Aruba Certified ClearPass Professional (ACCP) V6.7 v1.0
Question 1
Which checks are made with Onguard posture evaluation in ClearPass? (Choose three.)
- A. Operating System version
- B. Peer-to-peer application checks
- C. EAP TLS certificate validity
- D. Client role check
- E. Registry keys
Answer : ABE
Question 2
Refer to the exhibit.
Based on the information, what is the purpose of using [Time Source] for authorization?
- A. to check how long it has been since the last login authentication
- B. to check whether the guest account expired
- C. to check whether the MAC address is in the MAC Caching repository
- D. to check whether the MAC address status is known in the endpoints table
- E. to check whether the MAC address status is unknown in the endpoints table
Answer : D
Question 3
Refer to the exhibit.
Which statements accurately describe the status of the Onboarded devices in the configuration for the network settings shown? (Choose two.)
- A. They will use WPA2-PSK with AES when connecting to the SSID.
- B. They will to Employee_Secure SSID for provisioning their devices.
- C. They will to Employee_Secure SSID after provisioning.
- D. They will perform 802.1 authentication when connecting to the SSID.
- E. They will connect to secure_emp SSID after provisioning.
Answer : DE
Question 4
A customer wants to implement Virtual IP redundancy, such that in case of a ClearPass server outage. 802.1x authentications will not be interrupted. The administrator has enabled a single Virtual IP address on two ClearPass servers.
Which statement is true? (Choose two.)
- A. Both the primary and secondary nodes will respond to authentication requests sent to the Virtual IP address when the primary node is active.
- B. The primary node will respond to authentication requests sent to the Virtual IP address when the primary node is active.
- C. The NAD should be configured with the primary node IP address for RADIUS authentications on the 802.1x network.
- D. A new Virtual IP address should be created for each NAD.
- E. The NAD should be configured with the virtual IP address for RADIUS authentications on the 802.1x network.
Answer : BE
Question 5
An SNMP probe is sent from ClearPass to a network access device but ClearPass is unable to get profiling information.
What could be a valid cause? (Choose three.)
- A. Mismatching SNMP community string in the ClearPass and NAD configuration.
- B. Only SNMP read has been configured but SNMP write is needed for profiling information.
- C. SNMP is not enabled on the NAD.
- D. An external firewall is blocking SNMP traffic.
- E. SNMP probing is not supported between ClearPass and NADs.
Answer : ACD
Question 6
Refer to the exhibit.
An AD user"™s department attribute value is configured as "QA". The user authenticates from a laptop running MAC OS X.
Which role is assigned to the user in ClearPass?
- A. HR Local
- B. Remote Employee
- C. [Guest]
- D. iOS Device
- E. Executive
Answer : C
Question 7
What can ClearPass use to assign roles to the client during policy service processing? (Choose two.)
- A. Through a role mapping policy.
- B. From the attributes configures in a Network Access Device.
- C. From the server derivation rule in the Aruba Controller server group for the client.
- D. From the attributes configured in Active Directory.
- E. Roles can be derived from the Aruba Network Access Device.
Answer : AD
Question 8
Refer on the exhibit.
Based on the configuration for "˜maximum devices"™ shown, which statement accurately describes its settings?
- A. It limits the number of devices that a single user can connect to the network.
- B. It limits the number of devices that a single user can Onboard.
- C. It limits the total number of Onboarded devices connected to the network.
- D. It limits the total number of devices that can be provisioned by ClearPass.
- E. With this setting, the user cannot Onboard any devices.
Answer : B
Question 9
An Android device goes through the single-SSID Onboarding process and successfully connects using EAP-TLS to the secure network.
What is the order in which services are triggered?
- A. Onboard Provisioning, Onboard Authorization, Onboard Pre-Auth
- B. Onboard Authorization, Onboard Provisioning, Onboard Authorization
- C. Onboard Provisioning, Onboard Pre-Auth, Onboard Authorization
- D. Onboard Provisioning, Onboard Authorization, Onboard Provisioning
- E. Onboard Provisioning, Onboard Pre-Auth, Onboard Authorization, Onboard Provisioning
Answer : D
Question 10
What does the Posture Token QUARANTINE imply?
- A. The client is compliant. However, there is an update available to remediate the client to HEALTHY state.
- B. The posture of the client is unknown.
- C. The client is infected and is a threat to other systems in the network.
- D. The client is out of compliance, but has HEALTHY state.
- E. The client is out of compliance.
Answer : E
Question 11
Which step is required to use ClearPass as a TACACS+ Authentication server for a network device? (Choose two.)
- A. Configure a TACACS Enforcement Profile on ClearPass for the desired privilege level.
- B. Enable RADIUS accounting on the NAD.
- C. Configure ClearPass roles on the network device.
- D. Configure ClearPass as an Authentication server on the network device.
- E. Configure a RADIUS Enforcement Profile on ClearPass for the desired privilege level.
Answer : AD
Question 12
What must be configured to enable RADIUS authentication with ClearPass on a network access device (NAD)? (Choose two.)
- A. The ClearPass server must have the network device added as a valid NAD.
- B. The ClearPass server certificate must be installed on the NAD.
- C. A matching shared secret must be configured on both the ClearPass server and NAD.
- D. An NTP server needs to be set on the NAD.
- E. A bind username and bind password must be provided.
Answer : AC
Question 13
Refer to the exhibit.
What is the purpose of the "˜Clock Skew Allowance"™ setting? (Choose tow.)
- A. to ensure server certificate validation does not fail due to client clock sync issues
- B. to set expiry time in client certificate to a few minutes longer that the default setting
- C. to adjust clock time on client device to a few minutes before current time
- D. to ensure client certificate validation does not fail due to client clock sync issues
- E. to set start time in client certificate to a few minutes before current time
Answer : D
Question 14
Refer to the exhibit.
An administrator logs in to the Guest module in ClearPass and "˜Manage Accounts"™ displays as shown.
When a user with username [email protected] attempts to access the Web Login page, what will be the outcome?
- A. The user will not be able to access the Web Login page.
- B. The user will be able to login and authenticate successfully but they will be immediately disconnected after.
- C. The user will not be able to login and authenticate.
- D. The user will be able to login for the next 4.9 days, but after this they will not be able to login anymore.
- E. The user will be able to login and authenticate successfully, but get a quarantine role after logging in.
Answer : C
Question 15
Refer to the exhibit.
An Enforcement Profile has been created in the Policy Manager as shown.
Which action will ClearPass take based on this Enforcement Profile?
- A. ClearPass will count down 600 seconds and send a RADIUS CoA message to the user to end the user"™s session after this time is up.
- B. ClearPass will send the Session-Timeout attribute in the RADIUS Access-Accept packet to the NAD and the NAD will end the user"™s session after 600 seconds.
- C. ClearPass will count down 600 seconds and send a RADIUS CoA message to the NAD to end the user"™s session after this time is up.
- D. ClearPass will send the Session-Timeout attribute in the RADIUS Access-Request packet to the NAD and the NAD will end the user"™s session after 600 seconds.
- E. ClearPass will send the Session-Timeout attribute in the RADIUS Access-Accept packet to the User and the user"™s session will be terminated after 600 seconds.
Answer : E