Aruba Certified ClearPass Associate 6.5 v7.0 (HPE6-A07)

Page:    1 / 3   
Total 44 questions

What does a client need for it to perform EAP-TLS successfully? (Select two.)

  • A. Username and Password
  • B. Server Certificate
  • C. Pre-shared key
  • D. Certificate Authority
  • E. Client Certificate


Answer : B,E

Explanation:
Referencehttps://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-
BYOD/Binary-comparison-in-EAP-TLS-Authentication/ta-p/257857

What happens when a client successfully authenticates but does not match any
Enforcement Policy rules?

  • A. no role is applied to the device
  • B. logon profile is applied to the device
  • C. default Enforcement profile is applied
  • D. guest rule is applied to the device
  • E. defaultrule is applied to the device


Answer : C

Explanation:
The first time a device connects, it's allowed on in a limited state (session timeout is a low value and DHCP is allowed) because it doesn't match any Enforcement policy rules based on Endpoint Category. The default enforcement profile is used.
References:

Which statement most accurately describes how the HTTP collector words for profiling?

  • A. HTTP packets are inspected whena user accesses any guest page on ClearPass.
  • B. When a user access the Aruba controller captive portal page, HTTP packets are captured by ClearPass.
  • C. HTTP packets are inspected only when a user accesses the ClearPass administration UI page.
  • D. When a user accesses any internet page, HTTP packets are captured by ClearPass.
  • E. HTTP packets are forwarded from the Controller to ClearPass.


Answer : E

Which authentication type allows a device to authenticate with a client certificate?

  • A. 802.1X/EAP
  • B. WEP Authentication
  • C. MAC Authentication
  • D. Captive Portal Authentication
  • E. Open System Authentication


Answer : A

Explanation:
Referencehttps://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-
BYOD/Binary-comparison-in-EAP-TLS-Authentication/ta-p/257857

Which type of ClearPass service is used to process health checks from the OnGuard agent?

  • A. WebAuth
  • B. RADIUS
  • C. TACACS
  • D. HTTP
  • E. AppAuth


Answer : A

Explanation:
Referencehttps://community.arubanetworks.com/aruba/attachments/aruba/aaa-nac-guest- access-byod/21122/1/OnGuard%20config%20Tech%20Note%20v1.pdf

What is the purpose of a guest self-registration page in ClearPass?

  • A. to allow employees to get their own devices securely connected to the network
  • B. to allow contractors to create their own accounts inActive Directory
  • C. to allow employees’ sponsors to create accounts for their guests
  • D. to allow employees to easily get their corporate devices on the network
  • E. to allow guest users to create a login account for the web login page


Answer : B

Explanation:

Explanation -
Guest self-registration allows an administrator to customize the process for guests to create their own visitor accounts. Self-registration is also referred to as self-provisioned access
Referencehttp://www.arubanetworks.com/techdocs/ClearPass/6.6/Guest/Content/Configur ation/CustomizingSelfProvisionedAccess.htm

An organization wants to ensure a clients antivirus is installed and up to date prior to allowing network access.
Which ClearPass feature can be used to accomplish this?

  • A. Guest with sponsor approval
  • B. OnGuard
  • C. Guest with self-registration
  • D. Onboarding
  • E. RADIUSAuthorization


Answer : B

Which Operating Systems can use Network Access Protection (NAP) policy agents?
(Select two.)

  • A. Windows XP
  • B. Android
  • C. Windows 7
  • D. Mac OS X
  • E. iOS 6 and higher


Answer : C,D

Where is the web login page created in the ClearPass UI?

  • A. WebAuth Service
  • B. Captive Portal Profile
  • C. ClearPass Policy Manager
  • D. Guest LoginService
  • E. ClearPass Guest


Answer : B

Explanation:
Referencehttp://www.arubanetworks.com/techdocs/ClearPass/CPGuest_UG_HTML_6.5/C ontent/Configuration/CreateEditWebLogin.htm

How is ClearPass enabled to perform DHCP profiling for devices in a network?

  • A. by enabling a port mirror on the network access device to mirror all user traffic toClearPass
  • B. by enabling DHCP relay on our network access devices so DHCP requests are forwarded to ClearPass
  • C. by enabling the ‘DHCP ignore’ feature on network access devices
  • D. by configuring ClearPass as a secondary DHCP server on the client
  • E. by enabling profiling on ClearPass; configuration of the network access devices is not necessary


Answer : B

Explanation:
Referencehttps://community.arubanetworks.com/aruba/attachments/aruba/ForoenEspanol/
653/1/ClearPass%20Profiling%20TechNote.pdf


Refer to the exhibit. A user has enabled ‘department’ and ‘memberOf’ as roles.
What is the direct effect of the user’s action?

  • A. The users authentication will be rejected if the user does not have an admin user group membership in AD.
  • B. The user’s memberOf attribute is sent back to the controller as a firewall role.
  • C. The users department and group membership will be seen in the Access tracker roles section.
  • D. The users authentication will be rejected if the user does nothave a department attribute in AD.
  • E. The user’s department is sent back to the controller as a firewall role.


Answer : A

A ClearPass deployment needs to be designed to determine whether a user authenticating is an HR department employee in the Active Directory Server and whether the users device is healthy.
Which policy service components will the network administrator need to use?

  • A. Posture, Authentication and Authorization
  • B. Posture and Firewall Roles
  • C. Posture and Onboard
  • D. Authentication andAuthorization
  • E. Posture, Authentication and Onboarding


Answer : A

Explanation:
Referencehttp://www.arubanetworks.com/techdocs/ClearPass/Aruba_CPPMOnlineHelp/Co ntent/CPPM_UserGuide/About%20ClearPass/About_ClearPass.htm

Which most accurately describes the First Applicable rule evaluation algorithm in
Enforcement Policies?

  • A. Each rule is checked and once a match is found, the Enforcement profile assigned to that rule is applied and the rule matching stops.
  • B. All rules are checked and if there is no match, no Enforcement profile is applied.
  • C. Each rule is checked and once a match is found, the Enforcement profile assigned to that rule is applied. along with the default Enforcement profile.
  • D. All rules are checked for any matching rules and their respective Enforcement profiles are applied.


Answer : D

What is the purpose of a RADIUS IETP Session Timeout attribute being sent to an Aruba
Controller when a guest authenticates successfully?

  • A. For the controller to initiate a RADIUS re-authentication automatically when the time limit is reached.
  • B. For ClearPass to send a RADIUS CoA message to the client when the time limit is reached.
  • C. For the user to initiate a RADIUS re-authentication when the time limit is reached.
  • D. For ClearPass to send a RADIUS CoA message when the time limit is reached.
  • E. For the Controller to end the user’s authenticated session when the time limit is reached.


Answer : E


Based on the self-registration customization, what is the expected outcome?

  • A. When the user connects to an ArubaNAD device, the user will be redirected to this self- registration page.
  • B. When the user completes the self-registration form, a NAS login request will be sent from the client to ClearPass alternate domain at securelogin.arubanetworks.com.
  • C. When the userbrowses to securelogin.arubanetworks.com, the user will be redirected to the self-registration page.
  • D. User credentials will be sent to the NAD device when the user clicks the login button on the self-registration receipt page.
  • E. When the user clicks the register button on the self-registration page, user credentials will be sent to the NAD.


Answer : B

Page:    1 / 3   
Total 44 questions