Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

HP Exam HPE6-A84 Topic 10 Question 20 Discussion

Actual exam question for HP's HPE6-A84 exam
Question #: 20
Topic #: 10
[All HPE6-A84 Questions]

You need to install a certificate on a standalone Aruba Mobility Controller (MC). The MC will need to use the certificate for the Web UI and for implementing RadSec with Aruba ClearPass Policy Manager. You have been given a certificate with these settings:

What issue does this certificate have for the purposes for which the certificate is intended?

Show Suggested Answer Hide Answer
Suggested Answer: C

According to the ClearPass Policy Manager User Guide1, userAccountControl is a custom attribute in Active Directory that contains a set of flags that define the properties and behavior of user accounts. One of these flags is ACCOUNTDISABLE, which indicates whether the account is disabled or not. By adding this attribute to the filters in the AD authentication source, CPPM can retrieve this attribute for each user and use it as a condition in the enforcement policies to prevent users with disabled accounts from connecting even if they have valid certificates. Therefore, option C is the correct answer.


by Veronika at Jun 02, 2024, 07:34 AM

Limited Time Offer

25%

Off

Get Premium HPE6-A84 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Maryann
1 months ago
Ah, the age-old dilemma of 'which field do I put my domain in?' It's like a game of certificate bingo, but with higher stakes!
upvoted 0 times
...
Candida
1 months ago
The lack of a DNS SAN is a red flag. The certificate won't be trusted for the Web UI, and it may not work for RadSec either.
upvoted 0 times
Francoise
29 days ago
B) It is issued by a private CA.
upvoted 0 times
...
Pa
1 months ago
A) It has conflicting EKUs.
upvoted 0 times
...
...
Pa
2 months ago
Specifying domain info in the CN field instead of the DC field is not ideal, but it shouldn't be a major problem here.
upvoted 0 times
...
Rutha
2 months ago
Having a certificate issued by a private CA is a common issue, but it should still work for the intended purposes.
upvoted 0 times
Mila
20 days ago
C) It specifies domain info in the CN field instead of the DC field.
upvoted 0 times
...
Sage
28 days ago
C) It specifies domain info in the CN field instead of the DC field.
upvoted 0 times
...
Nathalie
1 months ago
B) It is issued by a private CA.
upvoted 0 times
...
Alease
1 months ago
B) It is issued by a private CA.
upvoted 0 times
...
Alecia
1 months ago
A) It has conflicting EKUs.
upvoted 0 times
...
Lucia
1 months ago
A) It has conflicting EKUs.
upvoted 0 times
...
...
Barrett
2 months ago
The certificate has conflicting Extended Key Usage (EKU) settings, which is a problem for using it on the Mobility Controller for both the Web UI and RadSec.
upvoted 0 times
Reid
1 months ago
C) It specifies domain info in the CN field instead of the DC field.
upvoted 0 times
...
Jackie
2 months ago
B) It is issued by a private CA.
upvoted 0 times
...
Roselle
2 months ago
A) It has conflicting EKUs.
upvoted 0 times
...
...
Gretchen
3 months ago
I believe option D is the correct answer, as a DNS SAN is required for web UI and RadSec implementation.
upvoted 0 times
...
Ilona
3 months ago
I agree with Annamaria, the certificate needs a DNS SAN for the purposes mentioned.
upvoted 0 times
...
Annamaria
3 months ago
I think the issue with this certificate is that it lacks a DNS SAN.
upvoted 0 times
...

Save Cancel