Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

Refer to the exhibit.

A customer has just configured a Posture Policy and the T 2 -Health check Service. Next they installed the OnGuard Agent on a test client connected to the Secure_Employee SSID. When they check Access Tracker they see many WEBAUTH requests are being triggered What could be the reason'

A.

The OnGuard Agent trigger the events based on changing the Health Status.

B.

The OnGuard Agent is connecting to the Data Port interface on ClearPass.

C.

TCP port 6658 is not allowed between the client and the ClearPass server.

D.

OnGuard Web-Based Health Check interval has been configured to three minutes.

A corporate Clear Pass Cluster with two servers located at a single site, has both Management and Data port IP addresses configured. The Management port IPs art in the DataCenter networks subnet, while the Data port IPs are in the DMZ. What is the difference between using one Virtual IP for the AAA traffic versus sending AAA requests to the physical IPs for each server' (Select two.)

A.

Using the one Virtual IP can provide failover.

B.

One Virtual IP can be used together with the individual server IPs for load balancing.

C.

By using the Virtual IP, the failover wait time is faster than using individual server IPs.

D.

The failover can be accomplished only by using Virtual IP

E.

The Individual IPs can provide failover and load balancing.

You art deploying Cleat Pass Policy Manager with Guest functionality for a customer with multiple Aruba Networks Mobility Controllers. The customer wants to avoid SSL errors during guest access but due to company security policy cannot use a wildcard certificate on ClearPass or the Controllers.

What is the most efficient way to configure the customer's guest solution? (Select two.)

A.

Install the same public certificate on all Controllers with the common name "controller.{company domain)

B.

Build multiple Web Login pages with vendor settings configured for each controller

C.

Build one Web Login page with vendor settings for captiveportal-controller (company domain)

D.

Build one Web Login page with vendor settings for controller (company domain)

E.

Install multiple public certificates with a different Common Name on each controller

A customer has created a Guest Self-Registration page that they would like to use it as 'template' for all the new pages that are going to be created from now on. Their goal is to ensure that the header and footer on every page are the same, and any edits made to them are automatically reflected on every Self-Registration Page.

What should be configured in order to accomplish this request?

A.

Save the "template" page as Master Self'Registration page.

B.

Copy the "template" page and edit it each time a new Self-Registration Page is needed.

C.

Create child pages when creating new Self-Registration pages and select the "template" as Parent.

D.

Save this "template" page as a new Skin to be used on other Self-Registration pages.

Refer to the exhibit.

The users connecting to a wireless SSIO "secure-HS-5007" were being processed by an incorrect 802.1 X service created for VIP access and the user gets deny access. The customer has sent you the screenshot to get your support to resolve the issue What changes will you suggest to fix it?

A.

To the HS_Building 802.1 X service, add another service rule condition with VIP access Aruba-Essid-Name and leave it in same position

B.

In the HS_Building 802.1X service, remove the service rule condition with Aruba controller location name and leave it in same position

C.

Delete the HSBuilding 802 IX service, odd VIP access Aruba-Essid-Name as fourth condition to WSBuilding Aruba 802 1X service

D.

In the HSBuilding 802. IXservice. change the Authentication method for AMCAuth for VIP access and leave it in same position

Refer to the exhibit.

A customer has configured Onboard in a cluster. After the Primary server's failure, the BYOD devices fail to connect to the network. Which step below is the best starting point when troubleshooting'

A.

Verify the CPPM hostname in OSCP URL under TLS authentication method is updated to localhost instead of primary server's hostname.

B.

Reboot the active ClearPass server and reconnect the client to the SSID by selecting the correct certificate when prompted.

C.

Check if a DNS entry is available for the ClearPass hostname in the certificate, resolvable from the DNS server assigned to the client.

D.

Check EAP certificate on the secondary node is issued by the same common root Certificate Authority (CA).

Which statements are true about that integration between ClearPass Policy Manager and ClearPass Device Insight? (Select two)

A.

Policy Manager stops using ClearPass Profiler for fingerprinting and uses Device Insight Analyzer instead for endpoint in-depth data analysis.

B.

ClearPass Device Insight updates ClearPass Policy Manager every 60 minutes if it detects a change in device classification like device spoofing.

C.

To provide enhanced profiling and reporting. additional configuration is required to transmit data in both directions between CPPM and Device Insight.

D.

When Device Insight integration mode is enabled. you can still use Update Fingerprint button to Update Endpoints at Configuration > Identity > Endpoints

E.

An attribute named Device Insight Tags art added to the Endpoints that art available to use in service, role-mapping, and enforcement policy Rules

What is the Secure SSIO (otherwise referred to as Single SSID) OnBoard deployment service workflow?

A.

Onboard Provisioning RADIUS service, Onboard Authorization Application service, Onboard Pre-Auth Application service. Onboard Provisioning RADIUS service Onboard B. Provisioning RADIUS service,

B.

Onboard Authorization RADIUS service. Onboard Pre-Auth Application service. Onboard Provisioning RADIUS service Onboard C. C. Provisioning RADIUS service. Onboard Prt-Auth Application service.

C.

Onboard Authorization Application service. Onboard Provisioning RADIUS service Onboard

D.

Provisioning RADIUS service. Onboard Pre-Auth RADIUS service. Onboard Authorization Application service. Onboard Provisioning RADIUS service.

Refer to the exhibit.

What could be causing the error message received on the OnGuard client?

A.

The Service Selection Rules for the service are not configured correctly

B.

The Health-Check service does not have Posture Compliance option enabled

C.

The client's OnGuard Agent has not been configured with the correct Policy Manager Zone.

D.

There is a firewall policy not allowing the OnGuard Agent to connect to ClearPass

Which statements art true about controller-initiated and server-initiated login method? (Select two)

A.

Controller-initiated login method should be used if the guest user's network login will be handled by the controller-based AP to perform the HTTP post when the user attempts a login.

B.

Controller-initiated login method should be used of the guest user's network login will be handled by the guest browser to perform the HTTP port when the user attempts a login

C.

server-in it will login method should be used if the guest user s network login will be handled by the wired switch by standing the authentication request to (PPM when the user attempts a login

D.

server-initiated login method should be used if the guest user’s network login will be handled by ClearPass by sending the authentication request to itself when the user attempts a login

E.

server-initiated login method should be used if the guest users network login will be handled by the ClearPass by standing a CoA after authentication request is posted to itself when the user attempts a login