1Y0-309 Citrix Access Gateway 8.0 Enterprise Edition Set 3

When configuring SmartAccess for Access Gateway 8.0 Enterprise Edition, an administrator must configure a session policy that specifies the domain for the ______ server. (Choose the correct option to complete the sentence.)


Options are :

  • Web Interface
  • Active Directory LDAP
  • Access Gateway 8.0 Enterprise Edition
  • Secure Gateway

Answer : Web Interface

Will the client cleanup feature clean any data before the SSL VPN session begins?


Options are :

  • Yes. Client cleanup cleans up data regularly during the SSL VPN session.
  • No. Client cleanup will not clean up any data before the SSL VPN session begins
  • No. Client cleanup will not delete any Internet Explorer temporary files.
  • Yes. Access Gateway 8.0 Enterprise Edition kills existing connections, so all data will be lost.

Answer : No. Client cleanup will not clean up any data before the SSL VPN session begins

1Y0-309 Citrix Access Gateway 8.0 Enterprise Edition Set 4

Which pre-authentication expression must be used if an administrator needs to indicate that Trend Micro version 11.25 or Symantec version 7.5 is running and McAfee version 8.0 is not running?


Options are :

  • av_5_TrendMicro_11_25 && av_5_Symantec_7_5 || CLIENT.APPLICATION.AV(McAfee).VERSION != 8.0
  • av_5_TrendMicro_11_25 || av_5_Symantec_7_5 && CLIENT.APPLICATION.AV(McAfee).VERSION != 8.0
  • (av_5_TrendMicro_11_25 && av_5_Symantec_7_5) || CLIENT.APPLICATION.AV(McAfee).VERSION != 8.0
  • (av_5_TrendMicro_11_25 || av_5_Symantec_7_5) && CLIENT.APPLICATION.AV(McAfee).VERSION != 8.0

Answer : (av_5_TrendMicro_11_25 || av_5_Symantec_7_5) && CLIENT.APPLICATION.AV(McAfee).VERSION != 8.0

The following configuration is set on an Access Gateway 8.0 Enterprise Edition appliance: By default access to all the internal resources is allowed Session profile "SesProf1" has client security check for Symantec AntiVirus running and is configured with quarantine group "Quar" group "Quar" has intranet IPs bound to 10.217.2.1, 10.217.2.2 subnet ?group "Quar" has an authorization policy that allows access to resource "Res1" Session policy "SesPol1" is configured to use "SesProf1" "SesPol1" is bound to VPN virtual server UserA has Symantec Anti-virus running on his laptop and he tries to log into the VPN virtual server. UserB does not have Symantec Anti-virus running on her laptop, but she still tries to log into the VPN virtual server. What will be the expected behavior for each of these users?


Options are :

  • UserA will log in successfully through the VPN, and he will have full access to all the internal resources; however, UserB will fail the login.
  • UserB will log in successfully through the VPN, and she will have full access to all the internal resources; however, UserA will fail the login.
  • UserA and UserB will be able to successfully log into the VPN, and they will get assigned intranet IPs from the "Quar" group, and they will have access to only "Res1".
  • UserA will be able to successfully log into the VPN, and he will have access to all the internal resources. UserB will also be able to log into the VPN successfully, but she will fall into the "Quar" group and have access to "Res1" only

Answer : UserA will be able to successfully log into the VPN, and he will have access to all the internal resources. UserB will also be able to log into the VPN successfully, but she will fall into the "Quar" group and have access to "Res1" only

Which three Internet Explorer settings could a user configure to use the Access Gateway Enterprise Edition ActiveX client? (Choose three.)


Options are :

  • Set "Download signed ActiveX controls" to Prompt or Enable
  • Set "Run ActiveX controls and plug-ins" to Prompt or Enable
  • Enable "Automatic prompting for ActiveX controls"
  • Enable "Automatic prompting for file downloads"

Answer : Set "Download signed ActiveX controls" to Prompt or Enable Set "Run ActiveX controls and plug-ins" to Prompt or Enable Enable "Automatic prompting for ActiveX controls"

1Y0-200 Managing Citrix XenDesktop 7 Solutions Exam Set 1

Can users change their password through the portal page?


Options are :

  • Yes, users can change their passwords, but they can only do so when they are prompted due to password expiration
  • No, users cannot change their passwords because there is no option to change a password from the portal page.
  • No, users cannot change their passwords. However, they can still log in through the portal page even when their password is expired.
  • Yes, users can change their passwords through the portal page.

Answer : Yes, users can change their passwords, but they can only do so when they are prompted due to password expiration

Scenario: A consultant is in charge of a new Access Gateway 8.0 Enterprise Edition implementation at a large customer site and must address the following security requirements: Requirements: 1)If APP1.EXE is running on the local machine, do not allow access to the VPN authentication page 2)If APP2.EXE is running on the local machine, allow access to the VPN authentication page after CMD.EXE is closed 3)If APP3.EXE is not found on the local machine, allow access to the VPN authentication page Which policy type must be used to configure these security requirements?


Options are :

  • Authentication
  • Authorization
  • Pre-Authentication
  • Traffic

Answer : Pre-Authentication

When replacing an existing Secure Gateway environment with an Access Gateway appliance, which step enables users to authenticate using the Web Interface logon page instead of the Access Gateway logon page?


Options are :

  • Disable authentication on the SSL VPN Virtual Server and place Web Interface on the LAN.
  • Enable authentication on the SSL VPN Virtual Server and place Web Interface in the DMZ.
  • Disable authentication on the SSL VPN Virtual Server and place Web Interface on the DMZ.
  • Enable authentication on the SSL VPN Virtual Server and place Web Interface on the LAN.

Answer : Disable authentication on the SSL VPN Virtual Server and place Web Interface on the DMZ.

1Y0-200 Managing Citrix XenDesktop 7 Solutions Exam Set 2

When configuring a Web Interface site for SmartAccess, which URL is a valid entry in the Advanced Access Control Service URL field?


Options are :

  • https://access.company.com/CitrixAuthService/AuthService.asmx
  • https://172.16.20.209/CitrixAuthService/AuthService.asmx
  • https://access.company.com/AuthenticationService/AuthenticationService
  • http://access.company.com/

Answer : https://access.company.com/CitrixAuthService/AuthService.asmx

Which option in the Configuration Utility allows an administrator to limit the number of users who can log in to an Access Gateway 8.0 Enterprise Edition environment?


Options are :

  • Select SSL VPN > Virtual Servers, Maximum Users
  • Select Systems > Connections > Authentication settings, Maximum number of users
  • Select SSL VPN > Global > Authentication settings, Maximum number of users
  • Select Systems > Virtual Servers > Policies, Maximum Users

Answer : Select SSL VPN > Global > Authentication settings, Maximum number of users

1Y0-200 Managing Citrix XenDesktop 7 Solutions Exam Set 3

Scenario: An administrator configuring authorization rules wants to simplify the process by leveraging Access Gateway 8.0 Enterprise Edition. The administrator wants to extract groups to which a user belongs to, as part of the authentication process from the external authentication servers in the environment. Which two external authentication servers can be leveraged when configuring authorization for users in an Access Gateway 8.0 Enterprise Edition deployment? (Choose two.)


Options are :

  • LDAP
  • NT4
  • RADIUS
  • TACACS

Answer : LDAP RADIUS

An administrator is configuring remote access to applications through the VPN for specific users. All of the applications require a unique source IP address to access back-end resources. Which type of IP address should the administrator assign to these applications in order to ensure that they are accessible to the users?


Options are :

  • MIP
  • SNIP
  • Intranet
  • NSIP

Answer : Intranet

Which Access Gateway 8.0 Enterprise Edition policy would an administrator use to configure split tunneling?


Options are :

  • Authentication
  • Session
  • Traffic
  • Authorization

Answer : Session

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Exam Set 1

Scenario: Currently an administrator is using an administration audit policy that has been configured to display more information in the audit log. The IT Manager has requested that the administrator modifies the audit policy to just display potential issues that may result in an error or critical error. Which option(s) must the administrator check in the audit policy to meet this new requirement?


Options are :

  • Emergency, Alert, Critical, Error and Warning
  • Warning
  • Notice and Warning
  • Alert, Critical and Notice

Answer : Emergency, Alert, Critical, Error and Warning

When creating the server certificate for an Access Gateway 8.0 Enterprise Edition virtual server in ICA Proxy mode, the Common Name (CN) should match that of the FQDN of the______. (Choose the correct option to complete the sentence.)


Options are :

  • Web Interface server
  • Presentation Server
  • Secure Ticket Authority server
  • VPN virtual server

Answer : VPN virtual server

Which policy must an administrator configure to ensure that every user device has personal firewall software installed and running before they connect to the network?


Options are :

  • Session
  • Authentication
  • Authorization
  • Traffic

Answer : Session

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Exam Set 2

Which command should an administrator use when setting up the network configurations on an individual appliance that will be used in a HA pair?


Options are :

  • config ns
  • config BSD
  • config t
  • config ag

Answer : config ns

Scenario: A company currently has Secure Gateway in its environment. The company has been undergoing major expansions, and the number of employees has grown by 60% over the past three years. Recently, the company acquired a new company and is planning on integrating that company into its environment. Because of the growing number of employees, more servers and rack space are being consumed to support the growing user traffic. Which Access Gateway 8.0 Enterprise Edition deployment type would meet the needs of this environment?


Options are :

  • Access Gateway in VPN mode
  • Access Gateway in Web Interface mode
  • Access Gateway in Secure Gateway mode
  • Access Gateway in Presentation Server mode

Answer : Access Gateway in Secure Gateway mode

When accessing an intranet site through Access Gateway 8.0 Enterprise Edition, which mechanism will load with a list of pre-configured resource IP addresses and port numbers?


Options are :

  • Java Client
  • Presentation Server Client
  • JavaScript
  • ActiveX Plug-in

Answer : Java Client

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Exam Set 3

Which feature or option must be configured when split tunneling is set to "ON"? A.Bookmark B.Intranet application C.Authorization policy D.Authentication policy Which feature or option must be configured when split tunneling is set to "ON"?


Options are :

  • Intranet application
  • Bookmark
  • Authorization policy
  • Authentication policy

Answer : Intranet application

Scenario: A consultant is in charge of a new Access Gateway 8.0 Enterprise Edition deployment at a large customer site. The customer gave the consultant the following information and IP addresses to use when configuring the Access Gateway 8.0 Enterprise Edition appliance: Internal Citrix Presentation Server 4.0 IP address: 192.168.100.12 Time Zone to be used: Eastern Standard Time (EST) IP addresses to use when configuring the Access Gateway 8.0 Enterprise Edition deployment NSIP: 10.165.30.45 MIP: 10.165.30.60 VIP: 12.15.30.62 Which two configuration options could be configured on the Access Gateway 8.0 Enterprise Edition appliance in order to communicate with the Citrix Presentation Server? (Choose two.)


Options are :

  • Virtual Server in the 192.168.100.x subnet
  • Static Route to the 192.168.100.x subnet
  • Intranet IP in the 192.168.100.x subnet
  • Subnet IP in the 192.168.100.x subnet

Answer : Static Route to the 192.168.100.x subnet Subnet IP in the 192.168.100.x subnet

An administrator needs to configure Access Gateway 8.0 Enterprise Edition to send the Access Gateway IP address to the RADIUS server as part of the RADIUS protocol. Which RADIUS parameter should the administrator configure on the Access Gateway 8.0 Enterprise Edition appliance to meet this requirement?


Options are :

  • Network Access Server (NAS) Identifier
  • Server Loop Back IP Address
  • Network Access Server (NAS) IP Address
  • Server Identifier

Answer : Network Access Server (NAS) IP Address

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Exam Set 4

Scenario: An administrator wants users to be able to access back-end resources running on file servers and application servers in an environment. The administrator has Access Gateway 8.0 Enterprise Edition deployed, and the Secure Access client is used to establish VPN tunnels to the corporate network. There are no intranet applications configured in this environment, and split tunneling is turned off. Which two statements are true regarding why users in this environment will be able to access applications on file and application servers? (Choose two.)


Options are :

  • Users will be able to access file and application servers because the back-end resources have been assigned specific intranet IP addresses.
  • Users will be able to access file and application servers because the back-end resources in this environment have been configured as published applications.
  • Users will be able to access file and application servers as long as an authorization policy is configured to allow them access to resources on the file and application servers.
  • Users will be able to access file and application servers as long as they can authenticate through the VPN.

Answer : Users will be able to access file and application servers as long as an authorization policy is configured to allow them access to resources on the file and application servers. Users will be able to access file and application servers as long as they can authenticate through the VPN.

Which three pieces of information are logged by the Access Gateway 8.0 Enterprise Edition appliance in its audit logs? (Choose three.)


Options are :

  • Individual user's Login/Logout, Group membership and Authentication failure log records
  • Individual user's ICMP flow statistics and Authorization failure log records
  • Individual group's Login/Logout statistics and Authentication failure log records
  • Individual user's HTTP request, TCP connection and UDP flow statistics
  • System status events (for example: device up/down) and Configuration events log records

Answer : Individual user's Login/Logout, Group membership and Authentication failure log records Individual user's HTTP request, TCP connection and UDP flow statistics System status events (for example: device up/down) and Configuration events log records

Scenario: An administrator needs to configure Access Gateway in order to replace the current Secure Gateway implementation in an environment. The administrator decides to configure the initial IP settings through a command line interface. Which command should the administrator use to configure the mapped IP address for this environment?


Options are :

  • add ns ip -type snip
  • add ns ip -type ip
  • add ns ip -type mip
  • add ns ip -type nsip

Answer : add ns ip -type mip

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Test Set 1

Scenario: A Network Administrator needs to configure access to published resources in a farm for Presentation Server, through Access Gateway. The administrator has been instructed to implement Access Gateway as a replacement for the current Secure Gateway deployment without SmartAccess. Which three settings does the administrator need to implement to meet these requirements? (Choose three.)


Options are :

  • Configure the Secure Ticket Authority server
  • Set the Access Gateway home page to the Web Interface URL
  • Set NT Domain
  • Set ICA Proxy to ON

Answer : Configure the Secure Ticket Authority server Set the Access Gateway home page to the Web Interface URL Set ICA Proxy to ON

Scenario: A consultant is in charge of a new Access Gateway 8.0 Enterprise Edition deployment at a large customer site. The customer requires that the time zone on the appliance be set to Eastern Standard Time (EST). Which statement is true about the time zone on the Access Gateway 8.0 Enterprise Edition appliance?


Options are :

  • The time zone setting on the appliance can be changed using the nsconfig utility.
  • The time zone configured on the appliance is inherited automatically by any policies set on the appliance
  • The time zone of the appliance must match the time zone of the Web Interface server, if the virtual server is in ICA Proxy mode.
  • The time zone setting updates automatically

Answer : The time zone setting on the appliance can be changed using the nsconfig utility.

Scenario: Dual authentication is configured on the Access Gateway 8.0 Enterprise Edition appliance. The appropriate group extraction configuration is configured on both the primary and secondary authentication servers, and a VPN user named "jdoe" exists on both authentication servers. How will groups be extracted for VPN user "jdoe"?


Options are :

  • Only the groups from the primary authentication server will be extracted and matched to the group names configured on the secondary authentication server.
  • Only the groups in the secondary authentication server will be extracted and matched to the group names configured on the primary authentication server.
  • The applicable groups from both the primary and secondary authentication servers will be extracted and matched to the group names configured on the appliance.
  • The groups to be extracted will be chosen by the administrator.

Answer : The applicable groups from both the primary and secondary authentication servers will be extracted and matched to the group names configured on the appliance.

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Test Set 2

An administrator created a new VPN virtual server without binding any session policies to it. What is the default authorization action for users logging in to this VPN virtual server?


Options are :

  • DENY. This is the default behavior.
  • DENY. No session policy is bound to the virtual server.
  • ALLOW. This is the default behavior.
  • ALLOW. No session policy is bound to the virtual server.

Answer : ALLOW. This is the default behavior.

Scenario: There are six administrators in an Access Gateway 8.0 Enterprise Edition environment. Some of them need full system privileges as the nsroot user. A few of them need limited privileges based on their daily duties. The Senior Administrator for the environment wants to give two of the Junior Administrators "allow read only access" to all show commands except for the system command group and the ns.conf show commands. The Senior Administrator also wants to allow the Junior Administrators access to enable and disable commands on services. Which built-in command policy or administrative privileges should the Senior Administrator assign to the two Junior Administrators?


Options are :

  • Operator
  • Read-Only
  • Network
  • Superuser

Answer : Operator

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Test Set 3

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions