Frage 1
Frage
Which of the following is a beneft of ClearPass OnGuard?
Antworten
-
Allows employees and other non-IT staf to create temporary accounts for Wi-Fi access.
-
Ofers an easy way for users to self-confgure their devices to support 802.1X authentcaton on wired and wireless
networks.
-
Enables organizatons to run advanced endpoint posture assessments
-
Ofers full self-service provisioning for personal employee owned devices
-
Allows a receptonist in a hotel to create accounts for guest users
Frage 2
Frage
A customer would like to deploy ClearPass with the following objectvess they have 2000 devices that need to be
onboarded, 2000 corporate devices running posture checks daily, and 500 diferent guest users each day
authentcatng using the web login feature.
Which of the following best describes the license mix that they need to purchase?
Antworten
-
CP-HW-500, 2500 Clearpass Enterprise
-
CP-HW-5k, 2500 Clearpass Enterprise
-
CP-HW-5k, 4500 Clearpass Enterprise
-
CP-HW-25k, 4500 Clearpass Enterprise
-
CP-HW-25k, 4000 Clearpass Enterprise
Frage 3
Frage
A customer would like to deploy ClearPass with the following objectvess they have 3000 corporate laptops doing EAPTLS
authentcaton daily, 1000 personal smartphone devices that need to be onboarded. The corporate laptops are
required to pass a posture check before getng access to the network.
Which of the following best describes the license mix that they need to purchase?
Antworten
-
CP-HW-5k, 1000 Clearpass Enterprise
-
CP-HW-5k, 1000 Onboard, 3000 Onguard
-
CP-HW-25k, 1000 Clearpass Enterprise
-
CP-HW-25k, 1000 Onboard, 3000 Onguard
-
CP-HW-25k, 3000 Onguard
Frage 4
Frage
A customer would like to deploy ClearPass with the following objectvess Every day, 100 employees authentcate with
their corporate laptops using EAP-TLS. Every Friday, there is a meetng with business partners and an additonal 50 devices authentcate using Web Login Guest Authentcaton.
Which of the following is correct? (Choose 2)
Antworten
-
When countng policy manager licenses, they need to include the additonal 50 business partner devices
-
When countng policy manager licenses, they can exclude the additonal 50 business partner devices
-
They should purchase guest licenses
-
They should purchase onboard licenses
-
They should purchase onguard licenses
Frage 5
Frage
Which licenses are included in the built in Starter kit for Clearpass?
Antworten
-
25 ClearPass Policy Manager licenses
-
25 Clearpass Enterprise licenses
-
10 ClearPass Guest licenses, 10 ClearPass OnGuard licenses and 10 ClearPass Onboard licenses
-
25 ClearPass Profler licenses
-
10 Clearpass Enterprise licenses
Frage 6
Frage
What is the functon of ClearPass Onboard?
Antworten
-
Provide guest access for visitors to connect to the network
-
Process authentcaton requests based on policy services
-
Profle devices connectng to the network
-
Provision personal devices to securely connect to the network
-
To allow a windows machine to use machine authentcaton to access the network
Frage 7
Frage
What is the Onboard license usage based on?
Antworten
-
Each user connected to the provisioning SSID uses 1 Onboard license.
-
Each user authentcated using the Onboard credental uses 1 Onboard license
-
Each user provisioned using the Onboard process uses 1 Onboard license
-
Each user that has the OnGuard agent downloaded uses 1 Onboard license.
-
Each user that downloads the Onboard applicaton to their iOS device uses 1 Onboard license
Frage 8
Frage
An employee provisions their personal smart phone using the Onboard process. In additon, they have a corporate
laptop given to them by IT that connects to the secure network. How many licenses does the user consume?
Antworten
-
1 Policy Manager license, 1 Onboard License
-
1 Policy Manager license, 1 Guest License.
-
2 Policy Manager licenses, 1 Onboard License
-
2 Policy Manager licenses, 2 Onboard Licenses.
-
1 Policy Manager license, 2 Guest licenses.
Frage 9
Frage
An employee authentcates using their corporate laptop and runs the dissolvable onguard agent to send a health
check back the Policy Manager. Based on the health of the device a VLAN is assigned to the corporate laptop.
Which licenses are consumed in this scenario?
Antworten
-
1 Policy Manager license, 1 Onboard License
-
1 Policy Manager license, 1 OnGuard License
-
2 Policy Manager licenses, 1 OnGuard License
-
1 Policy Manager license, 1 Profle License
-
2 Policy Manager licenses, 2 Onguard licenses
Frage 10
Frage
A customer would like to deploy ClearPass with the following objectvess they have between 2000 to 3000 corporate
users that need to authentcate daily using EAP-TLS. They want to allow for up to 1000 employee devices to be
onboarded. They would also like to allow up to 100 diferent guest users each day to authentcate using the web login
feature.
Which of the following best describes the license mix that they need to purchase?
Antworten
-
CP-HW-5k, 100 Onboard, 100 Guest
-
CP-HW-500, 1000 Onboard, 100 Guest
-
CP-HW-2k, 1000 Onboard, 100 Guest
-
CP-HW-5k, 2500 Enterprise
-
CP-HW-5k, 1000 Enterprise
Frage 11
Frage
Which of the following statements is true about the Endpoint Profler? (Choose 2)
Antworten
-
The Endpoint Profler requires the Onboard license to be enabled
-
The Endpoint Profler uses DHCP fngerprintng for device categorizaton
-
Data obtained from the Endpoint Profler can be used in Enforcement Policy
-
The Endpoint Profler can only categorize laptops and desktops
-
Endpoint Profler requires a profling license.
Frage 12
Frage
Which of the following methods can be used as collectors for device profling? (Choose 2)
Frage 13
Frage
Refer to the screen capture belows
Based upon Endpoint informaton shown here, which collectors were used to profle the device as Apple iPad?
(Choose 2)
Antworten
-
OnGuard Agent
-
HTTP User-Agent
-
DHCP fngerprintng
-
SNMP
-
SmartDevice
Frage 14
Frage
To setup an Aruba Controller as DHCP relay for device fngerprintng, which of the following IP addresses needs to be
confgured?
Antworten
-
DHCP server IP
-
ClearPass server IP
-
Actve Directory IP
-
Microsof NPS server IP
-
Switch IP
Frage 15
Frage
What database in the Policy Manager contains the device atributes derived by profling?
Frage 16
Frage
Refer to the screen capture belows
Based on the Endpoint Profler output shown here, which of the following statements is true?
Antworten
-
The devices have been profled using DHCP fngerprintng.
-
There are 5 devices profled in the Computer Device Category.
-
Apple devices will be profled in the SmartDevice category.
-
There is only 1 Microsof Windows device present in the network.
-
The linux device with MAC address 000c29fd8945 has not been profled.
Frage 17
Frage
Which of the following conditons can be used for rule creaton of an Enforcement Policy? (Choose 3)
Antworten
-
System Time
-
Clearpass IP address
-
Posture
-
Switch VLAN
-
Connecton Protocol
Frage 18
Frage
Refer to the screen capture belows:
Based on the Enforcement Policy confguraton, if a user with Role Engineer connects to the network and the posture
token assigned is Unknown, what Enforcement Profle will be applied?
Antworten
-
EMPLOYEE_VLAN
-
Remote Employee ACL
-
RestrictedACL
-
Deny Access Profle
-
HR VLAN
Frage 19
Frage
Based on the Enforcement Policy confguraton, if a user with Role Remote Worker connects to the network and the
posture token assigned is quarantne, what Enforcement Profle will be applied?
Antworten
-
EMPLOYEE_VLAN
-
Remote Employee ACL
-
RestrictedACL
-
Deny Access Profle
-
HR VLAN
Frage 20
Frage
Based on the Enforcement Policy confguraton, if a user connects to the network using an Apple iphone, what
Enforcement Profle is applied?
Frage 21
Frage
A user who is tagged with the ClearPass roles of Role_Engineer and developer, but not testqa, connects to the
network with a corporate Windows laptop. What Enforcement Profle is applied?
Frage 22
Frage
Which of the following components of a Policy Service is mandatory?
Antworten
-
Enforcement
-
Posture
-
Profler
-
Role Mapping Policy
-
Authorizaton Source
Frage 23
Frage
Which of the following optons is the correct order of steps of a Policy Service request?
1) Clearpass tests the request against Service Rules to select a Policy Service.
2) Clearpass applies the Enforcement Policy.
3) Negotaton of the Authentcaton Method occurs between the NAD and Clearpass.
4) Clearpass sends the Enforcement Profle atributes to the NAD.
5) NAD forwards authentcaton request to Clearpass.
Antworten
-
A. 1, 3, 2, 4, 5
-
B. 5, 1, 3, 2, 4
-
C. 5, 1, 3, 4, 2
-
D. 1, 2, 3, 4, 5
-
E. 2, 3, 4, 5, 1
Frage 24
Frage
Which of the following informaton is NOT required while building a Policy Service for 802.1X authentcaton?
Antworten
-
A. Network Access Device used
-
B. Authentcaton Method used
-
C. Authentcaton Source used
-
D. Posture Token of the client
-
E. Profling informaton of the client
Frage 25
Frage
Which of the following components can use Actve Directory authorizaton atributes for the decision-making
process? (Choose 2)
Antworten
-
A. Role Mapping Policy
-
B. Posture Policy
-
C. Enforcement Policy
-
D. Service Rules
Frage 26
Frage
What informaton can we conclude from the following graph?
Antworten
-
A. This graph represents all authentcaton requests received by Clearpass in one year.
-
B. This graph represents all authentcaton requests received by Clearpass in a day.
-
C. The graph represents all authentcaton requests received by Clearpass in a month.
-
D. Each bar represents total authentcaton requests per minute.
-
E. Each bar represents total authentcaton requests per day.
Frage 27
Frage
What informaton can we conclude from the above audit row detail? (Choose 2)
Antworten
-
A. radius01 was added as an authentcaton source.
-
B. radius01 was deleted from the list of authentcaton sources.
-
C. The policy service was moved to positon number 3.
-
D. The policy service was moved to positon number 4.
-
E. radius01 was moved to positon number 4.
Frage 28
Frage
What is the purpose of the Audit Viewer in the Monitoring secton of ClearPass Policy Manager?
Antworten
-
A. To audit client authentcatons.
-
B. To audit the network for PCI compliance.
-
C. To display the entre confguraton of the ClearPass Policy Manager.
-
D. To display changes made to the ClearPass confguraton.
-
E. To display system events.
Frage 29
Frage
If the "Alerts" tab in an authentcaton session details tab in Access Tracker shows the following error message "Access
denied by policy", what could be a possible cause for authentcaton failure?
Antworten
-
A. Implementaton of an Enforcement Policy
-
B. Implementaton of a frewall policy
-
C. Failure to categorize the request in a Clearpass service
-
D. Implementaton of a Posture Policy
-
E. Failure to actvate the enforcement policy
Frage 30
Frage
If a client's authentcaton is failing and there are no entries in the Clearpass's Access Tracker, which of the following is
a possible reason for the authentcaton failure?
Antworten
-
A. The client used a wrong password.
-
B. The user is not found in the database.
-
C. The shared secret between Network Access Device and Clearpass does not match.
-
D. The user account has expired.
-
E. The user's certfcate is invalid.
Frage 31
Frage
Which of the following statements is true based on the Access Tracker output shown below?
Antworten
-
A. The client wireless profle is incorrectly setup.
-
B. Clearpass does not have a service enabled for MAC authentcaton.
-
C. The client MAC address is not present in the Endpoints table in the Clearpass database.
-
D. The client used incorrect credentals to authentcate to the network.
-
E. The RADIUS client on the Windows server failed to categorize the service correctly.
Frage 32
Frage
Which of the following are valid policy simulaton types in Clearpass? (Choose 3)
Frage 33
Frage
The screenshot here from the Event Viewer in ClearPass shows an error when a user does an EAP-TLS authentcaton
to ClearPass through an Aruba Controller's Wireless Network.
What is the cause of this error?
Antworten
-
A. The client has sent an incorrect shared secret for the 802.1X authentcaton.
-
B. The controller has sent an incorrect shared secret for the RADIUS authentcaton.
-
C. The client's shared secret used during the certfcate exchange is incorrect.
-
D. The controller's shared secret used during the certfcate exchange is incorrect.
-
E. The NAS source interface IP is incorrect.
Frage 34
Frage
Which of the following statements is true about the Policy Simulaton test fgure shown below?
Antworten
-
A. The simulaton test result shows the roles assigned to the client by the Aruba Controller.
-
B. The roles assigned in the result are based on rules matched in the AD Role Mapping Policy.
-
C. The test verifes that a client with username test1 can authentcate using EAP-PEAP.
-
D. Role mapping simulaton verifes if Table6 Wireless service has been confgured correctly.
Frage 35
Frage
What types of fles are stored in the Local Shared Folders database in Clearpass? (Choose 2)
Frage 36
Frage
A University wants to deploy ClearPass with the Guest module. They have two types of users that need to use web
login authentcaton. The frst type of users are students whose accounts are in their Actve Directory Server. The
second type of users are friends of students who need to self-register to access the network.
How should the service be setup in the Policy Manager for this Network?
Antworten
-
A. Create a service with the Guest User Repository as the Authentcaton Source and the Actve Directory Server as the authorizaton source.
-
B. Create a service with the Actve Directory Server as the Authentcaton Source and the Guest User Repository as the authorizaton source.
-
C. Create a service with the Guest User Repository and Actve Directory servers as Authentcaton Sources.
-
D. Create a service with only the Guest user Repository as the authentcaton source, and Guest User Repository and Actve Directory server as authorizaton sources.
-
E. Create a service with the Guest User Repository or Actve Directory server as the single Authentcaton Source.
Frage 37
Frage
Which of the following use cases will require a ClearPass Guest applicaton license? (Choose 2)
Antworten
-
A. Sponsor based guest user access
-
B. Employee personal device registraton
-
C. User self registraton for access
-
D. Guest device fngerprintng
-
E. Endpoint health assessment
Frage 38
Frage
Below is a screenshot of the Guest Role Mapping Policys
What is the purpose of this Role Mapping Policy?
Antworten
-
A. To send a frewall role back to the controller based on the Guest User's Role ID.
-
B. To assign Controller roles to guests.
-
C. To display a role name on the Self-registraton receipt page.
-
D. To assign ClearPass roles to guests based on the guest's Role ID as seen during authentcaton.
-
E. To assign all 3 roles of [Contractor], [Guest] and [Employee] to every guest user.
Frage 39
Frage
An administrator logs in to the Guest module in ClearPass and under 'List Accounts' sees the followings
If a user with username kim@mycompany.com tries to access the Web Login page, what would we expect to happen?
Antworten
-
A. The user will not be able to access the Web Login page.
-
B. The user will be able to login and authentcate successfully but they will be immediate disconnected afer.
-
C. The user will not be able to login and authentcate.
-
D. The user will be able to login for the next 4.9 days, but afer this they will not be able to login anymore.
Frage 40
Frage
Refer to the screenshot belows
Based on the above confguraton, which of the following statements is true?
Antworten
-
A. The visitor_phone feld will be visible to operator creatng the account.
-
B. The visitor_phone feld will be visible to the guest users in the web login page.
-
C. The visitor_company feld will be visible to operator creatng the account.
-
D. The visitor_company feld will be visible to the guest users in the web login page.
-
E. The email feld will be visible to guest users on the web login page.
Frage 41
Frage
Refer to the screenshot belows
Based on the above confguraton which of the following statements is true?
Antworten
-
A. Only guest users connectng to SSID Aruba will be allowed access to the network by ClearPass Guest.
-
B. The minimum password length for guest passwords is set to a default value of 8.
-
C. The usernames generated for guest users by Guest Manager will be a combinaton of random numbers.
-
D. The password generated for guest users by Guest Manager will be a combinaton of random numbers.
Frage 42
Frage
Refer to the screenshot in the diagram below, as seen when confguring a Web Login Page in ClearPass Guests
What is the page name feld used for?
Antworten
-
A. For Administrators to access the PHP page, but not guests.
-
B. For Administrators to reference the page only.
-
C. For forming the Web Login Page URL.
-
D. For forming the Web Login Page URL and the page name that guests must confgure on their laptop wireless supplicant.
-
E. For forming the Web Login Page URL where Administrators add guest users.
Frage 43
Frage
Refer to the screenshot in the diagram below, as seen when a Web Login Page is confgured in ClearPass Guests
What is the Address feld value 'securelogin.arubanetworks.com' used for?
Antworten
-
A. For appending to the Web Login URL, before the page name.
-
B. For ClearPass to POST the user credentals to the NAD device.
-
C. For ClearPass to send a RADIUS request to the NAD device.
-
D. For ClearPass to send a TACACS+ request to the NAD device.
-
E. For appending to the Web Login URL, afer the page name.
Frage 44
Frage
Below is a screenshot of a Captve Portal Authentcaton profle inside the Aruba Controllers
Which feld would you change so that guest users are redirected to the ClearPass Captve Portal when they connect to
the Guest SSID?
Frage 45
Frage
Below is an extract from the Web Login Page confguraton in ClearPass Guests
What is the purpose of the Pre-Auth Check?
Antworten
-
A. To authentcate users before they launch the Web Login Page.
-
B. To authentcate users before ClearPass sends the credentals to the NAD device.
-
C. To authentcate users afer the NAD device sends an authentcaton request to ClearPass.
-
D. To replace the need for the NAD to send an authentcaton request to ClearPass.
-
E. To re-authentcate users when they're roaming from one NAD to another.
Frage 46
Frage
Below is an Enforcement Profle that has been created in the Policy Managers
What is the acton that is taken by this Enforcement Profle?
Antworten
-
A. ClearPass will count down 600 seconds and send a RADIUS CoA message to the NAD device to end the user's session afer this tme is up.
-
B. ClearPass will send the Session-Timeout atribute in the RADIUS Access-Accept packet to the User and the user's session will be terminated afer 600 seconds.
-
C. ClearPass will send the Session-Timeout atribute in the RADIUS Access-Accept packet to the NAD device and the NAD will end the user's session afer 600 seconds.
-
D. ClearPass will send the Session-Timeout atribute in the RADIUS Access-Request packet to the NAD device and the NAD will end the user's session afer 600 seconds.
Frage 47
Frage
Below is a screenshot of a client connectng to a Guest SSIDs
Based on the image shown above, which of the following best describes the client's state?
Antworten
-
A. The client authentcated through the web login page frst before it was able to obtain an IP address.
-
B. The client does not have an IP address, but they have authentcated through the web login page.
-
C. The client does not have an IP address because they have not authentcated through the web login page yet.
-
D. We can't tell from the image above.
Frage 48
Frage
A Bank would like to deploy ClearPass Guest with web login authentcaton so that their customers can self-register on
the network to get network access when they have meetngs with Bank Employees. However, they're concerned about security.
Which of the following is true? (Choose 3)
Antworten
-
A. During web login authentcaton, if HTTPS is used for the web login page, guest credentals will be encrypted.
-
B. If HTTPS is used for the web login page, afer authentcaton is completed guest Internet trafc will all be encrypted as well.
-
C. If HTTPS is used for the web login page, afer authentcaton is completed some guest Internet trafc may be unencrypted.
-
D. Afer authentcaton, an IPSEC VPN on the guest's client can be used to encrypt Internet trafc.
-
E. HTTPS should never be used for Web Login Page authentcaton.
Frage 49
Frage
A Hospital would like to deploy ClearPass Guest for friends and relatves of patents to access the Internet. They
would like patents to be able to access an internal webpage on the intranet where they can view patent informaton.
However, other guests should not have access to this page.
Which of the following is true? (Choose 2)
Antworten
-
A. The NAD device will be firewalling users to block Intranet trafc.
-
B. ClearPass will be frewalling users to block Intranet trafc.
-
C. It's necessary for us to have two separate web login pages due to the diferent access requirements of patents and guests.
-
D. We will need to confgure diferent Enforcement actons for patents and guests in the service.
-
E. Both the NAD and Clearpass would have to frewall users to block trafc.
Frage 50
Frage
Below is a screenshot of a self-registraton receipts
Which of the following is true?
Antworten
-
A. Expiraton tme for guest accounts can be modifed by the visitor.
-
B. Receipt Actons such as 'Download account details' cannot be modifed in the self-registraton editor.
-
C. Company Name feld cannot be removed from the registraton page using the self-registraton editor.
-
D. The user will only be able to login between the Actvaton and Expiraton tme.
-
E. The user must be logged in before they can use the 'Download account details' link.
Frage 51
Frage
A company deployed the guest Self-registraton with Sponsor Approval workfow for their guest SSID. The administrator logs into the Policy Manager and sees the following in the Guest User Repositorys
What can you conclude from the above? (Choose 2)
Antworten
-
A. The guest has submited the registraton form.
-
B. The guest has not submited the registraton form yet.
-
C. The sponsor has confrmed the guest account.
-
D. The sponsor has not confrmed the guest account yet.
-
E. The user's account is actve.
Frage 52
Frage
Refer to the screenshot below of a MAC Caching enforcement policys
Which of the following is true?
Antworten
-
A. Only a user with Controller role of [Guest] will be allowed to authentcate
-
B. Only a user with Clearpass role of [Guest] and that has authentcated using the web login page less than 5 minutes ago, will have their MAC authentcaton succeed
-
C. Only a user with Clearpass role of [Guest] and that has authentcated using the web login page more than 5 minutes ago, will have their MAC authentcaton succeed
-
D. Only a user whose last MAC authentcaton was less than 5 minutes ago, will have their MAC authentcaton succeed
Frage 53
Frage
Refer to the screenshot belows
Which of the following is true of the MAC-Guest-Check SQL query authorizaton source?
Antworten
-
A. It's used to check if the MAC address status is known in the endpoints table
-
B. It's used to check if the guest account has expired
-
C. It's used to check if the MAC address status is unknown in the endpoints table
-
D. It's used to check how long it's been since the last web login authentcaton
-
E. It's used to check if the MAC address is in the MAC Caching repository
Frage 54
Frage
Refer to the screenshot belows
Why is the Insight Repository used as an authorizaton source for this MAC authentcaton service?
Antworten
-
A. To check how long ago the last web login authentcaton was done
-
B. To check how many sessions ago the last web login authentcaton was done
-
C. To check how long ago the last MAC authentcaton was done
-
D. To run a report when the user authentcates
-
E. To validate the user's MAC address against the endpoints table
Frage 55
Frage
Below is a screenshot of a client's laptops
What would you expect to happen next?
Antworten
-
A. The web login page will be displayed.
-
B. The user will be presented with a self-registraton receipt.
-
C. The NAD device will send an authentcaton request to ClearPass.
-
D. The client will send a NAS authentcaton request to ClearPass.
-
E. Clearpass will send a NAS authentcaton request to the NAD device.
Frage 56
Frage
Below is a screenshot of a user logged in to the Self-Service Portals
Notce the trafc received and trafc sent statstcs. Which of the following is true?
Antworten
-
A. These show the total amount of trafc the guest transmited afer account expiraton, as seen through RADIUS accountng messages sent from the NAD to ClearPass.
-
B. These show the total amount of trafc the guest transmited, as seen through RADIUS accountng messages sent from the NAD to ClearPass.
-
C. These show the total amount of trafc the NAD transmited to ClearPass, as seen through RADIUS accounting messages from the NAD to ClearPass.
-
D. These show the total amount of trafc the guest transmited, as seen through RADIUS CoA packets from the NAD to ClearPass.
Frage 57
Frage
An administrator enabled the Pre-auth check for their guest self-registraton. At what stage in the registraton process
is this check performed?
Antworten
-
A. Before the user self-registers.
-
B. Afer the user self-registers; before the user logs in.
-
C. Afer the user logs in; before the NAD sends an authentcaton request.
-
D. Afer the user logs in; afer the NAD sends an authentcaton request.
-
E. When a user is re-authentcatng to the network.
Frage 58
Frage
A hotel chain recently deployed ClearPass Guest. A guest enters the hotel and connects to the Guest SSID. They launch
their web browser and type in www.google.com, but they're unable to immediately see the web login page.
Which of the following could be causing this? (Choose 2)s
Antworten
-
A. The DNS server is not replying with an IP address for www.google.com.
-
B. The guest is using a Linux laptop which doesn't support web login.
-
C. The ClearPass server has a server certfcate issued by Verisign.
-
D. The ClearPass server has a server certfcate issued by the internal Microsof Certfcate Server.
-
E. The ClearPass server does not recognize the client's certfcate.
Frage 59
Frage
Refer to the screenshot below of a MAC Caching services
A guest connects to the Guest SSID and authentcates successfully using the guest.php web login page. Which of the
following is true?
Antworten
-
A. Their MAC address will be visible in the Endpoints table with Known Status.
-
B. Their MAC address will be visible in the Endpoints table with Unknown Status.
-
C. Their MAC address will be visible in the Guest User Repository with Known Status.
-
D. Their MAC address will be visible in the Guest User Repository with Unknown Status.
-
E. Their MAC address will be deleted from the Endpoints table.
Frage 60
Frage
A company implemented the Self-Registraton with Sponsor Approval workfow for their Guest SSID. A guest connects
to the Guest SSID, then self-registers. They see the following on their client devices
Which of the following is true?
Antworten
-
A. The Sponsor approved the guest already.
-
B. The Sponsor has not approved the guest yet.
-
C. A confrmaton email was sent to the sponsor at limdir@gmail.com.
-
D. A guest registraton receipt was sent to p1t3@arubaclass.com.
-
E. The guest is ready to login using their username and password.
Frage 61
Frage
Refer to the screenshot below outlining a guest Self-Registraton with Sponsor Approval workfows
At which stage is an email request sent to the sponsor?
Antworten
-
A. Afer 'Redirects (1)'
-
B. Afer 'Submit form (3)'
-
C. Afer 'Login Message page (5)'
-
D. Afer 'Automated NAS login (6)'
-
E. Afer 'Guest Role (7)'
Frage 62
Frage
What are these RADIUS atributes used for in the Aruba RADIUS dictonary shown here?
Antworten
-
A. To send informaton via RADIUS packets to clients.
-
B. To send informaton via RADIUS packets to Aruba NADs.
-
C. To gather informaton about Aruba NADs for ClearPass.
-
D. To gather and send Aruba NAD informaton to ClearPass.
-
E. To send CoA packets from Clearpass to the Aruba NAD.
Frage 63
Frage
Describe the purpose of the Aruba TACACS+ dictonary as shown heres
Antworten
-
A. The Aruba-Admin-Role atribute is used to assign diferent privileges to clients during 802.1X authentcaton.
-
B. The Aruba-Admin-Role atribute is used by ClearPass to assign TIPS roles to clients during 802.1X authentcaton.
-
C. The Aruba-Admin-Role atribute is used to assign diferent privileges to administrators logging into an Aruba NAD device.
-
D. The Aruba-Admin-Role atribute is used to assign diferent privileges to administrators logging into ClearPass.
-
E. The Aruba-Admin-Role on the controller is applied to users using TACACS+ to login to the Policy Manager.
Frage 64
Frage
Which of the following CLI commands is used to upgrade the image of a ClearPass server?
Antworten
-
A. Upgrade image
-
B. System upgrade
-
C. Upgrade sofware
-
D. Reboot
-
E. System update
Frage 65
Frage
Which of the following statements is true about the skin plugins in ClearPass guest?
Antworten
-
A. Skins are created by Aruba Professional Services.
-
B. Skins allow additon of content items to web login pages.
-
C. Skins are used to create hotspot login pages.
-
D. Skins are used to create Onboard registraton pages.
-
E. Skins allow customers to implement advertsing.
Frage 66
Frage
What does a client need for it to perform EAP-TLS successfully? (Choose 2)
Antworten
-
A. Username and Password
-
B. Client Certfcate
-
C. Pre-shared key
-
D. Certfcate Authority
-
E. Server Certfcate
Frage 67
Frage
Refer to the screenshot in the diagram below, which illustrates a confguraton of a Windows 802.1X supplicant for
EAP-PEAP authentcaton.
In a deployment, which certfcate would you select under the 'Trusted root certfcaton authority' secton?
Antworten
-
A. The server certfcate
-
B. The client certfcate
-
C. The root CA self-signed certfcate
-
D. The root CA certfcate signed by the client
-
E. The client certfcate signed by the root CA
Frage 68
Frage
Refer to the screenshot in the diagram below, which illustrates the confguraton of a Windows 802.1X supplicant.
What will selectng 'Validate server certfcate' do?
Antworten
-
A. The client will send its certfcate to the server for verifcaton.
-
B. The server will send its private key to the client for verifcaton.
-
C. The server and client will perform an HTTPS SSL certfcate exchange.
-
D. The client will verify the server certfcate against a trusted CA.
-
E. The client will send its private key to the server for verifcaton.
Frage 69
Frage
Refer to the screenshot in the diagram below, which illustrates the confguraton of a Windows 802.1X supplicant.
If 'Automatcally use my Windows logon name and password' are selected, which of the following is true?
Antworten
-
A. The client's Windows login username and password will be sent in a EAP frame to the Authentcaton Server.
-
B. The client's Windows login username and password will be sent in a RADIUS Accountng frame to the
Authentication server.
-
C. The client will need to re-authentcate every tme they connect to the network.
-
D. The client's Windows logon name and password will be sent via a TACACS+ frame to the authentcaton server.
-
E. The client will prompt the user to enter the logon username and password.
Frage 70
Frage
What does a client need for it to perform EAP-PEAP successfully, if 'Validate Server Certfcate' is not enabled?
Antworten
-
A. Username and Password
-
B. Client Certfcate
-
C. Pre-shared key
-
D. Certfcate Authority
-
E. Server Certfcate
Frage 71
Frage
What is RADIUS CoA used for?
Antworten
-
A. To authentcate users or devices before grantng them access to a network.
-
B. To force the client to re-authentcate upon roaming to a new Controller.
-
C. To apply frewall policies based on authentcaton credentals.
-
D. To validate a host MAC against a white and a black list.
-
E. To transmit messages to the NAD/NAS to modify a user's session status.
Frage 72
Frage
What are Operator Profles used for?
Antworten
-
A. To assign ClearPass roles to guest users.
-
B. To enforce role based access control for ClearPass Guest operator users.
-
C. To enforce role based access control for ClearPass Policy Manager admin users.
-
D. To map AD atributes to admin privilege levels in ClearPass Guest.
-
E. To enforce role based access control for Aruba Controllers.
Frage 73
Frage
Refer to the screen capture belows
Based on the Translaton Rule confguraton shown above, which of the following statements is true?
Antworten
-
A. A user from group MatchAdmin will be assigned the operator profle of IT Administrators.
-
B. All actve directory users will be assigned the operator profle of IT Administrators.
-
C. All admin users will be assigned the operator profle of IT Administrators.
-
D. A user from group Administrators will be assigned the operator profle of IT Administrators.
-
E. This translaton rule is not valid for Actve Directory administrators.
Frage 74
Frage
Which of the following steps are required to use ClearPass as a TACACS+ Authentcaton server for a network device?
(Choose 2)
Antworten
-
A. Confgure the ClearPass Policy Manager as an Authentcaton server on the network device.
-
B. Confgure ClearPass roles on the network device.
-
C. Confgure RADIUS Enforcement Profle for the desired privilege level.
-
D. Confgure TACACS Enforcement Profle for the desired privilege level.
-
E. Enable RADIUS accountng on the NAD device.
Frage 75
Frage
Which of the following is FALSE?
Antworten
-
A. Actve Directory can be used as the authentcaton source to process TACACS+ authentcaton requests coming to Clearpass from NAD devices
-
B. Actve Directory can be used as the authentcaton source to process Clearpass Guest Admin Access
-
C. TACACS+ authentcaton requests received by Clearpass are always forwarded to a Windows Server that can handle these requests
-
D. TACACS+ authentcaton requests from NAD devices to Clearpass are processed by a TACACS+ service
-
E. The local user repository in Clearpass can be used as the authentcaton source for TACACS+ services
Frage 76
Frage
Which of the following is NOT a functon of ClearPass Onboard?
Antworten
-
A. Confgure network setngs
-
B. Provision device credentals
-
C. Remote wipe & control
-
D. Revoke device credentals
-
E. Provisioning of VPN Setngs
Frage 77
Frage
Which of the following devices support Apple over-the-air provisioning? (Choose 2)
Frage 78
Frage
Refer to the screenshot belows
At which stage of the onboard process is workspace installed?
Frage 79
Frage
Which of the following is true? (Choose 2)
Antworten
-
A. Mobile Device Management is used to control device usage post-onboarding
-
B. Mobile Device Management is an applicaton container that is used to provision work applicatons
-
C. Mobile Device Management cannot be deployed without Workspace
-
D. 3rd party Mobile Device Management solutons can be integrated with Clearpass
-
E. Mobile Device Management cannot do remote wipes of devices without workspace being installed
Frage 80
Frage
Which of the following statements is true about certificate revocation?
Antworten
-
A. Onboard cannot revoke device certfcates.
-
B. Revoked certfcates are automatcally deleted from Certfcate Management.
-
C. When a certfcate is revoked, OCSP checks for certificate validity will fail.
-
D. A revoked certfcate becomes valid again afer 24 hours.
-
E. Certfcates can only be revoked once they expire.
Frage 81
Frage
Which of the following statements is true about Certfcate Authorites in ClearPass Onboard?
Antworten
-
A. ClearPass cannot operate as a root CA.
-
B. The root CA needs to be connected to the network to perform CRL checks.
-
C. ClearPass Onboard CA is always confgured as an Intermediate CA that is part of an Enterprise PKI.
-
D. ClearPass Onboard CA can operate either as a root CA, or as an Intermediate CA.
-
E. Clearpass cannot operate as an intermediate CA.
Frage 82
Frage
Refer to the screenshot belows
Based on the above confguraton, which of the following statements is true?
Antworten
-
A. ClearPass is confgured as a Root CA.
-
B. ClearPass is confgured as the Intermediate CA.
-
C. ClearPass has an expired server certfcate.
-
D. The arubatraining-REMOTELABSERVER-CA will issue client certfcates during Onboarding.
-
E. This is not a valid trust chain since the arubatraining-REMOTELABSERVER-CA has a self-signed certfcate.
Frage 83
Frage
What is the certfcate format PKCS #7, or .p7b, used for?
Antworten
-
A. Certfcate chain
-
B. Certfcate Signing Request
-
C. Certfcate with an encrypted private key
-
D. Binary encoded X.509 certfcate
-
E. Binary encoded X.509 certfcate with public key
Frage 84
Frage
Refer to the screenshot belows
This authentcaton method is applied to a service processing EAP-TLS authentcatons. Which of the following is FALSE?
Antworten
-
A. Devices with revoked certfcates will not be allowed access
-
B. Devices with deleted certfcates will not be allowed access
-
C. Devices will perform OCSP check to their laptop's localhost OCSP server
-
D. Devices will perform OCSP check with Clearpass
Frage 85
Frage
Refer to the screenshot belows
Which of the following statements is correct regarding the above confguraton for the private key? (Choose 2)
Antworten
-
A. The private key is stored in the user device.
-
B. The private key is stored in the ClearPass server.
-
C. More bits in the private key will reduce security, hence smallest private key size is used.
-
D. More bits in the private key will increase the processing tme, hence smallest private key size is used.
-
E. The private key for TLS client certfcates is not created.
Frage 86
Frage
Refer to the screen capture belows
An employee connects a corporate laptop to the network and authentcates for the frst tme using EAP-TLS. Based on
the above Enforcement Policy confguraton, what Enforcement Profle will be sent in this scenario?
Antworten
-
A. Deny Access Profle
-
B. Onboard Post-Provisioning - Aruba
-
C. Onboard Pre-Provisioning – Aruba
-
D. Cannot be determined
-
E. Onboard Device Repository
Frage 87
Frage
An Android device goes through the single-ssid onboarding process and successfully connects using EAP-TLS to the secure network. What is the order in which services are triggered?
Antworten
-
A. Onboard Provisioning, Onboard Authorizaton
-
B. Onboard Provisioning, Onboard Authorizaton, Onboard Provisioning
-
C. Onboard Authorizaton, Onboard Provisioning
-
D. Onboard Authorizaton, Onboard Provisioning, Onboard Authorizaton
-
E. Onboard Provisioning
Frage 88
Frage
Which of the following is TRUE of dual-SSID onboarding?
Antworten
-
A. The device connects to the secure SSID for provisioning
-
B. The Onboard Authorizaton service is triggered when the user connects to the secure SSID
-
C. The Onboard Provisioning service is triggered when the user connects to the Provisioning SSID
-
D. The Onboard Authorizaton service is triggered during the Onboarding process
-
E. The Onboard Authorizaton service is never triggered
Frage 89
Frage
Refer to the screenshot belows
Which of the following statements is correct regarding the above confguraton for 'maximum devices'?
Antworten
-
A. It limits the total number of Onboarded devices connected to the network.
-
B. It limits the total number of devices that can be provisioned by ClearPass.
-
C. It limits the number of devices that a single user can Onboard.
-
D. It limits the number of devices that a single user can connect to the network.
-
E. With this setng, the user cannot Onboard any devices.
Frage 90
Frage
Which of the following device types support Exchange ActveSync confguraton with Onboard?
Antworten
-
A. Windows laptop
-
B. Apple iOS device
-
C. Android device
-
D. Mac OS X device
-
E. Linux Laptop
Frage 91
Frage
Which of the following authentcaton protocols can be used for authentcatng Windows clients that are Onboarded?
(Choose 2)
Antworten
-
A. PEAP with MSCHAPv2
-
B. EAP-GTC
-
C. EAP-TLS
-
D. PAP
-
E. CHAP
Frage 92
Frage
Refer to the screenshot belows
Which of the following statements is true regarding the above confguraton for network setngs? (Choose 2)
Antworten
-
A. Onboarded devices will connect to Employee_Secure SSID afer provisioning.
-
B. Onboarded devices will connect to secure_emp SSID afer provisioning.
-
C. Users will connect to Employee_Secure SSID for provisioning their devices.
-
D. Users must enter a Pre-shared key to connect to the network.
-
E. Users will do 802.1X authentcaton when connectng to the SSID.
Frage 93
Frage
In single SSID onboarding, which of the following methods can be used in the Enforcement Policy to distnguish between a provisioned device and a device that has not gone through the Onboard workfow?
Antworten
-
A. Authentcaton Method used
-
B. Network Access Device used
-
C. Endpoint OS Category
-
D. OnGuard Agent used
-
E. Actve Directory Atributes
Frage 94
Frage
Refer to the screen capture belows
Based on the Enforcement Policy confguraton shown in the capture, what Enforcement Profle will an employee connectng an iOS device to the network for the frst tme receive using EAP-PEAP?
Antworten
-
A. Deny Access Profle
-
B. Onboard Post-Provisioning - Aruba
-
C. Onboard Pre-Provisioning – Aruba
-
D. Cannot be determined
-
E. Onboard Device Repository
Frage 95
Frage
A Search was performed using Insight and the following is displayeds
What could be a possible reason for the ErrorCode 'Failed to classify request to service' shown above?
Antworten
-
A. The user failed authentcaton.
-
B. ClearPass couldn't match the authentcaton request to a service, but the user passed authentcaton.
-
C. ClearPass service rules were not confgured correctly.
-
D. ClearPass service authentcaton sources were not confgured correctly.
-
E. The NAD device didn't send the authentcaton request.
Frage 96
Frage
Which of the following is NOT a functon of ClearPass Insight?
Frage 97
Frage
A report is confgured as follows:
What type of records will this report display?
Antworten
-
A. All successful RADIUS authentcatons through ClearPass.
-
B. All failed RADIUS authentcatons through ClearPass.
-
C. All successful RADIUS authentcatons from the 10.8.10.100 NAD device to ClearPass.
-
D. All RADIUS authentcatons from the 10.8.10.100 NAD device to ClearPass.
Frage 98
Frage
Refer to the screen capture. The following is seen in the Licensing tab of the Publisher afer a cluster has been formed between a publisher (192.168.0.53) and subscriber (192.168.0.54)s
What is the maximum number of clients that can be Onboarded on the subscriber node?
Antworten
-
A. 1000
-
B. 550
-
C. 25
-
D. 525
-
E. 500
Frage 99
Frage
A guest self-registered through a Publisher's Register page. Which of the following will occur?
Antworten
-
A. The guest's account will be stored in the Publisher's guest user repository, but not the Subscriber's.
-
B. The guest's account will be stored in both the Publisher's guest user repository and the Subscriber's guest user repository.
-
C. The guest's account will be stored in the Publisher's local user repository and the Subscriber's guest user repository.
-
D. The guest's account will be stored in the Publisher's guest user repository and the Subscriber's Onboard user repository.
-
E. The guest's account will ONLY be stored in the Publisher's guest user repository.
Frage 100
Frage
Below is a network topology diagrams
How many clusters are needed for this deployment?
Frage 101
Frage
A Publisher node in a cluster goes down and Subscribers are no longer able to reach the publisher. Which of the
following is true? (Choose 2).
Antworten
-
A. Users authentcating with the Publisher node contnue to authentcate.
-
B. Users authentcating with the Subscriber nodes are no longer able to authentcate.
-
C. Users authentcatng with the Publisher node are no longer able to authentcate.
-
D. Users authentcating with the Subscriber nodes contnue to authentcate.
-
E. No users can authentcate to either the Publisher or Subscriber nodes.
Frage 102
Frage
Which of the following statements is true about the Clearpass hardware appliances?
Antworten
-
A. DHCP can be used to assign IP addresses to management and data ports.
-
B. Both Management and Data Ports must be confgured.
-
C. Clearpass has a default management IP of 172.16.0.254.
-
D. Only statc IP addresses are allowed on the management and data ports.
-
E. The maximum number of devices supported is 5000.
Frage 103
Frage
UDP Port 3799 is used for RADIUS CoA (RFC 3576). This port has been blocked by a frewall between a NAD device and ClearPass. Which of the following is true?
Antworten
-
A. RADIUS Authentcatons will fail since the NAD won't be able to reach the ClearPass server.
-
B. RADIUS Authentcatons will not happen since the NAD won't be able to reach the ClearPass server.
-
C. RADIUS Authentcaton will succeed, but Post-Authentcaton Disconnect-Requests from ClearPass to the Controller will not be delivered.
-
D. RADIUS Authentcaton will succeed, but RADIUS Access-Accept messages from ClearPass to the Controller for Change of Role will not be delivered.
-
E. During RADIUS authentcaton, certfcate exchange between the NAD and Clearpass will fail.
Frage 104
Frage
What is the purpose of the Serial Port in the ClearPass appliance?
Antworten
-
A. To connect 2 ClearPass servers together in a cluster.
-
B. To connect a ClearPass server to a Network Access Device.
-
C. For administrators to confgure the ClearPass appliance using the command line.
-
D. For administrators to confgure the ClearPass appliance using the WebUI.
-
E. For administrators to access Clearpass using SSH.
Frage 105
Frage
Which of the following is true about Data and Management ports on the ClearPass appliance? (Choose 2)
Antworten
-
A. Confguraton of the data port is optional.
-
B. Confguraton of the data port is mandatory.
-
C. Confguraton of the management port is optional.
-
D. Confguraton of the management port is mandatory.
-
E. Statc IP addresses are only allowed on the management port.
Frage 106
Frage
Shown here is a AAA profle in the Aruba Controller.
According to the confguraton shown here, what would we expect to see in the ClearPass Policy Manager?
Antworten
-
A. RADIUS accountng start-stop messages
-
B. RADIUS interim accountng messages
-
C. RADIUS interim & start-stop messages
-
D. No accountng messages will be seen
-
E. RADIUS accountng messages will be sent from the Client to the Controller
Frage 107
Frage
Shown here is an Aruba Instant confguraton screenshot
What is the purpose of enabling the 'Dynamic RADIUS proxy' feature?
Antworten
-
A. The Instant AP will proxy all RADIUS Access-Requests sent to it from clients and will forward these to ClearPass.
-
B. The Instant AP will send a RADIUS Access-Reject packet to other Instant APs in the cluster if credentals are incorrect, to reduce the number of RADIUS requests sent to ClearPass
-
C. All Instant APs in the cluster will use the Virtual Controller IP as the Source IP for RADIUS requests.
-
D. All Instant APs in the cluster will use the Virtual Controller IP as the Destnaton IP for RADIUS requests.
-
E. The Instant AP will proxy all RADIUS Access-Requests sent to it from Clearpass and will forward these to the clients.
Frage 108
Frage
What must be confgured to enable RADIUS authentcaton with Clearpass on a network access device (NAD)? (Choose 2)
Antworten
-
A. An NTP server needs to be set up on the NAD.
-
B. A bind username and bind password must be provided.
-
C. A shared secret must be confgured on the Clearpass server and NAD.
-
D. The Clearpass server must have the network device added as a valid NAD.
-
E. The Clearpass server certfcate must be installed on the NAD.
Frage 109
Frage
Refer to the diagram below.
In which of the following scenarios will ClearPass select the Policy Service named 'Test device group'?
Antworten
-
A. If an end user IP address is part of the device group HQ.
-
B. If the IP address of the NAD device is part of the device group HQ.
-
C. If the ClearPass IP address is part of the device group HQ.
-
D. If the client's NAD IP address is part of the device group HQ.
-
E. If the client's Network Authentcaton Distributon server's IP address belongs to device group HQ.
Frage 110
Frage
In the screenshot shown here of the Local User repository in ClearPass,
what Aruba User Role will be assigned to "mike" when he authentcates?
Frage 111
Frage
Which of the following ways are used by Clearpass to assign roles to the client? (Choose 2)
Antworten
-
A. Through a role mapping policy.
-
B. Roles can be derived from the Aruba Network Access Device.
-
C. From the atributes confgured in Actve Directory.
-
D. From the atributes confgured in a Network Access Device.
-
E. From the server derivaton rule in the Aruba Controller server group for the client.
Frage 112
Frage
Refer to the screen capture belows
If a user from the department "Product Management" connects on Monday to a NAD device that belongs to the Device Group HQ, what role is assigned to the user in Clearpass?
Antworten
-
A. Executve
-
B. HR Local
-
C. Employee
-
D. Guest
-
E. Linux Hosts
Frage 113
Frage
Refer to the screen capture below
If a user from the department "HR" connects on Monday using their Windows Laptop to a switch that belongs to the Device Group HQ, what role is assigned to the user in Clearpass?
Antworten
-
A. Executve
-
B. HR Local
-
C. Employee
-
D. Guest
-
E. Vendor
Frage 114
Frage
Refer to the screen capture below
If a user from the department "HR" connects on Monday to a switch that belongs to the Device Group Remote NAD, what roles are assigned to the user in Clearpass? (Choose 2)
Antworten
-
A. Executve
-
B. Remote Employee
-
C. iOS Device
-
D. Guest
-
E. HR Local
Frage 115
Frage
Refer to the screen capture below
If a user from the department "QA" authentcates from a laptop running MAC OS X, what role is assigned to the user in Clearpass?
Antworten
-
A. iOS Device
-
B. Remote Employee
-
C. HR Local
-
D. Guest
-
E. Executve
Frage 116
Frage
Which of the following statements is NOT true about the confguraton of Actve Directory (AD) as an External Authentcaton Server in Clearpass?
Antworten
-
A. Clearpass should join the AD domain when PEAP and MSCHAPv2 are used as the authentcaton type.
-
B. The bind DN for an AD can be in the administrator@domain format.
-
C. Clearpass cannot be a member of more than one AD domain.
-
D. The list of atributes fetched from the AD can be customized.
-
E. Clearpass nodes in a cluster can join diferent AD domains.
Frage 117
Frage
Which of the following statements is NOT true about the confguraton of a generic LDAP server as an External Authentcaton Server in Clearpass?
Antworten
-
A. The bind DN can be in the administrator@domain format.
-
B. The list of atributes fetched from an LDAP server can be customized.
-
C. An LDAP Browser can be used to search the Base DN.
-
D. Multple LDAP servers cannot be confgured as authentcaton sources.
-
E. Generic LDAP servers can be used as authentcaton sources.
Frage 118
Frage
Refer to the screen capture belows
What does the Cache Timeout Value refer to?
Antworten
-
A. The amount of tme the Policy Manager caches the user credentals stored in the Actve Directory.
-
B. The amount of tme the Policy Manager caches the user atributes fetched from Actve Directory.
-
C. The amount of tme the Policy Manager waits for a response from the Actve Directory before sending a tmeout message to the Network Access Device.
-
D. The amount of tme the Policy Manager waits for a response from the Actve Directory before checking the backup authentcaton source.
-
E. The amount of tme the Policy Manager caches the user's client certfcate.
Frage 119
Frage
Refer to the screen capture belows
Based on the Atribute confguraton shown above, which of the following statements is true?
Antworten
-
A. Only the atribute values of department and memberOf can be used in role mapping policies.
-
B. Only the atribute values of ttle, telephoneNumber, mail can be used in role mapping policies.
-
C. Only the atribute values of company can be used in role mapping policies.
-
D. The atribute values of department and memberOf are directly applied as ClearPass roles.
-
E. The atribute values of department, ttle, memberOf, telephoneNumber, mail are directly applied as ClearPass roles.
Frage 120
Frage
How is Authorizaton used in a Policy Service? Refer to the diagram belows
Antworten
-
A. It allows us to use atributes stored in databases in role mapping and Enforcement.
-
B. It allows us to use atributes stored in databases in role mapping only, but not Enforcement.
-
C. It allows us to use atributes stored in databases in Enforcement only, but not role mapping.
-
D. It allows us to use atributes stored in external databases for Enforcement, but authorizaton does not use internal databases for reference.
-
E. It allows us to use atributes stored in internal databases for Enforcement, but authorizaton does not use external databases for reference.
Frage 121
Frage
Refer to the following Service confguratons
A user connects for the frst tme to an Aruba access point wireless SSID named "pod8wireless-guest-SSID". The SSID has web login authentcaton with RADIUS MAC authentcaton enabled and ClearPass is the authentcaton server.
The user hasn't yet launched their web browser.
Which service will be triggered?
Frage 122
Frage
Refer to the following Service confguratons
A user connects to an Aruba Access Point wireless SSID named "secure-corporate" and performs an 802.1X authentcaton with ClearPass as the authentcaton server.
Which service will be triggered?
Frage 123
Frage
Refer to the following Authentcaton sources confguratons
Which of the following scenarios is true for the above confguraton?
Antworten
-
A. If the user is not found in the local user repository a reject message is sent back to the NAD device.
-
B. If the user is not found in the local user repository a tmeout message is sent back to the NAD device.
-
C. If the user is not found in the local user repository and remotelab AD, a reject message is sent back to the NAD device.
-
D. If the user is not found in the local user repository but is present in the remotelab AD, a reject message is sent back to the NAD device.
-
E. If the user is not found in the remotelab AD but is present in the local user repository, a reject message is sent back to the NAD device.
Frage 124
Frage
Which of the following statements is true about the User databases in Clearpass?
Antworten
-
A. Entries in the guest user DB do not expire.
-
B. Custom atributes can be created for entries in the user DB.
-
C. The endpoints table can only be populated by manually adding MAC addresses to the table.
-
D. A Statc host list can only contain a list of IP addresses.
-
E. Entries in the guest user DB cannot be deleted.
Frage 125
Frage
The screenshot below shows various Enforcement profle templates in the Policy Managers
Which of the following best describes when SNMP based Enforcement should be used?
Antworten
-
A. To send a VLAN to an Aruba Controller for a user.
-
B. To send a VLAN to an Aruba Switch for a user.
-
C. To send a VLAN to a NAD device that doesn't support RADIUS atributes.
-
D. To send a VLAN to a NAD device that doesn't support RADIUS authentcaton.
-
E. To send a VLAN to a client device that doesn't support RADIUS authentcaton.
Frage 126
Frage
Refer to the following confguraton for a VLAN Enforcement Policys
Based on the Policy confguraton, if an Engineer connects to the network on Saturday using WEBAUTH authentcaton, what VLAN will be assigned?
Frage 127
Frage
Refer to the following confguraton for a VLAN Enforcement Policys
Based on the Policy confguraton, if an Engineer connects to the network on Saturday using RADIUS authentcaton, what VLAN will be assigned?
Frage 128
Frage
Refer to the following confguraton for a VLAN Enforcement Policys
Based on the profle confguraton, which of the following VLANs will be assigned to the user when this profle is used?
Antworten
-
A. VLAN 13
-
B. VLAN 6
-
C. VLAN 10
-
D. VLAN 1
-
E. VLAN 10800
Frage 129
Frage
Refer to the following confguraton for a VLAN Enforcement Policys
Which of the following statements is true for the above confguraton?
Antworten
-
A. This profle will be applied to requests coming from an end user in the Device Group HQ.
-
B. This profle will be applied to requests coming from a Network Access Device in the Device Group HQ.
-
C. The profle will be applied to requests processed by a ClearPass appliance in Device Group HQ.
-
D. This profle will be applied to all users.
-
E. This profle will be applied to RADIUS requests that have tmed out afer 10800 seconds.
Frage 130
Frage
Which of the following statements is true about Enforcement Profles in Clearpass?
Antworten
-
A. The Enforcement Profle atribute value needs to match the ClearPass role value for a user.
-
B. Access-control atributes from an Enforcement Profle are returned to the Authentcaton Source.
-
C. Access-control atributes from an Enforcement Profle are returned to the Network Access Device.
-
D. Once created in the service wizard, the Enforcement Profle cannot be modifed.
-
E. Enforcement Profles must use RADIUS dictonary atributes only.
Frage 131
Frage
Which of the following checks are made with OnGuard posture evaluaton in Clearpass? (Choose 3)
Antworten
-
A. Peer-to-peer applicaton checks
-
B. Client role check
-
C. EAP TLS certfcate validity
-
D. Registry keys
-
E. Operatng System version
Frage 132
Frage
Refer to the screen capture belows
Based on the above Enforcement Profle confguraton, which of the following statements is correct?
Antworten
-
A. The Enforcement Profle sends an unhealthy role value to the Network Access Device.
-
B. The Enforcement Profle sends a limited access vlan value to the Network Access Device.
-
C. The Enforcement Profle sends a message to the OnGuard Agent on the client device.
-
D. The Enforcement Profle sends a message to the OnGuard Agent on the Controller.
-
E. A RADIUS CoA message is sent to bounce the client.
Frage 133
Frage
Which of the following types of Posture Token sources are available on Clearpass? (Choose 2)
Antworten
-
A. Posture Policy
-
B. Endpoint Profler
-
C. Microsof NPS Server
-
D. Actve Directory
-
E. Aruba Controller
Frage 134
Frage
Which of the following is NOT a valid type of Posture Token?
Antworten
-
A. Unknown
-
B. Healthy
-
C. Quarantne
-
D. Unhealthy
-
E. Infected
Frage 135
Frage
What does the Posture Token QUARANTINE imply?
Antworten
-
A. The client is compliant. However, there is an update available to remediate the client to HEALTHY state.
-
B. The posture of the client is unknown.
-
C. The client is infected and is a threat to other systems in the network.
-
D. The client is out of compliance.
-
E. The client is out of compliance, but has HEALTHY state.
Frage 136
Frage
Which of the following statements is NOT true about OnGuard? (Choose 2)
Antworten
-
A. It is used to identfy and remove any malware/viruses.
-
B. It is used to ensure that Antvirus/Antspyware programs are running and are up to date as desired.
-
C. It supports both Windows and Mac OS X clients.
-
D. It only supports 802.1X authentcaton.
-
E. It supports both a persistent and web based agent.
Frage 137
Frage
Which of following is true for both the persistent and dissolvable versions of OnGuard? (Choose 2)
Antworten
-
A. Ability to bounce the endpoint
-
B. Auto-remediaton is available
-
C. Gather statement of health informaton for network authorizaton
-
D. Supports Windows, Mac OS X devices
-
E. They need to be installed on the client devices.
Frage 138
Frage
Refer to the screen capture belows
Based on the posture plugin confguraton shown in the above screen, which of the following statements is true?
Antworten
-
A. Check for any antvirus sofware enabled for all versions of Windows OS.
-
B. Check for any antvirus sofware enabled for Windows 7.
-
C. Check for AVG antvirus sofware enabled and is latest for Windows 7.
-
D. It is using the OnGuard dissolvable agent to perform the antvirus/antspyware checks.
-
E. It is using auto remediaton for Windows 7 clients.
Frage 139
Frage
Refer to the screen capture belows
Based on the Posture Policy confguraton shown above, which of the following statements is true?
Antworten
-
A. This Posture Policy can be applied to an 802.1x wired service.
-
B. This Posture Policy checks the health status of devices running Windows, Linux and Mac OS X.
-
C. This Posture Policy can use either the persistent or dissolvable OnGuard agent to obtain the statement of health.
-
D. This Posture Policy checks for presence of a frewall applicaton in Windows devices.
-
E. This Posture Policy checks with a Windows NPS server for posture tokens.
Frage 140
Frage
Refer to the screen capture belows
Based on the Access Tracker output for the user shown above, which of the following statements is true?
Antworten
-
A. A NAP agent was used to obtain the posture token for the user.
-
B. The authentcaton method used is EAP-PEAP.
-
C. A Healthy Posture Token was sent to the Policy Manager.
-
D. A RADIUS-Access-Accept message is sent back to the Network Access Device.
-
E. The Aruba Terminate Session enforcement profle is applied because the posture check failed.