1Y0-309 Citrix Access Gateway 8.0 Enterprise Edition Test Set 3

Scenario: A company recently acquired two other companies. Users from these two companies have been using different forms of Access Gateway authentication. An administrator in the environment of the parent company has been instructed to reconfigure the parent company's Access Gateway infrastructure such that all the users in the environment can have the opportunity to authenticate to the same virtual server using different forms of authentication. If the users from the newly acquired companies are using RADIUS and TACACS authentications, which Access Gateway 8.0 Enterprise Edition authentication would allow these users to authenticate to the RADIUS server first, and if the server does not respond, then to the TACACS server?


Options are :

  • Local
  • Double-source
  • Cascading (Correct)
  • Inherited

Answer : Cascading

Citrix 1Y0-731 Netscaler 8.0 Administration Practice Exam Set 1

An administrator can assign intranet IP addresses per ______, ______ and _______. (Choose the three options that correctly complete the sentence.)


Options are :

  • AAA User (Correct)
  • AAA Group (Correct)
  • VPN Virtual Server (Correct)
  • Client Subnet

Answer : AAA User AAA Group VPN Virtual Server

An IT organization has a client certificate configured. The administrator did not enable the cleanup client certificate option. The administrator decided not to prompt a user with the Windows cleanup dialog box. Will the cleanup client certificate be installed in Internet Explorer after logout?


Options are :

  • Yes, client cleanup code will do it.
  • Yes, Windows Client cleanup does the cleanup work even though it is not configured.
  • No, the SSL client certificate needs manual cleanup. (Correct)
  • Yes, the user has a chance to click on client cleanup windows to cleanup the client certificate.

Answer : No, the SSL client certificate needs manual cleanup.

The Policy Precedence Model for Access Gateway 8.0 Enterprise Edition evaluates which type(s) of policy priorities?


Options are :

  • Pre-authentication types only
  • Authentication and authorization types
  • Same type (Correct)
  • Different types

Answer : Same type

Citrix 1Y0-351 NetScaler 10.5 Essentials and Networking Exam Set 2

When configuring an intranet application in proxy mode, which protocol must the administrator select?


Options are :

  • FTP
  • TCP (Correct)
  • HTTP
  • UDP

Answer : TCP

What is responsible for performing the client side decompression for HTTP/Web response compression for the Access Gateway 8.0 Enterprise Edition appliance?


Options are :

  • Web browser (Correct)
  • Java Client
  • JavaScript
  • Presentation Server client

Answer : Web browser

Scenario: An administrator has created a few personal folder files (*.PST) on the system when accessing Outlook over the VPN session. The administrator wants to delete these *.PST files created after logging out of the VPN session. How must the administrator configure client side cleanup to meet the above requirements?


Options are :

  • Configure it to clean up application data. (Correct)
  • Configure it to clean up cookies.
  • Configure it to clean up the address bar.
  • Configure it to clean up temporary files.

Answer : Configure it to clean up application data.

Citrix 1Y0-731 Netscaler 8.0 Administration Practice Test Set 1

Can users change their password through the portal page?


Options are :

  • Yes, users can change their passwords, but they can only do so when they are prompted due to password expiration (Correct)
  • No, users cannot change their passwords because there is no option to change a password from the portal page.
  • No, users cannot change their passwords. However, they can still log in through the portal page even when their password is expired.
  • Yes, users can change their passwords through the portal page.

Answer : Yes, users can change their passwords, but they can only do so when they are prompted due to password expiration

Will the client cleanup feature clean any data before the SSL VPN session begins?


Options are :

  • No. Client cleanup will not delete any Internet Explorer temporary files.
  • Yes. Access Gateway 8.0 Enterprise Edition kills existing connections, so all data will be lost.
  • Yes. Client cleanup cleans up data regularly during the SSL VPN session.
  • No. Client cleanup will not clean up any data before the SSL VPN session begins (Correct)

Answer : No. Client cleanup will not clean up any data before the SSL VPN session begins

An administrator configures a traffic policy with the following expression: REQ.HTTP.URL CONTAINS sapcip06 What will the traffic policy do when in use?


Options are :

  • Block HTTP traffic that contains sapcip06 in the HTTP response
  • Filter the HTTP requests that contain sapcip06 in the URL.
  • Block HTTP requests that contain sapcip06 in the URL.
  • Apply traffic profile attributes to the HTTP requests that contain sapcip06 in the URL. (Correct)

Answer : Apply traffic profile attributes to the HTTP requests that contain sapcip06 in the URL.

Citrix 1Y0-731 Netscaler 8.0 Administration Practice Test Set 3

Which three ways can an administrator configure or obtain an SSL certificate and key? (Choose three.)


Options are :

  • From an authorized Certificate Authority (Correct)
  • By generating a new SSL certificate and key on the Access Gateway appliance (Correct)
  • By using an existing SSL certificate and key (Correct)
  • From a Secure Ticket Authority

Answer : From an authorized Certificate Authority By generating a new SSL certificate and key on the Access Gateway appliance By using an existing SSL certificate and key

Which setting should be enabled on a Web Interface server in order for SmartAccess to work in ICA proxy mode?


Options are :

  • Alternate
  • Direct
  • Translated
  • . Gateway Direct (Correct)

Answer : . Gateway Direct

An administrator wants to limit the administrative privileges for new administrators who have been employed with the company for less than six months. What could an administrator do from the Configuration Utility in order to limit these administrators' privileges?


Options are :

  • Assign session policies
  • Configure command policies and permissions (Correct)
  • Disable administrative features within those users' accounts
  • Assign authorization policies

Answer : Configure command policies and permissions

Citrix 1Y0-351 NetScaler 10.5 Essentials and Networking Exam Set 4

What are three pieces of information that are required to configure Access Gateway 8.0 Enterprise Edition to authenticate users with LDAP servers? (Choose three.)


Options are :

  • Server DN
  • Base DN (Correct)
  • Bind DN password (Correct)
  • Bind DN (Correct)

Answer : Base DN Bind DN password Bind DN

Scenario: A consultant is in charge of a new Access Gateway 8.0 Enterprise Edition deployment at a large customer site. The customer supplied the consultant with the internal Citrix Presentation Server 4.0 IP address of 10.165.30.12 for use when configuring the Access Gateway 8.0 Enterprise Edition appliance. What are two ways in which the Secure Ticket Authority server can be configured on Access Gateway 8.0 Enterprise Edition? (Choose two.)


Options are :

  • Type add ns ip IP_ADDR -type Secure Ticket Authority
  • Select SSL VPN > Global >Intranet Domains section
  • Bind the Secure Ticket Authority server to the VPN Virtual Server (Correct)
  • Select SSL VPN > Global > Secure Ticket Authority Servers section (Correct)

Answer : Bind the Secure Ticket Authority server to the VPN Virtual Server Select SSL VPN > Global > Secure Ticket Authority Servers section

An administrator wants to configure an IP address that will be used by the Access Gateway appliance as a source IP address to connect to internal servers on the corporate network. Which IP type must be configured by the administrator?


Options are :

  • Virtual IP
  • Global Server Load Balancing site IP
  • NetScaler IP
  • Mapped IP (Correct)

Answer : Mapped IP

Citrix 1Y0-992 Meta Frame Presentation Server Feature Exam Set 2

Scenario: A company purchased 800 user licenses for an Access Gateway appliance deployed in their environment. The company has a total of 2,400 users in the environment and the administrator wants to specify the number of users that should be allowed to log in to the environment through the Access Gateway appliance at any time. The administrator could modify the ______ setting in the Configuration Utility in order to specify the number of users that can log into the Access Gateway appliance. (Choose the correct option to complete the sentence.)


Options are :

  • Systems > Virtual Servers > Policies
  • SSL VPN > Global > Authentication (Correct)
  • Systems > Connections > Authorization
  • SSL VPN > Users

Answer : SSL VPN > Global > Authentication

An administrator needs to transparently intercept all TCP, NetBIOS, UDP and HTTP traffics destined for the company's private network in order to make remote access stricter without limiting its use. Which mechanism must the administrator use to allow for stricter remote access?


Options are :

  • Presentation Server Client
  • JavaScript
  • Java Client
  • ActiveX Plug-in (Correct)

Answer : ActiveX Plug-in

In a dual-stage DMZ deployment, which protocol and port is used for communication from the Access Gateway in the first DMZ to the Access Gateway in the second DMZ, if the traffic is not secured?


Options are :

  • ICA on port 1494
  • SSL on port 443
  • SOCKS on port 1080 (Correct)
  • HTTP on port 80

Answer : SOCKS on port 1080

Citrix 1Y0-327 Password Manager 4.5 Administration Test Set 1

An administrator has enabled split tunneling for an environment. What must the administrator do to ensure that the client on user devices intercepts intranet traffic only and routes other traffic directly to the appropriate servers?


Options are :

  • Set split tunneling to OFF.
  • Assign intranet IP addresses to resources going through the VPN
  • Change the routing table on the client devices so that intranet traffic is tunneled to the intranet.
  • Define an intranet application policy. (Correct)

Answer : Define an intranet application policy.

The Network Administrator for an enterprise environment was recently fired, so the new administrator wants to reset the system's password. Which command should the administrator use at the command line interface to change the system password?


Options are :

  • set system
  • set system user (Correct)
  • set system user
  • set system new user

Answer : set system user

Which three statements are true about the Access Gateway 8.0 Enterprise Edition appliance auditing functionality? (Choose three.)


Options are :

  • The last 512 audit logs can be viewed by an administrator using the Configuration Utility or a command line interface
  • By default, the audit logs are created on the Access Gateway 8.0 Enterprise Edition appliance in the /VAR/LOG/NS.LOG file (Correct)
  • Audit logs can be sent to external audit servers using audit policies configured at the user, group, virtual server and global levels (Correct)
  • The last 256 audit logs can be viewed by an administrator using the Configuration Utility or a command line interface (Correct)

Answer : By default, the audit logs are created on the Access Gateway 8.0 Enterprise Edition appliance in the /VAR/LOG/NS.LOG file Audit logs can be sent to external audit servers using audit policies configured at the user, group, virtual server and global levels The last 256 audit logs can be viewed by an administrator using the Configuration Utility or a command line interface

1Y0-264 Citrix Presentation Server 4.5 Support Practice Exam Set 5

Scenario: A consultant is in charge of a new Access Gateway 8.0 Enterprise Edition deployment at a large customer site. The customer gave the consultant the following information and IP addresses to use when configuring the Access Gateway 8.0 Enterprise Edition appliance: Internal Citrix Presentation Server 4.0 IP address: 10.165.30.12 Time Zone to be used: Eastern Standard Time (EST) IP addresses to use when configuring the Access Gateway 8.0 Enterprise Edition deployment MIP - 10.165.30.45 NSIP - 10.165.30.60 VIP - 12.15.30.62 DNS Server - 78.35.14.99 If configured correctly, which IP address will the Access Gateway 8.0 Enterprise Edition appliance use as source IP to communicate with the Citrix Presentation Server?


Options are :

  • 10.165.30.45 (Correct)
  • 12.15.30.62
  • 78.35.14.99
  • 10.165.30.60

Answer : 10.165.30.45

Scenario: An administrator configuring Access Gateway 8.0 Enterprise Edition in an environment that consists of a double-hop DMZ deployment, wants connections from Presentation Server clients on the Internet to go through the first firewall in order to connect to the Access Gateway 8.0 Enterprise Edition appliance in the first DMZ. Which port should the administrator enable on the first firewall?


Options are :

  • 389
  • 1494
  • 80
  • 443 (Correct)

Answer : 443

An administrator has been instructed to give a specific user in the Finance group, access to Engineering resources. Which level should the administrator assign the policy to when configuring access for this user?


Options are :

  • User (Correct)
  • Group
  • Organization
  • Team

Answer : User

Citrix 1Y0-371 Designing Deploying Managing Citrix Exam Set 2

Which pre-authentication expression must be used if an administrator needs to indicate that Trend Micro version 11.25 or Symantec version 7.5 is running and McAfee version 8.0 is not running?


Options are :

  • (av_5_TrendMicro_11_25 && av_5_Symantec_7_5) || CLIENT.APPLICATION.AV(McAfee).VERSION != 8.0
  • (av_5_TrendMicro_11_25 || av_5_Symantec_7_5) && CLIENT.APPLICATION.AV(McAfee).VERSION != 8.0 (Correct)
  • av_5_TrendMicro_11_25 || av_5_Symantec_7_5 && CLIENT.APPLICATION.AV(McAfee).VERSION != 8.0
  • av_5_TrendMicro_11_25 && av_5_Symantec_7_5 || CLIENT.APPLICATION.AV(McAfee).VERSION != 8.0

Answer : (av_5_TrendMicro_11_25 || av_5_Symantec_7_5) && CLIENT.APPLICATION.AV(McAfee).VERSION != 8.0

1Y0-309 Citrix Access Gateway 8.0 Enterprise Edition Test Set 3

In company A, an administrator needs to map the users' local network drive 'Z:' to one of the intranet shared servers as soon as the users log in to the VPN successfully. What should the administrator configure to meet this requirement?


Options are :

  • An authentication policy that will map the drives
  • A file system authorization policy that will map the drives
  • A login script that will map the drives (Correct)
  • An intranet application that will map the drives

Answer : A login script that will map the drives

An administrator needs to provide users with access to the company's intranet through the VPN, while also providing them with access to printers on their local area network. Which option must the administrator turn on in order to meet this requirement?


Options are :

  • Compression
  • Split Tunneling (Correct)
  • Single Sign-On
  • Transparent Interception

Answer : Split Tunneling

CompanyA runs maintenance on ServerA every Friday between 9:00PM-11:00PM. The Network Administrator would like to deny VPN access to ServerA during this period only. Could Access Gateway 8.0 Enterprise Edition be configured to meet this requirement?


Options are :

  • Access Gateway 8.0 Enterprise Edition can be configured using an Authentication policy based on date and time
  • Access Gateway 8.0 Enterprise Edition can be configured using Authorization policy based on ServerA's IP address.
  • Access Gateway 8.0 Enterprise Edition can be configured using Authorization policies based on date and time. (Correct)
  • Access Gateway 8.0 Enterprise Edition does not support this scenario.

Answer : Access Gateway 8.0 Enterprise Edition can be configured using Authorization policies based on date and time.

1Y0-264 Citrix Presentation Server 4.5 Support Exam Set 5

How can an administrator disable the SSL warning message?


Options are :

  • Select SSL VPN global settings > Client Experience Advanced > General, deselect SSL warning message
  • he SSL warning message cannot be disabled in the Configuration Utility (Correct)
  • Select SSL VPN global settings > Security Settings Advanced > Client Security, enable SSL warning message
  • Select SSL VPN global settings > Client Experience Advanced > Client Options, deselect SSL warning message

Answer : he SSL warning message cannot be disabled in the Configuration Utility

What must an administrator configure on an Access Gateway 8.0 Enterprise Edition appliance to allow intranet applications to initiate connections successfully back to VPN users?


Options are :

  • Direct IP
  • Subnet IP
  • Mapped IP
  • Intranet IP (Correct)

Answer : Intranet IP

Under which two conditions does the Secure Access Client commit hara-kiri and download a new version of itself? (Choose two.)


Options are :

  • When it connects to an Access Gateway appliance that has the same version and if the administrator has configured a forced refresh timeout.
  • When it connects to an Access Gateway appliance that has a version that is greater than the client. (Correct)
  • When it connects to an Access Gateway appliance that has a version that is less than the client. (Correct)
  • When it connects to a competitive VPN appliance and does not like it.

Answer : When it connects to an Access Gateway appliance that has a version that is greater than the client. When it connects to an Access Gateway appliance that has a version that is less than the client.

1Y0-311 Citrix XenApp and XenDesktop 7.15 LTSR Advanced Exam Set 5

Scenario: An administrator needs to bind a policy that changes specific configuration settings to certain users. To make the users' sign-on to intranet applications seamless, the administrator enables single sign-on within the profile of the policy. Which type of policy must the administrator use in order to complete the task?


Options are :

  • Authentication
  • Authorization
  • Session (Correct)
  • TCP Compression

Answer : Session

Which three Internet Explorer settings could a user configure to use the Access Gateway Enterprise Edition ActiveX client? (Choose three.)


Options are :

  • Enable "Automatic prompting for ActiveX controls" (Correct)
  • Set "Run ActiveX controls and plug-ins" to Prompt or Enable (Correct)
  • Set "Download signed ActiveX controls" to Prompt or Enable (Correct)
  • Enable "Automatic prompting for file downloads"

Answer : Enable "Automatic prompting for ActiveX controls" Set "Run ActiveX controls and plug-ins" to Prompt or Enable Set "Download signed ActiveX controls" to Prompt or Enable

At which level can an administrator configure a single intranet IP address?


Options are :

  • Virtual server
  • Global
  • User (Correct)
  • Group

Answer : User

Citrix 1Y0-327 Password Manager 4.5 Administration Exam Set 5

An administrator already has an Access Gateway 8.0 Enterprise Edition appliance and wants to add a second appliance in a High Availability (HA) pair. Which three configurations must the administrator perform to set up the HA pair successfully? (Choose three.)


Options are :

  • Configure the same NetScaler IP on both appliances in the HA pair.
  • Add the first appliance as an HA node on the second appliance. (Correct)
  • Add the second appliance as an HA node on the first appliance. (Correct)
  • Configure the same mapped IP on both appliances in the HA pair. (Correct)

Answer : Add the first appliance as an HA node on the second appliance. Add the second appliance as an HA node on the first appliance. Configure the same mapped IP on both appliances in the HA pair.

The following configuration is set on an Access Gateway 8.0 Enterprise Edition appliance: By default access to all the internal resources is allowed Session profile "SesProf1" has client security check for Symantec AntiVirus running and is configured with quarantine group "Quar" group "Quar" has intranet IPs bound to 10.217.2.1, 10.217.2.2 subnet ?group "Quar" has an authorization policy that allows access to resource "Res1" Session policy "SesPol1" is configured to use "SesProf1" "SesPol1" is bound to VPN virtual server UserA has Symantec Anti-virus running on his laptop and he tries to log into the VPN virtual server. UserB does not have Symantec Anti-virus running on her laptop, but she still tries to log into the VPN virtual server. What will be the expected behavior for each of these users?


Options are :

  • UserA will be able to successfully log into the VPN, and he will have access to all the internal resources. UserB will also be able to log into the VPN successfully, but she will fall into the "Quar" group and have access to "Res1" only (Correct)
  • UserA will log in successfully through the VPN, and he will have full access to all the internal resources; however, UserB will fail the login.
  • UserB will log in successfully through the VPN, and she will have full access to all the internal resources; however, UserA will fail the login.
  • UserA and UserB will be able to successfully log into the VPN, and they will get assigned intranet IPs from the "Quar" group, and they will have access to only "Res1".

Answer : UserA will be able to successfully log into the VPN, and he will have access to all the internal resources. UserB will also be able to log into the VPN successfully, but she will fall into the "Quar" group and have access to "Res1" only

The Policy Precedence Model for Access Gateway 8.0 Enterprise Edition is the priority level in which multiple ________________ are evaluated and enforced. (Complete the sentence with the correct phrase.)


Options are :

  • policies of different types
  • policies of the same type (Correct)
  • profiles of the same type
  • profiles of different types

Answer : policies of the same type

Citrix 1Y0-351 NetScaler 10.5 Essentials and Networking Exam Set 8

Scenario: An administrator needs to configure an audit policy that will log major errors on the Access Gateway appliance as well as problems that might cause the Access Gateway appliance to function incorrectly, but which are not critical to its operation. Which two options need to be selected in the log level to configure the audit policy to meet these requirements? (Choose two.)


Options are :

  • Warning (Correct)
  • Emergency
  • Alert (Correct)
  • Notice

Answer : Warning Alert

An administrator is in the process of installing Access Gateway 8.0 Enterprise Edition in an environment and is considering implementing split DNS lookups. When would the administrator enable split DNS lookups in this environment?


Options are :

  • There is a need to allow clients to send ICA packets through Access Gateway from one domain to another using the DNS names of the destination clients or servers in the other domain.
  • There is a need to look up all domain names on the remote network regardless of the split tunneling configuration
  • There is a need to look up domain names both on the internal and external networks when split tunneling is enabled. (Correct)
  • There is a need for internal users to access external resources without revealing the IP addresses of the servers hosting those resources.

Answer : There is a need to look up domain names both on the internal and external networks when split tunneling is enabled.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions