Filters
Question type
Study Flashcards

In single SSID Onboarding, which method can be used in the Enforcement Policy to distinguish between a provisioned device and a device that has not gone through the Onboard workflow?


A) Onguard Agent used
B) Authentication Method used
C) Network Access Device used
D) Active Directory Attributes
E) Endpoint OS Category

F) B) and E)
G) B) and C)

Correct Answer

verifed

verified

Refer to the exhibit. Refer to the exhibit. A guest to the Guest SSID and authenticates successfully using the guest php web login page. Based on the MAC Caching service information shown, which statement about the guest's MAC address is accurate? A) It will be visible in the Guest User Repository with Unknown Status. B) It will be deleted from the Endpoints tables. C) It will be visible in the Guest User Repository with Known Status. D) It will be visible in the Endpoints table with Unknown Status. E) It will be visible in the Endpoints table with Known Status. A guest to the Guest SSID and authenticates successfully using the guest php web login page. Based on the MAC Caching service information shown, which statement about the guest's MAC address is accurate?


A) It will be visible in the Guest User Repository with Unknown Status.
B) It will be deleted from the Endpoints tables.
C) It will be visible in the Guest User Repository with Known Status.
D) It will be visible in the Endpoints table with Unknown Status.
E) It will be visible in the Endpoints table with Known Status.

F) D) and E)
G) C) and D)

Correct Answer

verifed

verified

Refer to the exhibit. Refer to the exhibit. An AD user's department attribute value is configured as Product Management . The user connects on Monday to a NAD that belongs to the Device Group HQ. Which role is assigned to the user in ClearPass? A) Linux User B) Executive C) [Employee] D) [Guest] E) HR Local An AD user's department attribute value is configured as "Product Management". The user connects on Monday to a NAD that belongs to the Device Group HQ. Which role is assigned to the user in ClearPass?


A) Linux User
B) Executive
C) [Employee]
D) [Guest]
E) HR Local

F) A) and E)
G) A) and D)

Correct Answer

verifed

verified

A customer wants to implement Virtual IP redundancy, such that in case of a ClearPass server outage. 802.1x authentications will not be interrupted. The administrator has enabled a single Virtual IP address on two ClearPass servers. Which statement is true? (Choose two.)


A) Both the primary and secondary nodes will respond to authentication requests sent to the Virtual IP address when the primary node is active.
B) The primary node will respond to authentication requests sent to the Virtual IP address when the primary node is active.
C) The NAD should be configured with the primary node IP address for RADIUS authentications on the 802.1x network.
D) A new Virtual IP address should be created for each NAD.
E) The NAD should be configured with the virtual IP address for RADIUS authentications on the 802.1x network.

F) B) and C)
G) All of the above

Correct Answer

verifed

verified

Refer to the exhibit. Refer to the exhibit. What does the Cache Timeout Value refer to? A) The amount of time the Policy Manager caches the user credentials stored in the Active Directory. B) The amount of time the Policy Manager waits for a response from the Active Directory before checking the backup authentication source. C) The amount of time the Policy Manager caches the user attributes fetched from Active Directory. D) The amount of time the Policy Manager waits for response from the Active Directory before sending a timeout message to the Network Access Device. E) The amount of time the Policy Manager caches the user\s client certificate. What does the Cache Timeout Value refer to?


A) The amount of time the Policy Manager caches the user credentials stored in the Active Directory.
B) The amount of time the Policy Manager waits for a response from the Active Directory before checking the backup authentication source.
C) The amount of time the Policy Manager caches the user attributes fetched from Active Directory.
D) The amount of time the Policy Manager waits for response from the Active Directory before sending a timeout message to the Network Access Device.
E) The amount of time the Policy Manager caches the user\s client certificate.

F) A) and B)
G) A) and E)

Correct Answer

verifed

verified

Refer to the exhibit. Refer to the exhibit. An AD user's department attribute is configured as HR . The user connects on Monday using an Android phone to an Aruba Controller that belongs to the Device Group Remote NAD. Which roles are assigned to the user in ClearPass? (Choose two.) A) Remote Employee B) Executive C) Vendor D) iOS Device E) HR Local An AD user's department attribute is configured as "HR". The user connects on Monday using an Android phone to an Aruba Controller that belongs to the Device Group Remote NAD. Which roles are assigned to the user in ClearPass? (Choose two.)


A) Remote Employee
B) Executive
C) Vendor
D) iOS Device
E) HR Local

F) C) and D)
G) B) and C)

Correct Answer

verifed

verified

What is RADIUS CoA (RFC 3576) used for?


A) To force the client to re-authenticate upon roaming to a new Controller.
B) To authenticate users or devices before granting them access to a network.
C) To validate a host address against a whitelist or a blacklist.
D) To transmit messages to the NAD/NAS to modify a user's session status.
E) To apply firewall policies based on authentication credentials.

F) C) and E)
G) C) and D)

Correct Answer

verifed

verified

Refer to the exhibit. Refer to the exhibit. Based on the information, what is the purpose of using [Time Source] for authorization? A) to check how long it has been since the last login authentication B) to check whether the guest account expired C) to check whether the MAC address is in the MAC Caching repository D) to check whether the MAC address status is known in the endpoints table E) to check whether the MAC address status is unknown in the endpoints table Based on the information, what is the purpose of using [Time Source] for authorization?


A) to check how long it has been since the last login authentication
B) to check whether the guest account expired
C) to check whether the MAC address is in the MAC Caching repository
D) to check whether the MAC address status is known in the endpoints table
E) to check whether the MAC address status is unknown in the endpoints table

F) A) and E)
G) A) and D)

Correct Answer

verifed

verified

Refer to the exhibit. Refer to the exhibit. Based on the Enforcement Profile configuration shown, which statement accurately describes what is sent? A) A limited access VLAN value is sent to the Network Access Device. B) A message is sent to the Onguard Agent on the client device. C) An unhealthy role value is sent to the Network Access Device. D) A RADIUS CoA message is sent to bounce the client. E) A RADIUS access-accept message is sent to the Controller. Based on the Enforcement Profile configuration shown, which statement accurately describes what is sent?


A) A limited access VLAN value is sent to the Network Access Device.
B) A message is sent to the Onguard Agent on the client device.
C) An unhealthy role value is sent to the Network Access Device.
D) A RADIUS CoA message is sent to bounce the client.
E) A RADIUS access-accept message is sent to the Controller.

F) A) and D)
G) A) and E)

Correct Answer

verifed

verified

Which checks are made with Onguard posture evaluation in ClearPass? (Choose three.)


A) Operating System version
B) Peer-to-peer application checks
C) EAP TLS certificate validity
D) Client role check
E) Registry keys

F) B) and E)
G) B) and D)

Correct Answer

verifed

verified

Refer to the exhibit. Refer to the exhibit. When configuring a Web Login Page in ClearPass Guest, the information shown is displayed. What is the Address field value 'securelogin.arubanetworks.com' used for? A) For the client to POST the user credentials to the NAD. B) For ClearPass to send a RADIUS request to the NAD. C) For ClearPass to send a TACACS+ request to the NAD. D) For appending to the Web Login URL, after the page name. E) For appending to the Web Login URL, before the page name. When configuring a Web Login Page in ClearPass Guest, the information shown is displayed. What is the Address field value 'securelogin.arubanetworks.com' used for?


A) For the client to POST the user credentials to the NAD.
B) For ClearPass to send a RADIUS request to the NAD.
C) For ClearPass to send a TACACS+ request to the NAD.
D) For appending to the Web Login URL, after the page name.
E) For appending to the Web Login URL, before the page name.

F) C) and D)
G) A) and D)

Correct Answer

verifed

verified

What types of files are stored in the Local Shared Folders database in ClearPass? (Choose two.)


A) Backup Files
B) Posture dictionaries
C) Software image
D) Device fingerprint dictionaries
E) Log files

F) D) and E)
G) All of the above

Correct Answer

verifed

verified

Which statement is true? (Choose two.)


A) Mobile device Management is the result of Onboarding.
B) Third party Mobile Device Management solutions can be integrated with ClearPass.
C) Mobile Device Management is the authentication that happens before Onboarding.
D) Mobile Device Management is an application container that is used to provision work applications.
E) Mobile Device Management is used to control device functions post-Onboarding.

F) C) and D)
G) A) and C)

Correct Answer

verifed

verified

Refer to the exhibit. Refer to the exhibit. A user who is tagged with the ClearPass roles of Role_Engineer and developer, but not testqa, connects to the network with a corporate Windows laptop. Which Enforcement Profile is applied? A) WIRELESS_GUEST_NETWORK B) WIRELESS_CAPTIVE_NETWORK C) WIRELESS_HANDHELD_NETWORK D) WIRELESS_EMPLOYEE_NETWORK A user who is tagged with the ClearPass roles of Role_Engineer and developer, but not testqa, connects to the network with a corporate Windows laptop. Which Enforcement Profile is applied?


A) WIRELESS_GUEST_NETWORK
B) WIRELESS_CAPTIVE_NETWORK
C) WIRELESS_HANDHELD_NETWORK
D) WIRELESS_EMPLOYEE_NETWORK

E) A) and D)
F) A) and C)

Correct Answer

verifed

verified

Refer to the exhibit. Refer to the exhibit. In the Aruba RADIUS dictionary shown, what is the purpose of the RADIUS attributes? A) to send information via RADIUS packets to Aruba NADs B) to gather and send Aruba NAD information to ClearPass C) to send information via RADIUS packets to clients D) to gather information about Aruba NADs for ClearPass E) to send CoA packets from ClearPass to the Aruba NAD In the Aruba RADIUS dictionary shown, what is the purpose of the RADIUS attributes?


A) to send information via RADIUS packets to Aruba NADs
B) to gather and send Aruba NAD information to ClearPass
C) to send information via RADIUS packets to clients
D) to gather information about Aruba NADs for ClearPass
E) to send CoA packets from ClearPass to the Aruba NAD

F) C) and E)
G) None of the above

Correct Answer

verifed

verified

A customer wants to make enforcement decisions during 802.1x authentication based on a client's Onguard posture token. What enforcement profile should be used in the health check service?


A) Quarantine VLAN
B) RADIUS CoA
C) RADIUS Accept
D) RADIUS Reject
E) Full Access VLAN.

F) A) and C)
G) B) and E)

Correct Answer

verifed

verified

B

Refer to the exhibit. Refer to the exhibit. Based on the Posture Policy configuration shown, above, which statement is true? A) This Posture Policy can only be applied to an 802.1x wired service not 802.1x wireless. B) This Posture Policy checks the health status of devices running Windows, Linux and Mac OS X. C) This Posture Policy can use either the persistent or dissolvable Onguard agent to obtain the statement of health. D) This Posture Policy checks for presence of a firewall application in Windows devices. E) This Posture Policy checks with a Windows NPS server for posture tokens. Based on the Posture Policy configuration shown, above, which statement is true?


A) This Posture Policy can only be applied to an 802.1x wired service not 802.1x wireless.
B) This Posture Policy checks the health status of devices running Windows, Linux and Mac OS X.
C) This Posture Policy can use either the persistent or dissolvable Onguard agent to obtain the statement of health.
D) This Posture Policy checks for presence of a firewall application in Windows devices.
E) This Posture Policy checks with a Windows NPS server for posture tokens.

F) B) and E)
G) C) and D)

Correct Answer

verifed

verified

What must be configured to enable RADIUS authentication with ClearPass on a network access device (NAD) ? (Choose two.)


A) The ClearPass server must have the network device added as a valid NAD.
B) The ClearPass server certificate must be installed on the NAD.
C) A matching shared secret must be configured on both the ClearPass server and NAD.
D) An NTP server needs to be set on the NAD.
E) A bind username and bind password must be provided.

F) C) and D)
G) B) and E)

Correct Answer

verifed

verified

Which statement is true about the configuration of a generic LDAP server as an External Authentication server in ClearPass? (Choose three.)


A) Generic LDAP Browser can be used to search the Base DN.
B) An administrator can customize the selection of attributes fetched from an LDAP server.
C) The bind DN can be in the administrator@domain format.
D) A maximum of one generic LDAP server can be configured in ClearPass.
E) A LDAP Browser can be used to search the Base DN.

F) A) and D)
G) B) and D)

Correct Answer

verifed

verified

A,B,E

Refer to the exhibit. Refer to the exhibit. Based on the Enforcement Policy configuration, when a user with Role Engineer connects to the network and the posture token assigned is Unknown, which Enforcement Profile will be applied? A) RestrictedACL B) HR VLAN C) Remote Employee ACL D) [Deny Access Profile] E) EMPLOYEE_VLAN Based on the Enforcement Policy configuration, when a user with Role Engineer connects to the network and the posture token assigned is Unknown, which Enforcement Profile will be applied?


A) RestrictedACL
B) HR VLAN
C) Remote Employee ACL
D) [Deny Access Profile]
E) EMPLOYEE_VLAN

F) A) and E)
G) None of the above

Correct Answer

verifed

verified

D

Showing 1 - 20 of 34

Related Exams

Exam 1

Designing Multi-Site HPE Storage Solutions

148 Questions

Exam 2

HPE Storage Solutions

94 Questions

Exam 3

Configuring HPE GreenLake Solutions

95 Questions

Exam 4

Architecting Advanced HPE Server Solutions

92 Questions

Exam 5

Designing HPE Server Solutions

83 Questions

Exam 6

Delta - Designing HPE Server Solutions

123 Questions

Exam 7

Designing HPE Hybrid IT Solutions

80 Questions

Exam 8

Implementing HPE Composable Infrastructure Solutions

25 Questions

Exam 9

Designing HPE Software-Defined Infrastructure Solutions

43 Questions

Exam 10

Building HPE Hybrid IT Solutions

71 Questions

Exam 11

Designing HPE Nimble Solutions

78 Questions

Exam 12

Using HPE OneView

54 Questions

Exam 13

Selling Aruba Products and Solutions

36 Questions

Exam 14

Designing Aruba Solutions

14 Questions

Exam 16

Aruba Certified ClearPass Professional (ACCP) V6.7

40 Questions

Exam 17

Aruba Certified Mobility Associate Exam

72 Questions

Exam 18

Aruba Certified Mobility Professional Exam

23 Questions

Exam 19

Aruba Certified Switching Associate

98 Questions

Exam 20

Aruba Certified Switching Professional

34 Questions

Exam 21

Aruba Certified Mobility Expert Written Exam

32 Questions

Exam 22

HPE Sales Certified - Aruba Products and Solutions

36 Questions

Show Answer