HPE Networking ClearPass v1.0

Page:    1 / 8   
Exam contains 111 questions
Expand All

An organization is implementing certificates for their internal servers and wants to ensure security and reliability. They decide to use SAN records in their certificates.

What critical step must they take to ensure all hostnames are properly validated?

  • A. Use separate certificates for each server to avoid conflicts.
  • B. Use IP addresses instead of hostnames in the SAN for better security.
  • C. Include all hostnames in the SAN, even those listed in the CN.


Answer : C

An organization is implementing ClearPass and wants to avoid using the internal database for authentication unless necessary.

What is the primary reason for this recommendation?

  • A. The internal database is less scalable and lacks rich context about users.
  • B. The internal database is not compatible with ClearPass.
  • C. The internal database requires specialized hardware.


Answer : A

A network engineer is troubleshooting an issue where a user is receiving unexpected access rights. They decide to use the LDAP browser in ClearPass.

What feature of the LDAP browser should they use to determine why the user is getting a certain type of access?

  • A. Edit the list of pre-built filters to include more attributes.
  • B. Browse the directory tree and look at the user’s attributes.
  • C. Modify the configuration of the ClearPass User Role in the enforcement profile.


Answer : B

A company uses ClearPass with Active Directory as both the authentication and authorization source.

What is the advantage of this setup?

  • A. It allows for both credential validation and account attribute retrieval.
  • B. It simplifies the network topology by eliminating external servers.
  • C. It ensures that only internal devices can access the network.


Answer : A

A company is setting up a RADIUS server for their wireless network authentication. They want to use a certificate with a generic CN for all their ClearPass RADIUS servers.

What must they ensure for the certificate to be valid for the clients managed by an Active Directory domain?

  • A. The domain component of the CN must be a domain that the client can verify.
  • B. The SAN must include the IP addresses of all RADIUS servers.
  • C. The CN must match the exact hostname of each RADIUS server.


Answer : A

An organization uses ClearPass to verify client certificates for network access. A client attempts to authenticate using a TLS certificate.

What does ClearPass need to verify to ensure the certificate is valid?

  • A. ClearPass only needs to verify the issuing date and timestamp.
  • B. ClearPass must verify the certificate’s issuing organization and the client’s private key.
  • C. ClearPass must verify the certificate’s issuing organization, issuing date, and timestamp within the allowed clock skew.


Answer : C

A company has implemented ClearPass Policy Manager to manage network access. ClearPass gathers user credentials, endpoint profile context, and the client’s health status during a network access request. After collecting all the necessary data, ClearPass must decide whether to grant access based on the organization’s policies.

Which stage of the ClearPass process is responsible for making this final decision and replying to the request?

  • A. Profile Information Gathering
  • B. Roles and Enforcement process
  • C. Service Selection


Answer : B

In a scenario where the OCSP server replies with an ‘unknown’ status, what action will ClearPass take regarding the certificate-based authentication?

  • A. ClearPass will retry the OCSP request.
  • B. ClearPass will accept the authentication but log a warning.
  • C. ClearPass will reject the authentication.


Answer : C

An organization is setting up a ClearPass server for their network authentication. The administrator has installed a certificate issued by an internal Certificate Authority. The clients cannot fully validate the server’s certificate during the validation process.

What additional step must the administrator take to ensure the clients can successfully validate the certificate?

  • A. Disable the trust check in the client’s validation process.
  • B. Install the root certificate from the internal Certificate Authority on all client devices.
  • C. Reissue the certificate from a public Certificate Authority.


Answer : B

An IT specialist is configuring authentication methods for a network resource in ClearPass. They need to ensure that only valid methods are used and that the client credentials are authenticated against multiple sources in a specific order.

What should the specialist do?

  • A. Use the Authorization tab to configure authentication methods
  • B. Add new RADIUS CoA Action for each authentication source
  • C. Select multiple authentication sources and order them from top-down


Answer : C

A company is setting up a new secure network service and has configured EAP TLS with OCSP enabled.
What additional step must be taken to ensure proper authentication?

  • A. Add the EAP TLS with OCSP enabled method to the Authentication tab of the secure network service.
  • B. Disable the Override OCSP URL from Client option.
  • C. Enable fast reconnect for EAP-PEAP.


Answer : A

A company is setting up a new wireless service for their Intermec handheld scanners and has decided to use the full-service wizard. What is a likely outcome they should prepare for after using the wizard?

  • A. The service will include all possible settings for every service type.
  • B. The wizard will automatically create all necessary supporting services.
  • C. They will need to make further edits to fine-tune the service process.


Answer : C

A company wants to prevent corporate devices from accessing the guest network. They configure a ClearPass Entity Update Enforcement action to tag devices as corporate clients.

What happens when a tagged device attempts to access the guest network?

  • A. The enforcement action is ignored, and the device accesses the guest network.
  • B. The guest access service reads the attribute and denies access to the guest network.
  • C. The corporate client is redirected to a different network.


Answer : B

An IT specialist is tasked with ensuring that guests receive their login credentials via SMS after completing the self-registration process.

What configuration must be checked to guarantee that this feature is enabled?

  • A. The network must disable email notifications to enable SMS notifications.
  • B. ClearPass must be configured to send the guest account information via SMS.
  • C. The guest’s browser must support SMS messaging.


Answer : B

An IT administrator is setting up a new service in their company’s configuration system. After selecting a service type and filling in the name and description, they need to modify the service selection rules.

They want to ensure that non-compliant end hosts are automatically remediated.

Which step should they take next?

  • A. Select the Audit End-hosts check box and choose to perform an audit always.
  • B. Select the Add new Posture Server link and configure a new server.
  • C. Select the Posture Compliance check box, enable auto-remediation, and enter the Remediation URL.


Answer : C

Page:    1 / 8   
Exam contains 111 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy | Amazon Exams | Cisco Exams | CompTIA Exams | Databricks Exams | Fortinet Exams | Google Exams | Microsoft Exams | VMware Exams