New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

HP HPE6-A68 Aruba Certified ClearPass Professional (ACCP) V6.7 Exam Practice Test

Demo: 17 questions
Total 116 questions

Aruba Certified ClearPass Professional (ACCP) V6.7 Questions and Answers

Question 1

Which components can use Active Directory authorization attributes for the decision-making process? (Select two.)

Options:

A.

Profiling policy

B.

Certificate validation policy

C.

Role Mapping policy

D.

Enforcement policy

E.

Posture policy

Question 2

Which statement accurately describes configuration of Data and Management ports on the ClearPass appliance? (Select two.)

Options:

A.

Configuration of the management port is optional.

B.

Configuration of the management port is mandatory.

C.

Configuration of the data port is mandatory.

D.

Configuration of the data port is optional.

E.

Static IP addresses are only allowed on the management port, not the data port.

Question 3

Based on the Policy configuration shown, which VLAN will be assigned when a user with ClearPass role Engineer authenticates to the network successfully using connection protocol WEBAUTH?

Options:

A.

Deny Access

B.

Employee VLAN

C.

Internet VLAN

D.

Full Access VLAN

Question 4

Under which circumstances is it necessary to use an SNMP based Enforcement profile to send a VLAN?

Options:

A.

when a VLAN must be assigned to a wired user on an Aruba Mobility Controller

B.

when a VLAN must be assigned to a wireless user on an Aruba Mobility Controller

C.

when a VLAN must be assigned to a wired user on a third party wired switch that does not support RADIUS return attributes

D.

when a VLAN must be assigned to a wired user on an Aruba Mobility Access Switch

E.

when a VLAN must be assigned to a wired user on a third party wired switch that does not support RADIUS accounting

Question 5

What is the purpose of RADIUS CoA (RFC 3576)?

Options:

A.

to force the client to re-authenticate upon roaming to a new Controller

B.

to apply firewall policies based on authentication credentials

C.

to validate a host MAC address against a whitelist or a blacklist

D.

to authenticate users or devices before granting them access to a network

E.

to transmit messages to the NAD/NAS to modify a user’s session status

Question 6

Which licenses are included in the built-in Starter kit for ClearPass?

Options:

A.

10 ClearPass Guest licenses, 10 ClearPass Onguard licenses and 10 ClearPass Onboard licenses

B.

25 ClearPass Profiler licenses

C.

25 ClearPass Enterprise licenses

D.

10 ClearPass Enterprise licenses

E.

25 ClearPass Redundancy licenses

Question 7

What does Authorization allow users to do in a Policy Service?

Options:

A.

To use attributes in databases in role mapping and Enforcement.

B.

To use attributes stored in databases in Enforcement only, but not role mapping.

C.

To use attributes stored in external databases for Enforcement, but not internal databases.

D.

To use attributes stored in databases in role mapping only, but not Enforcement.

E.

To use attributes sored in internal databases for Enforcement, but not external databases.

Question 8

Which statement accurately describes configuration of Data and Management ports on the ClearPass appliance? (Select two.)

Options:

A.

Static IP addresses are only allowed on the management port.

B.

Configuration of the data port is mandatory.

C.

Configuration on the management port is mandatory.

D.

Configuration of the data port if optional.

E.

Configuration of the management port is optional.

Question 9

An employee provisions a personal smart phone using the Onboard process. In addition, the employee has a corporate laptop provided by IT that connects to the secure network.

How many licenses does the employee consume?

Options:

A.

1 Policy Manager license, 2 Guest Licenses

B.

2 Policy Manager licenses, 1 Onboard License

C.

1 Policy Manager license, 1 Onboard License

D.

1 Policy Manager license, 1 Guest License

E.

2 Policy Manager licenses, 2 Onboard Licenses

Question 10

A customer would like to deploy ClearPass with these requirements:

  • between 2000 to 3000 corporate users need to authenticate daily using EAP-TLS
  • should allow for up to 1000 employee devices to be Onboarded
  • should allow up to 100 guest users each day to authenticate using the web login feature

What is the license mix that customer will need to purchase?

Options:

A.

CP-HW-2k, 1000 Onboard, 100 Guest

B.

CP-HW-500, 1000 Onboard, 100 Guest

C.

CP-HW-5k, 2500 Enterprise

D.

CP-HW-5k, 1000 Enterprise

E.

CP-HW-5k, 100 Onboard, 100 Guest

Question 11

An administrator enabled the Pre-auth check for their guest self-registration.

At what stage in the registration process in this check performed?

Options:

A.

after the user clicks the login button and after the NAD sends an authentication request

B.

after the user self-registers but before the user logs in

C.

after the user clicks the login button but before the NAD sends an authentication request

D.

when a user is re-authenticating to the network

E.

before the user self-registers

Question 12

If the “Alerts” tab in an access tracker entry shows the following error message: “Access denied by policy”, what could be a possible cause for authentication failure?

Options:

A.

Configuration of the Enforcement Policy.

B.

An error in the role mapping policy.

C.

Failure to select an appropriate authentication method for the authentication request.

D.

Implementation of a firewall policy on ClearPass.

E.

Failure to find an appropriate service to process the authentication request.

Question 13

Refer to the exhibit.

Based on the Endpoint information shown, which collectors were used to profile the device as Apple iPad? (Select two.)

Options:

A.

HTTP User-Agent

B.

SNMP

C.

DHCP fingerprinting

D.

SmartDevice

E.

Onguard Agent

Question 14

Why can the Onguard posture check not be performed during 802.1x authentication?

Options:

A.

Health Checks cannot be used with 802.1x.

B.

Onguard uses RADIUS, so an additional service must be created.

C.

Onguard uses HTTPS, so an additional service must be created.

D.

Onguard uses TACACS, so an additional service must be created.

E.

802.1x is already secure, so Onguard is not needed.

Question 15

Refer to the exhibit.

Based on the Aruba TACACS+ dictionary shown, how is the Aruba-Role attribute used?

Options:

A.

The Aruba-Admin-Role on the controller is applies to users using TACACS+ to login to the Policy Manager

B.

To assign different privileges to clients during 802.1X authentication

C.

To assign different privileges to administrators logging into an Aruba NAD

D.

It is used by ClearPass to assign TIPS roles to clients during 802.1X authentication

E.

To assign different privileges to administrators logging into ClearPass

Question 16

Which collectors can be used for device profiling? (Select two.)

Options:

A.

Username and Password

B.

ActiveSync Plugin

C.

Client’s role on the controller

D.

Onguard agent

E.

Active Directory Attributes

Question 17

Refer to the exhibit.

A user who is tagged with the ClearPass roles of Role_Engineer and developer, but not testqa, connects to the network with a corporate Windows laptop.

Which Enforcement Profile is applied?

Options:

A.

WIRELESS_GUEST_NETWORK

B.

WIRELESS_CAPTIVE_NETWORK

C.

WIRELESS_HANDHELD_NETWORK

D.

Deny Access

E.

WIRELESS_EMPLOYEE_NETWORK

Demo: 17 questions
Total 116 questions