01. An organization implements dual SSID Onboarding. The administrator used the Onboard service template to create services for dual SSID Onboarding. Which statement accurately describes the outcome?
a) The Onboard Authorization service is triggered during the Onboarding process.
b) The Onboard Authorization service is triggered when the user connects to the secure SSID.
c) The device connects to the secure SSID for provisioning.
d) The Onboard Provisioning service is triggered when the user connects to the provisioning SSID to Onboard their device.
e) The Onboard Authorization service is never triggered.
02. What types of files are stored in the Local Shared Folders database in ClearPass?
(Choose two.)
a) Backup Files
b) Posture dictionaries
c) Software image
d) Device fingerprint dictionaries
e) Log files
03. A customer with an Aruba Controller wants it to work with ClearPass Guest. How should the customer configure ClearPass as an authentication server in the controller so that guests are able to authenticate successfully?
a) Add ClearPass as a RADIUS authentication server.
b) Add ClearPass as a RADIUS CoA server.
c) Add ClearPass as an HTTPS authentication server.
d) Add ClearPass as a TACACS+ authentication server.
04. If a client’s authentication is failing and there are no entries in the ClearPass access tracker, which of the following is a possible reason for the authentication failure?
a) The client used a wrong password.
b) The user is not found in the database.
c) The shared secret between Network Access Device and ClearPass does not match.
d) The user account has expired.
05. Which of the following statements is FALSE about OnGuard?
(Choose 2)
a) It is used to identify and remove any malware/viruses.
b) It is used to ensure that Antivirus/Antispyware programs are running and are up to date as desired.
c) It supports both Windows and Mac OS X clients.
d) It only supports 802.1X authentication.
06. A customer would like to deploy ClearPass with the following objectives: they have between 2,000 to 3,000 corporate users that need to authenticate daily using EAP-TLS.
They want to allow for up to 1,000 employee devices to be OnBoarded. They would also like to allow up to 100 different guest users each day to authenticate using the web login feature.
Which of the following best describes the license mix that they need to purchase?
a) CP-HW-5k, 100 OnBoard, 100 Guest
b) CP-HW-500, 1,000 OnBoard, 100 Guest
c) CP-HW-2k, 1,000 OnBoard, 100 Guest
d) CP-HW-5k, 2,500 Enterprise
07. Which of the following statements is FALSE about the configuration of Active Directory (AD) as an External Authentication server in ClearPass?
a) ClearPass should join the AD domain when PEAP and MSCHAPv2 are used as the authentication type.
b) The bind DN for an AD can be in the administrator@ domain format.
c) ClearPass can only be a member of a single AD domain.
d) An administrator can customize the selection of attributes fetched from the AD.
08. What are Operator Profiles used for?
a) To map AD attributes to admin privilege levels in ClearPass Guest.
b) To enforce role based access control for ClearPass Policy Manager users.
c) To enforce role based access control for Aruba Controllers.
d) To assign ClearPass roles to guest users.
e) To enforce role based access control for ClearPass Guest Admin users.
09. Which use cases will require a ClearPass Guest application license?
(Select two.)
a) Guest device fingerprinting
b) Guest user self-registration for access
c) Guest endpoint health assessment
d) Sponsor based guest user access
e) Guest personal device onboarding
10. In single SSID Onboarding, which method can be used in the Enforcement Policy to distinguish between a provisioned device and a device that has not gone through the Onboard workflow?
a) Onguard Agent used
b) Authentication Method used
c) Network Access Device used
d) Active Directory Attributes
e) Endpoint OS Category