HPE Sales Certified - Aruba Products and Solutions v1.0

Page:    1 / 4   
Exam contains 66 questions

Which are valid enforcement profile types? (Choose two.)

  • A. ClearPass Entity Update Enforcement
  • B. Aruba Script Enforcement
  • C. Policy Service Enforcement
  • D. RADIUS Change of Authorization (CoA)


Answer : AD

What are "known" endpoints in ClearPass?

  • A. "Known" endpoints have be fingerprinted to determine their operating system and manufacturer.
  • B. These are endpoints whose beacons have been detected but have never completed authentication.
  • C. The label "Known" indicates rogue endpoints labeled as "friendly" or "ignore".
  • D. "Known" endpoints can be authenticated based on MAC address to bypass the captive portal login.


Answer : D

Which option supports DHCP profiling for devices in a network?

  • A. configuring ClearPass as a DHCP relay for the client
  • B. DHCP profiling is enabled on ClearPass by default; configuration of the network access devices is not necessary
  • C. enabling the DHCP server to profile endpoints and forward meta-data to ClearPass
  • D. enabling DHCP relay on our network access devices so DHCP requests are forwarded to ClearPass


Answer : A

What is RADIUS Change of Authorization (CoA)?

  • A. It is a mechanism that enables ClearPass to assigned a User-Based Tunnel (UBT) between a switch and controller for Dynamic Segmentation.
  • B. It allows clients to issue a privilege escalation request to ClearPass using RADIUS to switch to TACACS+.
  • C. It allows ClearPass to transmit messages to the Network Attached Device/Network Attached Server (NAD/NAS) to modify a userג€™s session status.
  • D. It forces the client to re-authenticate upon roaming to an access point controlled by a foreign mobility controller.


Answer : C

A customer with 677 employees would like to authenticate employees using a captive portal guest web login page. Employees should use their AD credentials to login on this page.
Which statement is true?

  • A. The customer needs to add second guest service in the policy manager for the guest network.
  • B. The customer needs to add the AD server as an authentication source in a guest service.
  • C. Employees must be taken to a separate web login page on the guest network.
  • D. The customer needs to add the AD servers RADIUS certificate to the guest network.


Answer : B

What happens when a client successfully authenticates but does not match any Enforcement Policy rules?

  • A. A RADIUS reject is returned for the client.
  • B. A RADIUS Accept is returned with no Enforcement Profile applied.
  • C. A RADIUS Accept is returned, and the default Enforcement Profile is applied.
  • D. A RADIUS Accept is returned, and the default rule is applied to the device.


Answer : C

Your boss suggests configuring a guest self-registration page in ClearPass for an upcoming conference event.
What are the benefits of using guest self-registration? (Choose two.)

  • A. This will allow conference employees to pre-load additional device information as guests arrive and register.
  • B. This strategy effectively stops employees from putting their own corporate devices on the guest network.
  • C. This will enable additional information to be gathered about guests during the conference.
  • D. This allows guest users to create and manage their own login account.
  • E. This will allow employee personal devices to be Onboarded to the corporate network.


Answer : AD

Which Authorization Source supports device profile enforcement?

  • A. Local User Repository
  • B. OnGuard Repository
  • C. Endpoints Repository
  • D. Guest User Repository


Answer : A

Which items can be obtained from device profiling? (Choose three.)

  • A. Device Category
  • B. Device Family
  • C. Device Health
  • D. Device Type
  • E. Device Location


Answer : CDE

Which is true regarding the Cisco Device Sensor feature in ClearPass? (Choose two.)

  • A. Forwards DHCP and HTTP user-agent info to ClearPass using Control and Datagram Transport Layer Security (DTLS) encapsulation.
  • B. Requires the purchase of a supported Cisco Access Point licensed as an Aruba Monitor Mode AP, to then act as the sensor.
  • C. Forwards DHCP and HTTP user-agent info to ClearPass using RADIUS accounting packets.
  • D. Gathers raw endpoint data from Cisco Discovery Protocol (CDP) and Link Layer Discovery Protocol (LLDP).
  • E. Requires a Cisco Smart Net license to be installed on the Network Access Device (NAD) utilizing the feature.


Answer : DE

Which most accurately describes the "Select All Matches" rule evaluation algorithm in Enforcement Policies?

  • A. Each rule is checked, and once a match is found, the Enforcement profile assigned to that rule is applied and the rule matching stops.
  • B. All rules are checked, and if there is no match, no Enforcement profile is applied.
  • C. All rules are checked for any matching rules and their respective Enforcement profiles are applied.
  • D. Each rule is checked, and once a match is found, the Enforcement profile assigned to that rule is applied, along with the default Enforcement profile.


Answer : C

When using Guest Authentication with MAC Caching service template, which statements are true? (Choose two.)

  • A. The guest authentication is provided better security than without using MAC caching.
  • B. The endpoint status of the client will be treated as "known" the first time the client associates to the network.
  • C. Which wireless SSID and wireless controller must be indicated when configuring the template.
  • D. The client will be required to re-enter their credentials even if still within the MAC-Auth Expiry term.


Answer : AC

Refer to the exhibit.


What is true regarding leaving the indicated option "Use cached Roles and Posture attributes from previous sessions" unchecked?

  • A. A posture change applied to an endpoint is going to be lost each time the client re-authenticates.
  • B. The service will make the enforcement decision based upon the updated Posture regardless of caching.
  • C. Posturing will no longer be evaluated in determining the enforcement policy for current or future sessions.
  • D. Cached posture results are no longer stored by ClearPass but instead are saved to the endpoint of the client.


Answer : A

What are benefits of using Network Device Groups in ClearPass? (Choose two.)

  • A. Network Access Devices (NADs) only require Aruba factory installed certificates to join a Network Device Group.
  • B. Allows Service selection rules to match based upon which Network Device Group the Network Access Device (NAD) belongs to.
  • C. A Network Access Device is must be discovered by ClearPass prior to be added to a Network Device Group.
  • D. Another way to add a customizable "attribute" field to reference when processing authentication requests.
  • E. Can apply to both Network Access Devices (NADs) as well as client machines as a way to filter authentication requests.


Answer : AD

Which authentication method requires a client certificate?

  • A. EAP-TLS
  • B. Guest self-registration
  • C. PEAP
  • D. MAC Authentication


Answer : A

Page:    1 / 4   
Exam contains 66 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy