A customer it troubleshooting a client not getting the SHV posture updated and the OnGuard agent shows the Health Status Not Known. What could the user do to update the health status?
A.
connect using an interface that is configured as Managed Interface
B.
reinstall the OnGuard agent from the Wired interface
C.
change the Policy Manager Zone mapping and add the WIRED interface range
D.
modify the agent.conf file and add the WIRED interface to it
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 2
A corporate Clear Pass Cluster with two servers located at a single site, has both Management and Data port IP addresses configured. The Management port IPs art in the DataCenter networks subnet, while the Data port IPs are in the DMZ. What is the difference between using one Virtual IP for the AAA traffic versus sending AAA requests to the physical IPs for each server' (Select two.)
A.
Using the one Virtual IP can provide failover.
B.
One Virtual IP can be used together with the individual server IPs for load balancing.
C.
By using the Virtual IP, the failover wait time is faster than using individual server IPs.
D.
The failover can be accomplished only by using Virtual IP
E.
The Individual IPs can provide failover and load balancing.
Answer:
AC
User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
0/ 1000
Question 3
Which statements art true about Aruba down loadable user roles? (select three)
A.
Administering downloadable user roles can be difficult for a large enterprise.
B.
Can be applied only on ports or WLAN users authenticated by ClearPass.
C.
Can use these result for other authentication methods not involving ClearPass.
D.
Aruba downloadable user role are universally available across the environment.
E.
Aruba downloadable user role is a built in enforcement template in ClearPass.
F.
Downloadable role names must be defined in Aruba switch or controller.
Answer:
BCF
User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
F
50%
Discussions
0/ 1000
Question 4
A customer has created a Guest Self-Registration page that they would like to use it as 'template' for all the new pages that are going to be created from now on. Their goal is to ensure that the header and footer on every page are the same, and any edits made to them are automatically reflected on every Self-Registration Page. What should be configured in order to accomplish this request?
A.
Save the "template" page as Master Self'Registration page.
B.
Copy the "template" page and edit it each time a new Self-Registration Page is needed.
C.
Create child pages when creating new Self-Registration pages and select the "template" as Parent.
D.
Save this "template" page as a new Skin to be used on other Self-Registration pages.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 5
Where is the following information stored in Clear Pass? - Roles and Posture for Connected Clients - System Health for OnGuard - Machine authentication State - CoA session info - Mapping of connected clients to NAS/NAD
A.
ClearPass system cache
B.
Multi-Master cache
C.
Insight database
D.
Endpoint database
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 6
A customer is planning to implement machine and user authentication on infrastructure with one Aruba Controller and a single ClearPass Server. What should the customer consider while designing this solution? (Select three.)
A.
The customer does not need to worry about Multi-Master Catht Survivability because the Controller will also cache the machine state.
B.
The Windows User must log off. restart or disconnect their machine to initiate a machine authentication before the cache expires.
C.
The machine authentication status rs written in the Multi-master cache on the ClearPass Server for 24 hrs
D.
The Customer should enable Multi-Master Cache Survivability as the Aruba Controller will not cache the machine state.
E.
Machine Authentication only uses EAP TLS. as such a PKI infrastructure should be in place for machine authentication.
F.
Onboard must be used to install the Certificates on the personal devices to do the user and machine authentication
Answer:
BCF
User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
F
50%
Discussions
0/ 1000
Question 7
When building an SNMP-based enforcement profile what option can you assign to the user as actions? (Select three).
A.
Set a session timeout for the client
B.
Enforce Firewall policies
C.
Send captive portal web re-direct URL
D.
ClearPass Downloadable Role
E.
Reset the connection after the settings has been pushed
Answer:
ABD
User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
0/ 1000
Question 8
Your customer has read about a feature in OnGuard for OnGuard Persistent Agent and Agentless OnGuard that can display a new Posture Results web page to notify that and users with posture results for unhealthy clients after the health check is done. Where do you configure this option?
A.
Policy Manager > Configuration > Enforcement > Profiles > Add a new profiles with Agent Enforcement as the template, and on the Attributes tab add the new Show Posture Results in Guest Page attribute and set the value for the attribute to true.
B.
Policy Manager > Configuration > Enforcement > Profiles > Add new profile with Aruba Radius Enforcement as the template, and on the Attributes tab add the Aruba-User-Role configured with the captive portal profile mapped with default Posture Check web page URL.
C.
Policy Manager > Configuration > Services > Edit the Web-base Health Check Only service, and on the posture tab under Remediation URL add the default Quarantined Blocked web page URL and complete the service configuration by hitting save.
D.
Policy Manager > Configuration > Services > Edit the Web-base Health Check Only service, and on the posture tab enable the checkbox for the new option Show Posture Results in Guest Page and complete the service configuration by hitting save.
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 9
What is the Secure SSIO (otherwise referred to as Single SSID) OnBoard deployment service workflow?
A.
Onboard Provisioning RADIUS service, Onboard Authorization Application service, Onboard Pre- Auth Application service. Onboard Provisioning RADIUS service Onboard B. Provisioning RADIUS service,
B.
Onboard Authorization RADIUS service. Onboard Pre-Auth Application service. Onboard Provisioning RADIUS service Onboard C. C. Provisioning RADIUS service. Onboard Prt-Auth Application service.
C.
Onboard Authorization Application service. Onboard Provisioning RADIUS service Onboard
What configuration steps should you follow to add terms and conditions page on Guest seIf- registration for CPPM? (Select two).
A.
Edit the creetoraccepiterms form field in register page and change HTML section by pointing the hyperlink to the HTML file uploaded
B.
Edit the accept_terms form field in receipt page and change HTML section by pointing the hyper link to the HTML file uploaded m Guest Manager
C.
Create an HTML page with custom terms and condition and upload it to public files under Clearpass Guest -> configuration -> content manager
D.
Edit the creatoracceprterms form field in receipt page and change HTML section by pointing the hyperlink to the HTML file uploaded
E.
Create an HTML page with custom terms and condition and upload it to private files under Clearpass Guest -> configuration -> content manager
Answer:
CD
User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
0/ 1000
Question 11
Refer to the exhibit.
A customer has configured Onboard in his lab ClearPass server and Windows devices work as expected but cannot get the Apple iOS devices to Onboard successfully Where would you look to troubleshoot the issue? {Select two)
A.
Check if the customer installed the internal PKI Root certificate presented by the ClearPass during the provisioning process.
B.
Check if the customer has installed the same internal PKI signed RADIUS server certificate as the HTTPS server certificate.
C.
Check if the customer has installed a custom HTTPS certificate for iOS and another internal PKI HTTPS certificate for other devices.
D.
Check if a DNS entry is available for the ClearPass hostname in the certificate, resolvable from the DNS server assigned to the client.
E.
Check if the ClearPass HTTPS server certificate installed in the server is issued by a trusted commercial certificate authority.
Answer:
DE
User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
0/ 1000
Question 12
You have configured a Guest SSIO with Captive-portaI Web Authentication and MAC authentication. The MAC caching expiry time set to 12 hours and the Guest Account expiration time is set to 8 hours. What will happen if the guest were to disconnect from the SSID and re-connect 9 hours later?
A.
The client will successfully pass the MAC authentication but still be redirected to captive portal page.
B.
The client will fail the MAC authentication and be denied access to the Guest SSIO.
C.
The client will successfully pass the mac authentication until the mac caching time expires.
D.
The client will fail to get the MAC Caching role and will be redirected to the captive portal login page
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 13
Refer to the exhibit.
You have set up a home lab for ACCX exam preparation with Aruba Clear Pass integrated with Aruba Controller and Instant Access Point Guest Mac Caching functionality is configured only for Aruba Controller's guest SSID and a common Web Login page is configured for both NAD devices You tested and verified the mac caching functionality for a client by connecting it to the Aruba Controller's guest SSID. What will happen when you disconnect the client from Aruba Controller's guest SSID and connect it to Instant APs guest SSID?
A.
The client will bypass the captive portal authentication by completing the MAC authentication.
B.
The client will fail the mac authentication and will be redirected to the captive portal page.
C.
The client does not have to complete any authentication as the re-connection was immediate.
D.
The client will be redirected to the captive portal page to complete the web authentication.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 14
Refer to the exhibit.
Your customer has configured the 802.1 X service enforcement conditions with the Endpoint profiling dat a. When the client connects to the network. ClearPass successfully profiles the client but the client always receives an incorrect enforcement profile The configurations in the Aruba controller are completed correctly What is the cause of the issue?
A.
An additional authorization source should be configured for profiling to work.
B.
The enforcement policy rules evaluation algorithm is not configured correctly.
C.
The option, use cached roles and posture from previous sessions should be enabled.
D.
The enforcement policy conditions configured with profiling data are not correct
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 15
Refer to the exhibit.
A customer has just configured a Posture Policy and the T 2 -Health check Service. Next they installed the OnGuard Agent on a test client connected to the Secure_Employee SSID. When they check Access Tracker they see many WEBAUTH requests are being triggered What could be the reason'
A.
The OnGuard Agent trigger the events based on changing the Health Status.
B.
The OnGuard Agent is connecting to the Data Port interface on ClearPass.
C.
TCP port 6658 is not allowed between the client and the ClearPass server.
D.
OnGuard Web-Based Health Check interval has been configured to three minutes.