HPE6-A07 23 Q&S Aruba Certified ClearPass Associate 6.5 By Kerwin

Which statement most accurately describes how users with Active Directory credentials authenticate with ClearPass when Active Directory is used as an authentication source for an 802.1x service in ClearPass?

A. A Kerberos request is sent from the Network Access Device to ClearPass which initiates a RADUIS request to the AD server.
B. A RADIUS request is sent from the Network Access Device to the AD server which communicates with ClearPass.
C. An LDAP request is sent from the Network Access Device to the AD server which communicates with ClearPass.
D. An LDAP request is sent from the Network Access Device to ClearPass which initiates a RADIUS request to the AD server.
E. A RADIUS request is sent from the Network Access Device to the ClearPass which communicates with the AD server.

Answer Clike

Refer to the exhibit. Based on the information shown, why did the Joining AD fail?


A. the GSS is wrong
B. the wrong FQDN of the AD was entered while joining C. the wrong domain name was selected while joining the AD
D. there is a clock difference between ClearPass and AD servers
E. there is an IP communication issue

Answer Clike
Which most accurately describes the First Applicable rule evaluation algorithm in Enforcement Policies?

A. Each rule is checked and once a match is found, the Enforcement profile assigned to that rule is applied and the rule matching stops.
B. All rules are checked and if there is no match, no Enforcement profile is applied.
C. Each rule is checked and once a match is found, the Enforcement profile assigned to that rule is applied. along with the default Enforcement profile.
D. All rules are checked for any matching rules and their respective Enforcement profiles are applied.

Answer Clike
What is the purpose of using a role mapping policy in an 802.1x service with Active Directory as the authentication source?

A. to translate and combine AD attributes into ClearPass roles
B. to send roles from ClearPass to the AD user to update a user's group membership
C. to enable attributes as roles directly without needing role mapping rules
D. to send Aruba firewall roles back to the Aruba Network Access Device
E. to send details of a user's connection to the AD user to store in its database

Answer Clike
What is the purpose of a guest self-registration page in ClearPass?

A. to allow employees to get their own devices securely connected to the network
B. to allow contractors to create their own accounts in Active Directory
C. to allow employees' sponsors to create accounts for their guests
D. to allow employees to easily get their corporate devices on the network
E. to allow guest users to create a login account for the web login page

Answer Clike
What is the purpose of the pre-auth check during guest authentication?

A. for the NAD device to do an internal authentication check before sending the credentials to ClearPass
B. for the NAD device to check that ClearPass is active before sending it the RADIUS request
C. for ClearPass to do an internal authentication check before the NAS login happens
D. for the client device to do an internal sanity check before the NAS login occurs
E. for the client device to check that ClearPass is active before sending it the credentials

Answer Clike
Where is the web login page created in the ClearPass UI?

A. WebAuth Service
B. Captive Portal Profile
C. ClearPass Policy Manager
D. Guest Login Service
E. ClearPass Guest

Answer Clike
Which actions are necessary to set up a ClearPass guest captive portal web login page to authenticate guest users? (Select three.)

A. Configure the guest pre-authentication role on ClearPass.
B. Select the user login checkbox in ClearPass Guest.
C. Create a web login page in ClearPass Guest.
D. Create Guest Service in ClearPass policy Manager.
E. Redirect Aruba Controller URL to ClearPass server web login page.

Answer Clike
Which device uses the Quick Connect method of Onboarding? (Select two.)

A. iPad
B. iPhone
C. Windows
D. blackberry
E. Android

Answer Clike
What is the purpose of a RADIUS IETP Session Timeout attribute being sent to an Aruba Controller when a guest authenticates successfully?

A. For the controller to initiate a RADIUS re-authentication automatically when the time limit is reached.
B. For ClearPass to send a RADIUS CoA message to the client when the time limit is reached.
C. For the user to initiate a RADIUS re-authentication when the time limit is reached.
D. For ClearPass to send a RADIUS CoA message when the time limit is reached.
E. For the Controller to end the user's authenticated session when the time limit is reached.

Answer Clike
What does a client need for it to perform EAP-TLS successfully? (Select two.)

A. Username and Password
B. Server Certificate
C. Pre-shared key
D. Certificate Authority
E. Client Certificate

Answer Clike
Which authentication type allows a device to authenticate with a client certificate?

A. 802.1X/EAP
B. WEP Authentication
C. MAC Authentication
D. Captive Portal Authentication
E. Open System Authentication

Answer Clike
Where is the ClearPass Guest Login page URL referenced in the Aruba Controller?

A. Guest Access Policy
B. WebAuth Profile
C. Captive Portal Policy
D. Captive Portal Authentication Profile
E. Guest Enforcement Profile

Answer Clike
A guest user connects to an Aruba Controller wireless network and is redirected to a web login page on ClearPass.
How is the redirection performed?


A. The user inputs the URL of the web login page in their browser
B. The user is redirected to the securelogin.arubanetworks.com web login page.
C. ClearPass will capture web traffic and redirect the client to the Web Login page.
D. The controller will capture web traffic and redirect the traffic to the ClearPass Web Login page.
E. The user inputs the URL of the controller's securelogin.arubanetworks.com page in their browser.

Answer Clike
Which device verifies the Server certificate during the Over the air provisioning process?

A. Aruba Controller
B. Active Directory
C. ClearPass Onboard
D. Client
E. ClearPass Policy Manager

Answer Clike
In which stage of the Onboard process is the enterprise's root certificate installed on the iOS device?

A. During EAP authentication
B. Provisioning
C. Authentication
D. Pre-provisioning
E. Authorization

Answer Clike

Based on the information provided, what is the status of the network? (Select two.)


A. Posture check is enabled for Windows 7 OS.
B. Posture check is enabled for firewall client application in Windows 7 OS.
C. Auto remediation is enabled, hence the client will be forced to enable the firewall if it is found disabled.
D. Auto remediation can force the client to enable the firewall and also sends a notification to user.
E. Auto remediation cannot force the client to enable the firewall, it can only send notification to the user.

Answer Clike
Which checks are made with OnGuard posture evaluation in ClearPass? (Select three.)

A. Client role check
B. Registry keys
C. Peer-to-peer application checks
D. EAP TLS certificate validity
E. Operating System version

Answer Clike
Which Operating Systems can use Network Access Protection (NAP) policy agents? (Select two.)

A. Windows XP
B. Android
C. Windows 7
D. Mac OS X
E. iOS 6 and higher

Answer Clike
Which statement is a valid “Native Dissolvable Agent Installer” requirement?

A. Agent can be installed for only current users.
B. Native Dissolvable agent installer requires admin rights.
C. Agent can be installed for current user but does not require admin rights.
D. ClearPass does not support “Native dissolvable agent.”
E. It does not require admin rights but needs a license.

Answer Clike