Copiar y Editar

ACCP

Descripción

Test sobre ACCP, creado por Javier Cortes el 06/10/2018.
Javier Cortes
Test por Javier Cortes, actualizado hace más de 1 año
Javier Cortes
Creado por Javier Cortes hace más de 5 años
68
0
0

Resumen del Recurso

Pregunta 1

Pregunta
Which of the following is a beneft of ClearPass OnGuard?
Respuesta
  • Allows employees and other non-IT staf to create temporary accounts for Wi-Fi access.
  • Ofers an easy way for users to self-confgure their devices to support 802.1X authentcaton on wired and wireless networks.
  • Enables organizatons to run advanced endpoint posture assessments
  • Ofers full self-service provisioning for personal employee owned devices
  • Allows a receptonist in a hotel to create accounts for guest users

Pregunta 2

Pregunta
A customer would like to deploy ClearPass with the following objectvess they have 2000 devices that need to be onboarded, 2000 corporate devices running posture checks daily, and 500 diferent guest users each day authentcatng using the web login feature. Which of the following best describes the license mix that they need to purchase?
Respuesta
  • CP-HW-500, 2500 Clearpass Enterprise
  • CP-HW-5k, 2500 Clearpass Enterprise
  • CP-HW-5k, 4500 Clearpass Enterprise
  • CP-HW-25k, 4500 Clearpass Enterprise
  • CP-HW-25k, 4000 Clearpass Enterprise

Pregunta 3

Pregunta
A customer would like to deploy ClearPass with the following objectvess they have 3000 corporate laptops doing EAPTLS authentcaton daily, 1000 personal smartphone devices that need to be onboarded. The corporate laptops are required to pass a posture check before getng access to the network. Which of the following best describes the license mix that they need to purchase?
Respuesta
  • CP-HW-5k, 1000 Clearpass Enterprise
  • CP-HW-5k, 1000 Onboard, 3000 Onguard
  • CP-HW-25k, 1000 Clearpass Enterprise
  • CP-HW-25k, 1000 Onboard, 3000 Onguard
  • CP-HW-25k, 3000 Onguard

Pregunta 4

Pregunta
A customer would like to deploy ClearPass with the following objectvess Every day, 100 employees authentcate with their corporate laptops using EAP-TLS. Every Friday, there is a meetng with business partners and an additonal 50 devices authentcate using Web Login Guest Authentcaton. Which of the following is correct? (Choose 2)
Respuesta
  • When countng policy manager licenses, they need to include the additonal 50 business partner devices
  • When countng policy manager licenses, they can exclude the additonal 50 business partner devices
  • They should purchase guest licenses
  • They should purchase onboard licenses
  • They should purchase onguard licenses

Pregunta 5

Pregunta
Which licenses are included in the built in Starter kit for Clearpass?
Respuesta
  • 25 ClearPass Policy Manager licenses
  • 25 Clearpass Enterprise licenses
  • 10 ClearPass Guest licenses, 10 ClearPass OnGuard licenses and 10 ClearPass Onboard licenses
  • 25 ClearPass Profler licenses
  • 10 Clearpass Enterprise licenses

Pregunta 6

Pregunta
What is the functon of ClearPass Onboard?
Respuesta
  • Provide guest access for visitors to connect to the network
  • Process authentcaton requests based on policy services
  • Profle devices connectng to the network
  • Provision personal devices to securely connect to the network
  • To allow a windows machine to use machine authentcaton to access the network

Pregunta 7

Pregunta
What is the Onboard license usage based on?
Respuesta
  • Each user connected to the provisioning SSID uses 1 Onboard license.
  • Each user authentcated using the Onboard credental uses 1 Onboard license
  • Each user provisioned using the Onboard process uses 1 Onboard license
  • Each user that has the OnGuard agent downloaded uses 1 Onboard license.
  • Each user that downloads the Onboard applicaton to their iOS device uses 1 Onboard license

Pregunta 8

Pregunta
An employee provisions their personal smart phone using the Onboard process. In additon, they have a corporate laptop given to them by IT that connects to the secure network. How many licenses does the user consume?
Respuesta
  • 1 Policy Manager license, 1 Onboard License
  • 1 Policy Manager license, 1 Guest License.
  • 2 Policy Manager licenses, 1 Onboard License
  • 2 Policy Manager licenses, 2 Onboard Licenses.
  • 1 Policy Manager license, 2 Guest licenses.

Pregunta 9

Pregunta
An employee authentcates using their corporate laptop and runs the dissolvable onguard agent to send a health check back the Policy Manager. Based on the health of the device a VLAN is assigned to the corporate laptop. Which licenses are consumed in this scenario?
Respuesta
  • 1 Policy Manager license, 1 Onboard License
  • 1 Policy Manager license, 1 OnGuard License
  • 2 Policy Manager licenses, 1 OnGuard License
  • 1 Policy Manager license, 1 Profle License
  • 2 Policy Manager licenses, 2 Onguard licenses

Pregunta 10

Pregunta
A customer would like to deploy ClearPass with the following objectvess they have between 2000 to 3000 corporate users that need to authentcate daily using EAP-TLS. They want to allow for up to 1000 employee devices to be onboarded. They would also like to allow up to 100 diferent guest users each day to authentcate using the web login feature. Which of the following best describes the license mix that they need to purchase?
Respuesta
  • CP-HW-5k, 100 Onboard, 100 Guest
  • CP-HW-500, 1000 Onboard, 100 Guest
  • CP-HW-2k, 1000 Onboard, 100 Guest
  • CP-HW-5k, 2500 Enterprise
  • CP-HW-5k, 1000 Enterprise

Pregunta 11

Pregunta
Which of the following statements is true about the Endpoint Profler? (Choose 2)
Respuesta
  • The Endpoint Profler requires the Onboard license to be enabled
  • The Endpoint Profler uses DHCP fngerprintng for device categorizaton
  • Data obtained from the Endpoint Profler can be used in Enforcement Policy
  • The Endpoint Profler can only categorize laptops and desktops
  • Endpoint Profler requires a profling license.

Pregunta 12

Pregunta
Which of the following methods can be used as collectors for device profling? (Choose 2)
Respuesta
  • OnGuard agent
  • Actve Directory Atributes
  • ActveSync Plugin
  • Username and Password
  • Client's role on the controller

Pregunta 13

Pregunta
Refer to the screen capture belows Based upon Endpoint informaton shown here, which collectors were used to profle the device as Apple iPad? (Choose 2)
Respuesta
  • OnGuard Agent
  • HTTP User-Agent
  • DHCP fngerprintng
  • SNMP
  • SmartDevice

Pregunta 14

Pregunta
To setup an Aruba Controller as DHCP relay for device fngerprintng, which of the following IP addresses needs to be confgured?
Respuesta
  • DHCP server IP
  • ClearPass server IP
  • Actve Directory IP
  • Microsof NPS server IP
  • Switch IP

Pregunta 15

Pregunta
What database in the Policy Manager contains the device atributes derived by profling?
Respuesta
  • Local Users Repository
  • Onboard Devices Repository
  • Endpoints Repository
  • Guest User Repository
  • Client Repository

Pregunta 16

Pregunta
Refer to the screen capture belows Based on the Endpoint Profler output shown here, which of the following statements is true?
Image:
Sin Accp1 (binary/octet-stream)
Respuesta
  • The devices have been profled using DHCP fngerprintng.
  • There are 5 devices profled in the Computer Device Category.
  • Apple devices will be profled in the SmartDevice category.
  • There is only 1 Microsof Windows device present in the network.
  • The linux device with MAC address 000c29fd8945 has not been profled.

Pregunta 17

Pregunta
Which of the following conditons can be used for rule creaton of an Enforcement Policy? (Choose 3)
Respuesta
  • System Time
  • Clearpass IP address
  • Posture
  • Switch VLAN
  • Connecton Protocol

Pregunta 18

Pregunta
Refer to the screen capture belows: Based on the Enforcement Policy confguraton, if a user with Role Engineer connects to the network and the posture token assigned is Unknown, what Enforcement Profle will be applied?
Image:
Accp2 (binary/octet-stream)
Respuesta
  • EMPLOYEE_VLAN
  • Remote Employee ACL
  • RestrictedACL
  • Deny Access Profle
  • HR VLAN

Pregunta 19

Pregunta
Based on the Enforcement Policy confguraton, if a user with Role Remote Worker connects to the network and the posture token assigned is quarantne, what Enforcement Profle will be applied?
Image:
Accp3 (binary/octet-stream)
Respuesta
  • EMPLOYEE_VLAN
  • Remote Employee ACL
  • RestrictedACL
  • Deny Access Profle
  • HR VLAN

Pregunta 20

Pregunta
Based on the Enforcement Policy confguraton, if a user connects to the network using an Apple iphone, what Enforcement Profle is applied?
Image:
Accp4 (binary/octet-stream)
Respuesta
  • WIRELESS_CAPTIVE_NETWORK
  • WIRELESS_HANDHELD_NETWORK
  • WIRELESS_GUEST_NETWORK
  • WIRELESS_EMPLOYEE_NETWORK
  • Deny Access

Pregunta 21

Pregunta
A user who is tagged with the ClearPass roles of Role_Engineer and developer, but not testqa, connects to the network with a corporate Windows laptop. What Enforcement Profle is applied?
Image:
Accp5 (binary/octet-stream)
Respuesta
  • WIRELESS_CAPTIVE_NETWORK
  • WIRELESS_HANDHELD_NETWORK
  • WIRELESS_GUEST_NETWORK
  • WIRELESS_EMPLOYEE_NETWORK
  • Deny Access

Pregunta 22

Pregunta
Which of the following components of a Policy Service is mandatory?
Respuesta
  • Enforcement
  • Posture
  • Profler
  • Role Mapping Policy
  • Authorizaton Source

Pregunta 23

Pregunta
Which of the following optons is the correct order of steps of a Policy Service request? 1) Clearpass tests the request against Service Rules to select a Policy Service. 2) Clearpass applies the Enforcement Policy. 3) Negotaton of the Authentcaton Method occurs between the NAD and Clearpass. 4) Clearpass sends the Enforcement Profle atributes to the NAD. 5) NAD forwards authentcaton request to Clearpass.
Respuesta
  • A. 1, 3, 2, 4, 5
  • B. 5, 1, 3, 2, 4
  • C. 5, 1, 3, 4, 2
  • D. 1, 2, 3, 4, 5
  • E. 2, 3, 4, 5, 1

Pregunta 24

Pregunta
Which of the following informaton is NOT required while building a Policy Service for 802.1X authentcaton?
Respuesta
  • A. Network Access Device used
  • B. Authentcaton Method used
  • C. Authentcaton Source used
  • D. Posture Token of the client
  • E. Profling informaton of the client

Pregunta 25

Pregunta
Which of the following components can use Actve Directory authorizaton atributes for the decision-making process? (Choose 2)
Respuesta
  • A. Role Mapping Policy
  • B. Posture Policy
  • C. Enforcement Policy
  • D. Service Rules

Pregunta 26

Pregunta
What informaton can we conclude from the following graph?
Image:
Accp6 (binary/octet-stream)
Respuesta
  • A. This graph represents all authentcaton requests received by Clearpass in one year.
  • B. This graph represents all authentcaton requests received by Clearpass in a day.
  • C. The graph represents all authentcaton requests received by Clearpass in a month.
  • D. Each bar represents total authentcaton requests per minute.
  • E. Each bar represents total authentcaton requests per day.

Pregunta 27

Pregunta
What informaton can we conclude from the above audit row detail? (Choose 2)
Image:
Accp7 (binary/octet-stream)
Respuesta
  • A. radius01 was added as an authentcaton source.
  • B. radius01 was deleted from the list of authentcaton sources.
  • C. The policy service was moved to positon number 3.
  • D. The policy service was moved to positon number 4.
  • E. radius01 was moved to positon number 4.

Pregunta 28

Pregunta
What is the purpose of the Audit Viewer in the Monitoring secton of ClearPass Policy Manager?
Respuesta
  • A. To audit client authentcatons.
  • B. To audit the network for PCI compliance.
  • C. To display the entre confguraton of the ClearPass Policy Manager.
  • D. To display changes made to the ClearPass confguraton.
  • E. To display system events.

Pregunta 29

Pregunta
If the "Alerts" tab in an authentcaton session details tab in Access Tracker shows the following error message "Access denied by policy", what could be a possible cause for authentcaton failure?
Respuesta
  • A. Implementaton of an Enforcement Policy
  • B. Implementaton of a frewall policy
  • C. Failure to categorize the request in a Clearpass service
  • D. Implementaton of a Posture Policy
  • E. Failure to actvate the enforcement policy

Pregunta 30

Pregunta
If a client's authentcaton is failing and there are no entries in the Clearpass's Access Tracker, which of the following is a possible reason for the authentcaton failure?
Respuesta
  • A. The client used a wrong password.
  • B. The user is not found in the database.
  • C. The shared secret between Network Access Device and Clearpass does not match.
  • D. The user account has expired.
  • E. The user's certfcate is invalid.

Pregunta 31

Pregunta
Which of the following statements is true based on the Access Tracker output shown below?
Image:
Accp8 (binary/octet-stream)
Respuesta
  • A. The client wireless profle is incorrectly setup.
  • B. Clearpass does not have a service enabled for MAC authentcaton.
  • C. The client MAC address is not present in the Endpoints table in the Clearpass database.
  • D. The client used incorrect credentals to authentcate to the network.
  • E. The RADIUS client on the Windows server failed to categorize the service correctly.

Pregunta 32

Pregunta
Which of the following are valid policy simulaton types in Clearpass? (Choose 3)
Respuesta
  • A. Role Mapping
  • B. Endpoint Profler
  • C. Authorizaton Atributes
  • D. Chained Simulaton
  • E. Enforcement Policy

Pregunta 33

Pregunta
The screenshot here from the Event Viewer in ClearPass shows an error when a user does an EAP-TLS authentcaton to ClearPass through an Aruba Controller's Wireless Network. What is the cause of this error?
Image:
Accp9 (binary/octet-stream)
Respuesta
  • A. The client has sent an incorrect shared secret for the 802.1X authentcaton.
  • B. The controller has sent an incorrect shared secret for the RADIUS authentcaton.
  • C. The client's shared secret used during the certfcate exchange is incorrect.
  • D. The controller's shared secret used during the certfcate exchange is incorrect.
  • E. The NAS source interface IP is incorrect.

Pregunta 34

Pregunta
Which of the following statements is true about the Policy Simulaton test fgure shown below?
Image:
Accp10 (binary/octet-stream)
Respuesta
  • A. The simulaton test result shows the roles assigned to the client by the Aruba Controller.
  • B. The roles assigned in the result are based on rules matched in the AD Role Mapping Policy.
  • C. The test verifes that a client with username test1 can authentcate using EAP-PEAP.
  • D. Role mapping simulaton verifes if Table6 Wireless service has been confgured correctly.

Pregunta 35

Pregunta
What types of fles are stored in the Local Shared Folders database in Clearpass? (Choose 2)
Respuesta
  • A. Backup Files
  • B. Sofware image
  • C. Log fles
  • D. Generated Reports
  • E. Device fngerprint dictonaries

Pregunta 36

Pregunta
A University wants to deploy ClearPass with the Guest module. They have two types of users that need to use web login authentcaton. The frst type of users are students whose accounts are in their Actve Directory Server. The second type of users are friends of students who need to self-register to access the network. How should the service be setup in the Policy Manager for this Network?
Respuesta
  • A. Create a service with the Guest User Repository as the Authentcaton Source and the Actve Directory Server as the authorizaton source.
  • B. Create a service with the Actve Directory Server as the Authentcaton Source and the Guest User Repository as the authorizaton source.
  • C. Create a service with the Guest User Repository and Actve Directory servers as Authentcaton Sources.
  • D. Create a service with only the Guest user Repository as the authentcaton source, and Guest User Repository and Actve Directory server as authorizaton sources.
  • E. Create a service with the Guest User Repository or Actve Directory server as the single Authentcaton Source.

Pregunta 37

Pregunta
Which of the following use cases will require a ClearPass Guest applicaton license? (Choose 2)
Respuesta
  • A. Sponsor based guest user access
  • B. Employee personal device registraton
  • C. User self registraton for access
  • D. Guest device fngerprintng
  • E. Endpoint health assessment

Pregunta 38

Pregunta
Below is a screenshot of the Guest Role Mapping Policys What is the purpose of this Role Mapping Policy?
Image:
Accp11 (binary/octet-stream)
Respuesta
  • A. To send a frewall role back to the controller based on the Guest User's Role ID.
  • B. To assign Controller roles to guests.
  • C. To display a role name on the Self-registraton receipt page.
  • D. To assign ClearPass roles to guests based on the guest's Role ID as seen during authentcaton.
  • E. To assign all 3 roles of [Contractor], [Guest] and [Employee] to every guest user.

Pregunta 39

Pregunta
An administrator logs in to the Guest module in ClearPass and under 'List Accounts' sees the followings If a user with username kim@mycompany.com tries to access the Web Login page, what would we expect to happen?
Image:
Accp12 (binary/octet-stream)
Respuesta
  • A. The user will not be able to access the Web Login page.
  • B. The user will be able to login and authentcate successfully but they will be immediate disconnected afer.
  • C. The user will not be able to login and authentcate.
  • D. The user will be able to login for the next 4.9 days, but afer this they will not be able to login anymore.

Pregunta 40

Pregunta
Refer to the screenshot belows Based on the above confguraton, which of the following statements is true?
Image:
Accp13 (binary/octet-stream)
Respuesta
  • A. The visitor_phone feld will be visible to operator creatng the account.
  • B. The visitor_phone feld will be visible to the guest users in the web login page.
  • C. The visitor_company feld will be visible to operator creatng the account.
  • D. The visitor_company feld will be visible to the guest users in the web login page.
  • E. The email feld will be visible to guest users on the web login page.

Pregunta 41

Pregunta
Refer to the screenshot belows Based on the above confguraton which of the following statements is true?
Image:
Accp14 (binary/octet-stream)
Respuesta
  • A. Only guest users connectng to SSID Aruba will be allowed access to the network by ClearPass Guest.
  • B. The minimum password length for guest passwords is set to a default value of 8.
  • C. The usernames generated for guest users by Guest Manager will be a combinaton of random numbers.
  • D. The password generated for guest users by Guest Manager will be a combinaton of random numbers.

Pregunta 42

Pregunta
Refer to the screenshot in the diagram below, as seen when confguring a Web Login Page in ClearPass Guests What is the page name feld used for?
Image:
Accp15 (binary/octet-stream)
Respuesta
  • A. For Administrators to access the PHP page, but not guests.
  • B. For Administrators to reference the page only.
  • C. For forming the Web Login Page URL.
  • D. For forming the Web Login Page URL and the page name that guests must confgure on their laptop wireless supplicant.
  • E. For forming the Web Login Page URL where Administrators add guest users.

Pregunta 43

Pregunta
Refer to the screenshot in the diagram below, as seen when a Web Login Page is confgured in ClearPass Guests What is the Address feld value 'securelogin.arubanetworks.com' used for?
Image:
Accp16 (binary/octet-stream)
Respuesta
  • A. For appending to the Web Login URL, before the page name.
  • B. For ClearPass to POST the user credentals to the NAD device.
  • C. For ClearPass to send a RADIUS request to the NAD device.
  • D. For ClearPass to send a TACACS+ request to the NAD device.
  • E. For appending to the Web Login URL, afer the page name.

Pregunta 44

Pregunta
Below is a screenshot of a Captve Portal Authentcaton profle inside the Aruba Controllers Which feld would you change so that guest users are redirected to the ClearPass Captve Portal when they connect to the Guest SSID?
Image:
Accp17 (binary/octet-stream)
Respuesta
  • A. Login Page
  • B. Welcome Page
  • C. Both Login & Welcome Page
  • D. Default Role
  • E. Default Guest Role

Pregunta 45

Pregunta
Below is an extract from the Web Login Page confguraton in ClearPass Guests What is the purpose of the Pre-Auth Check?
Image:
Accp18 (binary/octet-stream)
Respuesta
  • A. To authentcate users before they launch the Web Login Page.
  • B. To authentcate users before ClearPass sends the credentals to the NAD device.
  • C. To authentcate users afer the NAD device sends an authentcaton request to ClearPass.
  • D. To replace the need for the NAD to send an authentcaton request to ClearPass.
  • E. To re-authentcate users when they're roaming from one NAD to another.

Pregunta 46

Pregunta
Below is an Enforcement Profle that has been created in the Policy Managers What is the acton that is taken by this Enforcement Profle?
Image:
Accp19 (binary/octet-stream)
Respuesta
  • A. ClearPass will count down 600 seconds and send a RADIUS CoA message to the NAD device to end the user's session afer this tme is up.
  • B. ClearPass will send the Session-Timeout atribute in the RADIUS Access-Accept packet to the User and the user's session will be terminated afer 600 seconds.
  • C. ClearPass will send the Session-Timeout atribute in the RADIUS Access-Accept packet to the NAD device and the NAD will end the user's session afer 600 seconds.
  • D. ClearPass will send the Session-Timeout atribute in the RADIUS Access-Request packet to the NAD device and the NAD will end the user's session afer 600 seconds.

Pregunta 47

Pregunta
Below is a screenshot of a client connectng to a Guest SSIDs Based on the image shown above, which of the following best describes the client's state?
Image:
Accp20 (binary/octet-stream)
Respuesta
  • A. The client authentcated through the web login page frst before it was able to obtain an IP address.
  • B. The client does not have an IP address, but they have authentcated through the web login page.
  • C. The client does not have an IP address because they have not authentcated through the web login page yet.
  • D. We can't tell from the image above.

Pregunta 48

Pregunta
A Bank would like to deploy ClearPass Guest with web login authentcaton so that their customers can self-register on the network to get network access when they have meetngs with Bank Employees. However, they're concerned about security. Which of the following is true? (Choose 3)
Respuesta
  • A. During web login authentcaton, if HTTPS is used for the web login page, guest credentals will be encrypted.
  • B. If HTTPS is used for the web login page, afer authentcaton is completed guest Internet trafc will all be encrypted as well.
  • C. If HTTPS is used for the web login page, afer authentcaton is completed some guest Internet trafc may be unencrypted.
  • D. Afer authentcaton, an IPSEC VPN on the guest's client can be used to encrypt Internet trafc.
  • E. HTTPS should never be used for Web Login Page authentcaton.

Pregunta 49

Pregunta
A Hospital would like to deploy ClearPass Guest for friends and relatves of patents to access the Internet. They would like patents to be able to access an internal webpage on the intranet where they can view patent informaton. However, other guests should not have access to this page. Which of the following is true? (Choose 2)
Respuesta
  • A. The NAD device will be firewalling users to block Intranet trafc.
  • B. ClearPass will be frewalling users to block Intranet trafc.
  • C. It's necessary for us to have two separate web login pages due to the diferent access requirements of patents and guests.
  • D. We will need to confgure diferent Enforcement actons for patents and guests in the service.
  • E. Both the NAD and Clearpass would have to frewall users to block trafc.

Pregunta 50

Pregunta
Below is a screenshot of a self-registraton receipts Which of the following is true?
Image:
Accp21 (binary/octet-stream)
Respuesta
  • A. Expiraton tme for guest accounts can be modifed by the visitor.
  • B. Receipt Actons such as 'Download account details' cannot be modifed in the self-registraton editor.
  • C. Company Name feld cannot be removed from the registraton page using the self-registraton editor.
  • D. The user will only be able to login between the Actvaton and Expiraton tme.
  • E. The user must be logged in before they can use the 'Download account details' link.

Pregunta 51

Pregunta
A company deployed the guest Self-registraton with Sponsor Approval workfow for their guest SSID. The administrator logs into the Policy Manager and sees the following in the Guest User Repositorys What can you conclude from the above? (Choose 2)
Image:
Accp22 (binary/octet-stream)
Respuesta
  • A. The guest has submited the registraton form.
  • B. The guest has not submited the registraton form yet.
  • C. The sponsor has confrmed the guest account.
  • D. The sponsor has not confrmed the guest account yet.
  • E. The user's account is actve.

Pregunta 52

Pregunta
Refer to the screenshot below of a MAC Caching enforcement policys Which of the following is true?
Image:
Accp23 (binary/octet-stream)
Respuesta
  • A. Only a user with Controller role of [Guest] will be allowed to authentcate
  • B. Only a user with Clearpass role of [Guest] and that has authentcated using the web login page less than 5 minutes ago, will have their MAC authentcaton succeed
  • C. Only a user with Clearpass role of [Guest] and that has authentcated using the web login page more than 5 minutes ago, will have their MAC authentcaton succeed
  • D. Only a user whose last MAC authentcaton was less than 5 minutes ago, will have their MAC authentcaton succeed

Pregunta 53

Pregunta
Refer to the screenshot belows Which of the following is true of the MAC-Guest-Check SQL query authorizaton source?
Image:
Accp24 (binary/octet-stream)
Respuesta
  • A. It's used to check if the MAC address status is known in the endpoints table
  • B. It's used to check if the guest account has expired
  • C. It's used to check if the MAC address status is unknown in the endpoints table
  • D. It's used to check how long it's been since the last web login authentcaton
  • E. It's used to check if the MAC address is in the MAC Caching repository

Pregunta 54

Pregunta
Refer to the screenshot belows Why is the Insight Repository used as an authorizaton source for this MAC authentcaton service?
Image:
Accp25 (binary/octet-stream)
Respuesta
  • A. To check how long ago the last web login authentcaton was done
  • B. To check how many sessions ago the last web login authentcaton was done
  • C. To check how long ago the last MAC authentcaton was done
  • D. To run a report when the user authentcates
  • E. To validate the user's MAC address against the endpoints table

Pregunta 55

Pregunta
Below is a screenshot of a client's laptops What would you expect to happen next?
Image:
Accp26 (binary/octet-stream)
Respuesta
  • A. The web login page will be displayed.
  • B. The user will be presented with a self-registraton receipt.
  • C. The NAD device will send an authentcaton request to ClearPass.
  • D. The client will send a NAS authentcaton request to ClearPass.
  • E. Clearpass will send a NAS authentcaton request to the NAD device.

Pregunta 56

Pregunta
Below is a screenshot of a user logged in to the Self-Service Portals Notce the trafc received and trafc sent statstcs. Which of the following is true?
Image:
Accp27 (binary/octet-stream)
Respuesta
  • A. These show the total amount of trafc the guest transmited afer account expiraton, as seen through RADIUS accountng messages sent from the NAD to ClearPass.
  • B. These show the total amount of trafc the guest transmited, as seen through RADIUS accountng messages sent from the NAD to ClearPass.
  • C. These show the total amount of trafc the NAD transmited to ClearPass, as seen through RADIUS accounting messages from the NAD to ClearPass.
  • D. These show the total amount of trafc the guest transmited, as seen through RADIUS CoA packets from the NAD to ClearPass.

Pregunta 57

Pregunta
An administrator enabled the Pre-auth check for their guest self-registraton. At what stage in the registraton process is this check performed?
Respuesta
  • A. Before the user self-registers.
  • B. Afer the user self-registers; before the user logs in.
  • C. Afer the user logs in; before the NAD sends an authentcaton request.
  • D. Afer the user logs in; afer the NAD sends an authentcaton request.
  • E. When a user is re-authentcatng to the network.

Pregunta 58

Pregunta
A hotel chain recently deployed ClearPass Guest. A guest enters the hotel and connects to the Guest SSID. They launch their web browser and type in www.google.com, but they're unable to immediately see the web login page. Which of the following could be causing this? (Choose 2)s
Respuesta
  • A. The DNS server is not replying with an IP address for www.google.com.
  • B. The guest is using a Linux laptop which doesn't support web login.
  • C. The ClearPass server has a server certfcate issued by Verisign.
  • D. The ClearPass server has a server certfcate issued by the internal Microsof Certfcate Server.
  • E. The ClearPass server does not recognize the client's certfcate.

Pregunta 59

Pregunta
Refer to the screenshot below of a MAC Caching services A guest connects to the Guest SSID and authentcates successfully using the guest.php web login page. Which of the following is true?
Image:
Accp28 (binary/octet-stream)
Respuesta
  • A. Their MAC address will be visible in the Endpoints table with Known Status.
  • B. Their MAC address will be visible in the Endpoints table with Unknown Status.
  • C. Their MAC address will be visible in the Guest User Repository with Known Status.
  • D. Their MAC address will be visible in the Guest User Repository with Unknown Status.
  • E. Their MAC address will be deleted from the Endpoints table.

Pregunta 60

Pregunta
A company implemented the Self-Registraton with Sponsor Approval workfow for their Guest SSID. A guest connects to the Guest SSID, then self-registers. They see the following on their client devices Which of the following is true?
Image:
Accp29 (binary/octet-stream)
Respuesta
  • A. The Sponsor approved the guest already.
  • B. The Sponsor has not approved the guest yet.
  • C. A confrmaton email was sent to the sponsor at limdir@gmail.com.
  • D. A guest registraton receipt was sent to p1t3@arubaclass.com.
  • E. The guest is ready to login using their username and password.

Pregunta 61

Pregunta
Refer to the screenshot below outlining a guest Self-Registraton with Sponsor Approval workfows At which stage is an email request sent to the sponsor?
Image:
Accp30 (binary/octet-stream)
Respuesta
  • A. Afer 'Redirects (1)'
  • B. Afer 'Submit form (3)'
  • C. Afer 'Login Message page (5)'
  • D. Afer 'Automated NAS login (6)'
  • E. Afer 'Guest Role (7)'

Pregunta 62

Pregunta
What are these RADIUS atributes used for in the Aruba RADIUS dictonary shown here?
Image:
Accp31 (binary/octet-stream)
Respuesta
  • A. To send informaton via RADIUS packets to clients.
  • B. To send informaton via RADIUS packets to Aruba NADs.
  • C. To gather informaton about Aruba NADs for ClearPass.
  • D. To gather and send Aruba NAD informaton to ClearPass.
  • E. To send CoA packets from Clearpass to the Aruba NAD.

Pregunta 63

Pregunta
Describe the purpose of the Aruba TACACS+ dictonary as shown heres
Image:
Accp32 (binary/octet-stream)
Respuesta
  • A. The Aruba-Admin-Role atribute is used to assign diferent privileges to clients during 802.1X authentcaton.
  • B. The Aruba-Admin-Role atribute is used by ClearPass to assign TIPS roles to clients during 802.1X authentcaton.
  • C. The Aruba-Admin-Role atribute is used to assign diferent privileges to administrators logging into an Aruba NAD device.
  • D. The Aruba-Admin-Role atribute is used to assign diferent privileges to administrators logging into ClearPass.
  • E. The Aruba-Admin-Role on the controller is applied to users using TACACS+ to login to the Policy Manager.

Pregunta 64

Pregunta
Which of the following CLI commands is used to upgrade the image of a ClearPass server?
Respuesta
  • A. Upgrade image
  • B. System upgrade
  • C. Upgrade sofware
  • D. Reboot
  • E. System update

Pregunta 65

Pregunta
Which of the following statements is true about the skin plugins in ClearPass guest?
Respuesta
  • A. Skins are created by Aruba Professional Services.
  • B. Skins allow additon of content items to web login pages.
  • C. Skins are used to create hotspot login pages.
  • D. Skins are used to create Onboard registraton pages.
  • E. Skins allow customers to implement advertsing.

Pregunta 66

Pregunta
What does a client need for it to perform EAP-TLS successfully? (Choose 2)
Respuesta
  • A. Username and Password
  • B. Client Certfcate
  • C. Pre-shared key
  • D. Certfcate Authority
  • E. Server Certfcate

Pregunta 67

Pregunta
Refer to the screenshot in the diagram below, which illustrates a confguraton of a Windows 802.1X supplicant for EAP-PEAP authentcaton. In a deployment, which certfcate would you select under the 'Trusted root certfcaton authority' secton?
Image:
Accp33 (binary/octet-stream)
Respuesta
  • A. The server certfcate
  • B. The client certfcate
  • C. The root CA self-signed certfcate
  • D. The root CA certfcate signed by the client
  • E. The client certfcate signed by the root CA

Pregunta 68

Pregunta
Refer to the screenshot in the diagram below, which illustrates the confguraton of a Windows 802.1X supplicant. What will selectng 'Validate server certfcate' do?
Image:
Accp34 (binary/octet-stream)
Respuesta
  • A. The client will send its certfcate to the server for verifcaton.
  • B. The server will send its private key to the client for verifcaton.
  • C. The server and client will perform an HTTPS SSL certfcate exchange.
  • D. The client will verify the server certfcate against a trusted CA.
  • E. The client will send its private key to the server for verifcaton.

Pregunta 69

Pregunta
Refer to the screenshot in the diagram below, which illustrates the confguraton of a Windows 802.1X supplicant. If 'Automatcally use my Windows logon name and password' are selected, which of the following is true?
Image:
Accp35 (binary/octet-stream)
Respuesta
  • A. The client's Windows login username and password will be sent in a EAP frame to the Authentcaton Server.
  • B. The client's Windows login username and password will be sent in a RADIUS Accountng frame to the Authentication server.
  • C. The client will need to re-authentcate every tme they connect to the network.
  • D. The client's Windows logon name and password will be sent via a TACACS+ frame to the authentcaton server.
  • E. The client will prompt the user to enter the logon username and password.

Pregunta 70

Pregunta
What does a client need for it to perform EAP-PEAP successfully, if 'Validate Server Certfcate' is not enabled?
Respuesta
  • A. Username and Password
  • B. Client Certfcate
  • C. Pre-shared key
  • D. Certfcate Authority
  • E. Server Certfcate

Pregunta 71

Pregunta
What is RADIUS CoA used for?
Respuesta
  • A. To authentcate users or devices before grantng them access to a network.
  • B. To force the client to re-authentcate upon roaming to a new Controller.
  • C. To apply frewall policies based on authentcaton credentals.
  • D. To validate a host MAC against a white and a black list.
  • E. To transmit messages to the NAD/NAS to modify a user's session status.

Pregunta 72

Pregunta
What are Operator Profles used for?
Respuesta
  • A. To assign ClearPass roles to guest users.
  • B. To enforce role based access control for ClearPass Guest operator users.
  • C. To enforce role based access control for ClearPass Policy Manager admin users.
  • D. To map AD atributes to admin privilege levels in ClearPass Guest.
  • E. To enforce role based access control for Aruba Controllers.

Pregunta 73

Pregunta
Refer to the screen capture belows Based on the Translaton Rule confguraton shown above, which of the following statements is true?
Image:
Accp36 (binary/octet-stream)
Respuesta
  • A. A user from group MatchAdmin will be assigned the operator profle of IT Administrators.
  • B. All actve directory users will be assigned the operator profle of IT Administrators.
  • C. All admin users will be assigned the operator profle of IT Administrators.
  • D. A user from group Administrators will be assigned the operator profle of IT Administrators.
  • E. This translaton rule is not valid for Actve Directory administrators.

Pregunta 74

Pregunta
Which of the following steps are required to use ClearPass as a TACACS+ Authentcaton server for a network device? (Choose 2)
Respuesta
  • A. Confgure the ClearPass Policy Manager as an Authentcaton server on the network device.
  • B. Confgure ClearPass roles on the network device.
  • C. Confgure RADIUS Enforcement Profle for the desired privilege level.
  • D. Confgure TACACS Enforcement Profle for the desired privilege level.
  • E. Enable RADIUS accountng on the NAD device.

Pregunta 75

Pregunta
Which of the following is FALSE?
Respuesta
  • A. Actve Directory can be used as the authentcaton source to process TACACS+ authentcaton requests coming to Clearpass from NAD devices
  • B. Actve Directory can be used as the authentcaton source to process Clearpass Guest Admin Access
  • C. TACACS+ authentcaton requests received by Clearpass are always forwarded to a Windows Server that can handle these requests
  • D. TACACS+ authentcaton requests from NAD devices to Clearpass are processed by a TACACS+ service
  • E. The local user repository in Clearpass can be used as the authentcaton source for TACACS+ services

Pregunta 76

Pregunta
Which of the following is NOT a functon of ClearPass Onboard?
Respuesta
  • A. Confgure network setngs
  • B. Provision device credentals
  • C. Remote wipe & control
  • D. Revoke device credentals
  • E. Provisioning of VPN Setngs

Pregunta 77

Pregunta
Which of the following devices support Apple over-the-air provisioning? (Choose 2)
Respuesta
  • A. Laptop running Mac OS X 10.6
  • B. Laptop running Mac OS X 10.8
  • C. iOS 5
  • D. Android 2.2
  • E. Windows XP

Pregunta 78

Pregunta
Refer to the screenshot belows At which stage of the onboard process is workspace installed?
Image:
Accp37 (binary/octet-stream)
Respuesta
  • A. Pre-provisioning stage
  • B. Provisioning stage
  • C. Authentcaton stage
  • D. Afer authentcaton stage

Pregunta 79

Pregunta
Which of the following is true? (Choose 2)
Respuesta
  • A. Mobile Device Management is used to control device usage post-onboarding
  • B. Mobile Device Management is an applicaton container that is used to provision work applicatons
  • C. Mobile Device Management cannot be deployed without Workspace
  • D. 3rd party Mobile Device Management solutons can be integrated with Clearpass
  • E. Mobile Device Management cannot do remote wipes of devices without workspace being installed

Pregunta 80

Pregunta
Which of the following statements is true about certificate revocation?
Respuesta
  • A. Onboard cannot revoke device certfcates.
  • B. Revoked certfcates are automatcally deleted from Certfcate Management.
  • C. When a certfcate is revoked, OCSP checks for certificate validity will fail.
  • D. A revoked certfcate becomes valid again afer 24 hours.
  • E. Certfcates can only be revoked once they expire.

Pregunta 81

Pregunta
Which of the following statements is true about Certfcate Authorites in ClearPass Onboard?
Respuesta
  • A. ClearPass cannot operate as a root CA.
  • B. The root CA needs to be connected to the network to perform CRL checks.
  • C. ClearPass Onboard CA is always confgured as an Intermediate CA that is part of an Enterprise PKI.
  • D. ClearPass Onboard CA can operate either as a root CA, or as an Intermediate CA.
  • E. Clearpass cannot operate as an intermediate CA.

Pregunta 82

Pregunta
Refer to the screenshot belows Based on the above confguraton, which of the following statements is true?
Image:
Accp38 (binary/octet-stream)
Respuesta
  • A. ClearPass is confgured as a Root CA.
  • B. ClearPass is confgured as the Intermediate CA.
  • C. ClearPass has an expired server certfcate.
  • D. The arubatraining-REMOTELABSERVER-CA will issue client certfcates during Onboarding.
  • E. This is not a valid trust chain since the arubatraining-REMOTELABSERVER-CA has a self-signed certfcate.

Pregunta 83

Pregunta
What is the certfcate format PKCS #7, or .p7b, used for?
Image:
Accp39 (binary/octet-stream)
Respuesta
  • A. Certfcate chain
  • B. Certfcate Signing Request
  • C. Certfcate with an encrypted private key
  • D. Binary encoded X.509 certfcate
  • E. Binary encoded X.509 certfcate with public key

Pregunta 84

Pregunta
Refer to the screenshot belows This authentcaton method is applied to a service processing EAP-TLS authentcatons. Which of the following is FALSE?
Image:
Accp40 (binary/octet-stream)
Respuesta
  • A. Devices with revoked certfcates will not be allowed access
  • B. Devices with deleted certfcates will not be allowed access
  • C. Devices will perform OCSP check to their laptop's localhost OCSP server
  • D. Devices will perform OCSP check with Clearpass

Pregunta 85

Pregunta
Refer to the screenshot belows Which of the following statements is correct regarding the above confguraton for the private key? (Choose 2)
Image:
Accp41 (binary/octet-stream)
Respuesta
  • A. The private key is stored in the user device.
  • B. The private key is stored in the ClearPass server.
  • C. More bits in the private key will reduce security, hence smallest private key size is used.
  • D. More bits in the private key will increase the processing tme, hence smallest private key size is used.
  • E. The private key for TLS client certfcates is not created.

Pregunta 86

Pregunta
Refer to the screen capture belows An employee connects a corporate laptop to the network and authentcates for the frst tme using EAP-TLS. Based on the above Enforcement Policy confguraton, what Enforcement Profle will be sent in this scenario?
Image:
Accp42 (binary/octet-stream)
Respuesta
  • A. Deny Access Profle
  • B. Onboard Post-Provisioning - Aruba
  • C. Onboard Pre-Provisioning – Aruba
  • D. Cannot be determined
  • E. Onboard Device Repository

Pregunta 87

Pregunta
An Android device goes through the single-ssid onboarding process and successfully connects using EAP-TLS to the secure network. What is the order in which services are triggered?
Respuesta
  • A. Onboard Provisioning, Onboard Authorizaton
  • B. Onboard Provisioning, Onboard Authorizaton, Onboard Provisioning
  • C. Onboard Authorizaton, Onboard Provisioning
  • D. Onboard Authorizaton, Onboard Provisioning, Onboard Authorizaton
  • E. Onboard Provisioning

Pregunta 88

Pregunta
Which of the following is TRUE of dual-SSID onboarding?
Respuesta
  • A. The device connects to the secure SSID for provisioning
  • B. The Onboard Authorizaton service is triggered when the user connects to the secure SSID
  • C. The Onboard Provisioning service is triggered when the user connects to the Provisioning SSID
  • D. The Onboard Authorizaton service is triggered during the Onboarding process
  • E. The Onboard Authorizaton service is never triggered

Pregunta 89

Pregunta
Refer to the screenshot belows Which of the following statements is correct regarding the above confguraton for 'maximum devices'?
Image:
Accp43 (binary/octet-stream)
Respuesta
  • A. It limits the total number of Onboarded devices connected to the network.
  • B. It limits the total number of devices that can be provisioned by ClearPass.
  • C. It limits the number of devices that a single user can Onboard.
  • D. It limits the number of devices that a single user can connect to the network.
  • E. With this setng, the user cannot Onboard any devices.

Pregunta 90

Pregunta
Which of the following device types support Exchange ActveSync confguraton with Onboard?
Respuesta
  • A. Windows laptop
  • B. Apple iOS device
  • C. Android device
  • D. Mac OS X device
  • E. Linux Laptop

Pregunta 91

Pregunta
Which of the following authentcaton protocols can be used for authentcatng Windows clients that are Onboarded? (Choose 2)
Respuesta
  • A. PEAP with MSCHAPv2
  • B. EAP-GTC
  • C. EAP-TLS
  • D. PAP
  • E. CHAP

Pregunta 92

Pregunta
Refer to the screenshot belows Which of the following statements is true regarding the above confguraton for network setngs? (Choose 2)
Image:
Accp44 (binary/octet-stream)
Respuesta
  • A. Onboarded devices will connect to Employee_Secure SSID afer provisioning.
  • B. Onboarded devices will connect to secure_emp SSID afer provisioning.
  • C. Users will connect to Employee_Secure SSID for provisioning their devices.
  • D. Users must enter a Pre-shared key to connect to the network.
  • E. Users will do 802.1X authentcaton when connectng to the SSID.

Pregunta 93

Pregunta
In single SSID onboarding, which of the following methods can be used in the Enforcement Policy to distnguish between a provisioned device and a device that has not gone through the Onboard workfow?
Respuesta
  • A. Authentcaton Method used
  • B. Network Access Device used
  • C. Endpoint OS Category
  • D. OnGuard Agent used
  • E. Actve Directory Atributes

Pregunta 94

Pregunta
Refer to the screen capture belows Based on the Enforcement Policy confguraton shown in the capture, what Enforcement Profle will an employee connectng an iOS device to the network for the frst tme receive using EAP-PEAP?
Image:
Accp45 (binary/octet-stream)
Respuesta
  • A. Deny Access Profle
  • B. Onboard Post-Provisioning - Aruba
  • C. Onboard Pre-Provisioning – Aruba
  • D. Cannot be determined
  • E. Onboard Device Repository

Pregunta 95

Pregunta
A Search was performed using Insight and the following is displayeds What could be a possible reason for the ErrorCode 'Failed to classify request to service' shown above?
Image:
Accp46 (binary/octet-stream)
Respuesta
  • A. The user failed authentcaton.
  • B. ClearPass couldn't match the authentcaton request to a service, but the user passed authentcaton.
  • C. ClearPass service rules were not confgured correctly.
  • D. ClearPass service authentcaton sources were not confgured correctly.
  • E. The NAD device didn't send the authentcaton request.

Pregunta 96

Pregunta
Which of the following is NOT a functon of ClearPass Insight?
Respuesta
  • A. Report Generaton
  • B. RADIUS Accountng Start-Stop messages
  • C. Email Alerts
  • D. SMS Alerts
  • E. Searching for RADIUS failed authentcatons

Pregunta 97

Pregunta
A report is confgured as follows: What type of records will this report display?
Image:
Accp47 (binary/octet-stream)
Respuesta
  • A. All successful RADIUS authentcatons through ClearPass.
  • B. All failed RADIUS authentcatons through ClearPass.
  • C. All successful RADIUS authentcatons from the 10.8.10.100 NAD device to ClearPass.
  • D. All RADIUS authentcatons from the 10.8.10.100 NAD device to ClearPass.

Pregunta 98

Pregunta
Refer to the screen capture. The following is seen in the Licensing tab of the Publisher afer a cluster has been formed between a publisher (192.168.0.53) and subscriber (192.168.0.54)s What is the maximum number of clients that can be Onboarded on the subscriber node?
Image:
Accp48 (binary/octet-stream)
Respuesta
  • A. 1000
  • B. 550
  • C. 25
  • D. 525
  • E. 500

Pregunta 99

Pregunta
A guest self-registered through a Publisher's Register page. Which of the following will occur?
Respuesta
  • A. The guest's account will be stored in the Publisher's guest user repository, but not the Subscriber's.
  • B. The guest's account will be stored in both the Publisher's guest user repository and the Subscriber's guest user repository.
  • C. The guest's account will be stored in the Publisher's local user repository and the Subscriber's guest user repository.
  • D. The guest's account will be stored in the Publisher's guest user repository and the Subscriber's Onboard user repository.
  • E. The guest's account will ONLY be stored in the Publisher's guest user repository.

Pregunta 100

Pregunta
Below is a network topology diagrams How many clusters are needed for this deployment?
Image:
Accp49 (binary/octet-stream)
Respuesta
  • A. 1
  • B. 3
  • C. 4
  • D. 8
  • E. 2

Pregunta 101

Pregunta
A Publisher node in a cluster goes down and Subscribers are no longer able to reach the publisher. Which of the following is true? (Choose 2).
Respuesta
  • A. Users authentcating with the Publisher node contnue to authentcate.
  • B. Users authentcating with the Subscriber nodes are no longer able to authentcate.
  • C. Users authentcatng with the Publisher node are no longer able to authentcate.
  • D. Users authentcating with the Subscriber nodes contnue to authentcate.
  • E. No users can authentcate to either the Publisher or Subscriber nodes.

Pregunta 102

Pregunta
Which of the following statements is true about the Clearpass hardware appliances?
Respuesta
  • A. DHCP can be used to assign IP addresses to management and data ports.
  • B. Both Management and Data Ports must be confgured.
  • C. Clearpass has a default management IP of 172.16.0.254.
  • D. Only statc IP addresses are allowed on the management and data ports.
  • E. The maximum number of devices supported is 5000.

Pregunta 103

Pregunta
UDP Port 3799 is used for RADIUS CoA (RFC 3576). This port has been blocked by a frewall between a NAD device and ClearPass. Which of the following is true?
Respuesta
  • A. RADIUS Authentcatons will fail since the NAD won't be able to reach the ClearPass server.
  • B. RADIUS Authentcatons will not happen since the NAD won't be able to reach the ClearPass server.
  • C. RADIUS Authentcaton will succeed, but Post-Authentcaton Disconnect-Requests from ClearPass to the Controller will not be delivered.
  • D. RADIUS Authentcaton will succeed, but RADIUS Access-Accept messages from ClearPass to the Controller for Change of Role will not be delivered.
  • E. During RADIUS authentcaton, certfcate exchange between the NAD and Clearpass will fail.

Pregunta 104

Pregunta
What is the purpose of the Serial Port in the ClearPass appliance?
Respuesta
  • A. To connect 2 ClearPass servers together in a cluster.
  • B. To connect a ClearPass server to a Network Access Device.
  • C. For administrators to confgure the ClearPass appliance using the command line.
  • D. For administrators to confgure the ClearPass appliance using the WebUI.
  • E. For administrators to access Clearpass using SSH.

Pregunta 105

Pregunta
Which of the following is true about Data and Management ports on the ClearPass appliance? (Choose 2)
Respuesta
  • A. Confguraton of the data port is optional.
  • B. Confguraton of the data port is mandatory.
  • C. Confguraton of the management port is optional.
  • D. Confguraton of the management port is mandatory.
  • E. Statc IP addresses are only allowed on the management port.

Pregunta 106

Pregunta
Shown here is a AAA profle in the Aruba Controller. According to the confguraton shown here, what would we expect to see in the ClearPass Policy Manager?
Image:
Accp50 (binary/octet-stream)
Respuesta
  • A. RADIUS accountng start-stop messages
  • B. RADIUS interim accountng messages
  • C. RADIUS interim & start-stop messages
  • D. No accountng messages will be seen
  • E. RADIUS accountng messages will be sent from the Client to the Controller

Pregunta 107

Pregunta
Shown here is an Aruba Instant confguraton screenshot What is the purpose of enabling the 'Dynamic RADIUS proxy' feature?
Image:
Accp51 (binary/octet-stream)
Respuesta
  • A. The Instant AP will proxy all RADIUS Access-Requests sent to it from clients and will forward these to ClearPass.
  • B. The Instant AP will send a RADIUS Access-Reject packet to other Instant APs in the cluster if credentals are incorrect, to reduce the number of RADIUS requests sent to ClearPass
  • C. All Instant APs in the cluster will use the Virtual Controller IP as the Source IP for RADIUS requests.
  • D. All Instant APs in the cluster will use the Virtual Controller IP as the Destnaton IP for RADIUS requests.
  • E. The Instant AP will proxy all RADIUS Access-Requests sent to it from Clearpass and will forward these to the clients.

Pregunta 108

Pregunta
What must be confgured to enable RADIUS authentcaton with Clearpass on a network access device (NAD)? (Choose 2)
Respuesta
  • A. An NTP server needs to be set up on the NAD.
  • B. A bind username and bind password must be provided.
  • C. A shared secret must be confgured on the Clearpass server and NAD.
  • D. The Clearpass server must have the network device added as a valid NAD.
  • E. The Clearpass server certfcate must be installed on the NAD.

Pregunta 109

Pregunta
Refer to the diagram below. In which of the following scenarios will ClearPass select the Policy Service named 'Test device group'?
Image:
Accp52 (binary/octet-stream)
Respuesta
  • A. If an end user IP address is part of the device group HQ.
  • B. If the IP address of the NAD device is part of the device group HQ.
  • C. If the ClearPass IP address is part of the device group HQ.
  • D. If the client's NAD IP address is part of the device group HQ.
  • E. If the client's Network Authentcaton Distributon server's IP address belongs to device group HQ.

Pregunta 110

Pregunta
In the screenshot shown here of the Local User repository in ClearPass, what Aruba User Role will be assigned to "mike" when he authentcates?
Image:
Accp53 (binary/octet-stream)
Respuesta
  • A. [Employee]
  • B. Employee
  • C. mike
  • D. We can't know this from the screenshot above
  • E. john

Pregunta 111

Pregunta
Which of the following ways are used by Clearpass to assign roles to the client? (Choose 2)
Respuesta
  • A. Through a role mapping policy.
  • B. Roles can be derived from the Aruba Network Access Device.
  • C. From the atributes confgured in Actve Directory.
  • D. From the atributes confgured in a Network Access Device.
  • E. From the server derivaton rule in the Aruba Controller server group for the client.

Pregunta 112

Pregunta
Refer to the screen capture belows If a user from the department "Product Management" connects on Monday to a NAD device that belongs to the Device Group HQ, what role is assigned to the user in Clearpass?
Image:
Accp54 (binary/octet-stream)
Respuesta
  • A. Executve
  • B. HR Local
  • C. Employee
  • D. Guest
  • E. Linux Hosts

Pregunta 113

Pregunta
Refer to the screen capture below If a user from the department "HR" connects on Monday using their Windows Laptop to a switch that belongs to the Device Group HQ, what role is assigned to the user in Clearpass?
Image:
Accp55 (binary/octet-stream)
Respuesta
  • A. Executve
  • B. HR Local
  • C. Employee
  • D. Guest
  • E. Vendor

Pregunta 114

Pregunta
Refer to the screen capture below If a user from the department "HR" connects on Monday to a switch that belongs to the Device Group Remote NAD, what roles are assigned to the user in Clearpass? (Choose 2)
Respuesta
  • A. Executve
  • B. Remote Employee
  • C. iOS Device
  • D. Guest
  • E. HR Local

Pregunta 115

Pregunta
Refer to the screen capture below If a user from the department "QA" authentcates from a laptop running MAC OS X, what role is assigned to the user in Clearpass?
Image:
Accp56 (binary/octet-stream)
Respuesta
  • A. iOS Device
  • B. Remote Employee
  • C. HR Local
  • D. Guest
  • E. Executve

Pregunta 116

Pregunta
Which of the following statements is NOT true about the confguraton of Actve Directory (AD) as an External Authentcaton Server in Clearpass?
Respuesta
  • A. Clearpass should join the AD domain when PEAP and MSCHAPv2 are used as the authentcaton type.
  • B. The bind DN for an AD can be in the administrator@domain format.
  • C. Clearpass cannot be a member of more than one AD domain.
  • D. The list of atributes fetched from the AD can be customized.
  • E. Clearpass nodes in a cluster can join diferent AD domains.

Pregunta 117

Pregunta
Which of the following statements is NOT true about the confguraton of a generic LDAP server as an External Authentcaton Server in Clearpass?
Respuesta
  • A. The bind DN can be in the administrator@domain format.
  • B. The list of atributes fetched from an LDAP server can be customized.
  • C. An LDAP Browser can be used to search the Base DN.
  • D. Multple LDAP servers cannot be confgured as authentcaton sources.
  • E. Generic LDAP servers can be used as authentcaton sources.

Pregunta 118

Pregunta
Refer to the screen capture belows What does the Cache Timeout Value refer to?
Image:
Accp57 (binary/octet-stream)
Respuesta
  • A. The amount of tme the Policy Manager caches the user credentals stored in the Actve Directory.
  • B. The amount of tme the Policy Manager caches the user atributes fetched from Actve Directory.
  • C. The amount of tme the Policy Manager waits for a response from the Actve Directory before sending a tmeout message to the Network Access Device.
  • D. The amount of tme the Policy Manager waits for a response from the Actve Directory before checking the backup authentcaton source.
  • E. The amount of tme the Policy Manager caches the user's client certfcate.

Pregunta 119

Pregunta
Refer to the screen capture belows Based on the Atribute confguraton shown above, which of the following statements is true?
Image:
Accp58 (binary/octet-stream)
Respuesta
  • A. Only the atribute values of department and memberOf can be used in role mapping policies.
  • B. Only the atribute values of ttle, telephoneNumber, mail can be used in role mapping policies.
  • C. Only the atribute values of company can be used in role mapping policies.
  • D. The atribute values of department and memberOf are directly applied as ClearPass roles.
  • E. The atribute values of department, ttle, memberOf, telephoneNumber, mail are directly applied as ClearPass roles.

Pregunta 120

Pregunta
How is Authorizaton used in a Policy Service? Refer to the diagram belows
Image:
Accp59 (binary/octet-stream)
Respuesta
  • A. It allows us to use atributes stored in databases in role mapping and Enforcement.
  • B. It allows us to use atributes stored in databases in role mapping only, but not Enforcement.
  • C. It allows us to use atributes stored in databases in Enforcement only, but not role mapping.
  • D. It allows us to use atributes stored in external databases for Enforcement, but authorizaton does not use internal databases for reference.
  • E. It allows us to use atributes stored in internal databases for Enforcement, but authorizaton does not use external databases for reference.

Pregunta 121

Pregunta
Refer to the following Service confguratons A user connects for the frst tme to an Aruba access point wireless SSID named "pod8wireless-guest-SSID". The SSID has web login authentcaton with RADIUS MAC authentcaton enabled and ClearPass is the authentcaton server. The user hasn't yet launched their web browser. Which service will be triggered?
Image:
Accp60 (binary/octet-stream)
Respuesta
  • A. pod8wired
  • B. pod8-mac auth
  • C. pod8wireless
  • D. [Policy Manager Admin Network Service]
  • E. No service will be triggered

Pregunta 122

Pregunta
Refer to the following Service confguratons A user connects to an Aruba Access Point wireless SSID named "secure-corporate" and performs an 802.1X authentcaton with ClearPass as the authentcaton server. Which service will be triggered?
Image:
Accp61 (binary/octet-stream)
Respuesta
  • A. pod8wired
  • B. pod8-mac auth
  • C. pod8wireless
  • D. [Policy Manager Admin Network Service]
  • E. No service will be triggered

Pregunta 123

Pregunta
Refer to the following Authentcaton sources confguratons Which of the following scenarios is true for the above confguraton?
Image:
Accp62 (binary/octet-stream)
Respuesta
  • A. If the user is not found in the local user repository a reject message is sent back to the NAD device.
  • B. If the user is not found in the local user repository a tmeout message is sent back to the NAD device.
  • C. If the user is not found in the local user repository and remotelab AD, a reject message is sent back to the NAD device.
  • D. If the user is not found in the local user repository but is present in the remotelab AD, a reject message is sent back to the NAD device.
  • E. If the user is not found in the remotelab AD but is present in the local user repository, a reject message is sent back to the NAD device.

Pregunta 124

Pregunta
Which of the following statements is true about the User databases in Clearpass?
Respuesta
  • A. Entries in the guest user DB do not expire.
  • B. Custom atributes can be created for entries in the user DB.
  • C. The endpoints table can only be populated by manually adding MAC addresses to the table.
  • D. A Statc host list can only contain a list of IP addresses.
  • E. Entries in the guest user DB cannot be deleted.

Pregunta 125

Pregunta
The screenshot below shows various Enforcement profle templates in the Policy Managers Which of the following best describes when SNMP based Enforcement should be used?
Image:
Accp63 (binary/octet-stream)
Respuesta
  • A. To send a VLAN to an Aruba Controller for a user.
  • B. To send a VLAN to an Aruba Switch for a user.
  • C. To send a VLAN to a NAD device that doesn't support RADIUS atributes.
  • D. To send a VLAN to a NAD device that doesn't support RADIUS authentcaton.
  • E. To send a VLAN to a client device that doesn't support RADIUS authentcaton.

Pregunta 126

Pregunta
Refer to the following confguraton for a VLAN Enforcement Policys Based on the Policy confguraton, if an Engineer connects to the network on Saturday using WEBAUTH authentcaton, what VLAN will be assigned?
Image:
Accp64 (binary/octet-stream)
Respuesta
  • A. Full Access VLAN
  • B. Employee Vlan
  • C. Deny Access
  • D. Internet VLAN
  • E. There is not enough data to determine the VLAN result.

Pregunta 127

Pregunta
Refer to the following confguraton for a VLAN Enforcement Policys Based on the Policy confguraton, if an Engineer connects to the network on Saturday using RADIUS authentcaton, what VLAN will be assigned?
Image:
Accp65 (binary/octet-stream)
Respuesta
  • A. Full Access VLAN
  • B. Employee Vlan
  • C. Deny Access
  • D. Internet VLAN
  • E. There is not enough data to determine the VLAN result.

Pregunta 128

Pregunta
Refer to the following confguraton for a VLAN Enforcement Policys Based on the profle confguraton, which of the following VLANs will be assigned to the user when this profle is used?
Image:
Accp66 (binary/octet-stream)
Respuesta
  • A. VLAN 13
  • B. VLAN 6
  • C. VLAN 10
  • D. VLAN 1
  • E. VLAN 10800

Pregunta 129

Pregunta
Refer to the following confguraton for a VLAN Enforcement Policys Which of the following statements is true for the above confguraton?
Respuesta
  • A. This profle will be applied to requests coming from an end user in the Device Group HQ.
  • B. This profle will be applied to requests coming from a Network Access Device in the Device Group HQ.
  • C. The profle will be applied to requests processed by a ClearPass appliance in Device Group HQ.
  • D. This profle will be applied to all users.
  • E. This profle will be applied to RADIUS requests that have tmed out afer 10800 seconds.

Pregunta 130

Pregunta
Which of the following statements is true about Enforcement Profles in Clearpass?
Respuesta
  • A. The Enforcement Profle atribute value needs to match the ClearPass role value for a user.
  • B. Access-control atributes from an Enforcement Profle are returned to the Authentcaton Source.
  • C. Access-control atributes from an Enforcement Profle are returned to the Network Access Device.
  • D. Once created in the service wizard, the Enforcement Profle cannot be modifed.
  • E. Enforcement Profles must use RADIUS dictonary atributes only.

Pregunta 131

Pregunta
Which of the following checks are made with OnGuard posture evaluaton in Clearpass? (Choose 3)
Respuesta
  • A. Peer-to-peer applicaton checks
  • B. Client role check
  • C. EAP TLS certfcate validity
  • D. Registry keys
  • E. Operatng System version

Pregunta 132

Pregunta
Refer to the screen capture belows Based on the above Enforcement Profle confguraton, which of the following statements is correct?
Respuesta
  • A. The Enforcement Profle sends an unhealthy role value to the Network Access Device.
  • B. The Enforcement Profle sends a limited access vlan value to the Network Access Device.
  • C. The Enforcement Profle sends a message to the OnGuard Agent on the client device.
  • D. The Enforcement Profle sends a message to the OnGuard Agent on the Controller.
  • E. A RADIUS CoA message is sent to bounce the client.

Pregunta 133

Pregunta
Which of the following types of Posture Token sources are available on Clearpass? (Choose 2)
Respuesta
  • A. Posture Policy
  • B. Endpoint Profler
  • C. Microsof NPS Server
  • D. Actve Directory
  • E. Aruba Controller

Pregunta 134

Pregunta
Which of the following is NOT a valid type of Posture Token?
Respuesta
  • A. Unknown
  • B. Healthy
  • C. Quarantne
  • D. Unhealthy
  • E. Infected

Pregunta 135

Pregunta
What does the Posture Token QUARANTINE imply?
Respuesta
  • A. The client is compliant. However, there is an update available to remediate the client to HEALTHY state.
  • B. The posture of the client is unknown.
  • C. The client is infected and is a threat to other systems in the network.
  • D. The client is out of compliance.
  • E. The client is out of compliance, but has HEALTHY state.

Pregunta 136

Pregunta
Which of the following statements is NOT true about OnGuard? (Choose 2)
Respuesta
  • A. It is used to identfy and remove any malware/viruses.
  • B. It is used to ensure that Antvirus/Antspyware programs are running and are up to date as desired.
  • C. It supports both Windows and Mac OS X clients.
  • D. It only supports 802.1X authentcaton.
  • E. It supports both a persistent and web based agent.

Pregunta 137

Pregunta
Which of following is true for both the persistent and dissolvable versions of OnGuard? (Choose 2)
Respuesta
  • A. Ability to bounce the endpoint
  • B. Auto-remediaton is available
  • C. Gather statement of health informaton for network authorizaton
  • D. Supports Windows, Mac OS X devices
  • E. They need to be installed on the client devices.

Pregunta 138

Pregunta
Refer to the screen capture belows Based on the posture plugin confguraton shown in the above screen, which of the following statements is true?
Image:
Accp69 (binary/octet-stream)
Respuesta
  • A. Check for any antvirus sofware enabled for all versions of Windows OS.
  • B. Check for any antvirus sofware enabled for Windows 7.
  • C. Check for AVG antvirus sofware enabled and is latest for Windows 7.
  • D. It is using the OnGuard dissolvable agent to perform the antvirus/antspyware checks.
  • E. It is using auto remediaton for Windows 7 clients.

Pregunta 139

Pregunta
Refer to the screen capture belows Based on the Posture Policy confguraton shown above, which of the following statements is true?
Respuesta
  • A. This Posture Policy can be applied to an 802.1x wired service.
  • B. This Posture Policy checks the health status of devices running Windows, Linux and Mac OS X.
  • C. This Posture Policy can use either the persistent or dissolvable OnGuard agent to obtain the statement of health.
  • D. This Posture Policy checks for presence of a frewall applicaton in Windows devices.
  • E. This Posture Policy checks with a Windows NPS server for posture tokens.

Pregunta 140

Pregunta
Refer to the screen capture belows Based on the Access Tracker output for the user shown above, which of the following statements is true?
Respuesta
  • A. A NAP agent was used to obtain the posture token for the user.
  • B. The authentcaton method used is EAP-PEAP.
  • C. A Healthy Posture Token was sent to the Policy Manager.
  • D. A RADIUS-Access-Accept message is sent back to the Network Access Device.
  • E. The Aruba Terminate Session enforcement profle is applied because the posture check failed.
Mostrar resumen completo Ocultar resumen completo

¿Quieres crear tus propios Tests gratis con GoConqr? Más información.

Similar

Introducion a la Seguridad industrial
SMG 123
Análisis de Toxicidad
Myriam Córdoba
COU-AA 302. Fase III, aleatorizado, multicéntrico, doble ciego, controlado con placebo
Xicotencatl Sanchez
CORRUPCIÓN DE MENORES
leeyva21
LLA
SAHIR ARRIETA
SISTEMA REPRODUCTOR HUMANO
laboratoriocienc
Repaso de tiempos verbales en inglés
maya velasquez
Deutsch - B1 - Grammatik - Liste der Verben mit Präpositionen
Sandra PlaGo
LAS PLANTAS
Red Mist
INSTRUMENTOS DE PERCUSIÓN
Francisco José Figueroba Sánchez
Texto Narrativo
Diana Banda
Explorar la Librería