Refer to the exhibit:
A customer has configured the Aruba Controller for administrative authentication using ClearPass as a TACACS server. During testing, the read-only user is getting the root access role. What could be a possible reason for this behavior? (Select two.)
A. The Controllers Admin Authentication Options Default role is mapped to toot.
B. The ClearPass user role associated to the read-only user is wrong
C. The Controller Server Group Match Rules are changing the user role
D. The read-only enforcement profile is mapped to the root role
E. On the Controller, the TACAC$ authentication server Is not configured for Session authorization
Refer to the exhibit:
A year ago, your customer deployed an Aruba ClearPass Policy Manager Server for a Guest SSIC hosted in an IAP Cluster. The customer just created a new Web Login Page for the Guest SSID. Even though the previous Web Login page worked test with the new Web Login Page are falling and the customer has
forwarded you the above screenshots.
What recommendation would you give the customer to tix the issue?
A. The service type configured is not correct. The Guest authentication should De an Application authentication type of service.
B. The customer should reset the password tor the username accx@exam com using Guest Manage Accounts
C. The Address filed under the WebLogin Vendor settings is not configured correctly, it should be set to instant arubanetworks.com
D. The WebLogin Pre-Auth Check is set to Aruba Application Authentication which requires a separate application service on the policy manager
A customer has created a Guest Sett-Registration page that they would like to use it as `template' for all the new pages that are going to be created from now on. Their goal is to ensure that the header and footer on every page are the same, and any edits made to them are automatically reflected on every Self-Registration Page. What should be configured in order to accomplish this request?
A. Save the "template" page as Master Self-Registration page
B. Create child pages when creating new Self-Registration pages and select the "template" as Parent
C. Save this "template" page as a new Skin to be used on other Self-Registration pages
D. Copy the "template" page and edit it each time a new Self-Registration Page is needed
Under Onboard management and control, which option will deny the user from re-provisioning the device a second time?
A. Revoke and Delete certificate
B. Delete user
C. Revoke certificate
D. Delete certificate
Refer to the exhibit: Your customer configured a ClearPass server to process the Guest and Secure SSIDs broadcasting from both Aruba and Cisco WLAN controllers When an Employee connects to Aruba or Cisco secure SSID, the authentication hits the guest service causing the client to fail the connection to the network. What change can be implemented to make both the secure and guest services created for Aruba and Cisco devices to work correctly?
A. Move the HS-Guest User Authentication with MAC Caching service to the first position.
B. Modify the service rule matching algorithm to ALL in HS-Guest User Authentication service.
C. Disable HS-Guest User Authentication service and move HS-Guest MAC Authentication to seventh position.
D. Move the HS_Building Aruba 802.1x service to the second position in the service order.
Refer to the exhibit:
The customer created a new enforcement policy condition to allow VIP Users access without additional security compliance checks hut cannot gel it working. The customer has sent you the above screenshots. How would you resolve the issue?
A. Ask the VIP user to complete the one time web health check to get the VIP profile.
B. Set the Enforcement Policy rules evaluation algorithm to evaluate all.
C. Include VIP User role along with the Healthy posture enforcement condition.
D. Modify the Enforcement Policy and re-order the VIP user condition to the lop.
Refer to the exhibit: A customer has configured Onboard in a cluster. After the Primary server's failure, the BYOD devices fail to connect to the network. What would you do to troubleshoot?
A. Verify the OSCP URL under TLS authentication method is mapped to http://localhost/ guestmdps_ocsp.php/2
B. Reboot the active ClearPass server and reconnect the client to the SSID by selecting the correct certificate when prompted
C. Check EAP certificate on the secondary node is issued by the same common root Certificate Authority (CA)
D. Check if a DNS entry is available for the ClearPass hostname in the certificate, resolvable from the DNS server assigned to the client
There is an Aruba Controller configured to send Guest AAA requests to ClearPass. If the customer would like the most effective way to ensure the lowest license usage counts, how should the controller be configured?
A. Aruba Controller will send stop messages only if EAP termination and Interim accounting are enabled.
B. Aruba Controller will send stop messages if RADIUS Accounting Server Group is defined in the authentication profile.
C. Aruba Controller will send stop messages only if both accounting and interim accounting are enabled.
D. Configure EAP Termination on the Aruba Controller and the client will send a stop message.
Refer to the exhibit:
Your company has a postgres SQL database with the MAC addresses of the company-owned tablets You
have configured a role mapping condition to tag the SQL devices. When one of the tablets connects to the
network, it does not get the correct role and receives a deny access profile.
How would you resolve the issue?
A. Remove SQL condition from role mapping policy and add it under the enforcement policy conditions.
B. Edit the SQL authentication source niter attributes and modify the SQL server filter query.
C. Add the SQL server as an authentication source and map .t under the authentication tab in the service.
D. Enable authorization tab in the service and add the SQL server as an authorization source.
What type of EAP certificate are you able to use on ClearPass? (Select two.)
A. Self signed, when all the clients are Onboarded with the same Root CA as the Self signed certificate.
B. Private signed, when the clients are onboarded or are part of the organization domain.
C. Private signed, when some clients are onboarded and some are not part of the organization.
D. Public signed, when not all of the clients are part of the organization domain.
E. Self signed, when all the clients are part of the organization domain.
