Page: 1
/ 7
Total 98 questions
A customer wants all guests who access a company's guest network to have their accounts approved by the receptionist, before they are given access to the network
How should the network administrator set this up in ClearPass? (Select two)
- A. Enable sponsor approval confirmation in Receipt actions.
- B. Configure SMTP messaging in the Policy Manager.
- C. Configure a MAC caching service in the Policy Manager.
- D. Configure a MAC auth service in the Policy Manager.
- E. Enable sponsor approval in the captive portal authentication profile on the NAD.
Answer : A,D
What must be configured to enable RADIUS authentication with ClearPass on a network access device (NAD)? (Select two.)
- A. the ClearPass server must have the network device added as a valid NAD.
- B. the ClearPass server certificate must be installed on me NAD.
- C. a matching shared secret must be configured on both me ClearPass server and NAD.
- D. an NTP server needs to be set up on me NAD.
- E. a bind username and bind password must be provided.
Answer : A,C
A customer wants to enable Publisher redundancy.
Based on the network topology diagram shown, which node should the network administrator configure as die standby Publisher for the Publisher in the main data ceqter?
- A. Subscriber in the main data center
- B. Publisher in the regional office Publisher
- C. any of the other three Publishers
- D. Publisher is the mid-size branch
- E. Publisher in the DMZ
Answer : A
What Is the purpose or Operator Profiles?
- A. To assign ClearPass roles to guest users.
- B. To enforce role based access control for ClearPass Guest operator users.
- C. To enforce role based access control for ClearPass Policy Manager admin users.
- D. To map AD attributes to admin privilege levels in ClearPass Guest.
- E. To enforce role based access control for Aruba Controllers.
Answer : B
Which steps are required to use ClearPass as a TACACS+ Authentication server for a network device?
- A. Configure the ClearPass Policy Manager as an Authentication server on the network device.
- B. Configure ClearPass roles on the network device.
- C. Configure RADIUS Enforcement Profile for the desired privilege level.
- D. Configure TACACS Enforcement Profile for the desired privilege level.
- E. Enable RADIUS accounting on the NAD device.
Answer : A,D
Which CLl command is O Image update the image of a ClearPass server?
- A. System upgrade
- B. Upgrade image
- C. Reboot
- D. Upgrade software
Answer : A
Refer to the screen capture. The following is seen in the Licensing tab of the Publisher after a cluster has been formed between a publisher (192.168.0.53) and subscriber
(192.168.0.54):
What is the maximum number of clients that can be Onboarded on the subscriber node?
- A. 1000
- B. 550
- C. 25
- D. 525
- E. 500
Answer : B
Which of the following statements is NOT true about OnGuard? (Choose 2)
- A. It is used to identify and remove any malware/viruses.
- B. It is used to ensure that Antivirus/Antispyware programs are running and are up to date as desired.
- C. It supports both Windows and Mac OS X clients.
- D. It only supports 802.1X authentication.
- E. It supports both a persistent and web based agent.
Answer : A,D
Based on the Guest Role Mapping Policy shown, what is the purpose of the Role Mapping
Policy?
- A. To send a firewall role back to the controller based on the Guest User's Role ID.
- B. To assign Controller roles to guests.
- C. To display a role name on the Self-registration receipt page.
- D. To assign ClearPass roles to guests based on the guest's Role ID as seen during authentication.
- E. To assign all 3 roles of [Contractor], [Guest] and [Employee] to every guest user.
Answer : D
A hotel chain deployed ClearPass Guest. When hotel guests connect to the Guest SSID, launch a web browser and enter the address www.google com, immediately see me web login page.
What are the likely causes of this? (Select two.)
- A. The DNS server is not replying with an IP address for www.google.com.
- B. The guest is using a Linux laptop which doesn't support web login.
- C. The ClearPass server has a server certificate issued by Verisign.
- D. The ClearPass server has a server certificate issued by the internal Microsoft Certificate Server.
- E. The ClearPass server does not recognize the client's certificate.
Answer : A,D
What is the purpose of the Clock Skew Allowance' setting? (Select two.)
- A. to ensure server certificate validation does not fail due to client clock sync issues
- B. to set start time in client certificate to a few minutes before current time
- C. to adjust clock time on client device to a few minutes before current time
- D. to ensure client certificate validation does not fail due to client clock sync issues
- E. to set expty time in client certificate to a few minutes longer than the default setting
Answer : D,E
The ClearPass Event Viewer displays an error when a user authenticates with EAP-TLS to
ClearPass through an Aruba Controller Wireless Network.
What is the cause of this error?
- A. The controllers shared secret used during the certificate exchange is incorrect.
- B. The NAS source interface IP is incorrect.
- C. The client sent an incorrect shared secret for the 802 1X authentication.
- D. The controller used an incorrect shared secret for the RADIUS authentication.
- E. The client's shared secret used during the certificate exchange is incorrect.
Answer : D
Which of the following statements is true about the Clearpass hardware appliances?
- A. DHCP can be used to assign IP addresses to management and data ports.
- B. Both Management and Data Ports must be configured.
- C. Clearpass has a default management IP of 172.16.0.254.
- D. Only static IP addresses are allowed on the management and data ports.
- E. The maximum number of devices supported is 5000.
Answer : D
A customer would like to deploy ClearPass with these requirements:
between 20G0 to 3000 corporate users need to authenticate daily using EAP-TLS
should allow for up to 1000 employee devices to be Onboarded
should allow up to 100 guest users each day to authenticate using the web login feature
What is the license mix that the customer will need to purchase?
- A. CP-HW-2K, 1000 Onboard. 100 Guest
- B. CP-HW-500, 1000 Onboard. 100 Guest
- C. CP-HW-5K, 2500 Enterprise
- D. CP-HW-5K, 1000 Enterprise
- E. CP-HW-5k. 100 Onboard. 100 Guest
Answer : C
30 days access 