1Y0-309 Citrix Access Gateway 8.0 Enterprise Edition Test Set 1

Scenario: An administrator configuring Access Gateway 8.0 Enterprise Edition in an environment that consists of a double-hop DMZ deployment, wants connections from Presentation Server clients on the Internet to go through the first firewall in order to connect to the Access Gateway 8.0 Enterprise Edition appliance in the first DMZ. Which port should the administrator enable on the first firewall?


Options are :

  • 443 (Correct)
  • 80
  • 1494
  • 389

Answer : 443

Citrix 1Y0-992 Meta Frame Presentation Server Feature Exam Set 2

An administrator has been instructed to give a specific user in the Finance group, access to Engineering resources. Which level should the administrator assign the policy to when configuring access for this user?


Options are :

  • Group
  • Team
  • Organization
  • User (Correct)

Answer : User

Scenario: An administrator wants users to be able to access back-end resources running on file servers and application servers in an environment. The administrator has Access Gateway 8.0 Enterprise Edition deployed, and the Secure Access client is used to establish VPN tunnels to the corporate network. There are no intranet applications configured in this environment, and split tunneling is turned off. Which two statements are true regarding why users in this environment will be able to access applications on file and application servers? (Choose two.)


Options are :

  • Users will be able to access file and application servers because the back-end resources in this environment have been configured as published applications.
  • Users will be able to access file and application servers as long as they can authenticate through the VPN. (Correct)
  • Users will be able to access file and application servers because the back-end resources have been assigned specific intranet IP addresses.
  • Users will be able to access file and application servers as long as an authorization policy is configured to allow them access to resources on the file and application servers (Correct)

Answer : Users will be able to access file and application servers as long as they can authenticate through the VPN. Users will be able to access file and application servers as long as an authorization policy is configured to allow them access to resources on the file and application servers

The Network Administrator for an enterprise environment was recently fired, so the new administrator wants to reset the system's password. Which command should the administrator use at the command line interface to change the system password?


Options are :

  • set system user
  • set system new user
  • set system user (Correct)
  • set system

Answer : set system user

Citrix 1Y0-350 NetScaler 10 Essentials and Networking Exam Set 3

In a dual-stage DMZ deployment, which protocol and port is used for communication from the Access Gateway in the first DMZ to the Access Gateway in the second DMZ, if the traffic is not secured?


Options are :

  • ICA on port 1494
  • HTTP on port 80
  • SOCKS on port 1080 (Correct)
  • SSL on port 443

Answer : SOCKS on port 1080

A public research university needs to provide remote access to the students in its distance learning program. Which Access Gateway 8.0 Enterprise Edition client should the Network Administrator deploy in order to ensure that every student is able to connect to the environment?


Options are :

  • Presentation Server
  • ActiveX Plug-in
  • Secure Access
  • Java Client (Correct)

Answer : Java Client

Which setting should be enabled on a Web Interface server in order for SmartAccess to work in ICA proxy mode?


Options are :

  • . Gateway Direct (Correct)
  • Translated
  • Alternate
  • Direct

Answer : . Gateway Direct

Citrix 1Y0-351 NetScaler 10.5 Essentials and Networking Exam Set 9

Scenario: A consultant is in charge of a new Access Gateway 8.0 Enterprise Edition deployment at a large customer site. The customer supplied the consultant with the internal Citrix Presentation Server 4.0 IP address of 10.165.30.12 for use when configuring the Access Gateway 8.0 Enterprise Edition appliance. What are two ways in which the Secure Ticket Authority server can be configured on Access Gateway 8.0 Enterprise Edition? (Choose two.)


Options are :

  • Select SSL VPN > Global >Intranet Domains section
  • Select SSL VPN > Global > Secure Ticket Authority Servers section (Correct)
  • Bind the Secure Ticket Authority server to the VPN Virtual Server (Correct)
  • Type add ns ip IP_ADDR -type Secure Ticket Authority

Answer : Select SSL VPN > Global > Secure Ticket Authority Servers section Bind the Secure Ticket Authority server to the VPN Virtual Server

Scenario: A major technology company wants to upgrade their current Access Gateway deployment to ensure that it meets their growing remote access needs as they acquire new companies. Currently, the company is supporting nearly 3,000 concurrent users on their existing SSL VPN. Due to a recently-completed merger, the company expects the concurrent user sessions through Access Gateway to increase by 40% over the next year. Which Access Gateway 8.0 Enterprise Edition appliance platform handles the most concurrent user traffic and would be appropriate for this company?


Options are :

  • 12000 series
  • 2000 series
  • 7000 series
  • 10000 series (Correct)

Answer : 10000 series

When creating the server certificate for an Access Gateway 8.0 Enterprise Edition virtual server in ICA Proxy mode, the Common Name (CN) should match that of the FQDN of the______. (Choose the correct option to complete the sentence.)


Options are :

  • Presentation Server
  • Secure Ticket Authority server
  • Web Interface server
  • VPN virtual server (Correct)

Answer : VPN virtual server

Citrix 1Y0-992 Meta Frame Presentation Server Feature Exam Set 3

An administrator wants to configure an IP address that will be used by the Access Gateway appliance as a source IP address to connect to internal servers on the corporate network. Which IP type must be configured by the administrator?


Options are :

  • Mapped IP (Correct)
  • NetScaler IP
  • Virtual IP
  • Global Server Load Balancing site IP

Answer : Mapped IP

Scenario: A company purchased 800 user licenses for an Access Gateway appliance deployed in their environment. The company has a total of 2,400 users in the environment and the administrator wants to specify the number of users that should be allowed to log in to the environment through the Access Gateway appliance at any time. The administrator could modify the ______ setting in the Configuration Utility in order to specify the number of users that can log into the Access Gateway appliance. (Choose the correct option to complete the sentence.)


Options are :

  • SSL VPN > Users
  • Systems > Connections > Authorization
  • SSL VPN > Global > Authentication (Correct)
  • Systems > Virtual Servers > Policies

Answer : SSL VPN > Global > Authentication

An administrator wants to limit the administrative privileges for new administrators who have been employed with the company for less than six months. What could an administrator do from the Configuration Utility in order to limit these administrators' privileges?


Options are :

  • Configure command policies and permissions (Correct)
  • Disable administrative features within those users' accounts
  • Assign authorization policies
  • Assign session policies

Answer : Configure command policies and permissions

1Y0-201 Managing Citrix XenDesktop 7.6 Solutions Exam Set 6

What are three pieces of information that are required to configure Access Gateway 8.0 Enterprise Edition to authenticate users with LDAP servers? (Choose three.)


Options are :

  • Base DN (Correct)
  • Server DN
  • Bind DN password (Correct)
  • Bind DN (Correct)

Answer : Base DN Bind DN password Bind DN

Scenario: A consultant is in charge of a new Access Gateway 8.0 Enterprise Edition deployment at a large customer site. The customer gave the consultant the following information and IP addresses to use when configuring the Access Gateway 8.0 Enterprise Edition appliance: Internal Citrix Presentation Server 4.0 IP address: 10.165.30.12 Time Zone to be used: Eastern Standard Time (EST) IP addresses to use when configuring the Access Gateway 8.0 Enterprise Edition deployment MIP - 10.165.30.45 NSIP - 10.165.30.60 VIP - 12.15.30.62 DNS Server - 78.35.14.99 If configured correctly, which IP address will the Access Gateway 8.0 Enterprise Edition appliance use as source IP to communicate with the Citrix Presentation Server?


Options are :

  • 10.165.30.45 (Correct)
  • 12.15.30.62
  • 10.165.30.60
  • 78.35.14.99

Answer : 10.165.30.45

An administrator has enabled split tunneling for an environment. What must the administrator do to ensure that the client on user devices intercepts intranet traffic only and routes other traffic directly to the appropriate servers?


Options are :

  • Assign intranet IP addresses to resources going through the VPN
  • Change the routing table on the client devices so that intranet traffic is tunneled to the intranet.
  • Set split tunneling to OFF.
  • Define an intranet application policy. (Correct)

Answer : Define an intranet application policy.

Citrix 1Y0-327 Password Manager 4.5 Administration Test Set 2

Scenario: A consultant is in charge of a new Access Gateway 8.0 Enterprise Edition implementation at a large customer site and must address the following security requirements: Requirements: 1)If APP1.EXE is running on the local machine, do not allow access to the VPN authentication page 2)If APP2.EXE is running on the local machine, allow access to the VPN authentication page after CMD.EXE is closed 3)If APP3.EXE is not found on the local machine, allow access to the VPN authentication page Which policy type must be used to configure these security requirements?


Options are :

  • Traffic
  • Authorization
  • Pre-Authentication (Correct)
  • Authentication

Answer : Pre-Authentication

Scenario: There are six administrators in an Access Gateway 8.0 Enterprise Edition environment.Some of them need full system privileges as the nsroot user. A few of them need limited privileges based on their daily duties. The Senior Administrator for the environment wants to give two of the Junior Administrators "allow read only access" to all show commands except for the system command group and the ns.conf show commands. The Senior Administrator also wants to allow the Junior Administrators access to enable and disable commands on services. Which built-in command policy or administrative privileges should the Senior Administrator assign to the two Junior Administrators?


Options are :

  • Read-Only
  • Operator (Correct)
  • Superuser
  • Network

Answer : Operator

An administrator created a new VPN virtual server without binding any session policies to it. What is the default authorization action for users logging in to this VPN virtual server?


Options are :

  • ALLOW. This is the default behavior. (Correct)
  • DENY. No session policy is bound to the virtual server.
  • ALLOW. No session policy is bound to the virtual server.
  • DENY. This is the default behavior.

Answer : ALLOW. This is the default behavior.

Citrix 1Y0-350 NetScaler 10 Essentials and Networking Exam Set 1

An administrator needs to transparently intercept all TCP, NetBIOS, UDP and HTTP traffics destined for the company's private network in order to make remote access stricter without limiting its use. Which mechanism must the administrator use to allow for stricter remote access?


Options are :

  • Presentation Server Client
  • JavaScript
  • Java Client
  • ActiveX Plug-in (Correct)

Answer : ActiveX Plug-in

Scenario: A company is upgrading its current access infrastructure. The Network Administrator has been instructed to configure Access Gateway 8.0 Enterprise Edition to replace Secure Gateway in the environment, so that authentication is disabled on the Access Gateway appliance, and Web Interface is configured in Direct Mode with authentication responsibilities. Which two settings should the administrator configure in order to meet these requirements? (Choose two.)


Options are :

  • Set the FQDN of the Web Interface site as the FQDN of the Access Gateway appliance.
  • Enable authentication on the Secure Ticket Authority.
  • Enable ICA proxy on the Access Gateway appliance. (Correct)
  • Set the Web Interface site as the Access Gateway home page. (Correct)

Answer : Enable ICA proxy on the Access Gateway appliance. Set the Web Interface site as the Access Gateway home page.

Which three ways can an administrator configure or obtain an SSL certificate and key? (Choose three.)


Options are :

  • From a Secure Ticket Authority
  • By generating a new SSL certificate and key on the Access Gateway appliance (Correct)
  • From an authorized Certificate Authority (Correct)
  • By using an existing SSL certificate and key (Correct)

Answer : By generating a new SSL certificate and key on the Access Gateway appliance From an authorized Certificate Authority By using an existing SSL certificate and key

1Y0-253 Citrix NetScaler 10.5 for App Desktop Solutions Exam Set 3

Which three statements are true about the Access Gateway 8.0 Enterprise Edition appliance auditing functionality? (Choose three.)


Options are :

  • Audit logs can be sent to external audit servers using audit policies configured at the user, group, virtual server and global levels (Correct)
  • The last 256 audit logs can be viewed by an administrator using the Configuration Utility or a command line interface (Correct)
  • By default, the audit logs are created on the Access Gateway 8.0 Enterprise Edition appliance in the /VAR/LOG/NS.LOG file (Correct)
  • The last 512 audit logs can be viewed by an administrator using the Configuration Utility or a command line interface

Answer : Audit logs can be sent to external audit servers using audit policies configured at the user, group, virtual server and global levels The last 256 audit logs can be viewed by an administrator using the Configuration Utility or a command line interface By default, the audit logs are created on the Access Gateway 8.0 Enterprise Edition appliance in the /VAR/LOG/NS.LOG file

Scenario: Currently an administrator is using an administration audit policy that has been configured to display more information in the audit log. The IT Manager has requested that the administrator modifies the audit policy to just display potential issues that may result in an error or critical error. Which option(s) must the administrator check in the audit policy to meet this new requirement?


Options are :

  • Emergency, Alert, Critical, Error and Warning (Correct)
  • Alert, Critical and Notice
  • Warning
  • Notice and Warning

Answer : Emergency, Alert, Critical, Error and Warning

Which two parameters must be configured within the Access Gateway 8.0 Enterprise Edition Global Authentication RADIUS settings or RADIUS Authentication Server settings in order to extract groups from a RADIUS server? (Choose two.)


Options are :

  • RADIUS Group Vendor ID (Correct)
  • Search Filter
  • Login Name
  • Group Attribute Type (Correct)

Answer : RADIUS Group Vendor ID Group Attribute Type

Citrix 1Y0-731 Netscaler 8.0 Administration Practice Exam Set 3

An administrator configures a traffic policy with the following expression: REQ.HTTP.URL CONTAINS sapcip06 What will the traffic policy do when in use?


Options are :

  • Block HTTP requests that contain sapcip06 in the URL.
  • Apply traffic profile attributes to the HTTP requests that contain sapcip06 in the URL. (Correct)
  • Filter the HTTP requests that contain sapcip06 in the URL.
  • Block HTTP traffic that contains sapcip06 in the HTTP response

Answer : Apply traffic profile attributes to the HTTP requests that contain sapcip06 in the URL.

Citrix 1Y0-731 Netscaler 8.0 Administration Practice Exam Set 1

The Policy Precedence Model for Access Gateway 8.0 Enterprise Edition is the priority level in which multiple ________________ are evaluated and enforced. (Complete the sentence with the correct phrase.)


Options are :

  • policies of different types
  • policies of the same type (Correct)
  • profiles of different types
  • profiles of the same type

Answer : policies of the same type

An administrator can assign intranet IP addresses per ______, ______ & _______. (Choose the three options that correctly complete the sentence.)


Options are :

  • AAA Group (Correct)
  • AAA User (Correct)
  • Client Subnet
  • VPN Virtual Server (Correct)

Answer : AAA Group AAA User VPN Virtual Server

The following configuration is set on an Access Gateway 8.0 Enterprise Edition appliance: By default access to all the internal resources is allowed Session profile "SesProf1" has client security check for Symantec AntiVirus running and is configured with quarantine group "Quar" group "Quar" has intranet IPs bound to 10.217.2.1, 10.217.2.2 subnet ?group "Quar" has an authorization policy that allows access to resource "Res1" Session policy "SesPol1" is configured to use "SesProf1" "SesPol1" is bound to VPN virtual server UserA has Symantec Anti-virus running on his laptop and he tries to log into the VPN virtual server. UserB does not have Symantec Anti-virus running on her laptop, but she still tries to log into the VPN virtual server. What will be the expected behavior for each of these users?


Options are :

  • UserA and UserB will be able to successfully log into the VPN, and they will get assigned intranet IPs from the "Quar" group, and they will have access to only "Res1".
  • UserA will be able to successfully log into the VPN, and he will have access to all the internal resources. UserB will also be able to log into the VPN successfully, but she will fall into the "Quar" group and have access to "Res1" only (Correct)
  • UserB will log in successfully through the VPN, and she will have full access to all the internal resources; however, UserA will fail the login.
  • UserA will log in successfully through the VPN, and he will have full access to all the internal resources; however, UserB will fail the login.

Answer : UserA will be able to successfully log into the VPN, and he will have access to all the internal resources. UserB will also be able to log into the VPN successfully, but she will fall into the "Quar" group and have access to "Res1" only

An administrator already has an Access Gateway 8.0 Enterprise Edition appliance and wants to add a second appliance in a High Availability (HA) pair. Which three configurations must the administrator perform to set up the HA pair successfully? (Choose three.)


Options are :

  • Configure the same NetScaler IP on both appliances in the HA pair.
  • Add the first appliance as an HA node on the second appliance. (Correct)
  • Configure the same mapped IP on both appliances in the HA pair. (Correct)
  • Add the second appliance as an HA node on the first appliance. (Correct)

Answer : Add the first appliance as an HA node on the second appliance. Configure the same mapped IP on both appliances in the HA pair. Add the second appliance as an HA node on the first appliance.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions