Weekend Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

You art deploying Cleat Pass Policy Manager with Guest functionality for a customer with multiple Aruba Networks Mobility Controllers. The customer wants to avoid SSL errors during guest access but due to company security policy cannot use a wildcard certificate on ClearPass or the Controllers.

What is the most efficient way to configure the customer's guest solution? (Select two.)

A.

Install the same public certificate on all Controllers with the common name "controller.{company domain)

B.

Build multiple Web Login pages with vendor settings configured for each controller

C.

Build one Web Login page with vendor settings for captiveportal-controller (company domain)

D.

Build one Web Login page with vendor settings for controller (company domain)

E.

Install multiple public certificates with a different Common Name on each controller

Full Access
Question # 5

Refer to the exhibit.

Your customer has configured the 802.1 X service enforcement conditions with the Endpoint profiling data. When the client connects to the network. ClearPass successfully profiles the client but the client always receives an incorrect enforcement profile The configurations in the Aruba controller are completed correctly What is the cause of the issue?

A.

An additional authorization source should be configured for profiling to work.

B.

The enforcement policy rules evaluation algorithm is not configured correctly.

C.

The option, use cached roles and posture from previous sessions should be enabled.

D.

The enforcement policy conditions configured with profiling data are not correct

Full Access
Question # 6

A customer has acquired another company that has its own Active Directory infrastructure. The 802 1X PEAP authentication works with the customer's original Active Directory servers but the customer would like to authenticate users from the acquired company as well.

What steps are required, in regards to the Authentication Sources, in order to support this request? (Select two.)

A.

Create a new Authentication Source, type Active Directory.

B.

Create a new Authentication Source, type Generic LDAP.

C.

Add the new AD server(s) as backup into the existing Authentication Source.

D.

There is no need to join ClearPass to the new AD domain.

E.

Join the ClearPass server(s) to the new AD domain.

Full Access
Question # 7

Refer to the exhibit.

What enforcement profile will be assigned to a client who has successfully completed the user and machine authentication with UNKNOWN posture token?

A.

Redirect to Aruba OnBoard Portal

B.

Redirect to Aruba Quarantine Profile

C.

Redirect to Aruba Dissolvable_page Profile

D.

Deny Access Profile

Full Access
Question # 8

A customer would like to allow only the AD users with the "Manager" title from the "HO" location to Onboard their personal devices. Any other AD users should not be authorized to pass beyond the initial device provisioning page. Which Onboard service will you use to implement this requirement?

A.

Onboard Authorization service

B.

Onboard Pre-Auth service

C.

Onboard Provisioning service

D.

Onboard CP login service

Full Access
Question # 9

Refer to the exhibit.

The users connecting to a wireless SSIO "secure-HS-5007" were being processed by an incorrect 802.1 X service created for VIP access and the user gets deny access. The customer has sent you the screenshot to get your support to resolve the issue What changes will you suggest to fix it?

A.

To the HS_Building 802.1 X service, add another service rule condition with VIP access Aruba-Essid-Name and leave it in same position

B.

In the HS_Building 802.1X service, remove the service rule condition with Aruba controller location name and leave it in same position

C.

Delete the HSBuilding 802 IX service, odd VIP access Aruba-Essid-Name as fourth condition to WSBuilding Aruba 802 1X service

D.

In the HSBuilding 802. IXservice. change the Authentication method for AMCAuth for VIP access and leave it in same position

Full Access