HPE Sales Certified - Aruba Products and Solutions v1.0 (HPE6-A82)

Page:    1 / 4   
Total 66 questions

Which are valid enforcement profile types? (Choose two.)

  • A. ClearPass Entity Update Enforcement
  • B. Aruba Script Enforcement
  • C. Policy Service Enforcement
  • D. RADIUS Change of Authorization (CoA)

Answer : AD

What are "known" endpoints in ClearPass?

  • A. "Known" endpoints have be fingerprinted to determine their operating system and manufacturer.
  • B. These are endpoints whose beacons have been detected but have never completed authentication.
  • C. The label "Known" indicates rogue endpoints labeled as "friendly" or "ignore".
  • D. "Known" endpoints can be authenticated based on MAC address to bypass the captive portal login.

Answer : D

Which option supports DHCP profiling for devices in a network?

  • A. configuring ClearPass as a DHCP relay for the client
  • B. DHCP profiling is enabled on ClearPass by default; configuration of the network access devices is not necessary
  • C. enabling the DHCP server to profile endpoints and forward meta-data to ClearPass
  • D. enabling DHCP relay on our network access devices so DHCP requests are forwarded to ClearPass

Answer : A

What is RADIUS Change of Authorization (CoA)?

  • A. It is a mechanism that enables ClearPass to assigned a User-Based Tunnel (UBT) between a switch and controller for Dynamic Segmentation.
  • B. It allows clients to issue a privilege escalation request to ClearPass using RADIUS to switch to TACACS+.
  • C. It allows ClearPass to transmit messages to the Network Attached Device/Network Attached Server (NAD/NAS) to modify a userג€™s session status.
  • D. It forces the client to re-authenticate upon roaming to an access point controlled by a foreign mobility controller.

Answer : C

A customer with 677 employees would like to authenticate employees using a captive portal guest web login page. Employees should use their AD credentials to login on this page.
Which statement is true?

  • A. The customer needs to add second guest service in the policy manager for the guest network.
  • B. The customer needs to add the AD server as an authentication source in a guest service.
  • C. Employees must be taken to a separate web login page on the guest network.
  • D. The customer needs to add the AD servers RADIUS certificate to the guest network.

Answer : B

What happens when a client successfully authenticates but does not match any Enforcement Policy rules?

  • A. A RADIUS reject is returned for the client.
  • B. A RADIUS Accept is returned with no Enforcement Profile applied.
  • C. A RADIUS Accept is returned, and the default Enforcement Profile is applied.
  • D. A RADIUS Accept is returned, and the default rule is applied to the device.

Answer : C

Your boss suggests configuring a guest self-registration page in ClearPass for an upcoming conference event.
What are the benefits of using guest self-registration? (Choose two.)

  • A. This will allow conference employees to pre-load additional device information as guests arrive and register.
  • B. This strategy effectively stops employees from putting their own corporate devices on the guest network.
  • C. This will enable additional information to be gathered about guests during the conference.
  • D. This allows guest users to create and manage their own login account.
  • E. This will allow employee personal devices to be Onboarded to the corporate network.

Answer : AD

Which Authorization Source supports device profile enforcement?

  • A. Local User Repository
  • B. OnGuard Repository
  • C. Endpoints Repository
  • D. Guest User Repository

Answer : A

Which items can be obtained from device profiling? (Choose three.)

  • A. Device Category
  • B. Device Family
  • C. Device Health
  • D. Device Type
  • E. Device Location

Answer : CDE

Which is true regarding the Cisco Device Sensor feature in ClearPass? (Choose two.)

  • A. Forwards DHCP and HTTP user-agent info to ClearPass using Control and Datagram Transport Layer Security (DTLS) encapsulation.
  • B. Requires the purchase of a supported Cisco Access Point licensed as an Aruba Monitor Mode AP, to then act as the sensor.
  • C. Forwards DHCP and HTTP user-agent info to ClearPass using RADIUS accounting packets.
  • D. Gathers raw endpoint data from Cisco Discovery Protocol (CDP) and Link Layer Discovery Protocol (LLDP).
  • E. Requires a Cisco Smart Net license to be installed on the Network Access Device (NAD) utilizing the feature.

Answer : DE

Which most accurately describes the "Select All Matches" rule evaluation algorithm in Enforcement Policies?

  • A. Each rule is checked, and once a match is found, the Enforcement profile assigned to that rule is applied and the rule matching stops.
  • B. All rules are checked, and if there is no match, no Enforcement profile is applied.
  • C. All rules are checked for any matching rules and their respective Enforcement profiles are applied.
  • D. Each rule is checked, and once a match is found, the Enforcement profile assigned to that rule is applied, along with the default Enforcement profile.

Answer : C

When using Guest Authentication with MAC Caching service template, which statements are true? (Choose two.)

  • A. The guest authentication is provided better security than without using MAC caching.
  • B. The endpoint status of the client will be treated as "known" the first time the client associates to the network.
  • C. Which wireless SSID and wireless controller must be indicated when configuring the template.
  • D. The client will be required to re-enter their credentials even if still within the MAC-Auth Expiry term.

Answer : AC

Refer to the exhibit.

What is true regarding leaving the indicated option "Use cached Roles and Posture attributes from previous sessions" unchecked?

  • A. A posture change applied to an endpoint is going to be lost each time the client re-authenticates.
  • B. The service will make the enforcement decision based upon the updated Posture regardless of caching.
  • C. Posturing will no longer be evaluated in determining the enforcement policy for current or future sessions.
  • D. Cached posture results are no longer stored by ClearPass but instead are saved to the endpoint of the client.

Answer : A

What are benefits of using Network Device Groups in ClearPass? (Choose two.)

  • A. Network Access Devices (NADs) only require Aruba factory installed certificates to join a Network Device Group.
  • B. Allows Service selection rules to match based upon which Network Device Group the Network Access Device (NAD) belongs to.
  • C. A Network Access Device is must be discovered by ClearPass prior to be added to a Network Device Group.
  • D. Another way to add a customizable "attribute" field to reference when processing authentication requests.
  • E. Can apply to both Network Access Devices (NADs) as well as client machines as a way to filter authentication requests.

Answer : AD

Which authentication method requires a client certificate?

  • A. EAP-TLS
  • B. Guest self-registration
  • C. PEAP
  • D. MAC Authentication

Answer : A

Page:    1 / 4   
Total 66 questions