Aruba Certified ClearPass Associate 6.5 v7.0

Page:    1 / 3   
Exam contains 44 questions

What does a client need for it to perform EAP-TLS successfully? (Select two.)

  • A. Username and Password
  • B. Server Certificate
  • C. Pre-shared key
  • D. Certificate Authority
  • E. Client Certificate


Answer : B,E

Explanation:
Referencehttps://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-
BYOD/Binary-comparison-in-EAP-TLS-Authentication/ta-p/257857

What happens when a client successfully authenticates but does not match any
Enforcement Policy rules?

  • A. no role is applied to the device
  • B. logon profile is applied to the device
  • C. default Enforcement profile is applied
  • D. guest rule is applied to the device
  • E. defaultrule is applied to the device


Answer : C

Explanation:
The first time a device connects, it's allowed on in a limited state (session timeout is a low value and DHCP is allowed) because it doesn't match any Enforcement policy rules based on Endpoint Category. The default enforcement profile is used.
References:

Which statement most accurately describes how the HTTP collector words for profiling?

  • A. HTTP packets are inspected whena user accesses any guest page on ClearPass.
  • B. When a user access the Aruba controller captive portal page, HTTP packets are captured by ClearPass.
  • C. HTTP packets are inspected only when a user accesses the ClearPass administration UI page.
  • D. When a user accesses any internet page, HTTP packets are captured by ClearPass.
  • E. HTTP packets are forwarded from the Controller to ClearPass.


Answer : E

Which authentication type allows a device to authenticate with a client certificate?

  • A. 802.1X/EAP
  • B. WEP Authentication
  • C. MAC Authentication
  • D. Captive Portal Authentication
  • E. Open System Authentication


Answer : A

Explanation:
Referencehttps://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-
BYOD/Binary-comparison-in-EAP-TLS-Authentication/ta-p/257857

Which type of ClearPass service is used to process health checks from the OnGuard agent?

  • A. WebAuth
  • B. RADIUS
  • C. TACACS
  • D. HTTP
  • E. AppAuth


Answer : A

Explanation:
Referencehttps://community.arubanetworks.com/aruba/attachments/aruba/aaa-nac-guest- access-byod/21122/1/OnGuard%20config%20Tech%20Note%20v1.pdf

What is the purpose of a guest self-registration page in ClearPass?

  • A. to allow employees to get their own devices securely connected to the network
  • B. to allow contractors to create their own accounts inActive Directory
  • C. to allow employees’ sponsors to create accounts for their guests
  • D. to allow employees to easily get their corporate devices on the network
  • E. to allow guest users to create a login account for the web login page


Answer : B

Explanation:

Explanation -
Guest self-registration allows an administrator to customize the process for guests to create their own visitor accounts. Self-registration is also referred to as self-provisioned access
Referencehttp://www.arubanetworks.com/techdocs/ClearPass/6.6/Guest/Content/Configur ation/CustomizingSelfProvisionedAccess.htm

An organization wants to ensure a clients antivirus is installed and up to date prior to allowing network access.
Which ClearPass feature can be used to accomplish this?

  • A. Guest with sponsor approval
  • B. OnGuard
  • C. Guest with self-registration
  • D. Onboarding
  • E. RADIUSAuthorization


Answer : B

Which Operating Systems can use Network Access Protection (NAP) policy agents?
(Select two.)

  • A. Windows XP
  • B. Android
  • C. Windows 7
  • D. Mac OS X
  • E. iOS 6 and higher


Answer : C,D

Where is the web login page created in the ClearPass UI?

  • A. WebAuth Service
  • B. Captive Portal Profile
  • C. ClearPass Policy Manager
  • D. Guest LoginService
  • E. ClearPass Guest


Answer : B

Explanation:
Referencehttp://www.arubanetworks.com/techdocs/ClearPass/CPGuest_UG_HTML_6.5/C ontent/Configuration/CreateEditWebLogin.htm

How is ClearPass enabled to perform DHCP profiling for devices in a network?

  • A. by enabling a port mirror on the network access device to mirror all user traffic toClearPass
  • B. by enabling DHCP relay on our network access devices so DHCP requests are forwarded to ClearPass
  • C. by enabling the ‘DHCP ignore’ feature on network access devices
  • D. by configuring ClearPass as a secondary DHCP server on the client
  • E. by enabling profiling on ClearPass; configuration of the network access devices is not necessary


Answer : B

Explanation:
Referencehttps://community.arubanetworks.com/aruba/attachments/aruba/ForoenEspanol/
653/1/ClearPass%20Profiling%20TechNote.pdf


Refer to the exhibit. A user has enabled ‘department’ and ‘memberOf’ as roles.
What is the direct effect of the user’s action?

  • A. The users authentication will be rejected if the user does not have an admin user group membership in AD.
  • B. The user’s memberOf attribute is sent back to the controller as a firewall role.
  • C. The users department and group membership will be seen in the Access tracker roles section.
  • D. The users authentication will be rejected if the user does nothave a department attribute in AD.
  • E. The user’s department is sent back to the controller as a firewall role.


Answer : A

A ClearPass deployment needs to be designed to determine whether a user authenticating is an HR department employee in the Active Directory Server and whether the users device is healthy.
Which policy service components will the network administrator need to use?

  • A. Posture, Authentication and Authorization
  • B. Posture and Firewall Roles
  • C. Posture and Onboard
  • D. Authentication andAuthorization
  • E. Posture, Authentication and Onboarding


Answer : A

Explanation:
Referencehttp://www.arubanetworks.com/techdocs/ClearPass/Aruba_CPPMOnlineHelp/Co ntent/CPPM_UserGuide/About%20ClearPass/About_ClearPass.htm

Which most accurately describes the First Applicable rule evaluation algorithm in
Enforcement Policies?

  • A. Each rule is checked and once a match is found, the Enforcement profile assigned to that rule is applied and the rule matching stops.
  • B. All rules are checked and if there is no match, no Enforcement profile is applied.
  • C. Each rule is checked and once a match is found, the Enforcement profile assigned to that rule is applied. along with the default Enforcement profile.
  • D. All rules are checked for any matching rules and their respective Enforcement profiles are applied.


Answer : D

What is the purpose of a RADIUS IETP Session Timeout attribute being sent to an Aruba
Controller when a guest authenticates successfully?

  • A. For the controller to initiate a RADIUS re-authentication automatically when the time limit is reached.
  • B. For ClearPass to send a RADIUS CoA message to the client when the time limit is reached.
  • C. For the user to initiate a RADIUS re-authentication when the time limit is reached.
  • D. For ClearPass to send a RADIUS CoA message when the time limit is reached.
  • E. For the Controller to end the user’s authenticated session when the time limit is reached.


Answer : E


Based on the self-registration customization, what is the expected outcome?

  • A. When the user connects to an ArubaNAD device, the user will be redirected to this self- registration page.
  • B. When the user completes the self-registration form, a NAS login request will be sent from the client to ClearPass alternate domain at securelogin.arubanetworks.com.
  • C. When the userbrowses to securelogin.arubanetworks.com, the user will be redirected to the self-registration page.
  • D. User credentials will be sent to the NAD device when the user clicks the login button on the self-registration receipt page.
  • E. When the user clicks the register button on the self-registration page, user credentials will be sent to the NAD.


Answer : B

Page:    1 / 3   
Exam contains 44 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.