You art deploying Cleat Pass Policy Manager with Guest functionality for a customer with multiple Aruba Networks Mobility Controllers. The customer wants to avoid SSL errors during guest access but due to company security policy cannot use a wildcard certificate on ClearPass or the Controllers.

What is the most efficient way to configure the customer's guest solution? (Select two.)

Refer to the exhibit.

Your customer has configured the 802.1 X service enforcement conditions with the Endpoint profiling data. When the client connects to the network. ClearPass successfully profiles the client but the client always receives an incorrect enforcement profile The configurations in the Aruba controller are completed correctly What is the cause of the issue?

A customer has acquired another company that has its own Active Directory infrastructure. The 802 1X PEAP authentication works with the customer's original Active Directory servers but the customer would like to authenticate users from the acquired company as well.

What steps are required, in regards to the Authentication Sources, in order to support this request? (Select two.)

Refer to the exhibit.

What enforcement profile will be assigned to a client who has successfully completed the user and machine authentication with UNKNOWN posture token?

A customer would like to allow only the AD users with the "Manager" title from the "HO" location to Onboard their personal devices. Any other AD users should not be authorized to pass beyond the initial device provisioning page. Which Onboard service will you use to implement this requirement?

Refer to the exhibit.

The users connecting to a wireless SSIO "secure-HS-5007" were being processed by an incorrect 802.1 X service created for VIP access and the user gets deny access. The customer has sent you the screenshot to get your support to resolve the issue What changes will you suggest to fix it?