Refer to the exhibit.
Based on the Enforcement Policy configuration shown, when a user with Role Engineer connects to the network and the posture token assigned is Unknown, which Enforcement Profile will be applied?
A . EMPLOYEE_VLAN
B . RestrictedACL
C . Deny Access Profile
D . HR VLAN
E . Remote Employee ACL
Answer: C
Refer to the exhibit.
An administrator logs in to the Guest module in ClearPass and ‘Manage Accounts’ displays as shown.
When a user with username [email protected] attempts to access the Web Login page, what will be the outcome?
A . The user will be able to log in and authenticate successfully but will then be immediate disconnected.
B . The user will be able to log in for the next 4.9. days, but then will no longer be able to log in.
C . The user will not be able to log in and authenticate.
D . The user will be able to log in and authenticate successfully, but will then get a quarantine role.
E . The user will not be able to access the Web Login page.
Answer: C
What must be configured to enable RADIUS authentication with ClearPass on a network access device (NAD)? (Select two.)
A . the ClearPass server must have the network device added as a valid NAD
B . the ClearPass server certificate must be installed on the NAD
C . a matching shared secret must be configured on both the ClearPass server and NAD
D . an NTP server needs to be set up on the NAD
E . a bind username and bind password must be provided
Answer: A,C
ClearPass and a wired switch are configured for 802.1x authentication with RADIUS CoA (RFC 3576) on UDP port 3799. This port has been blocked by a firewall between the wired switch and ClearPass.
What will be the outcome of this state?
A . RADIUS Authentications will fail because the wired switch will not be able to reach the ClearPass server.
B . During RADIUS Authentication, certificate exchange between the wired switch and ClearPass will fail.
C . RADIUS Authentications will timeout because the wired switch will not be able to reach the ClearPass server.
D . RADIUS Authentication will succeed, but Post-Authentication Disconnect-Requests from ClearPass to the wired switch will not be delivered.
E . RADIUS Authentication will succeed, but RADIUS Access-Accept messages from ClearPass to the wired switch for Change of Role will not be delivered.
Answer: D
A customer wants to implement Virtual IP redundancy, such that in case of a ClearPass server outage, 802.1x authentications will not be interrupted. The administrator has enabled a single Virtual IP address on two ClearPass servers.
Which statements accurately describe next steps? (Select two.)
A . The NAD should be configured with the primary node IP address for RADIUS authentication on the 802.1x network.
B . A new Virtual IP address should be created for each NA
D . Both the primary and secondary nodes will respond to authentication requests sent to the Virtual IP address when the primary node is active.
E . The primary node will respond to authentication requests sent to the Virtual IP address when the primary node is active.
F . The NAD should be configured with the Virtual IP address for RADIUS authentications on the 802.1x network.
Answer: D,E
Explanation:
In an Aruba network, APs are controlled by a controller. The APs tunnel all data to the controller for processing, including encryption/decryption and bridging/forwarding data. Local controller redundancy provides APs with failover to a backup controller if a controller becomes unavailable. Local controller redundancy is provided by running VRRP between a pair of controllers. The APs are then configured to connect to the “virtual-IP” configured for the VRRP instance.
References: http://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Content/ArubaFrameSty les/VRRP/Redundancy_Parameters.htm
Refer to the exhibit.
Based on the guest Self-Registration with Sponsor Approval workflow shown, at which stage does the sponsor approve the user’s request?
A . After the RADIUS Access-Request
B . After the NAS login, but before the RADIUS Access-Request
C . Before the user can submit the registration form
D . After the RADIUS Access-Response
E . After the receipt page is displayed, before the NAS login
Answer: E
Refer to the exhibit.
The ClearPass Event Viewer displays an error when a user authenticates with EAP-TLS to ClearPass through an Aruba Controller Wireless Network.
What is the cause of this error?
A . The controller’s shared secret used during the certificate exchange is incorrect.
B . The NAS source interface IP is incorrect.
C . The client sent an incorrect shared secret for the 802.1X authentication.
D . The controller used an incorrect shared secret for the RADIUS authentication.
E . The client’s shared secret used during the certificate exchange is incorrect.
Answer: D
A customer would like to deploy ClearPass with these requirements:
✑ between 2000 to 3000 corporate users need to authenticate daily using EAP-TLS
✑ should allow for up to 1000 employee devices to be Onboarded
✑ should allow up to 100 guest users each day to authenticate using the web login feature
What is the license mix that customer will need to purchase?
A . CP-HW-2k, 1000 Onboard, 100 Guest
B . CP-HW-500, 1000 Onboard, 100 Guest
C . CP-HW-5k, 2500 Enterprise
D . CP-HW-5k, 1000 Enterprise
E . CP-HW-5k, 100 Onboard, 100 Guest
Answer: C
What does Authorization allow users to do in a Policy Service?
A . To use attributes in databases in role mapping and Enforcement.
B . To use attributes stored in databases in Enforcement only, but not role mapping.
C . To use attributes stored in external databases for Enforcement, but not internal databases.
D . To use attributes stored in databases in role mapping only, but not Enforcement.
E . To use attributes sored in internal databases for Enforcement, but not external databases.
Answer: A
Refer to the exhibit.
Which types of records will the report shown display?
A . all RADIUS authentications from the 10.8.10.100 NAD to ClearPass
B . all failed RADIUS authentications through ClearPass
C . only Windows devices that have authenticated through the 10.8.10.100 NAD
D . all successful RADIUS authentications through ClearPass
E . all successful RADIUS authentications from the 10.8.10.100 NAD to ClearPass
Answer: A