ACCP

Description

Quiz on ACCP, created by Juan lopez on 11/10/2018.
Juan lopez
Quiz by Juan lopez, updated more than 1 year ago More Less
Javier Cortes
Created by Javier Cortes about 6 years ago
Juan lopez
Copied by Juan lopez about 6 years ago
11
0

Resource summary

Question 1

Question
Which of the following is a beneft of ClearPass OnGuard?
Answer
  • Allows employees and other non-IT staf to create temporary accounts for Wi-Fi access.
  • Ofers an easy way for users to self-confgure their devices to support 802.1X authentcaton on wired and wireless networks.
  • Enables organizatons to run advanced endpoint posture assessments
  • Ofers full self-service provisioning for personal employee owned devices
  • Allows a receptonist in a hotel to create accounts for guest users

Question 2

Question
A customer would like to deploy ClearPass with the following objectvess they have 2000 devices that need to be onboarded, 2000 corporate devices running posture checks daily, and 500 diferent guest users each day authentcatng using the web login feature. Which of the following best describes the license mix that they need to purchase?
Answer
  • CP-HW-500, 2500 Clearpass Enterprise
  • CP-HW-5k, 2500 Clearpass Enterprise
  • CP-HW-5k, 4500 Clearpass Enterprise
  • CP-HW-25k, 4500 Clearpass Enterprise
  • CP-HW-25k, 4000 Clearpass Enterprise

Question 3

Question
A customer would like to deploy ClearPass with the following objectvess they have 3000 corporate laptops doing EAPTLS authentcaton daily, 1000 personal smartphone devices that need to be onboarded. The corporate laptops are required to pass a posture check before getng access to the network. Which of the following best describes the license mix that they need to purchase?
Answer
  • CP-HW-5k, 1000 Clearpass Enterprise
  • CP-HW-5k, 1000 Onboard, 3000 Onguard
  • CP-HW-25k, 1000 Clearpass Enterprise
  • CP-HW-25k, 1000 Onboard, 3000 Onguard
  • CP-HW-25k, 3000 Onguard

Question 4

Question
A customer would like to deploy ClearPass with the following objectvess Every day, 100 employees authentcate with their corporate laptops using EAP-TLS. Every Friday, there is a meetng with business partners and an additonal 50 devices authentcate using Web Login Guest Authentcaton. Which of the following is correct? (Choose 2)
Answer
  • When countng policy manager licenses, they need to include the additonal 50 business partner devices
  • When countng policy manager licenses, they can exclude the additonal 50 business partner devices
  • They should purchase guest licenses
  • They should purchase onboard licenses
  • They should purchase onguard licenses

Question 5

Question
Which licenses are included in the built in Starter kit for Clearpass?
Answer
  • 25 ClearPass Policy Manager licenses
  • 25 Clearpass Enterprise licenses
  • 10 ClearPass Guest licenses, 10 ClearPass OnGuard licenses and 10 ClearPass Onboard licenses
  • 25 ClearPass Profler licenses
  • 10 Clearpass Enterprise licenses

Question 6

Question
What is the functon of ClearPass Onboard?
Answer
  • Provide guest access for visitors to connect to the network
  • Process authentcaton requests based on policy services
  • Profle devices connectng to the network
  • Provision personal devices to securely connect to the network
  • To allow a windows machine to use machine authentcaton to access the network

Question 7

Question
What is the Onboard license usage based on?
Answer
  • Each user connected to the provisioning SSID uses 1 Onboard license.
  • Each user authentcated using the Onboard credental uses 1 Onboard license
  • Each user provisioned using the Onboard process uses 1 Onboard license
  • Each user that has the OnGuard agent downloaded uses 1 Onboard license.
  • Each user that downloads the Onboard applicaton to their iOS device uses 1 Onboard license

Question 8

Question
An employee provisions their personal smart phone using the Onboard process. In additon, they have a corporate laptop given to them by IT that connects to the secure network. How many licenses does the user consume?
Answer
  • 1 Policy Manager license, 1 Onboard License
  • 1 Policy Manager license, 1 Guest License.
  • 2 Policy Manager licenses, 1 Onboard License
  • 2 Policy Manager licenses, 2 Onboard Licenses.
  • 1 Policy Manager license, 2 Guest licenses.

Question 9

Question
An employee authentcates using their corporate laptop and runs the dissolvable onguard agent to send a health check back the Policy Manager. Based on the health of the device a VLAN is assigned to the corporate laptop. Which licenses are consumed in this scenario?
Answer
  • 1 Policy Manager license, 1 Onboard License
  • 1 Policy Manager license, 1 OnGuard License
  • 2 Policy Manager licenses, 1 OnGuard License
  • 1 Policy Manager license, 1 Profle License
  • 2 Policy Manager licenses, 2 Onguard licenses

Question 10

Question
A customer would like to deploy ClearPass with the following objectvess they have between 2000 to 3000 corporate users that need to authentcate daily using EAP-TLS. They want to allow for up to 1000 employee devices to be onboarded. They would also like to allow up to 100 diferent guest users each day to authentcate using the web login feature. Which of the following best describes the license mix that they need to purchase?
Answer
  • CP-HW-5k, 100 Onboard, 100 Guest
  • CP-HW-500, 1000 Onboard, 100 Guest
  • CP-HW-2k, 1000 Onboard, 100 Guest
  • CP-HW-5k, 2500 Enterprise
  • CP-HW-5k, 1000 Enterprise

Question 11

Question
Which of the following statements is true about the Endpoint Profler? (Choose 2)
Answer
  • The Endpoint Profler requires the Onboard license to be enabled
  • The Endpoint Profler uses DHCP fngerprintng for device categorizaton
  • Data obtained from the Endpoint Profler can be used in Enforcement Policy
  • The Endpoint Profler can only categorize laptops and desktops
  • Endpoint Profler requires a profling license.

Question 12

Question
Which of the following methods can be used as collectors for device profling? (Choose 2)
Answer
  • OnGuard agent
  • Actve Directory Atributes
  • ActveSync Plugin
  • Username and Password
  • Client's role on the controller

Question 13

Question
Refer to the screen capture belows Based upon Endpoint informaton shown here, which collectors were used to profle the device as Apple iPad? (Choose 2)
Answer
  • OnGuard Agent
  • HTTP User-Agent
  • DHCP fngerprintng
  • SNMP
  • SmartDevice

Question 14

Question
To setup an Aruba Controller as DHCP relay for device fngerprintng, which of the following IP addresses needs to be confgured?
Answer
  • DHCP server IP
  • ClearPass server IP
  • Actve Directory IP
  • Microsof NPS server IP
  • Switch IP

Question 15

Question
What database in the Policy Manager contains the device atributes derived by profling?
Answer
  • Local Users Repository
  • Onboard Devices Repository
  • Endpoints Repository
  • Guest User Repository
  • Client Repository

Question 16

Question
Refer to the screen capture belows Based on the Endpoint Profler output shown here, which of the following statements is true?
Answer
  • The devices have been profled using DHCP fngerprintng.
  • There are 5 devices profled in the Computer Device Category.
  • Apple devices will be profled in the SmartDevice category.
  • There is only 1 Microsof Windows device present in the network.
  • The linux device with MAC address 000c29fd8945 has not been profled.

Question 17

Question
Which of the following conditons can be used for rule creaton of an Enforcement Policy? (Choose 3)
Answer
  • System Time
  • Clearpass IP address
  • Posture
  • Switch VLAN
  • Connecton Protocol

Question 18

Question
Refer to the screen capture belows: Based on the Enforcement Policy confguraton, if a user with Role Engineer connects to the network and the posture token assigned is Unknown, what Enforcement Profle will be applied?
Answer
  • EMPLOYEE_VLAN
  • Remote Employee ACL
  • RestrictedACL
  • Deny Access Profle
  • HR VLAN

Question 19

Question
Based on the Enforcement Policy confguraton, if a user with Role Remote Worker connects to the network and the posture token assigned is quarantne, what Enforcement Profle will be applied?
Answer
  • EMPLOYEE_VLAN
  • Remote Employee ACL
  • RestrictedACL
  • Deny Access Profle
  • HR VLAN

Question 20

Question
Based on the Enforcement Policy confguraton, if a user connects to the network using an Apple iphone, what Enforcement Profle is applied?
Answer
  • WIRELESS_CAPTIVE_NETWORK
  • WIRELESS_HANDHELD_NETWORK
  • WIRELESS_GUEST_NETWORK
  • WIRELESS_EMPLOYEE_NETWORK
  • Deny Access

Question 21

Question
A user who is tagged with the ClearPass roles of Role_Engineer and developer, but not testqa, connects to the network with a corporate Windows laptop. What Enforcement Profle is applied?
Answer
  • WIRELESS_CAPTIVE_NETWORK
  • WIRELESS_HANDHELD_NETWORK
  • WIRELESS_GUEST_NETWORK
  • WIRELESS_EMPLOYEE_NETWORK
  • Deny Access

Question 22

Question
Which of the following components of a Policy Service is mandatory?
Answer
  • Enforcement
  • Posture
  • Profler
  • Role Mapping Policy
  • Authorizaton Source

Question 23

Question
Which of the following optons is the correct order of steps of a Policy Service request? 1) Clearpass tests the request against Service Rules to select a Policy Service. 2) Clearpass applies the Enforcement Policy. 3) Negotaton of the Authentcaton Method occurs between the NAD and Clearpass. 4) Clearpass sends the Enforcement Profle atributes to the NAD. 5) NAD forwards authentcaton request to Clearpass.
Answer
  • A. 1, 3, 2, 4, 5
  • B. 5, 1, 3, 2, 4
  • C. 5, 1, 3, 4, 2
  • D. 1, 2, 3, 4, 5
  • E. 2, 3, 4, 5, 1

Question 24

Question
Which of the following informaton is NOT required while building a Policy Service for 802.1X authentcaton?
Answer
  • A. Network Access Device used
  • B. Authentcaton Method used
  • C. Authentcaton Source used
  • D. Posture Token of the client
  • E. Profling informaton of the client

Question 25

Question
Which of the following components can use Actve Directory authorizaton atributes for the decision-making process? (Choose 2)
Answer
  • A. Role Mapping Policy
  • B. Posture Policy
  • C. Enforcement Policy
  • D. Service Rules

Question 26

Question
What informaton can we conclude from the following graph?
Answer
  • A. This graph represents all authentcaton requests received by Clearpass in one year.
  • B. This graph represents all authentcaton requests received by Clearpass in a day.
  • C. The graph represents all authentcaton requests received by Clearpass in a month.
  • D. Each bar represents total authentcaton requests per minute.
  • E. Each bar represents total authentcaton requests per day.

Question 27

Question
What informaton can we conclude from the above audit row detail? (Choose 2)
Answer
  • A. radius01 was added as an authentcaton source.
  • B. radius01 was deleted from the list of authentcaton sources.
  • C. The policy service was moved to positon number 3.
  • D. The policy service was moved to positon number 4.
  • E. radius01 was moved to positon number 4.

Question 28

Question
What is the purpose of the Audit Viewer in the Monitoring secton of ClearPass Policy Manager?
Answer
  • A. To audit client authentcatons.
  • B. To audit the network for PCI compliance.
  • C. To display the entre confguraton of the ClearPass Policy Manager.
  • D. To display changes made to the ClearPass confguraton.
  • E. To display system events.

Question 29

Question
If the "Alerts" tab in an authentcaton session details tab in Access Tracker shows the following error message "Access denied by policy", what could be a possible cause for authentcaton failure?
Answer
  • A. Implementaton of an Enforcement Policy
  • B. Implementaton of a frewall policy
  • C. Failure to categorize the request in a Clearpass service
  • D. Implementaton of a Posture Policy
  • E. Failure to actvate the enforcement policy

Question 30

Question
If a client's authentcaton is failing and there are no entries in the Clearpass's Access Tracker, which of the following is a possible reason for the authentcaton failure?
Answer
  • A. The client used a wrong password.
  • B. The user is not found in the database.
  • C. The shared secret between Network Access Device and Clearpass does not match.
  • D. The user account has expired.
  • E. The user's certfcate is invalid.

Question 31

Question
Which of the following statements is true based on the Access Tracker output shown below?
Answer
  • A. The client wireless profle is incorrectly setup.
  • B. Clearpass does not have a service enabled for MAC authentcaton.
  • C. The client MAC address is not present in the Endpoints table in the Clearpass database.
  • D. The client used incorrect credentals to authentcate to the network.
  • E. The RADIUS client on the Windows server failed to categorize the service correctly.

Question 32

Question
Which of the following are valid policy simulaton types in Clearpass? (Choose 3)
Answer
  • A. Role Mapping
  • B. Endpoint Profler
  • C. Authorizaton Atributes
  • D. Chained Simulaton
  • E. Enforcement Policy

Question 33

Question
The screenshot here from the Event Viewer in ClearPass shows an error when a user does an EAP-TLS authentcaton to ClearPass through an Aruba Controller's Wireless Network. What is the cause of this error?
Answer
  • A. The client has sent an incorrect shared secret for the 802.1X authentcaton.
  • B. The controller has sent an incorrect shared secret for the RADIUS authentcaton.
  • C. The client's shared secret used during the certfcate exchange is incorrect.
  • D. The controller's shared secret used during the certfcate exchange is incorrect.
  • E. The NAS source interface IP is incorrect.

Question 34

Question
Which of the following statements is true about the Policy Simulaton test fgure shown below?
Answer
  • A. The simulaton test result shows the roles assigned to the client by the Aruba Controller.
  • B. The roles assigned in the result are based on rules matched in the AD Role Mapping Policy.
  • C. The test verifes that a client with username test1 can authentcate using EAP-PEAP.
  • D. Role mapping simulaton verifes if Table6 Wireless service has been confgured correctly.

Question 35

Question
What types of fles are stored in the Local Shared Folders database in Clearpass? (Choose 2)
Answer
  • A. Backup Files
  • B. Sofware image
  • C. Log fles
  • D. Generated Reports
  • E. Device fngerprint dictonaries

Question 36

Question
A University wants to deploy ClearPass with the Guest module. They have two types of users that need to use web login authentcaton. The frst type of users are students whose accounts are in their Actve Directory Server. The second type of users are friends of students who need to self-register to access the network. How should the service be setup in the Policy Manager for this Network?
Answer
  • A. Create a service with the Guest User Repository as the Authentcaton Source and the Actve Directory Server as the authorizaton source.
  • B. Create a service with the Actve Directory Server as the Authentcaton Source and the Guest User Repository as the authorizaton source.
  • C. Create a service with the Guest User Repository and Actve Directory servers as Authentcaton Sources.
  • D. Create a service with only the Guest user Repository as the authentcaton source, and Guest User Repository and Actve Directory server as authorizaton sources.
  • E. Create a service with the Guest User Repository or Actve Directory server as the single Authentcaton Source.

Question 37

Question
Which of the following use cases will require a ClearPass Guest applicaton license? (Choose 2)
Answer
  • A. Sponsor based guest user access
  • B. Employee personal device registraton
  • C. User self registraton for access
  • D. Guest device fngerprintng
  • E. Endpoint health assessment

Question 38

Question
Below is a screenshot of the Guest Role Mapping Policys What is the purpose of this Role Mapping Policy?
Answer
  • A. To send a frewall role back to the controller based on the Guest User's Role ID.
  • B. To assign Controller roles to guests.
  • C. To display a role name on the Self-registraton receipt page.
  • D. To assign ClearPass roles to guests based on the guest's Role ID as seen during authentcaton.
  • E. To assign all 3 roles of [Contractor], [Guest] and [Employee] to every guest user.

Question 39

Question
An administrator logs in to the Guest module in ClearPass and under 'List Accounts' sees the followings If a user with username kim@mycompany.com tries to access the Web Login page, what would we expect to happen?
Answer
  • A. The user will not be able to access the Web Login page.
  • B. The user will be able to login and authentcate successfully but they will be immediate disconnected afer.
  • C. The user will not be able to login and authentcate.
  • D. The user will be able to login for the next 4.9 days, but afer this they will not be able to login anymore.

Question 40

Question
Refer to the screenshot belows Based on the above confguraton, which of the following statements is true?
Answer
  • A. The visitor_phone feld will be visible to operator creatng the account.
  • B. The visitor_phone feld will be visible to the guest users in the web login page.
  • C. The visitor_company feld will be visible to operator creatng the account.
  • D. The visitor_company feld will be visible to the guest users in the web login page.
  • E. The email feld will be visible to guest users on the web login page.

Question 41

Question
Refer to the screenshot belows Based on the above confguraton which of the following statements is true?
Answer
  • A. Only guest users connectng to SSID Aruba will be allowed access to the network by ClearPass Guest.
  • B. The minimum password length for guest passwords is set to a default value of 8.
  • C. The usernames generated for guest users by Guest Manager will be a combinaton of random numbers.
  • D. The password generated for guest users by Guest Manager will be a combinaton of random numbers.

Question 42

Question
Refer to the screenshot in the diagram below, as seen when confguring a Web Login Page in ClearPass Guests What is the page name feld used for?
Answer
  • A. For Administrators to access the PHP page, but not guests.
  • B. For Administrators to reference the page only.
  • C. For forming the Web Login Page URL.
  • D. For forming the Web Login Page URL and the page name that guests must confgure on their laptop wireless supplicant.
  • E. For forming the Web Login Page URL where Administrators add guest users.

Question 43

Question
Refer to the screenshot in the diagram below, as seen when a Web Login Page is confgured in ClearPass Guests What is the Address feld value 'securelogin.arubanetworks.com' used for?
Answer
  • A. For appending to the Web Login URL, before the page name.
  • B. For ClearPass to POST the user credentals to the NAD device.
  • C. For ClearPass to send a RADIUS request to the NAD device.
  • D. For ClearPass to send a TACACS+ request to the NAD device.
  • E. For appending to the Web Login URL, afer the page name.

Question 44

Question
Below is a screenshot of a Captve Portal Authentcaton profle inside the Aruba Controllers Which feld would you change so that guest users are redirected to the ClearPass Captve Portal when they connect to the Guest SSID?
Answer
  • A. Login Page
  • B. Welcome Page
  • C. Both Login & Welcome Page
  • D. Default Role
  • E. Default Guest Role

Question 45

Question
Below is an extract from the Web Login Page confguraton in ClearPass Guests What is the purpose of the Pre-Auth Check?
Answer
  • A. To authentcate users before they launch the Web Login Page.
  • B. To authentcate users before ClearPass sends the credentals to the NAD device.
  • C. To authentcate users afer the NAD device sends an authentcaton request to ClearPass.
  • D. To replace the need for the NAD to send an authentcaton request to ClearPass.
  • E. To re-authentcate users when they're roaming from one NAD to another.

Question 46

Question
Below is an Enforcement Profle that has been created in the Policy Managers What is the acton that is taken by this Enforcement Profle?
Answer
  • A. ClearPass will count down 600 seconds and send a RADIUS CoA message to the NAD device to end the user's session afer this tme is up.
  • B. ClearPass will send the Session-Timeout atribute in the RADIUS Access-Accept packet to the User and the user's session will be terminated afer 600 seconds.
  • C. ClearPass will send the Session-Timeout atribute in the RADIUS Access-Accept packet to the NAD device and the NAD will end the user's session afer 600 seconds.
  • D. ClearPass will send the Session-Timeout atribute in the RADIUS Access-Request packet to the NAD device and the NAD will end the user's session afer 600 seconds.

Question 47

Question
Below is a screenshot of a client connectng to a Guest SSIDs Based on the image shown above, which of the following best describes the client's state?
Answer
  • A. The client authentcated through the web login page frst before it was able to obtain an IP address.
  • B. The client does not have an IP address, but they have authentcated through the web login page.
  • C. The client does not have an IP address because they have not authentcated through the web login page yet.
  • D. We can't tell from the image above.

Question 48

Question
A Bank would like to deploy ClearPass Guest with web login authentcaton so that their customers can self-register on the network to get network access when they have meetngs with Bank Employees. However, they're concerned about security. Which of the following is true? (Choose 3)
Answer
  • A. During web login authentcaton, if HTTPS is used for the web login page, guest credentals will be encrypted.
  • B. If HTTPS is used for the web login page, afer authentcaton is completed guest Internet trafc will all be encrypted as well.
  • C. If HTTPS is used for the web login page, afer authentcaton is completed some guest Internet trafc may be unencrypted.
  • D. Afer authentcaton, an IPSEC VPN on the guest's client can be used to encrypt Internet trafc.
  • E. HTTPS should never be used for Web Login Page authentcaton.

Question 49

Question
A Hospital would like to deploy ClearPass Guest for friends and relatves of patents to access the Internet. They would like patents to be able to access an internal webpage on the intranet where they can view patent informaton. However, other guests should not have access to this page. Which of the following is true? (Choose 2)
Answer
  • A. The NAD device will be firewalling users to block Intranet trafc.
  • B. ClearPass will be frewalling users to block Intranet trafc.
  • C. It's necessary for us to have two separate web login pages due to the diferent access requirements of patents and guests.
  • D. We will need to confgure diferent Enforcement actons for patents and guests in the service.
  • E. Both the NAD and Clearpass would have to frewall users to block trafc.

Question 50

Question
Below is a screenshot of a self-registraton receipts Which of the following is true?
Answer
  • A. Expiraton tme for guest accounts can be modifed by the visitor.
  • B. Receipt Actons such as 'Download account details' cannot be modifed in the self-registraton editor.
  • C. Company Name feld cannot be removed from the registraton page using the self-registraton editor.
  • D. The user will only be able to login between the Actvaton and Expiraton tme.
  • E. The user must be logged in before they can use the 'Download account details' link.

Question 51

Question
A company deployed the guest Self-registraton with Sponsor Approval workfow for their guest SSID. The administrator logs into the Policy Manager and sees the following in the Guest User Repositorys What can you conclude from the above? (Choose 2)
Answer
  • A. The guest has submited the registraton form.
  • B. The guest has not submited the registraton form yet.
  • C. The sponsor has confrmed the guest account.
  • D. The sponsor has not confrmed the guest account yet.
  • E. The user's account is actve.

Question 52

Question
Refer to the screenshot below of a MAC Caching enforcement policys Which of the following is true?
Answer
  • A. Only a user with Controller role of [Guest] will be allowed to authentcate
  • B. Only a user with Clearpass role of [Guest] and that has authentcated using the web login page less than 5 minutes ago, will have their MAC authentcaton succeed
  • C. Only a user with Clearpass role of [Guest] and that has authentcated using the web login page more than 5 minutes ago, will have their MAC authentcaton succeed
  • D. Only a user whose last MAC authentcaton was less than 5 minutes ago, will have their MAC authentcaton succeed

Question 53

Question
Refer to the screenshot belows Which of the following is true of the MAC-Guest-Check SQL query authorizaton source?
Answer
  • A. It's used to check if the MAC address status is known in the endpoints table
  • B. It's used to check if the guest account has expired
  • C. It's used to check if the MAC address status is unknown in the endpoints table
  • D. It's used to check how long it's been since the last web login authentcaton
  • E. It's used to check if the MAC address is in the MAC Caching repository

Question 54

Question
Refer to the screenshot belows Why is the Insight Repository used as an authorizaton source for this MAC authentcaton service?
Answer
  • A. To check how long ago the last web login authentcaton was done
  • B. To check how many sessions ago the last web login authentcaton was done
  • C. To check how long ago the last MAC authentcaton was done
  • D. To run a report when the user authentcates
  • E. To validate the user's MAC address against the endpoints table

Question 55

Question
Below is a screenshot of a client's laptops What would you expect to happen next?
Answer
  • A. The web login page will be displayed.
  • B. The user will be presented with a self-registraton receipt.
  • C. The NAD device will send an authentcaton request to ClearPass.
  • D. The client will send a NAS authentcaton request to ClearPass.
  • E. Clearpass will send a NAS authentcaton request to the NAD device.

Question 56

Question
Below is a screenshot of a user logged in to the Self-Service Portals Notce the trafc received and trafc sent statstcs. Which of the following is true?
Answer
  • A. These show the total amount of trafc the guest transmited afer account expiraton, as seen through RADIUS accountng messages sent from the NAD to ClearPass.
  • B. These show the total amount of trafc the guest transmited, as seen through RADIUS accountng messages sent from the NAD to ClearPass.
  • C. These show the total amount of trafc the NAD transmited to ClearPass, as seen through RADIUS accounting messages from the NAD to ClearPass.
  • D. These show the total amount of trafc the guest transmited, as seen through RADIUS CoA packets from the NAD to ClearPass.

Question 57

Question
An administrator enabled the Pre-auth check for their guest self-registraton. At what stage in the registraton process is this check performed?
Answer
  • A. Before the user self-registers.
  • B. Afer the user self-registers; before the user logs in.
  • C. Afer the user logs in; before the NAD sends an authentcaton request.
  • D. Afer the user logs in; afer the NAD sends an authentcaton request.
  • E. When a user is re-authentcatng to the network.

Question 58

Question
A hotel chain recently deployed ClearPass Guest. A guest enters the hotel and connects to the Guest SSID. They launch their web browser and type in www.google.com, but they're unable to immediately see the web login page. Which of the following could be causing this? (Choose 2)s
Answer
  • A. The DNS server is not replying with an IP address for www.google.com.
  • B. The guest is using a Linux laptop which doesn't support web login.
  • C. The ClearPass server has a server certfcate issued by Verisign.
  • D. The ClearPass server has a server certfcate issued by the internal Microsof Certfcate Server.
  • E. The ClearPass server does not recognize the client's certfcate.

Question 59

Question
Refer to the screenshot below of a MAC Caching services A guest connects to the Guest SSID and authentcates successfully using the guest.php web login page. Which of the following is true?
Answer
  • A. Their MAC address will be visible in the Endpoints table with Known Status.
  • B. Their MAC address will be visible in the Endpoints table with Unknown Status.
  • C. Their MAC address will be visible in the Guest User Repository with Known Status.
  • D. Their MAC address will be visible in the Guest User Repository with Unknown Status.
  • E. Their MAC address will be deleted from the Endpoints table.

Question 60

Question
A company implemented the Self-Registraton with Sponsor Approval workfow for their Guest SSID. A guest connects to the Guest SSID, then self-registers. They see the following on their client devices Which of the following is true?
Answer
  • A. The Sponsor approved the guest already.
  • B. The Sponsor has not approved the guest yet.
  • C. A confrmaton email was sent to the sponsor at limdir@gmail.com.
  • D. A guest registraton receipt was sent to p1t3@arubaclass.com.
  • E. The guest is ready to login using their username and password.

Question 61

Question
Refer to the screenshot below outlining a guest Self-Registraton with Sponsor Approval workfows At which stage is an email request sent to the sponsor?
Answer
  • A. Afer 'Redirects (1)'
  • B. Afer 'Submit form (3)'
  • C. Afer 'Login Message page (5)'
  • D. Afer 'Automated NAS login (6)'
  • E. Afer 'Guest Role (7)'

Question 62

Question
What are these RADIUS atributes used for in the Aruba RADIUS dictonary shown here?
Answer
  • A. To send informaton via RADIUS packets to clients.
  • B. To send informaton via RADIUS packets to Aruba NADs.
  • C. To gather informaton about Aruba NADs for ClearPass.
  • D. To gather and send Aruba NAD informaton to ClearPass.
  • E. To send CoA packets from Clearpass to the Aruba NAD.

Question 63

Question
Describe the purpose of the Aruba TACACS+ dictonary as shown heres
Answer
  • A. The Aruba-Admin-Role atribute is used to assign diferent privileges to clients during 802.1X authentcaton.
  • B. The Aruba-Admin-Role atribute is used by ClearPass to assign TIPS roles to clients during 802.1X authentcaton.
  • C. The Aruba-Admin-Role atribute is used to assign diferent privileges to administrators logging into an Aruba NAD device.
  • D. The Aruba-Admin-Role atribute is used to assign diferent privileges to administrators logging into ClearPass.
  • E. The Aruba-Admin-Role on the controller is applied to users using TACACS+ to login to the Policy Manager.

Question 64

Question
Which of the following CLI commands is used to upgrade the image of a ClearPass server?
Answer
  • A. Upgrade image
  • B. System upgrade
  • C. Upgrade sofware
  • D. Reboot
  • E. System update

Question 65

Question
Which of the following statements is true about the skin plugins in ClearPass guest?
Answer
  • A. Skins are created by Aruba Professional Services.
  • B. Skins allow additon of content items to web login pages.
  • C. Skins are used to create hotspot login pages.
  • D. Skins are used to create Onboard registraton pages.
  • E. Skins allow customers to implement advertsing.

Question 66

Question
What does a client need for it to perform EAP-TLS successfully? (Choose 2)
Answer
  • A. Username and Password
  • B. Client Certfcate
  • C. Pre-shared key
  • D. Certfcate Authority
  • E. Server Certfcate

Question 67

Question
Refer to the screenshot in the diagram below, which illustrates a confguraton of a Windows 802.1X supplicant for EAP-PEAP authentcaton. In a deployment, which certfcate would you select under the 'Trusted root certfcaton authority' secton?
Answer
  • A. The server certfcate
  • B. The client certfcate
  • C. The root CA self-signed certfcate
  • D. The root CA certfcate signed by the client
  • E. The client certfcate signed by the root CA

Question 68

Question
Refer to the screenshot in the diagram below, which illustrates the confguraton of a Windows 802.1X supplicant. What will selectng 'Validate server certfcate' do?
Answer
  • A. The client will send its certfcate to the server for verifcaton.
  • B. The server will send its private key to the client for verifcaton.
  • C. The server and client will perform an HTTPS SSL certfcate exchange.
  • D. The client will verify the server certfcate against a trusted CA.
  • E. The client will send its private key to the server for verifcaton.

Question 69

Question
Refer to the screenshot in the diagram below, which illustrates the confguraton of a Windows 802.1X supplicant. If 'Automatcally use my Windows logon name and password' are selected, which of the following is true?
Answer
  • A. The client's Windows login username and password will be sent in a EAP frame to the Authentcaton Server.
  • B. The client's Windows login username and password will be sent in a RADIUS Accountng frame to the Authentication server.
  • C. The client will need to re-authentcate every tme they connect to the network.
  • D. The client's Windows logon name and password will be sent via a TACACS+ frame to the authentcaton server.
  • E. The client will prompt the user to enter the logon username and password.

Question 70

Question
What does a client need for it to perform EAP-PEAP successfully, if 'Validate Server Certfcate' is not enabled?
Answer
  • A. Username and Password
  • B. Client Certfcate
  • C. Pre-shared key
  • D. Certfcate Authority
  • E. Server Certfcate

Question 71

Question
What is RADIUS CoA used for?
Answer
  • A. To authentcate users or devices before grantng them access to a network.
  • B. To force the client to re-authentcate upon roaming to a new Controller.
  • C. To apply frewall policies based on authentcaton credentals.
  • D. To validate a host MAC against a white and a black list.
  • E. To transmit messages to the NAD/NAS to modify a user's session status.

Question 72

Question
What are Operator Profles used for?
Answer
  • A. To assign ClearPass roles to guest users.
  • B. To enforce role based access control for ClearPass Guest operator users.
  • C. To enforce role based access control for ClearPass Policy Manager admin users.
  • D. To map AD atributes to admin privilege levels in ClearPass Guest.
  • E. To enforce role based access control for Aruba Controllers.

Question 73

Question
Refer to the screen capture belows Based on the Translaton Rule confguraton shown above, which of the following statements is true?
Answer
  • A. A user from group MatchAdmin will be assigned the operator profle of IT Administrators.
  • B. All actve directory users will be assigned the operator profle of IT Administrators.
  • C. All admin users will be assigned the operator profle of IT Administrators.
  • D. A user from group Administrators will be assigned the operator profle of IT Administrators.
  • E. This translaton rule is not valid for Actve Directory administrators.

Question 74

Question
Which of the following steps are required to use ClearPass as a TACACS+ Authentcaton server for a network device? (Choose 2)
Answer
  • A. Confgure the ClearPass Policy Manager as an Authentcaton server on the network device.
  • B. Confgure ClearPass roles on the network device.
  • C. Confgure RADIUS Enforcement Profle for the desired privilege level.
  • D. Confgure TACACS Enforcement Profle for the desired privilege level.
  • E. Enable RADIUS accountng on the NAD device.

Question 75

Question
Which of the following is FALSE?
Answer
  • A. Actve Directory can be used as the authentcaton source to process TACACS+ authentcaton requests coming to Clearpass from NAD devices
  • B. Actve Directory can be used as the authentcaton source to process Clearpass Guest Admin Access
  • C. TACACS+ authentcaton requests received by Clearpass are always forwarded to a Windows Server that can handle these requests
  • D. TACACS+ authentcaton requests from NAD devices to Clearpass are processed by a TACACS+ service
  • E. The local user repository in Clearpass can be used as the authentcaton source for TACACS+ services

Question 76

Question
Which of the following is NOT a functon of ClearPass Onboard?
Answer
  • A. Confgure network setngs
  • B. Provision device credentals
  • C. Remote wipe & control
  • D. Revoke device credentals
  • E. Provisioning of VPN Setngs

Question 77

Question
Which of the following devices support Apple over-the-air provisioning? (Choose 2)
Answer
  • A. Laptop running Mac OS X 10.6
  • B. Laptop running Mac OS X 10.8
  • C. iOS 5
  • D. Android 2.2
  • E. Windows XP

Question 78

Question
Refer to the screenshot belows At which stage of the onboard process is workspace installed?
Answer
  • A. Pre-provisioning stage
  • B. Provisioning stage
  • C. Authentcaton stage
  • D. Afer authentcaton stage

Question 79

Question
Which of the following is true? (Choose 2)
Answer
  • A. Mobile Device Management is used to control device usage post-onboarding
  • B. Mobile Device Management is an applicaton container that is used to provision work applicatons
  • C. Mobile Device Management cannot be deployed without Workspace
  • D. 3rd party Mobile Device Management solutons can be integrated with Clearpass
  • E. Mobile Device Management cannot do remote wipes of devices without workspace being installed

Question 80

Question
Which of the following statements is true about certificate revocation?
Answer
  • A. Onboard cannot revoke device certfcates.
  • B. Revoked certfcates are automatcally deleted from Certfcate Management.
  • C. When a certfcate is revoked, OCSP checks for certificate validity will fail.
  • D. A revoked certfcate becomes valid again afer 24 hours.
  • E. Certfcates can only be revoked once they expire.

Question 81

Question
Which of the following statements is true about Certfcate Authorites in ClearPass Onboard?
Answer
  • A. ClearPass cannot operate as a root CA.
  • B. The root CA needs to be connected to the network to perform CRL checks.
  • C. ClearPass Onboard CA is always confgured as an Intermediate CA that is part of an Enterprise PKI.
  • D. ClearPass Onboard CA can operate either as a root CA, or as an Intermediate CA.
  • E. Clearpass cannot operate as an intermediate CA.

Question 82

Question
Refer to the screenshot belows Based on the above confguraton, which of the following statements is true?
Answer
  • A. ClearPass is confgured as a Root CA.
  • B. ClearPass is confgured as the Intermediate CA.
  • C. ClearPass has an expired server certfcate.
  • D. The arubatraining-REMOTELABSERVER-CA will issue client certfcates during Onboarding.
  • E. This is not a valid trust chain since the arubatraining-REMOTELABSERVER-CA has a self-signed certfcate.

Question 83

Question
What is the certfcate format PKCS #7, or .p7b, used for?
Answer
  • A. Certfcate chain
  • B. Certfcate Signing Request
  • C. Certfcate with an encrypted private key
  • D. Binary encoded X.509 certfcate
  • E. Binary encoded X.509 certfcate with public key

Question 84

Question
Refer to the screenshot belows This authentcaton method is applied to a service processing EAP-TLS authentcatons. Which of the following is FALSE?
Answer
  • A. Devices with revoked certfcates will not be allowed access
  • B. Devices with deleted certfcates will not be allowed access
  • C. Devices will perform OCSP check to their laptop's localhost OCSP server
  • D. Devices will perform OCSP check with Clearpass

Question 85

Question
Refer to the screenshot belows Which of the following statements is correct regarding the above confguraton for the private key? (Choose 2)
Answer
  • A. The private key is stored in the user device.
  • B. The private key is stored in the ClearPass server.
  • C. More bits in the private key will reduce security, hence smallest private key size is used.
  • D. More bits in the private key will increase the processing tme, hence smallest private key size is used.
  • E. The private key for TLS client certfcates is not created.

Question 86

Question
Refer to the screen capture belows An employee connects a corporate laptop to the network and authentcates for the frst tme using EAP-TLS. Based on the above Enforcement Policy confguraton, what Enforcement Profle will be sent in this scenario?
Answer
  • A. Deny Access Profle
  • B. Onboard Post-Provisioning - Aruba
  • C. Onboard Pre-Provisioning – Aruba
  • D. Cannot be determined
  • E. Onboard Device Repository

Question 87

Question
An Android device goes through the single-ssid onboarding process and successfully connects using EAP-TLS to the secure network. What is the order in which services are triggered?
Answer
  • A. Onboard Provisioning, Onboard Authorizaton
  • B. Onboard Provisioning, Onboard Authorizaton, Onboard Provisioning
  • C. Onboard Authorizaton, Onboard Provisioning
  • D. Onboard Authorizaton, Onboard Provisioning, Onboard Authorizaton
  • E. Onboard Provisioning

Question 88

Question
Which of the following is TRUE of dual-SSID onboarding?
Answer
  • A. The device connects to the secure SSID for provisioning
  • B. The Onboard Authorizaton service is triggered when the user connects to the secure SSID
  • C. The Onboard Provisioning service is triggered when the user connects to the Provisioning SSID
  • D. The Onboard Authorizaton service is triggered during the Onboarding process
  • E. The Onboard Authorizaton service is never triggered

Question 89

Question
Refer to the screenshot belows Which of the following statements is correct regarding the above confguraton for 'maximum devices'?
Answer
  • A. It limits the total number of Onboarded devices connected to the network.
  • B. It limits the total number of devices that can be provisioned by ClearPass.
  • C. It limits the number of devices that a single user can Onboard.
  • D. It limits the number of devices that a single user can connect to the network.
  • E. With this setng, the user cannot Onboard any devices.

Question 90

Question
Which of the following device types support Exchange ActveSync confguraton with Onboard?
Answer
  • A. Windows laptop
  • B. Apple iOS device
  • C. Android device
  • D. Mac OS X device
  • E. Linux Laptop

Question 91

Question
Which of the following authentcaton protocols can be used for authentcatng Windows clients that are Onboarded? (Choose 2)
Answer
  • A. PEAP with MSCHAPv2
  • B. EAP-GTC
  • C. EAP-TLS
  • D. PAP
  • E. CHAP

Question 92

Question
Refer to the screenshot belows Which of the following statements is true regarding the above confguraton for network setngs? (Choose 2)
Answer
  • A. Onboarded devices will connect to Employee_Secure SSID afer provisioning.
  • B. Onboarded devices will connect to secure_emp SSID afer provisioning.
  • C. Users will connect to Employee_Secure SSID for provisioning their devices.
  • D. Users must enter a Pre-shared key to connect to the network.
  • E. Users will do 802.1X authentcaton when connectng to the SSID.

Question 93

Question
In single SSID onboarding, which of the following methods can be used in the Enforcement Policy to distnguish between a provisioned device and a device that has not gone through the Onboard workfow?
Answer
  • A. Authentcaton Method used
  • B. Network Access Device used
  • C. Endpoint OS Category
  • D. OnGuard Agent used
  • E. Actve Directory Atributes

Question 94

Question
Refer to the screen capture belows Based on the Enforcement Policy confguraton shown in the capture, what Enforcement Profle will an employee connectng an iOS device to the network for the frst tme receive using EAP-PEAP?
Answer
  • A. Deny Access Profle
  • B. Onboard Post-Provisioning - Aruba
  • C. Onboard Pre-Provisioning – Aruba
  • D. Cannot be determined
  • E. Onboard Device Repository

Question 95

Question
A Search was performed using Insight and the following is displayeds What could be a possible reason for the ErrorCode 'Failed to classify request to service' shown above?
Answer
  • A. The user failed authentcaton.
  • B. ClearPass couldn't match the authentcaton request to a service, but the user passed authentcaton.
  • C. ClearPass service rules were not confgured correctly.
  • D. ClearPass service authentcaton sources were not confgured correctly.
  • E. The NAD device didn't send the authentcaton request.

Question 96

Question
Which of the following is NOT a functon of ClearPass Insight?
Answer
  • A. Report Generaton
  • B. RADIUS Accountng Start-Stop messages
  • C. Email Alerts
  • D. SMS Alerts
  • E. Searching for RADIUS failed authentcatons

Question 97

Question
A report is confgured as follows: What type of records will this report display?
Answer
  • A. All successful RADIUS authentcatons through ClearPass.
  • B. All failed RADIUS authentcatons through ClearPass.
  • C. All successful RADIUS authentcatons from the 10.8.10.100 NAD device to ClearPass.
  • D. All RADIUS authentcatons from the 10.8.10.100 NAD device to ClearPass.

Question 98

Question
Refer to the screen capture. The following is seen in the Licensing tab of the Publisher afer a cluster has been formed between a publisher (192.168.0.53) and subscriber (192.168.0.54)s What is the maximum number of clients that can be Onboarded on the subscriber node?
Answer
  • A. 1000
  • B. 550
  • C. 25
  • D. 525
  • E. 500

Question 99

Question
A guest self-registered through a Publisher's Register page. Which of the following will occur?
Answer
  • A. The guest's account will be stored in the Publisher's guest user repository, but not the Subscriber's.
  • B. The guest's account will be stored in both the Publisher's guest user repository and the Subscriber's guest user repository.
  • C. The guest's account will be stored in the Publisher's local user repository and the Subscriber's guest user repository.
  • D. The guest's account will be stored in the Publisher's guest user repository and the Subscriber's Onboard user repository.
  • E. The guest's account will ONLY be stored in the Publisher's guest user repository.

Question 100

Question
Below is a network topology diagrams How many clusters are needed for this deployment?
Answer
  • A. 1
  • B. 3
  • C. 4
  • D. 8
  • E. 2

Question 101

Question
A Publisher node in a cluster goes down and Subscribers are no longer able to reach the publisher. Which of the following is true? (Choose 2).
Answer
  • A. Users authentcating with the Publisher node contnue to authentcate.
  • B. Users authentcating with the Subscriber nodes are no longer able to authentcate.
  • C. Users authentcatng with the Publisher node are no longer able to authentcate.
  • D. Users authentcating with the Subscriber nodes contnue to authentcate.
  • E. No users can authentcate to either the Publisher or Subscriber nodes.

Question 102

Question
Which of the following statements is true about the Clearpass hardware appliances?
Answer
  • A. DHCP can be used to assign IP addresses to management and data ports.
  • B. Both Management and Data Ports must be confgured.
  • C. Clearpass has a default management IP of 172.16.0.254.
  • D. Only statc IP addresses are allowed on the management and data ports.
  • E. The maximum number of devices supported is 5000.

Question 103

Question
UDP Port 3799 is used for RADIUS CoA (RFC 3576). This port has been blocked by a frewall between a NAD device and ClearPass. Which of the following is true?
Answer
  • A. RADIUS Authentcatons will fail since the NAD won't be able to reach the ClearPass server.
  • B. RADIUS Authentcatons will not happen since the NAD won't be able to reach the ClearPass server.
  • C. RADIUS Authentcaton will succeed, but Post-Authentcaton Disconnect-Requests from ClearPass to the Controller will not be delivered.
  • D. RADIUS Authentcaton will succeed, but RADIUS Access-Accept messages from ClearPass to the Controller for Change of Role will not be delivered.
  • E. During RADIUS authentcaton, certfcate exchange between the NAD and Clearpass will fail.

Question 104

Question
What is the purpose of the Serial Port in the ClearPass appliance?
Answer
  • A. To connect 2 ClearPass servers together in a cluster.
  • B. To connect a ClearPass server to a Network Access Device.
  • C. For administrators to confgure the ClearPass appliance using the command line.
  • D. For administrators to confgure the ClearPass appliance using the WebUI.
  • E. For administrators to access Clearpass using SSH.

Question 105

Question
Which of the following is true about Data and Management ports on the ClearPass appliance? (Choose 2)
Answer
  • A. Confguraton of the data port is optional.
  • B. Confguraton of the data port is mandatory.
  • C. Confguraton of the management port is optional.
  • D. Confguraton of the management port is mandatory.
  • E. Statc IP addresses are only allowed on the management port.

Question 106

Question
Shown here is a AAA profle in the Aruba Controller. According to the confguraton shown here, what would we expect to see in the ClearPass Policy Manager?
Answer
  • A. RADIUS accountng start-stop messages
  • B. RADIUS interim accountng messages
  • C. RADIUS interim & start-stop messages
  • D. No accountng messages will be seen
  • E. RADIUS accountng messages will be sent from the Client to the Controller

Question 107

Question
Shown here is an Aruba Instant confguraton screenshot What is the purpose of enabling the 'Dynamic RADIUS proxy' feature?
Answer
  • A. The Instant AP will proxy all RADIUS Access-Requests sent to it from clients and will forward these to ClearPass.
  • B. The Instant AP will send a RADIUS Access-Reject packet to other Instant APs in the cluster if credentals are incorrect, to reduce the number of RADIUS requests sent to ClearPass
  • C. All Instant APs in the cluster will use the Virtual Controller IP as the Source IP for RADIUS requests.
  • D. All Instant APs in the cluster will use the Virtual Controller IP as the Destnaton IP for RADIUS requests.
  • E. The Instant AP will proxy all RADIUS Access-Requests sent to it from Clearpass and will forward these to the clients.

Question 108

Question
What must be confgured to enable RADIUS authentcaton with Clearpass on a network access device (NAD)? (Choose 2)
Answer
  • A. An NTP server needs to be set up on the NAD.
  • B. A bind username and bind password must be provided.
  • C. A shared secret must be confgured on the Clearpass server and NAD.
  • D. The Clearpass server must have the network device added as a valid NAD.
  • E. The Clearpass server certfcate must be installed on the NAD.

Question 109

Question
Refer to the diagram below. In which of the following scenarios will ClearPass select the Policy Service named 'Test device group'?
Answer
  • A. If an end user IP address is part of the device group HQ.
  • B. If the IP address of the NAD device is part of the device group HQ.
  • C. If the ClearPass IP address is part of the device group HQ.
  • D. If the client's NAD IP address is part of the device group HQ.
  • E. If the client's Network Authentcaton Distributon server's IP address belongs to device group HQ.

Question 110

Question
In the screenshot shown here of the Local User repository in ClearPass, what Aruba User Role will be assigned to "mike" when he authentcates?
Answer
  • A. [Employee]
  • B. Employee
  • C. mike
  • D. We can't know this from the screenshot above
  • E. john

Question 111

Question
Which of the following ways are used by Clearpass to assign roles to the client? (Choose 2)
Answer
  • A. Through a role mapping policy.
  • B. Roles can be derived from the Aruba Network Access Device.
  • C. From the atributes confgured in Actve Directory.
  • D. From the atributes confgured in a Network Access Device.
  • E. From the server derivaton rule in the Aruba Controller server group for the client.

Question 112

Question
Refer to the screen capture belows If a user from the department "Product Management" connects on Monday to a NAD device that belongs to the Device Group HQ, what role is assigned to the user in Clearpass?
Answer
  • A. Executve
  • B. HR Local
  • C. Employee
  • D. Guest
  • E. Linux Hosts

Question 113

Question
Refer to the screen capture below If a user from the department "HR" connects on Monday using their Windows Laptop to a switch that belongs to the Device Group HQ, what role is assigned to the user in Clearpass?
Answer
  • A. Executve
  • B. HR Local
  • C. Employee
  • D. Guest
  • E. Vendor

Question 114

Question
Refer to the screen capture below If a user from the department "HR" connects on Monday to a switch that belongs to the Device Group Remote NAD, what roles are assigned to the user in Clearpass? (Choose 2)
Answer
  • A. Executve
  • B. Remote Employee
  • C. iOS Device
  • D. Guest
  • E. HR Local

Question 115

Question
Refer to the screen capture below If a user from the department "QA" authentcates from a laptop running MAC OS X, what role is assigned to the user in Clearpass?
Answer
  • A. iOS Device
  • B. Remote Employee
  • C. HR Local
  • D. Guest
  • E. Executve

Question 116

Question
Which of the following statements is NOT true about the confguraton of Actve Directory (AD) as an External Authentcaton Server in Clearpass?
Answer
  • A. Clearpass should join the AD domain when PEAP and MSCHAPv2 are used as the authentcaton type.
  • B. The bind DN for an AD can be in the administrator@domain format.
  • C. Clearpass cannot be a member of more than one AD domain.
  • D. The list of atributes fetched from the AD can be customized.
  • E. Clearpass nodes in a cluster can join diferent AD domains.

Question 117

Question
Which of the following statements is NOT true about the confguraton of a generic LDAP server as an External Authentcaton Server in Clearpass?
Answer
  • A. The bind DN can be in the administrator@domain format.
  • B. The list of atributes fetched from an LDAP server can be customized.
  • C. An LDAP Browser can be used to search the Base DN.
  • D. Multple LDAP servers cannot be confgured as authentcaton sources.
  • E. Generic LDAP servers can be used as authentcaton sources.

Question 118

Question
Refer to the screen capture belows What does the Cache Timeout Value refer to?
Answer
  • A. The amount of tme the Policy Manager caches the user credentals stored in the Actve Directory.
  • B. The amount of tme the Policy Manager caches the user atributes fetched from Actve Directory.
  • C. The amount of tme the Policy Manager waits for a response from the Actve Directory before sending a tmeout message to the Network Access Device.
  • D. The amount of tme the Policy Manager waits for a response from the Actve Directory before checking the backup authentcaton source.
  • E. The amount of tme the Policy Manager caches the user's client certfcate.

Question 119

Question
Refer to the screen capture belows Based on the Atribute confguraton shown above, which of the following statements is true?
Answer
  • A. Only the atribute values of department and memberOf can be used in role mapping policies.
  • B. Only the atribute values of ttle, telephoneNumber, mail can be used in role mapping policies.
  • C. Only the atribute values of company can be used in role mapping policies.
  • D. The atribute values of department and memberOf are directly applied as ClearPass roles.
  • E. The atribute values of department, ttle, memberOf, telephoneNumber, mail are directly applied as ClearPass roles.

Question 120

Question
How is Authorizaton used in a Policy Service? Refer to the diagram belows
Answer
  • A. It allows us to use atributes stored in databases in role mapping and Enforcement.
  • B. It allows us to use atributes stored in databases in role mapping only, but not Enforcement.
  • C. It allows us to use atributes stored in databases in Enforcement only, but not role mapping.
  • D. It allows us to use atributes stored in external databases for Enforcement, but authorizaton does not use internal databases for reference.
  • E. It allows us to use atributes stored in internal databases for Enforcement, but authorizaton does not use external databases for reference.

Question 121

Question
Refer to the following Service confguratons A user connects for the frst tme to an Aruba access point wireless SSID named "pod8wireless-guest-SSID". The SSID has web login authentcaton with RADIUS MAC authentcaton enabled and ClearPass is the authentcaton server. The user hasn't yet launched their web browser. Which service will be triggered?
Answer
  • A. pod8wired
  • B. pod8-mac auth
  • C. pod8wireless
  • D. [Policy Manager Admin Network Service]
  • E. No service will be triggered

Question 122

Question
Refer to the following Service confguratons A user connects to an Aruba Access Point wireless SSID named "secure-corporate" and performs an 802.1X authentcaton with ClearPass as the authentcaton server. Which service will be triggered?
Answer
  • A. pod8wired
  • B. pod8-mac auth
  • C. pod8wireless
  • D. [Policy Manager Admin Network Service]
  • E. No service will be triggered

Question 123

Question
Refer to the following Authentcaton sources confguratons Which of the following scenarios is true for the above confguraton?
Answer
  • A. If the user is not found in the local user repository a reject message is sent back to the NAD device.
  • B. If the user is not found in the local user repository a tmeout message is sent back to the NAD device.
  • C. If the user is not found in the local user repository and remotelab AD, a reject message is sent back to the NAD device.
  • D. If the user is not found in the local user repository but is present in the remotelab AD, a reject message is sent back to the NAD device.
  • E. If the user is not found in the remotelab AD but is present in the local user repository, a reject message is sent back to the NAD device.

Question 124

Question
Which of the following statements is true about the User databases in Clearpass?
Answer
  • A. Entries in the guest user DB do not expire.
  • B. Custom atributes can be created for entries in the user DB.
  • C. The endpoints table can only be populated by manually adding MAC addresses to the table.
  • D. A Statc host list can only contain a list of IP addresses.
  • E. Entries in the guest user DB cannot be deleted.

Question 125

Question
The screenshot below shows various Enforcement profle templates in the Policy Managers Which of the following best describes when SNMP based Enforcement should be used?
Answer
  • A. To send a VLAN to an Aruba Controller for a user.
  • B. To send a VLAN to an Aruba Switch for a user.
  • C. To send a VLAN to a NAD device that doesn't support RADIUS atributes.
  • D. To send a VLAN to a NAD device that doesn't support RADIUS authentcaton.
  • E. To send a VLAN to a client device that doesn't support RADIUS authentcaton.

Question 126

Question
Refer to the following confguraton for a VLAN Enforcement Policys Based on the Policy confguraton, if an Engineer connects to the network on Saturday using WEBAUTH authentcaton, what VLAN will be assigned?
Answer
  • A. Full Access VLAN
  • B. Employee Vlan
  • C. Deny Access
  • D. Internet VLAN
  • E. There is not enough data to determine the VLAN result.

Question 127

Question
Refer to the following confguraton for a VLAN Enforcement Policys Based on the Policy confguraton, if an Engineer connects to the network on Saturday using RADIUS authentcaton, what VLAN will be assigned?
Answer
  • A. Full Access VLAN
  • B. Employee Vlan
  • C. Deny Access
  • D. Internet VLAN
  • E. There is not enough data to determine the VLAN result.

Question 128

Question
Refer to the following confguraton for a VLAN Enforcement Policys Based on the profle confguraton, which of the following VLANs will be assigned to the user when this profle is used?
Answer
  • A. VLAN 13
  • B. VLAN 6
  • C. VLAN 10
  • D. VLAN 1
  • E. VLAN 10800

Question 129

Question
Refer to the following confguraton for a VLAN Enforcement Policys Which of the following statements is true for the above confguraton?
Answer
  • A. This profle will be applied to requests coming from an end user in the Device Group HQ.
  • B. This profle will be applied to requests coming from a Network Access Device in the Device Group HQ.
  • C. The profle will be applied to requests processed by a ClearPass appliance in Device Group HQ.
  • D. This profle will be applied to all users.
  • E. This profle will be applied to RADIUS requests that have tmed out afer 10800 seconds.

Question 130

Question
Which of the following statements is true about Enforcement Profles in Clearpass?
Answer
  • A. The Enforcement Profle atribute value needs to match the ClearPass role value for a user.
  • B. Access-control atributes from an Enforcement Profle are returned to the Authentcaton Source.
  • C. Access-control atributes from an Enforcement Profle are returned to the Network Access Device.
  • D. Once created in the service wizard, the Enforcement Profle cannot be modifed.
  • E. Enforcement Profles must use RADIUS dictonary atributes only.

Question 131

Question
Which of the following checks are made with OnGuard posture evaluaton in Clearpass? (Choose 3)
Answer
  • A. Peer-to-peer applicaton checks
  • B. Client role check
  • C. EAP TLS certfcate validity
  • D. Registry keys
  • E. Operatng System version

Question 132

Question
Refer to the screen capture belows Based on the above Enforcement Profle confguraton, which of the following statements is correct?
Answer
  • A. The Enforcement Profle sends an unhealthy role value to the Network Access Device.
  • B. The Enforcement Profle sends a limited access vlan value to the Network Access Device.
  • C. The Enforcement Profle sends a message to the OnGuard Agent on the client device.
  • D. The Enforcement Profle sends a message to the OnGuard Agent on the Controller.
  • E. A RADIUS CoA message is sent to bounce the client.

Question 133

Question
Which of the following types of Posture Token sources are available on Clearpass? (Choose 2)
Answer
  • A. Posture Policy
  • B. Endpoint Profler
  • C. Microsof NPS Server
  • D. Actve Directory
  • E. Aruba Controller

Question 134

Question
Which of the following is NOT a valid type of Posture Token?
Answer
  • A. Unknown
  • B. Healthy
  • C. Quarantne
  • D. Unhealthy
  • E. Infected

Question 135

Question
What does the Posture Token QUARANTINE imply?
Answer
  • A. The client is compliant. However, there is an update available to remediate the client to HEALTHY state.
  • B. The posture of the client is unknown.
  • C. The client is infected and is a threat to other systems in the network.
  • D. The client is out of compliance.
  • E. The client is out of compliance, but has HEALTHY state.

Question 136

Question
Which of the following statements is NOT true about OnGuard? (Choose 2)
Answer
  • A. It is used to identfy and remove any malware/viruses.
  • B. It is used to ensure that Antvirus/Antspyware programs are running and are up to date as desired.
  • C. It supports both Windows and Mac OS X clients.
  • D. It only supports 802.1X authentcaton.
  • E. It supports both a persistent and web based agent.

Question 137

Question
Which of following is true for both the persistent and dissolvable versions of OnGuard? (Choose 2)
Answer
  • A. Ability to bounce the endpoint
  • B. Auto-remediaton is available
  • C. Gather statement of health informaton for network authorizaton
  • D. Supports Windows, Mac OS X devices
  • E. They need to be installed on the client devices.

Question 138

Question
Refer to the screen capture belows Based on the posture plugin confguraton shown in the above screen, which of the following statements is true?
Answer
  • A. Check for any antvirus sofware enabled for all versions of Windows OS.
  • B. Check for any antvirus sofware enabled for Windows 7.
  • C. Check for AVG antvirus sofware enabled and is latest for Windows 7.
  • D. It is using the OnGuard dissolvable agent to perform the antvirus/antspyware checks.
  • E. It is using auto remediaton for Windows 7 clients.

Question 139

Question
Refer to the screen capture belows Based on the Posture Policy confguraton shown above, which of the following statements is true?
Answer
  • A. This Posture Policy can be applied to an 802.1x wired service.
  • B. This Posture Policy checks the health status of devices running Windows, Linux and Mac OS X.
  • C. This Posture Policy can use either the persistent or dissolvable OnGuard agent to obtain the statement of health.
  • D. This Posture Policy checks for presence of a frewall applicaton in Windows devices.
  • E. This Posture Policy checks with a Windows NPS server for posture tokens.

Question 140

Question
Refer to the screen capture belows Based on the Access Tracker output for the user shown above, which of the following statements is true?
Answer
  • A. A NAP agent was used to obtain the posture token for the user.
  • B. The authentcaton method used is EAP-PEAP.
  • C. A Healthy Posture Token was sent to the Policy Manager.
  • D. A RADIUS-Access-Accept message is sent back to the Network Access Device.
  • E. The Aruba Terminate Session enforcement profle is applied because the posture check failed.
Show full summary Hide full summary

Similar

Introducion a la Seguridad industrial
SMG 123
Análisis de Toxicidad
Myriam Córdoba
COU-AA 302. Fase III, aleatorizado, multicéntrico, doble ciego, controlado con placebo
Xicotencatl Sanchez
CORRUPCIÓN DE MENORES
leeyva21
American Football
jackmackinder19
Girls' and Boys'Education - Catherine and Kaitlyn
catherine.dannib
CHEMISTRY C1 3
x_clairey_x
GCSE Computing - 4 - Representation of data in computer systems
lilymate
Weimar & Nazi Germany?
Maddy Balkham
Literary Devices
vanillalove