Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

Aruba (ACCP) Certified ClearPass Professional Sample Questions

  1. Home
  3. Aruba (ACCP) Certified ClearPass Professional Sample Questions
Aruba Certified ClearPass Professional (ACCP) Sample Questions
Question 1 – What are the checks made by ClearPass’ Onguard posture evaluation? (Choose three.)
  • A. Operating System version
  • B. Peer-to-peer application checks
  • C. EAP TLS certificate validity
  • D. Client role check
  • E. Registry keys

Correct Answer: ABE

Question 2 – As a result of an outage to the ClearPass server, a customer would like to implement a virtual IP redundancy system. There will be no interruption to 802.1x authentications. A single Virtual IP address has been enabled on two ClearPass servers by the administrator. Which statement is correct? (Choose two.)
  • A. Both the primary and secondary nodes will respond to authentication requests sent to the Virtual IP address when the primary node is active.
  • B. The primary node will respond to authentication requests sent to the Virtual IP address when the primary node is active.
  • C. The NAD should be configured with the primary node IP address for RADIUS authentications on the 802.1x network.
  • D. A new Virtual IP address should be created for each NAD.
  • E. The NAD should be configured with the virtual IP address for RADIUS authentications on the 802.1x network.

Correct Answer: BE

Question 3 – In this scenario, ClearPass sends an SNMP probe to the network access device, but it is unable to get any profiling information from the device. Which of the following could be a valid cause? (Choose three.)
  • A. Mismatching SNMP community string in the ClearPass and NAD configuration.
  • B. Only SNMP read has been configured but SNMP write is needed for profiling information.
  • C. SNMP is not enabled on the NAD.
  • D. An external firewall is blocking SNMP traffic.
  • E. SNMP probing is not supported between ClearPass and NADs.

Correct Answer: ACD

Question 4 – During the policy service processing, what methods can ClearPass use to assign roles to the client? (Choose two.)
  • A. Through a role mapping policy.
  • B. From the attributes configures in a Network Access Device.
  • C. From the server derivation rule in the Aruba Controller server group for the client.
  • D. From the attributes configured in Active Directory.
  • E. Roles can be derived from the Aruba Network Access Device.

Correct Answer: AD

Question 5 – When an Android device connects to a secure network using EAP-TLS, the device goes through the single-SSID Onboarding process. In which order are the services triggered?
  • A. Onboard Provisioning, Onboard Authorization, Onboard Pre-Auth
  • B. Onboard Authorization, Onboard Provisioning, Onboard Authorization
  • C. Onboard Provisioning, Onboard Pre-Auth, Onboard Authorization
  • D. Onboard Provisioning, Onboard Authorization, Onboard Provisioning
  • E. Onboard Provisioning, Onboard Pre-Auth, Onboard Authorization, Onboard Provisioning

Correct Answer: D

Question 6 – What do the Posture Token QUARANTINE imply?
  • A. The client is compliant. However, there is an update available to remediate the client to HEALTHY state.
  • B. The posture of the client is unknown.
  • C. The client is infected and is a threat to other systems in the network.
  • D. The client is out of compliance but has a HEALTHY state.
  • E. The client is out of compliance.

Correct Answer: E

Question 7 – In order to use ClearPass as a TACACS+ Authentication server for a network device, what steps must be taken? (Choose two.)
  • A. Configuring a TACACS Enforcement Profile on ClearPass for the desired privilege level.
  • B. Enabling RADIUS accounting on the NAD.
  • C. Configuring ClearPass roles on the network device.
  • D. Configuring ClearPass as an Authentication server on the network device.
  • E. Configuring a RADIUS Enforcement Profile on ClearPass for the desired privilege level.

Correct Answer: AD

Question 8 – For RADIUS authentication with ClearPass, what settings must be configured on a network access device (NAD)? (Choose two.)
  • A. The ClearPass server must have the network device added as a valid NAD.
  • B. The ClearPass server certificate must be installed on the NAD.
  • C. A matching shared secret must be configured on both the ClearPass server and NAD.
  • D. An NTP server needs to be set on the NAD.
  • E. A bind username and bind password must be provided.

Correct Answer: AC

Question 9 – Customers with an Aruba Controller are interested in setting up ClearPass Guest for them. In order for guests to be able to successfully authenticate, how should ClearPass be configured in the controller?
  • A. Adding ClearPass as RADIUS CoA server.
  • B. Adding ClearPass as a TACACS+ authentication server.
  • C. Adding ClearPass as a RADIUS authentication server.
  • D. Adding ClearPass as an HTTPS authentication server.

Correct Answer: A

Question 10 – Bank employees would like ClearPass Guest deployed with web login authentication so that their customers can self-register on the network to access the network when they meet with bank employees. However, they’re more concerned about security. What is the correct statement ? (Choose three.)
  • A. Once the web login page uses HTTPS, all guest Internet traffic will be encrypted once authentication has been completed.
  • B. The guest credentials will be encrypted during web login authentication if HTTPS is used.
  • C. To encrypt Internet traffic, the guest should use an IPSEC VPN on their client.
  • D. HTTPS should never be used for Web Login Page authentication.
  • E. Using HTTPS for the web login page may result in some guest Internet traffic not being encrypted after authentication is completed.

Correct Answer: BCE

Question 11 – In 802.1x authentication, a customer wants to enforce policies based on a client’s Onguard posture token. Which enforcement profile is suitable to be used in the health check service?
  • A. Quarantine VLAN
  • B. RADIUS CoA
  • C. RADIUS Accept
  • D. RADIUS Reject
  • E. Full Access VLAN

Correct Answer: B

Question 12 – What authorization servers does ClearPass support? (Choose two.)
  • A. Active Directory
  • B. Cisco Controller
  • C. Aruba Controller
  • D. LDAP server
  • E. Aruba Mobility Access Switch

Correct Answer: AD

Question 13 – In a Policy Service, what can we do with Authorization?
  • A. For using attributes in databases in role mapping and Enforcement.
  • B. For using attributes stored in databases in Enforcement only, but not role mapping.
  • C. For using attributes stored in external databases for Enforcement, but not internal databases.
  • D. For using attributes stored in databases in role mapping only, but not Enforcement.
  • E. For using attributes stored in internal databases for Enforcement, but not external databases.

Correct Answer: A

Question 14 – Which of the given statement is correct about the databases in ClearPass?
  • A. Entries in the guest user database do not expire.
  • B. A Static host list can only contain a list of IP addresses.
  • C. Entries in the guest user database can be deleted.
  • D. Entries in the local user database cannot be modified.
  • E. It is not possible to automatically populate the endpoints database. You must manually enter the MAC addresses.

Correct Answer: A

Question 15 – What is the most effective way to distinguish between provisioned devices and devices that have not gone through the Onboarding workflow in single SSID Onboarding?
  • A. Onguard Agent used
  • B. Authentication Method used
  • C. Network Access Device used
  • D. Active Directory Attributes
  • E. Endpoint OS Category

Correct Answer: B

Question 16 – Which of the given components of a ClearPass is mandatory?
  • A. Authorization Source
  • B. Enforcement
  • C. Profiler
  • D. Role Mapping Policy
  • E. Posture

Correct Answer: B

Question 17 – In ClearPass, which types of policy simulation are valid? (Choose three.)
  • A. Enforcement Policy
  • B. Posture token derivation
  • C. Role Mapping
  • D. Endpoint Profiler
  • E. Chained simulation

Correct Answer: ACE

Question 18 – In order to successfully authenticate with EAP-TLS, which of the following needs to be validated? (Choose two.)
  • A. WPA2-PSK
  • B. Username and Password
  • C. Client Certificate
  • D. Server Certificate
  • E. Pre-shared key

Correct Answer: CD

Question 19 – When the “Validate Server Certificate” option is not enabled on the client, what does it need in order to perform EAP-PEAP successfully?
  • A. WPA2-PSK
  • B. Client Certificate
  • C. Pre-shared key
  • D. Server Certificate
  • E. Username and Password

Correct Answer: E

Question 20 – In which components are authorization attributes in Active Directory used for decision making? (Choose two.)
  • A. Posture policy
  • B. Role Mapping policy
  • C. Certificate validation policy
  • D. Profiling policy
  • E. Enforcement policy

Correct Answer: BE

Menu