Deck 22: HPE Sales Certified - Aruba Products and Solutions

A) The guest account is created in an enabled state with the "Log In" button functional.
B) The guest account is created in disabled state, the "Log In" button will appear only after the sponsor approval process is completed.
C) The guest account is created in a disabled state with the "Log In" button grayed out.
D) The guest account is not yet created and remains in a disabled state. There is not "Log In" button yet displayed.

A) Profiling describes categorizing the user based on their department while Posturing validates the user as authenticated.
B) Profiling is the act of identifying the endpoint type while Posturing is assigning a status as to the health of the endpoint.
C) Posturing and Profiling are role assignments in ClearPass used internally to map to enforcement policies.
D) Both Posturing and Profiling describe the same thing; what is the health of the client endpoint?

A) "Known" endpoints have be fingerprinted to determine their operating system and manufacturer.
B) These are endpoints whose beacons have been detected but have never completed authentication.
C) The label "Known" indicates rogue endpoints labeled as "friendly" or "ignore".
D) "Known" endpoints can be authenticated based on MAC address to bypass the captive portal login.

A) It is used to ensure that Antivirus/Antispyware programs are running
B) It supports both Windows and Mac OS X clients
C) It is used to identify and remove any malware/viruses
D) It only supports 802.1X authentication

A) FTP over SSH
B) REST APIs over HTTPS
C) SOAP and XML
D) YAML

A) Client attempts will fail without an additional Authentication method applied.
B) All clients with unknown endpoints will be granted guest access regardless of authorization.
C) All clients with known endpoints will be granted guest access regardless of authorization.
D) This removes the reliance on the known or unknown status for MAC authentication.

A) Configure a Simple Mail Transport Protocol (SMTP) server in ClearPass Policy Manager administration.
B) Configure a Simple Mail Transport Protocol (SMTP) server in ClearPass Guest administration.
C) Configure a Short Message Service (SMS) Gateway in ClearPass Policy Manager administration.
D) Configure a Short Message Service (SMS) Gateway under ClearPass Guest configuration.
E) Configure the self-registration page for the guest to receive a Simple Mail Transport Protocol (SMTP) receipt.

A) the ClearPass server where Insight Master has been enabled the ClearPass server where Insight Master has been enabled
B) the local clock of the ClearPass server doing the authentication
C) the local time setting found on the authenticating client machine
D) the NTP (Network Time Protocol) source indicated in the Cluster settings

A) No service will be triggered
B) Service Three
C) Service Two
D) Service One

A) validates the connection details entered in the Connection Details
B) searches for the Base DN (Distinguished Name) based on what was typed in the field
C) sets the starting point in the directory tree for the Base DN (Distinguished Name) search
D) updates the Base DN (Distinguished Name) in Active Directory if no match is found
E) runs an Active Directory query that returns all results along with any matching the entered Base DN (Distinguished Name)

A) a wireless user connection would fail because of miss-configured service rules
B) a wireless user connected to any SSID named "CORP"
C) a wireless user connecting to any SSID on an Aruba Controller
D) a wireless user connecting to an Aruba IAP on the SSID "CORP"

A) When you want to match Active Directory attributes directly to an enforcement policy.
B) When you want to match Active Directory attributes to an Aruba firewall role on an Aruba Network Access Device.
C) When you want to translate and combine Active Directory attributes into ClearPass roles.
D) When you want to enable attributes as roles directly without combining multiple attributes.

A) The customer needs to add second guest service in the policy manager for the guest network.
B) The customer needs to add the AD server as an authentication source in a guest service.
C) Employees must be taken to a separate web login page on the guest network.
D) The customer needs to add the AD servers RADIUS certificate to the guest network.

A) configuring ClearPass as a DHCP relay for the client
B) DHCP profiling is enabled on ClearPass by default; configuration of the network access devices is not necessary
C) enabling the DHCP server to profile endpoints and forward meta-data to ClearPass
D) enabling DHCP relay on our network access devices so DHCP requests are forwarded to ClearPass

A) The redirect will time out and fail to resolve.
B) The captive portal page hosted on Aruba Central in the cloud.
C) The captive portal page hosted on the Aruba controller.
D) The captive portal page hosted on ClearPass.

A) A RADIUS reject is returned for the client.
B) A RADIUS Accept is returned with no Enforcement Profile applied.
C) A RADIUS Accept is returned, and the default Enforcement Profile is applied.
D) A RADIUS Accept is returned, and the default rule is applied to the device.

A) It is a mechanism that enables ClearPass to assigned a User-Based Tunnel (UBT) between a switch and controller for Dynamic Segmentation.
B) It allows clients to issue a privilege escalation request to ClearPass using RADIUS to switch to TACACS+.
C) It allows ClearPass to transmit messages to the Network Attached Device/Network Attached Server (NAD/NAS) to modify a user's session status.
D) It forces the client to re-authenticate upon roaming to an access point controlled by a foreign mobility controller.

A) ClearPass will validate the user credentials, then, for the duration of the cache, ClearPass will just fetch account attributes.
B) The Cache Timeout is designed to reduce the amount of traffic between ClearPass and the A/D server by caching the attributes.
C) ClearPass will validate the user credentials on the first attempt, then will always fetch the account attributes.
D) The Cache Timeout is designed to reduce the amount of traffic between ClearPass and the A/D server by caching the credentials.

A) When a client sends an authentication request to ClearPass, the profiler will also gather DHCP information.
B) Because DHCP fingerprinted is a Layer-3 function, it cannot be used with an 802.1X authentication service.
C) The client needs to connect to an open network first to be profiled, then shifted to the secure 802.1x network.
D) The client needs to be granted limited access before the enforcement policy can take into account the device type.

A) Guest access with MAC caching
B) Guest self-registration with sponsor approval
C) Enforcement based on endpoint profiling
D) ClearPass Onboard Portal

A) A posture change applied to an endpoint is going to be lost each time the client re-authenticates.
B) The service will make the enforcement decision based upon the updated Posture regardless of caching.
C) Posturing will no longer be evaluated in determining the enforcement policy for current or future sessions.
D) Cached posture results are no longer stored by ClearPass but instead are saved to the endpoint of the client.

A) Policy Manager Enforcement
B) MAC authentication with profiling
C) ClearPass Onboard
D) Guest with self-registration

A) Exchange Plugging agent
B) NAD ARP listening handler
C) 3rd part MDM
D) DNS fingerprinting
E) Cisco Device Sensor

A) Wild card certificates provide greater security than normal certificates.
B) Allows different certificates for each controller for increased security.
C) Guests no longer are required to validate certificates during captive portal.
D) Allows the single wild card certificate to be installed on all controllers in the environment.

A) Fully Qualified Domain Name (FQDN) of the AD Domain Controller.
B) ClearPass Policy Manager (CPPM) enterprise credentials.
C) Domain Administrator credentials with at least read access.
D) Cache Timeout value set to at least 10 hours.
E) Domain User credentials with read-write access.

A) Importing accounts from Active Directory once ClearPass is added with Admin credentials.
B) Assigning the default role "Lobby Ambassador to a receptionist to then add the accounts.
C) Using the "Import Accounts" under ClearPass Guest.
D) Using the "Create Account" or "Create Multiple" options under ClearPass Guest.
E) Using the "Sync Accounts" under ClearPass Guest.

A) Allow Full Access
B) Secure Corp BYOD Access
C) Allow Internet Only Access
D) Corp Secure Contractor

A) ClearPass Onboard Portal.
B) Guest access with Media Access Control (MAC) caching.
C) Enforcement based on endpoint profiling.
D) Guest self-registration with sponsor approval.

A) Local User Repository
B) OnGuard Repository
C) Endpoints Repository
D) Guest User Repository

A) The field is a non-system field
B) The field is currently enabled
C) The field has been customized
D) The field is required

A) Device Category
B) Device Family
C) Device Health
D) Device Type
E) Device Location

A) The guest authentication is provided better security than without using MAC caching.
B) The endpoint status of the client will be treated as "known" the first time the client associates to the network.
C) Which wireless SSID and wireless controller must be indicated when configuring the template.
D) The client will be required to re-enter their credentials even if still within the MAC-Auth Expiry term.

A) Enable Logging of Accounting Start-Stop packets. Enable Logging of Accounting Start-Stop packets.
B) Interim Accounting on the Network Access Device (NAD).
C) Make sure the Endpoint Profiling is configured.
D) Enable Active Sessions in ClearPass Guest

A) EAP-TLS
B) Guest self-registration
C) PEAP
D) MAC Authentication

A) This will allow conference employees to pre-load additional device information as guests arrive and register.
B) This strategy effectively stops employees from putting their own corporate devices on the guest network.
C) This will enable additional information to be gathered about guests during the conference.
D) This allows guest users to create and manage their own login account.
E) This will allow employee personal devices to be Onboarded to the corporate network.