HPE Aruba Certified Network Security Expert (ACNSX) — Question 100

A company has recently purchased a ClearPass AAA solution. Their network consists of AOS-CX switches at the access layer. The company is implementing a rollout of IoT devices for smart building management to control the lighting and HVAC systems. The network administrator is concerned about allowing secure access to these devices since they only support MAC-Auth.
Which ClearPass feature should the administrator leverage to help determine that MAC address spoofing is not occurring for this group of devices?

Answer options

• A. User-based tunneling
• B. Device fingerprinting
• C. RADIUS change of authorization
• D. Downloadable user roles

Correct answer: B

Explanation

The correct answer is B, Device fingerprinting, as it helps identify devices based on their characteristics, making it easier to detect spoofing attempts. The other options do not specifically address the challenge of validating the authenticity of devices based solely on their MAC addresses.