Which statements describe subnet scans for static IP device discovery? (Choose two.) A . To run an On-Demand Subnet Scan, you must first configure a subnet scan in the profile settings. B . The On-Demand option provides the ability to trigger a one-time scan in specified network subnets. C . The On-Demand option provides the ability to scan and profile devices only with static I E . Only SNMP can be used for subnet scans for subnets configured for DHC G . Subnet scans can be scheduled to execute a scan every 24 hrs for configured subnets.
when a role mapping policy should be used in an 802.1x service with Active Directory as the authentication source? A . When you want to send roles from the AD user to enforcement policies directly from AD attributes. B . When you want to send Aruba firewall roles back to the Aruba Network Access Drive. C . When you want to translate and combine AD attributes into ClearPass roles. D . When you want to enable attributes as roles directly without combining multiple attributes
Your boss suggests that you configure a guest self-registration page in ClearPass for the Conference Events SSID.
Which advantages will this give? (Choose two.) A . It will allow guest users to create a login account for the web login page. B . It will stop employees from putting their corporate devices on the event network. C . It will allow employees to get their own devices securely connected to the network. D . It will allow the Conference center to collect extra information about the guest. E . It can be pre-located with guest information from the conference registration.
Which user authentication request will match the service rules of the Policy Service shown? A . a wireless user connecting to an Aruba IAP on the SSID “CORP” B . a wireless user connection would fail because of miss-configured service rules. C . a wireless user connecting to any SSID on an Aruba Controller D . a wireless user connected to any SSID named “CORP”
What is the function of the primary and backup servers when configuring an authentication source in ClearPass? A . The primary server and backup servers can be configured for round-robin. B . The primary server can be from one Active Directory domain; the backup server can be from another. C . The primary server is always authenticated first, then the backup is used if authentication fails. D . The primary server is always authenticated first, then the backup is used if that times out.
Which most accurately describes the “Select All Matches” rule evaluation algorithm in Enforcement Policies? A . All rules are checked for any matching rules and their respective Enforcement profiles are applied. B . All rules is checked, and if there is no match, no Enforcement profile is applied. C . Each rule is checked, and once a match if found, the Enforcement profile assigned to that rule is applied, along with the default Enforcement profile. D . Each rule is checked, and once a match is found, the Enforcement profile assigned to that rule is applied and the rule matching stops.
Which actions are necessary to set up a ClearPass guest captive portal web login page to execute with no errors? (Choose three.) A . Configure the vendor settings in the Network Access Device to match the web login page. B . Install a public issued HTTPS certificate in ClearPass Policy Manager. C . Install a public issued HTTPS certificate in the Network Access Device. D . Configure the vendor settings in the Web Login Page to match the Network Access Device. E . Install an enterprise issued HTTPS certificate in the Network Access Device. F . Configure the external web-auth URL on the Network Access Device for HTT
Select three elements that are part of the authorization process. (Choose three.) A . Send a RADIUS accept to the Access device. B . Verify client credentials against your account. C . Determine posture status. D . Validate the user account attributes. E . Filter by endpoint device type.