ACCP-v6.2 Aruba Certified Clearpass Professional v6.2

Page 1   
Question 1

Refer to the screen capture below:


Based on the Enforcement Policy configuration shown in the capture, what Enforcement
Profile will an employee connecting an iOS device to the network for the first time receive
using EAP-PEAP?

  • A. Deny Access Profile
  • B. Onboard Post-Provisioning - Aruba
  • C. Onboard Pre-Provisioning – Aruba
  • D. Cannot be determined
  • E. Onboard Device Repository


Answer : C

Question 2

Refer to the following Authentication sources configuration:


Which of the following scenarios is true for the above configuration?

  • A. If the user is not found in the local user repository a reject message is sent back to the NAD device.
  • B. If the user is not found in the local user repository a timeout message is sent back to the NAD device.
  • C. If the user is not found in the local user repository and remotelab AD, a reject message is sent back to the NAD device.
  • D. If the user is not found in the local user repository but is present in the remotelab AD, a reject message is sent back to the NAD device.
  • E. If the user is not found in the remotelab AD but is present in the local user repository, a reject message is sent back to the NAD device.


Answer : C

Question 3

Refer to the screenshot in the diagram below, as seen when configuring a Web Login Page
in ClearPass Guest:


What is the page name field used for?

  • A. For Administrators to access the PHP page, but not guests.
  • B. For Administrators to reference the page only.
  • C. For forming the Web Login Page URL.
  • D. For forming the Web Login Page URL and the page name that guests must configure on their laptop wireless supplicant.
  • E. For forming the Web Login Page URL where Administrators add guest users.


Answer : C

Question 4

In the screenshot shown here of the Local User repository in ClearPass,


what Aruba User Role will be assigned to "mike" when he authenticates?

  • A. [Employee]
  • B. Employee
  • C. mike
  • D. We can't know this from the screenshot above
  • E. john


Answer : D

Question 5

Refer to the screen capture below:


Based on the posture plugin configuration shown in the above screen, which of the
following statements is true?

  • A. Check for any antivirus software enabled for all versions of Windows OS.
  • B. Check for any antivirus software enabled for Windows 7.
  • C. Check for AVG antivirus software enabled and is latest for Windows 7.
  • D. It is using the OnGuard dissolvable agent to perform the antivirus/antispyware checks.
  • E. It is using auto remediation for Windows 7 clients.


Answer : C

Question 6

Which of the following checks are made with OnGuard posture evaluation in Clearpass?
(Choose 3)

  • A. Peer-to-peer application checks
  • B. Client role check
  • C. EAP TLS certificate validity
  • D. Registry keys
  • E. Operating System version


Answer : A,D,E

Question 7

Refer to the following Service configuration:


A user connects for the first time to an Aruba access point wireless SSID named
"pod8wireless-guest-SSID". The SSID has web login authentication with RADIUS MAC
authentication enabled and ClearPass is the authentication server. The user hasn't yet
launched their web browser.
Which service will be triggered?

  • A. pod8wired
  • B. pod8-mac auth
  • C. pod8wireless
  • D. [Policy Manager Admin Network Service]
  • E. No service will be triggered


Answer : B

Question 8

Refer to the screenshot below:


Based on the above configuration, which of the following statements is true?

  • A. The visitor_phone field will be visible to operator creating the account.
  • B. The visitor_phone field will be visible to the guest users in the web login page.
  • C. The visitor_company field will be visible to operator creating the account.
  • D. The visitor_company field will be visible to the guest users in the web login page.
  • E. The email field will be visible to guest users on the web login page.


Answer : C

Question 9

Refer to the screen capture below:


Based on the Translation Rule configuration shown above, which of the following
statements is true?

  • A. A user from group MatchAdmin will be assigned the operator profile of IT Administrators.
  • B. All active directory users will be assigned the operator profile of IT Administrators.
  • C. All admin users will be assigned the operator profile of IT Administrators.
  • D. A user from group Administrators will be assigned the operator profile of IT Administrators.
  • E. This translation rule is not valid for Active Directory administrators.


Answer : D

Question 10

Refer to the screen capture below:


What does the Cache Timeout Value refer to?

  • A. The amount of time the Policy Manager caches the user credentials stored in the Active Directory.
  • B. The amount of time the Policy Manager caches the user attributes fetched from Active Directory.
  • C. The amount of time the Policy Manager waits for a response from the Active Directory before sending a timeout message to the Network Access Device.
  • D. The amount of time the Policy Manager waits for a response from the Active Directory before checking the backup authentication source.
  • E. The amount of time the Policy Manager caches the user's client certificate.


Answer : B

Question 11

What must be configured to enable RADIUS authentication with Clearpass on a network
access device (NAD)? (Choose 2)

  • A. An NTP server needs to be set up on the NAD.
  • B. A bind username and bind password must be provided.
  • C. A shared secret must be configured on the Clearpass server and NAD.
  • D. The Clearpass server must have the network device added as a valid NAD.
  • E. The Clearpass server certificate must be installed on the NAD.


Answer : C,D

Question 12

Which of the following device types support Exchange ActiveSync configuration with
Onboard?

  • A. Windows laptop
  • B. Apple iOS device
  • C. Android device
  • D. Mac OS X device
  • E. Linux Laptop


Answer : B

Question 13

Which of the following is a benefit of ClearPass OnGuard?

  • A. Allows employees and other non-IT staff to create temporary accounts for Wi-Fi access.
  • B. Offers an easy way for users to self-configure their devices to support 802.1X authentication on wired and wireless networks.
  • C. Enables organizations to run advanced endpoint posture assessments.
  • D. Offers full self-service provisioning for personal employee owned devices.
  • E. Allows a receptionist in a hotel to create accounts for guest users.


Answer : C

Question 14

A customer would like to deploy ClearPass with the following objectives: they have 2000
devices that need to be onboarded, 2000 corporate devices running posture checks daily,
and 500 different guest users each day authenticating using the web login feature.
Which of the following best describes the license mix that they need to purchase?

  • A. CP-HW-500, 2500 Clearpass Enterprise
  • B. CP-HW-5k, 2500 Clearpass Enterprise
  • C. CP-HW-5k, 4500 Clearpass Enterprise
  • D. CP-HW-25k, 4500 Clearpass Enterprise
  • E. CP-HW-25k, 4000 Clearpass Enterprise


Answer : D

Question 15

What does a client need for it to perform EAP-PEAP successfully, if 'Validate Server
Certificate' is not enabled?

  • A. Username and Password
  • B. Client Certificate
  • C. Pre-shared key
  • D. Certificate Authority
  • E. Server Certificate


Answer : A

Page 1