Halloween Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

What must be configured to enable RADIUS authentication with ClearPass on a network access device (NAD)? (Select two.)

A.

the ClearPass server must have the network device added as a valid NAD

B.

the ClearPass server certificate must be installed on the NAD

C.

a matching shared secret must be configured on both the ClearPass server and NAD

D.

an NTP server needs to be set up on the NAD

E.

a bind username and bind password must be provided

Full Access
Question # 5

What does the Posture Token QUARANTINE imply?

A.

The client is compliant. However, there is an update available to remediate the client to HEALTHY state.

B.

The posture of the client is unknown.

C.

The client is infected and is a threat to other systems in the network.

D.

The client is out of compliance, but has HEALTHY state.

E.

The client is out of compliance.

Full Access
Question # 6

Refer to the exhibit.

Based on the Access Tracker output for the user shown, which statement describes the status?

A.

The Aruba Terminate Session enforcement profile as applied because the posture check failed.

B.

A Healthy Posture Token was sent to the Policy Manager.

C.

A RADIUS-Access-Accept message is sent back to the Network Access Device.

D.

The authentication method used is EAP-PEAP.

E.

A NAP agent was used to obtain the posture token for the user.

Full Access
Question # 7

A customer would like to deploy ClearPass with these requirements:

  • between 2000 to 3000 corporate users need to authenticate daily using EAP-TLS
  • should allow for up to 1000 employee devices to be Onboarded
  • should allow up to 100 guest users each day to authenticate using the web login feature

What is the license mix that customer will need to purchase?

A.

CP-HW-2k, 1000 Onboard, 100 Guest

B.

CP-HW-500, 1000 Onboard, 100 Guest

C.

CP-HW-5k, 2500 Enterprise

D.

CP-HW-5k, 1000 Enterprise

E.

CP-HW-5k, 100 Onboard, 100 Guest

Full Access
Question # 8

During a web login authentication, what is expected to happen as part of the Automated NAS login?

A.

NAD sends TACACS+ request to ClearPass.

B.

ClearPass sends TACACS+ request to NAD.

C.

Client device sends RADIUS request to NAD.

D.

NAD sends RADIUS request to ClearPass.

E.

ClearPass sends RADIUS request to NAD.

Full Access
Question # 9

Which device type supports Exchange ActiveSync configuration with Onboard?

A.

Linux laptop

B.

Mac OS X device

C.

Apple iOS device

D.

Windows laptop

E.

Android device

Full Access
Question # 10

Refer to the exhibit.

Based on the Authentication sources configuration shown, which statement accurately describes the outcome if the user is not found?

A.

If the user is not found in the remotelab AD but is present in the local user repository, a reject message is sent back to the NAD.

B.

If the user is not found in the local user repository but is present in the remotelab AD, a reject message is sent back to the NAD.

C.

If the user is not found in the local user repository a reject message is sent back to the NAD.

D.

If the user is not found in the local user repository and remotelab AD, a reject message is sent back to the NAD.

E.

If the user is not found in the local user repository a timeout message is sent back to the NAD.

Full Access
Question # 11

Refer to the exhibit.

Based on the Endpoint information shown, which collectors were used to profile the device as Apple iPad? (Select two.)

A.

HTTP User-Agent

B.

SNMP

C.

DHCP fingerprinting

D.

SmartDevice

E.

Onguard Agent

Full Access
Question # 12

Refer to the exhibit.

Based on the configuration of the Enforcement Profiles in the Onboard Authorization service shown, which Onboarding action will occur?

A.

The device will be disconnected from the network after Onboarding so that an EAP-TLS authentication is not performed.

B.

The device will be disconnected from and reconnected to the network after Onboarding is completed.

C.

The device’s onboard authorization request will be denied.

D.

The device will be disconnected after post-Onboarding EAP-TLS authentication, so a second EAP-TLS authentication is performed.

E.

After logging in on the Onboard web login page, the device will be disconnected form and reconnected to the network before Onboard begins.

Full Access
Question # 13

Which authentication protocols can be used for authenticating Windows clients that are Onboarded? (Select two.)

A.

EAP-GTC

B.

PAP

C.

EAP-TLS

D.

CHAP

E.

PEAP with MSCHAPv2

Full Access
Question # 14

Refer to the exhibit.

An AD user’s department attribute value is configured as “QA”. The user authenticates from a laptop running MAC OS X.

Which role is assigned to the user in ClearPass?

A.

HR Local

B.

Remote Employee

C.

[Guest]

D.

Executive

E.

IOS Device

Full Access
Question # 15

Based on the Policy configuration shown, which VLAN will be assigned when a user with ClearPass role Engineer authenticates to the network successfully using connection protocol WEBAUTH?

A.

Deny Access

B.

Employee VLAN

C.

Internet VLAN

D.

Full Access VLAN

Full Access
Question # 16

A university wants to deploy ClearPass with the Guest module. The university has two types that need to use web login authentication. The first type of users are students whose accounts are in an Active Directory server. The second type of users are friends of students who need to self-register to access the network.

How should the service be set up in the Policy Manager for this network?

A.

Guest User Repository and Active Directory server both as authentication sources

B.

Active Directory server as the authentication source, and Guest User Repository as the authorization source

C.

Guest User Repository as the authentication source, and Guest User Repository and Active Directory server as authorization sources

D.

Either the Guest User Repository or Active Directory server should be the single authentication source

E.

Guest User Repository as the authentication source and the Active Directory server as the authorization source

Full Access
Question # 17

Refer to the exhibit.

An AD user’s department attribute value is configured as “Product Management”. The user connects on Monday to a NAD that belongs to the Device Group HQ.

Which role is assigned to the user in ClearPass?

A.

HR Local

B.

[Guest]

C.

[Employee]

D.

Linux User

E.

Executive

Full Access