1. An administrator supports a RAP at a branch office. A user’s device that is attached to the Ethernet port is assigned an 802.1X AAA policy and is configured for tunneled node.

How is the user’s traffic transmitted to the corporate office?

2. An administrator creates service-based policies for AirGroup on the Mobility Master (MM). The administrator can define location-based policy limits based on which information?

3. An administrator needs to modify a VAP used for a branch office RAP. The VAP’s operating mode is currently defined as backup and uses tunnel mode forwarding. The administrator wants to implement split-tunnel forwarding mode in the VAP.

Which WLAN operating mode must the administrator define for the VAP before the tunnel forwarding mode can be changed to split-tunnel?

4. An administrator deploys an AP at a branch office. The branch office has a private WAN circuit that provides connectivity to a corporate office controller. An Ethernet port on the AP is connected to a network storage device that contains sensitive information. The administrator is concerned about sending this traffic in clear-text across the private WAN circuit.

What can the administrator do to prevent this problem?

5. Which statement is true about Radius IETF attributes Called-Stat ion-Id and Calling-Station-ld?

6. The customer has configured the guest self-registration with sponsor approval. The guest users that the sponsor email and the other requested details while registering the account but the users were able to complete the authentication and access the internet without the sponsor’s approval.

What configuration settings will you check to make this setup work?

7. A customer is troubleshooting a user that has complained about randomly having issues connecting the network with EAP PEAP using the Corporate Laptop. The initial checks are showing a number of

authentication failures but no sign of issues with the ClearPass server or AD.

What can the Customer do to monitor this user Authentication trend closely over the next few days?

8. A corporate Clear Pass Cluster with two servers located at a single site, has both Management and Data port IP addresses configured. The Management port IPs art in the Data Center networks subnet, while the Data port IPs are in the DMZ. What is the difference between using one Virtual IP for the AAA traffic versus sending AAA requests to the physical IPs for each server’ (Select two.)

9. Which statements art true about Aruba down loadable user roles? (select three)

10.  

You have configured a Guest SSIO with Captive-portaI Web Authentication and MAC authentication. The MAC caching expiry time set to 12 hours and the Guest Account expiration time is set to 8 hours. What will happen if the guest were to disconnect from the SSID and re-connect 9 hours later?

11. Where is the following information stored in Clear Pass?

– Roles and Posture for Connected Clients – System Health for OnGuard – Machine authentication State – CoA session info – Mapping of connected clients to NAS/NAD

12. A customer has created a Guest Self-Registration page that they would like to use it as ‘template’ for all the new pages that are going to be created from now on. Their goal is to ensure that the header and footer on every page are the same, and any edits made to them are automatically reflected on every Self-Registration Page.

What should be configured in order to accomplish this request?

13. Which statements are true about that integration between ClearPass Policy Manager and ClearPass Device Insight? (Select two)

14. Which forwarding mode is used for a WLAN if a RAP needs to decrypt all user traffic and forward it locally?

15. An administrator implements two redundant Aruba Mobility Masters (MMs) . Which protocol should the administrator use to detect a failure in a single subnet?