MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: Refer to the exhibit.A customer is doing a new ClearPass installation and is setting up clustering between two ClearPass servers running a 6.8.6 version. The ClearPass server failed to add the subscriber node. The customer was able to login to the console of the ClearPass server with the same CLI password used during the cluster setup. The customer has sent you the screenshots seeking your support Why did an attempt to add a subscriber node failed showing that error?
Question2: Refer to the exhibit.A customer has configured Onboard in a cluster. After the Primary server's failure, the BYOD devices fail to connect to the network. Which step below is the best starting point when troubleshooting'
Question3: Refer to the exhibit.You are doing a ClearPass PoC at a customer site with a single Aruba Mobility Controller. The customer asked for a demonstration of a simple Web Login functionality. You used a service template to create the guest services. During testing, the user gets redirected back to the weblogin page with an Authentication failed message The guest configurations on the Aruba Mobility Controller are configured correctly Why would the guest fail to authenticate successfully?
Question4: Which using Allow All MAC AUTH, which authentication source should be mapped to the service?
Question5: Refer to the exhibit.You have integrated the Cisco switch with ClearPass to do MAC-Auth for Cisco IP Phones. The phones connect to the network successfully but when you try to change the status of the device from the access tracker, you see only the ArubaOS Radius terminate session options and not the Cisco vendor terminate session options. What will you check to fix this issue?
Question6: A customer is troubleshooting a user that has complained about randomly having issues connecting the network with EAP PEAP using the Corporate Laptop. The initial checks are showing a number of authentication failures but no sign of issues with the ClearPass server or AD.What can the Customer do to monitor this user Authentication trend closely over the next few days?
Question7: Refer to the exhibit.You configured the Wired MAC - Auth service enforcement conditions with the Endpoint profiling data When mac-auth based clients connect to the network, ClearPass assigns Deny access profile. The customer has sent you the above screenshots How would you resolve the issue?
Question8: Refer to the exhibit.A year ago. your customer deployed an Aruba ClearPass Policy Manager Server for a Guest SSID hosted in an IAP Cluster The customer just created a new Web Login Page for the Guest SSiD Even though the previous Web Login page worked test with the new Web Login Page are failing and the customer has forwarded you the above screenshots.What recommendation would you give the customer to fix the issue?
Question9: The customer has configured the guest self-registration with sponsor approval. The guest users that the sponsor email and the other requested details while registering the account but the users were able to complete the authentication and access the internet without the sponsor's approval.What configuration settings will you check to make this setup work?
Question10: Refer to the exhibit.The users connecting to a wireless SSIO "secure-HS-5007" were being processed by an incorrect 802.1 X service created for VIP access and the user gets deny access. The customer has sent you the screenshot to get your support to resolve the issue What changes will you suggest to fix it?
Question11: A corporate Clear Pass Cluster with two servers located at a single site, has both Management and Data port IP addresses configured. The Management port IPs art in the DataCenter networks subnet, while the Data port IPs are in the DMZ. What is the difference between using one Virtual IP for the AAA traffic versus sending AAA requests to the physical IPs for each server' (Select two.)
Question12: Where is the following information stored in Clear Pass?- Roles and Posture for Connected Clients - System Health for OnGuard - Machine authentication State - CoA session info - Mapping of connected clients to NAS/NAD
Question13: Refer to the exhibit.Your customer has configured the 802.1 X service enforcement conditions with the Endpoint profiling dat a. When the client connects to the network. ClearPass successfully profiles the client but the client always receives an incorrect enforcement profile The configurations in the Aruba controller are completed correctly What is the cause of the issue?
Question14: Which statement is true about Radius IETF attributes Called-Stat ion-Id and Calling-Station-ld?
Question15: You have configured a Guest SSIO with Captive-portaI Web Authentication and MAC authentication. The MAC caching expiry time set to 12 hours and the Guest Account expiration time is set to 8 hours. What will happen if the guest were to disconnect from the SSID and re-connect 9 hours later?
Question16: Refer to the exhibit.What enforcement prof lit will be assigned to the Windows 10 MDH enabled devices if it completes user authentication and is already profiled by ClearPess?
Question17: You have designed a ClearPass solution for an Information Technology Business Park with 50,377 concurrent sessions including the visitors. The deployment includes eight ClearPass servers handling RADIUS authentication. Guest Self-Registration. Onboard and OnGuard. CPPM1 is acting as Publisher. CPPM2 to CPPM8 are added as subscriber nodes CPPM4 is the designated Standby Publisher. Servers CPPM2 and CPPM3 will be handling the Guest and Onboard HTTPS traffic. On a few devices, Corporate users will perform username and password based authentication with Active Directory accounts and on few devices, they will be using private CA signed TLS certificates to do the authentication The customer has three Active Directories (AD1, AD2 and A03) part of Multi-Domain Forest. To provide authentication redundancy, the customer has configured multiple Virtual IP settings between ClearPass servers in a cluster.On all the Network Access Devices (NAD), the primary authentication server is configured as the VIP IP address and the secondary authentication server rs configured as CPPM1 MGMT IP address Based on the information provided, which ClearPass nodes will you join to the AD domain
Question18: Refer to the exhibit.What could be causing the error message received on the OnGuard client?
Question19: What configuration steps should you follow to add terms and conditions page on Guest seIf-registration for CPPM? (Select two).
Question20: A customer has acquired another company that has its own Active Directory infrastructure. The 802 1X PEAP authentication works with the customer's original Active Directory servers but the customer would like to authenticate users from the acquired company as well.What steps are required, in regards to the Authentication Sources, in order to support this request? (Select two.)