Which authorization servers are supported by ClearPass? (Choose two.)
Correct Answer: AD
ClearPass supports authorization servers that provide attributes for authentication and policy enforcement. Both Active Directory (AD) and LDAP servers are commonly used for this purpose as they store user attributes that ClearPass can query and use for authorization decisions.
Refer to the exhibit.
Based on the Enforcement Profile configuration shown, which statement accurately describes what is sent?
Correct Answer: B
The Enforcement Profile configuration shows that a message is configured to be sent with the attribute 'Message: Your client is unhealthy'. This suggests that a message will be sent to the OnGuard Agent on the client device indicating the client's health status. The other options either relate to VLAN values, roles sent to Network Access Devices, or RADIUS CoA messages, which are not specified in the exhibit.
Refer to the exhibit.
An AD user's department attribute is configured as "HR". The user connects on Monday using an Android phone to an Aruba Controller that belongs to the Device
Group Remote NAD.
Which roles are assigned to the user in ClearPass? (Choose two.)
Correct Answer: AE
Based on the given conditions, the evaluation algorithm is set to 'Evaluate all', meaning every rule that matches will be applied. The AD user's department is 'HR' (condition 4). They connect on Monday, which does not fall on the weekend, making them eligible for the 'HR Local' role. Additionally, they are connecting using a device in the 'Remote NAD' group (condition 6), which qualifies them for the 'Remote Employee' role. Therefore, the roles assigned to the user in ClearPass are 'Remote Employee' and 'HR Local'.
Refer to the exhibit.
Based on the Enforcement Policy configuration, when a user with Role Engineer connects to the network and the posture token assigned is Unknown, which
Enforcement Profile will be applied?
Correct Answer: D
Based on the Enforcement Policy configuration, if a user with the Role Engineer connects to the network and the posture token assigned is Unknown, none of the specified rules will match because they either check for a specific posture value or a different role. Therefore, the default profile [Deny Access Profile] will be applied as it is the catch-all for any conditions not explicitly covered by the rules.
What does Authorization allow us to do in a Policy Service?
Correct Answer: A
Authorization in a Policy Service allows us to use attributes stored in databases for both role mapping and Enforcement. This means that the system can utilize these attributes to determine roles as well as enforce policies based on those roles.