Aruba Certified ClearPass Professional (ACCP) V6.7 v1.0

Page:    1 / 4   
Exam contains 58 questions

Which checks are made with Onguard posture evaluation in ClearPass? (Choose three.)

  • A. Operating System version
  • B. Peer-to-peer application checks
  • C. EAP TLS certificate validity
  • D. Client role check
  • E. Registry keys


Answer : ABE

Refer to the exhibit.


Based on the information, what is the purpose of using [Time Source] for authorization?

  • A. to check how long it has been since the last login authentication
  • B. to check whether the guest account expired
  • C. to check whether the MAC address is in the MAC Caching repository
  • D. to check whether the MAC address status is known in the endpoints table
  • E. to check whether the MAC address status is unknown in the endpoints table


Answer : D

Refer to the exhibit.


Which statements accurately describe the status of the Onboarded devices in the configuration for the network settings shown? (Choose two.)

  • A. They will use WPA2-PSK with AES when connecting to the SSID.
  • B. They will to Employee_Secure SSID for provisioning their devices.
  • C. They will to Employee_Secure SSID after provisioning.
  • D. They will perform 802.1 authentication when connecting to the SSID.
  • E. They will connect to secure_emp SSID after provisioning.


Answer : DE

A customer wants to implement Virtual IP redundancy, such that in case of a ClearPass server outage. 802.1x authentications will not be interrupted. The administrator has enabled a single Virtual IP address on two ClearPass servers.
Which statement is true? (Choose two.)

  • A. Both the primary and secondary nodes will respond to authentication requests sent to the Virtual IP address when the primary node is active.
  • B. The primary node will respond to authentication requests sent to the Virtual IP address when the primary node is active.
  • C. The NAD should be configured with the primary node IP address for RADIUS authentications on the 802.1x network.
  • D. A new Virtual IP address should be created for each NAD.
  • E. The NAD should be configured with the virtual IP address for RADIUS authentications on the 802.1x network.


Answer : BE

An SNMP probe is sent from ClearPass to a network access device but ClearPass is unable to get profiling information.
What could be a valid cause? (Choose three.)

  • A. Mismatching SNMP community string in the ClearPass and NAD configuration.
  • B. Only SNMP read has been configured but SNMP write is needed for profiling information.
  • C. SNMP is not enabled on the NAD.
  • D. An external firewall is blocking SNMP traffic.
  • E. SNMP probing is not supported between ClearPass and NADs.


Answer : ACD

Refer to the exhibit.


An AD user"™s department attribute value is configured as "QA". The user authenticates from a laptop running MAC OS X.
Which role is assigned to the user in ClearPass?

  • A. HR Local
  • B. Remote Employee
  • C. [Guest]
  • D. iOS Device
  • E. Executive


Answer : C

What can ClearPass use to assign roles to the client during policy service processing? (Choose two.)

  • A. Through a role mapping policy.
  • B. From the attributes configures in a Network Access Device.
  • C. From the server derivation rule in the Aruba Controller server group for the client.
  • D. From the attributes configured in Active Directory.
  • E. Roles can be derived from the Aruba Network Access Device.


Answer : AD

Refer on the exhibit.


Based on the configuration for "˜maximum devices"™ shown, which statement accurately describes its settings?

  • A. It limits the number of devices that a single user can connect to the network.
  • B. It limits the number of devices that a single user can Onboard.
  • C. It limits the total number of Onboarded devices connected to the network.
  • D. It limits the total number of devices that can be provisioned by ClearPass.
  • E. With this setting, the user cannot Onboard any devices.


Answer : B

An Android device goes through the single-SSID Onboarding process and successfully connects using EAP-TLS to the secure network.
What is the order in which services are triggered?

  • A. Onboard Provisioning, Onboard Authorization, Onboard Pre-Auth
  • B. Onboard Authorization, Onboard Provisioning, Onboard Authorization
  • C. Onboard Provisioning, Onboard Pre-Auth, Onboard Authorization
  • D. Onboard Provisioning, Onboard Authorization, Onboard Provisioning
  • E. Onboard Provisioning, Onboard Pre-Auth, Onboard Authorization, Onboard Provisioning


Answer : D

What does the Posture Token QUARANTINE imply?

  • A. The client is compliant. However, there is an update available to remediate the client to HEALTHY state.
  • B. The posture of the client is unknown.
  • C. The client is infected and is a threat to other systems in the network.
  • D. The client is out of compliance, but has HEALTHY state.
  • E. The client is out of compliance.


Answer : E

Which step is required to use ClearPass as a TACACS+ Authentication server for a network device? (Choose two.)

  • A. Configure a TACACS Enforcement Profile on ClearPass for the desired privilege level.
  • B. Enable RADIUS accounting on the NAD.
  • C. Configure ClearPass roles on the network device.
  • D. Configure ClearPass as an Authentication server on the network device.
  • E. Configure a RADIUS Enforcement Profile on ClearPass for the desired privilege level.


Answer : AD

What must be configured to enable RADIUS authentication with ClearPass on a network access device (NAD)? (Choose two.)

  • A. The ClearPass server must have the network device added as a valid NAD.
  • B. The ClearPass server certificate must be installed on the NAD.
  • C. A matching shared secret must be configured on both the ClearPass server and NAD.
  • D. An NTP server needs to be set on the NAD.
  • E. A bind username and bind password must be provided.


Answer : AC

Refer to the exhibit.


What is the purpose of the "˜Clock Skew Allowance"™ setting? (Choose tow.)

  • A. to ensure server certificate validation does not fail due to client clock sync issues
  • B. to set expiry time in client certificate to a few minutes longer that the default setting
  • C. to adjust clock time on client device to a few minutes before current time
  • D. to ensure client certificate validation does not fail due to client clock sync issues
  • E. to set start time in client certificate to a few minutes before current time


Answer : D

Refer to the exhibit.


An administrator logs in to the Guest module in ClearPass and "˜Manage Accounts"™ displays as shown.
When a user with username [email protected] attempts to access the Web Login page, what will be the outcome?

  • A. The user will not be able to access the Web Login page.
  • B. The user will be able to login and authenticate successfully but they will be immediately disconnected after.
  • C. The user will not be able to login and authenticate.
  • D. The user will be able to login for the next 4.9 days, but after this they will not be able to login anymore.
  • E. The user will be able to login and authenticate successfully, but get a quarantine role after logging in.


Answer : C

Refer to the exhibit.


An Enforcement Profile has been created in the Policy Manager as shown.
Which action will ClearPass take based on this Enforcement Profile?

  • A. ClearPass will count down 600 seconds and send a RADIUS CoA message to the user to end the user"™s session after this time is up.
  • B. ClearPass will send the Session-Timeout attribute in the RADIUS Access-Accept packet to the NAD and the NAD will end the user"™s session after 600 seconds.
  • C. ClearPass will count down 600 seconds and send a RADIUS CoA message to the NAD to end the user"™s session after this time is up.
  • D. ClearPass will send the Session-Timeout attribute in the RADIUS Access-Request packet to the NAD and the NAD will end the user"™s session after 600 seconds.
  • E. ClearPass will send the Session-Timeout attribute in the RADIUS Access-Accept packet to the User and the user"™s session will be terminated after 600 seconds.


Answer : E

Page:    1 / 4   
Exam contains 58 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy