What is an effect of the Cache Timeout setting on the authentication source settings for Active Directory?
AClearPass will validate the user credentials, then, for the duration of the cache, ClearPass will just fetch account attributes.
BThe Cache Timeout is designed to reduce the amount of traffic between ClearPass and the A/D server by caching the attributes.
CClearPass will validate the user credentials on the first attempt, then will always fetch the account attributes.
DThe Cache Timeout is designed to reduce the amount of traffic between ClearPass and the A/D server by caching the credentials.
What is true regarding Posturing and Profiling?
AProfiling describes categorizing the user based on their department while Posturing validates the user as authenticated.
BProfiling is the act of identifying the endpoint type while Posturing is assigning a status as to the health of the endpoint.
CPosturing and Profiling are role assignments in ClearPass used internally to map to enforcement policies.
DBoth Posturing and Profiling describe the same thing; what is the health of the client endpoint?
DRAG DROP -
Match the ClearPass system description to the best term. Options are used only once.
Select and Place:
ClearPass receives fingerprinting profile data for a client device that is based on MAC OUI, NMAP, DHCP, and OnGuard.
Which fingerprint or fingerprints are used?
ANMAP because it is actively obtained
BThe last fingerprint gathered
COnGuard because it is application based
DAll fingerprints are applied
Question 6
Guest
0
Question 7
Endpoint Analysis and Posture
Question 8
Guest
Question 9
Guest
Question 10
Endpoint Analysis and Posture
Question 11
Overview and Active Directory
Question 12
Overview and Active Directory
Question 13
Guest
Question 14
Endpoint Analysis and Posture
Question 15
Endpoint Analysis and Posture
Question 16
Endpoint Analysis and Posture
Question 17
Endpoint Analysis and Posture
Question 18
Guest
Question 19
Overview and Active Directory
Question 20
Guest
Question 21
Overview and Active Directory
Question 22
Guest
Question 23
Guest
Question 24
Guest
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Refer to the exhibit.
Where will the guests browser be redirected during a captive portal login attempt?
AThe redirect will time out and fail to resolve.
BThe captive portal page hosted on Aruba Central in the cloud.
CThe captive portal page hosted on the Aruba controller.
DThe captive portal page hosted on ClearPass.
DRAG DROP -
Match the correct Profiling Collector with the Collector Type. Collector Types may be used more than once.
Select and Place:
Sponsorship has been enabled on the guest network. A guest user connects and completes the self-registration form indicating a valid sponsor. The guest then clicks submit.
What is the current state of the guest account?
AThe guest account is created in an enabled state with the "Log In" button functional.
BThe guest account is created in disabled state, the "Log In" button will appear only after the sponsor approval process is completed.
CThe guest account is created in a disabled state with the "Log In" button grayed out.
DThe guest account is not yet created and remains in a disabled state. There is not "Log In" button yet displayed.
What is the purpose of service rules in ClearPass?
Aselects the Enforcement Profiles used in a service
Bselects the Service to process a request
Cselects the Authentication Source for the client
Dselects the Posture Policy used with OnGuard
What is a good collector type used for ClearPass to discover devices with static IP addresses?
ADHCP Collectors
BClearPass Air Monitors
CActive Collectors
DNetwork Functions
When should a role mapping policy be used in an 802.1x service with Active Directory as the authentication source?
AWhen you want to match Active Directory attributes directly to an enforcement policy.
BWhen you want to match Active Directory attributes to an Aruba firewall role on an Aruba Network Access Device.
CWhen you want to translate and combine Active Directory attributes into ClearPass roles.
DWhen you want to enable attributes as roles directly without combining multiple attributes.
Refer to the exhibit.
What are two consequences of the Cache Timeout being set to 36000 seconds? (Choose two.)
AClearPass will cache all user and machine attributes from AD every 10 hours in anticipation of one of those users or machines attempting to authenticate.
BLess traffic is required between ClearPass and the AD server when re-authenticating within a 10 hour period.
CThe Cache Timeout is designed to reduce the amount of traffic between ClearPass and the AD server by caching user credentials for a 10 hour period.
DA user changing departments may not see their Department attribute change in AD reflected while authenticating until the Cache Timeout period has ended.
EOn a failed authentication attempt, ClearPass will consider any subsequent attempts within 10 hours as total failed attempts before blacklisting the client.
Refer to the exhibit.
When creating a new ClearPass Service, the [Time Source] has been added as an authorization source.
What time source is ClearPass referencing?
Athe ClearPass server where Insight Master has been enabled
Bthe local clock of the ClearPass server doing the authentication
Cthe local time setting found on the authenticating client machine
Dthe NTP (Network Time Protocol) source indicated in the Cluster settings
Which option supports DHCP profiling for devices in a network?
ADHCP profiling is enabled on ClearPass by default; configuration of DHCP relay on the Network Access Device (NAD) is not required.
BConfiguring DHCP relay on ClearPass in order to allow the client to receive DHCP after being profiled.
CEnabling the DHCP server to profile endpoints and forward the meta-data to ClearPass.
DEnabling DHCP relay on Network Access Devices (NADs) to forward DHCP requests to ClearPass.
Which Authorization Source supports device profile enforcement?
ALocal User Repository
BOnGuard Repository
CEndpoints Repository
DGuest User Repository
Which items can be obtained from device profiling? (Choose three.)
ADevice Category
BDevice Family
CDevice Health
DDevice Type
EDevice Location
Which is true regarding the Cisco Device Sensor feature in ClearPass? (Choose two.)
AForwards DHCP and HTTP user-agent info to ClearPass using Control and Datagram Transport Layer Security (DTLS) encapsulation.
BRequires the purchase of a supported Cisco Access Point licensed as an Aruba Monitor Mode AP, to then act as the sensor.
CForwards DHCP and HTTP user-agent info to ClearPass using RADIUS accounting packets.
DGathers raw endpoint data from Cisco Discovery Protocol (CDP) and Link Layer Discovery Protocol (LLDP).
ERequires a Cisco Smart Net license to be installed on the Network Access Device (NAD) utilizing the feature.
When using Guest Authentication with MAC Caching service template, which statements are true? (Choose two.)
AThe guest authentication is provided better security than without using MAC caching.
BThe endpoint status of the client will be treated as "known" the first time the client associates to the network.
CWhich wireless SSID and wireless controller must be indicated when configuring the template.
DThe client will be required to re-enter their credentials even if still within the MAC-Auth Expiry term.
What are benefits of using Network Device Groups in ClearPass? (Choose two.)
ANetwork Access Devices (NADs) only require Aruba factory installed certificates to join a Network Device Group.
BAllows Service selection rules to match based upon which Network Device Group the Network Access Device (NAD) belongs to.
CA Network Access Device is must be discovered by ClearPass prior to be added to a Network Device Group.
DAnother way to add a customizable "attribute" field to reference when processing authentication requests.
ECan apply to both Network Access Devices (NADs) as well as client machines as a way to filter authentication requests.
Aruba self-registration with sponsorship is a solution best applied to which type of network?
Aa large corporate environment with hundreds of contractors requiring wireless access to printers and internet but no other guest access is allowed
Ba chain of auto part stores where employees are assigned mobile devices using a Mobile Device Manager (MDM) and public wireless is available for customers
Ca hotel where hundreds of guests are checked in and out of the building daily that may want access to wireless internet
Da chain of coffee shops using in a public downtown area with a high amount of guest turnover needing access to public wireless
When joining ClearPass to an Active Directory (AD) domain, what information is required? (Choose two.)
AFully Qualified Domain Name (FQDN) of the AD Domain Controller.
CDomain Administrator credentials with at least read access.
DCache Timeout value set to at least 10 hours.
EDomain User credentials with read-write access.
Refer to the exhibit.
What does a bold field indicate?
AThe field is a non-system field
BThe field is currently enabled
CThe field has been customized
DThe field is required
An organization with 347 employees wants to have the guest create their own accounts for access to the public WLAN, and when guests reconnect, they do not want the guest to have to log in again.
Which ClearPass features can be used to meet these requirements?
AGuest access with MAC caching
BGuest self-registration with sponsor approval
CEnforcement based on endpoint profiling
DClearPass Onboard Portal
An organization wants guests to be able to create their own guest accounts for access to the public WLAN. Guests do not want to have to repeatedly log in multiple times through the day.
Which ClearPass feature can meet these requirements?
AClearPass Onboard Portal.
BGuest access with Media Access Control (MAC) caching.
