A customer is setting up Guest access with ClearPass. They are considering using 802.1X for both the Employee network and the Guest network.
What are two issues the customer may encounter when deploying 802 1X with the Guest network? (Select two)
- A . the lack of encryption during the authentication process
- B . ClearPass win not be able to enforce individual Access Control policies.
- C . the high level of complexity for users to join the guest network
- D . Guests will not be able to be uniquely identified.
- E . difficult to maintain in an environment with a large number of transient guest users
What is an effect of the Cache Timeout setting on the authentication source settings for Active Directory?
- A . ClearPass will validate the user credentials, then, for the duration of the cache. ClearPass will just fetch account attributes.
- B . The Cache Timeout is designed to reduce the amount of traffic between ClearPass and the A/D server by caching the credentials
- C . The Cache Timeout is designed to reduce the amount of traffic between ClearPass and the A/D server by caching the attributes.
- D . ClearPass will validate the user credentials on the first attempt, then will always fetch the account attributes
Refer to the exhibit.
What is true regarding leaving the indicated option "Use cached Roles and Posture attributes from previous sessions" unchecked?
- A . The service will make the enforcement decision based upon the updated Posture regardless of caching
- B . A posture change applied to an endpoint is going to be lost each time the client re-authenticates
- C . Posturing win no longer be evaluated in determining the enforcement policy for current or future sessions.
- D . Cached posture results are no longer stored by ClearPass but instead are saved to the endpoint of the client.
Your boss suggests configuring a guest self-registration page in ClearPass for an upcoming conference event.
What are the benefits of using guest serf-registration’? (Select two)
- A . This strategy effectively stops employees from putting their own corporate devices on the guest network.
- B . This will enable additional information to be gathered about guests during the conference.
- C . This allows guest users to create and manage their own login account.
- D . This will allow employee personal devices to be Onboarded to the corporate network
- E . This will allow conference employees to pre-load additional device information as guests arrive and register
What is the significance of using the [Allow ALL MAC AUTH] as an Authentication Method for Guests?
- A . This removes the reliance on the known or unknown status for MAC authentication.
- B . All clients with unknown endpoints will be granted guest access regardless of authorization
- C . Client attempts will fail without an additional Authentication method applied.
- D . All clients with known endpoints will be granted guest access regardless of authorization.
Which statement is true about OnGuard? (Select two.)
- A . It is used to identify and remove any malware/viruses
- B . It is used to ensure that Antivirus/Antispyware programs are running
- C . It supports Doth Windows and Mac OS X clients
- D . It only supports 802 1X authentication
Refer to the exhibit.
What are two consequences of the Cache Timeout being set to 36000 seconds? (Select two.)
- A . A user changing departments may not see their Department attribute change in AD reflected while authenticating until the Cache Timeout period has ended
- B . Less traffic is required between ClearPass and the AD server when re-authenticating within a 10 hour period.
- C . The Cache Timeout is designed to reduce the amount of traffic between ClearPass and the AD server by caching user credentials for a 10 hour period
- D . ClearPass will cache all user and machine attributes from AD every 10 hours in anticipation of one of those users or machines attempting to authenticate
- E . On a failed authentication attempt. ClearPass will consider any subsequent attempts within 10 hours as total failed attempts before blacklisting the client.
When using Guest Authentication with MAC Caching service template, which statements are true? (Select two.)
- A . The guest authentication is provided better security than without using MAC caching
- B . The guest authentication is provided better security than without using MAC caching
- C . The endpoint status of the client will be treated as "known" the first time the client associates to the network
- D . Which wireless SSID and wireless controller must be indicated when configuring the template
- E . The client will be required to re-enter their credentials even if still within the MAC-Auth Expiry term
Which ClearPass feature assesses endpoint context and client device type?
- A . Profiling
- B . Posture
- C . Captive Portal
- D . Onboard
Refer to the exhibit.
A client is attempting to authenticate using their Windows account with a bad password if the Remote Lab AD server is down for maintenance, what win be the expected result?
- A . ClearPass receive a timeout attempt when trying the Remote Lao AD server first No further processing will occur until the Remote Lab AD server is marked as "Down" by the Administrator
- B . ClearPass try either server Backup 1 or Backup 2 depending on which has responded the fastest in prior attempts to authenticate ClearPass win then receive a result of Active Directory Authentication failed No further processing will occur
- C . ClearPass receives a timeout attempt when trying the Remote Lab AD server first. It will then try the server Backup 1 and Backup 2: both will send a result authentication failed
- D . ClearPass receives a timeout attempt when trying the Remote Lab AD server first It will then try the server Backup 1 and receive a result of Active Directory Authentication failed No further processing will occur
A customer with 985 employees would like to authenticate employees using a captive portal guest web login page Employees should use their AD credentials to login on this page
Which statement is true?
- A . The customer needs to add second guest service in the policy manager for the guest network.
- B . The customer needs to add the AD server as an authentication source in a guest service
- C . Employees must be taken to a separate web login page on the guest network
- D . The customer needs to add the AD servers RADIUS certificate to the guest network.
Which two are required to add a Network Access Device (NAD) into ClearPass? (Select two.)
- A . ClearPass Admin login credentials
- B . SSH password
- C . Shared Secret
- D . HTTPS certificate
- E . NAD IP address
DRAG DROP
Match the ClearPass system description to the best term Options are used only once.
Refer to the diagram.
When creating a new ClearPass Service, the [Time Source] has been added as an authorization source.
What time source is ClearPass referencing?
- A . the ClearPass server where insight Master has been enabled
- B . the local time setting found on the authenticating client machine
- C . the NTP (Network Time Protocol) source indicated in the Cluster settings
- D . the local clock of the ClearPass server doing the authentication
DRAG DROP
Select all that apply
Match the security description to the term that best fits. Options are used only once.
