
...

Save Cancel