Citrix 1Y0-350 NetScaler 10 Essentials and Networking Exam Set 2

Scenario: An engineer executes the following commands: add vlan 2 bind vlan 2 -ifnum 1/2 add ns ip 10.110.4.200 255.255.255.0 bind vlan 2 -IPAddress 10.110.4.200 255.255.255.0 What type of IP address has been added to the NetScaler?


Options are :

  • VIP address
  • NSIP address
  • GSLB Site IP address
  • SNIP address

Answer : SNIP address

When a network engineer logs onto a new NetScaler device in the London datacenter, data output indicates that the device is NOT configured for the local time. How can the network engineer synchronize the correct time with an NTP server in the local data center?


Options are :

  • Logon using the nsrecover/nsroot credentials and restart.
  • Configure the correct time from the GUI and restart.
  • Modify the ntp.conf and rc.netscaler files and restart.
  • Configure the NetScaler as a secondary NTP server and restart.

Answer : Modify the ntp.conf and rc.netscaler files and restart.

An engineer has two NetScaler devices in two different datacenters and wants to create a high availability (HA) pair with the two devices, even though they are on two different subnets. How can the engineer configure the HA Pair between the two NetScaler devices?


Options are :

  • Configure StaySecondary on the second datacenter appliance.
  • Change the NSIP of the second appliance to be on the same subnet as the first appliance.
  • Ensure that INC mode is enabled during the creation of the HA Pair.
  • Enable the HAMonitors on all interfaces after the HA Pair has been created.

Answer : Ensure that INC mode is enabled during the creation of the HA Pair.

Citrix 1Y0-350 NetScaler 10 Essentials and Networking Exam Set 3

A network engineer has configured two NetScaler MPX appliances as a high availability (HA) pair. What can the engineer configure to prevent failover if only a single interface fails?


Options are :

  • VMAC
  • PBR
  • SNMP
  • FIS

Answer : FIS

Company policy states that SNMP management should only be allowed from specific hosts. What should the network engineer do to prevent unauthorized access to SNMP?


Options are :

  • Add an SNMP manager.
  • Check secure access only on the NSIP.
  • Add an SNMP community name that is difficult to guess.
  • Add an SNMP trap destination.

Answer : Add an SNMP manager.

Scenario: The NetScaler has connections to a large number of VPNs. The network engineer wants to minimize the number of ARP requests. Which feature should the network engineer enable to minimize ARP requests?


Options are :

  • Use Source IP
  • MAC based forwarding
  • TCP Buffering
  • Edge Configuration

Answer : MAC based forwarding

1Y0-200 Managing Citrix XenDesktop 7 Solutions Exam Set 1

Scenario: A NetScaler appliance currently has a manually configured channel containing four interfaces; however, the engineer has been told that the NetScaler must now only use a single interface for this network. The engineer removes the channel and immediately notices a decrease in network performance. How could the engineer resolve this issue?


Options are :

  • Reset the unused interfaces
  • Disable HA monitoring on the three interfaces that are no longer required
  • Disable the unused interfaces
  • Enable flow control on all interfaces

Answer : Disable the unused interfaces

Scenario: The NetScaler is configured with a NSIP of 10.20.30.40. Management access is NOT enabled on any other IP address. Which command should an engineer execute to prevent access to the NetScaler using HTTP and only allow HTTPS access?


Options are :

  • set ns ip 10.20.30.40 -gui disabled -telnet disabled
  • set ns ip 10.20.30.40 -gui enabled -restrictAccess enabled
  • set ip 10.20.30.40 -mgmtaccess disabled -gui secureonly
  • set ip 10.20.30.40 -gui secureonly -mgmtaccess enabled

Answer : set ip 10.20.30.40 -gui secureonly -mgmtaccess enabled

Scenario: An engineer has been hired to manage the content-switching configurations on the NetScaler. The user account for this engineer must have the standard rules that apply to the other administrators. What should the engineer do to allow for the extra privileges?


Options are :

  • Remove the custom Command Policy and then create one with the new requirements.
  • Unbind the current Command Policy of the user account and then save the changes.
  • Create a custom Command Policy and bind it to the user account with the highest priority.
  • Modify the current Command Policy and then save the changes.

Answer : Create a custom Command Policy and bind it to the user account with the highest priority.

1Y0-200 Managing Citrix XenDesktop 7 Solutions Exam Set 2

Why would an engineer want to specify a TCP Profile for a specific service group?


Options are :

  • To use a specific SNIP for traffic to the back-end servers in that service group.
  • To adjust the TCP settings for traffic to and from that specific service group.
  • To enable features like use source IP, TCP keep alive and TCP buffering for a specific service group.
  • To enable use of features like SSL over TCP for that specific service group.

Answer : To adjust the TCP settings for traffic to and from that specific service group.

Scenario: A network engineer created an IPv6 virtual server on the NetScaler. The virtual server is using a service group with two IPv4 servers bound to it. When testing access to the virtual server from a client configured with an IPv6 address, he is unable to connect. What could be the reason for this issue?


Options are :

  • The NetScaler does not have an INAT rule to convert IPv4 to IPv6 from the back-end servers.
  • IPv6 protocol translation is disabled.
  • An IPv6 address on the NetScaler is not bound to the correct VLAN.
  • The NetScaler is disabled for NAT.

Answer : IPv6 protocol translation is disabled.

A network engineer needs to upgrade both appliances of a High Availability (HA) pair. In which order should the network engineer upgrade the appliances?


Options are :

  • Disable high availability and upgrade one node at a time.
  • Upgrade the primary node first without disabling high availability.
  • Perform the upgrade simultaneously without disabling high availability.
  • Upgrade the secondary node first without disabling high availability.

Answer : Upgrade the secondary node first without disabling high availability.

1Y0-200 Managing Citrix XenDesktop 7 Solutions Exam Set 3

A network engineer wants to optimize a published load balanced SSL virtual server for WAN connection with long delay, high bandwidth with minimal packet drops. What would the network engineer use to do this type of optimization for the SSL virtual server?


Options are :

  • TCP profile
  • Priority queuing policy
  • SSL policy
  • Compression policy

Answer : TCP profile

A network engineer needs to configure smart card-based authentication on NetScaler Access Gateway. Which type of authentication policy could the engineer configure in order to accomplish this task?


Options are :

  • Local
  • RADIUS
  • Certificate
  • Secure LDAP

Answer : Certificate

Scenario: For security reasons, the NSIP needs to be configured to only be accessible on interface 0/1, which is VLAN 300. The NSIP address is 10.110.4.254 and the subnet mask is 255.255.255.0. How would the network engineer achieve this configuration?


Options are :

  • set ns config -IPAddress 10.110.4.254 -netmask 255.255.255.0
  • set ns ip 10.110.4.254 -mgmtAccess ENABLED
  • set ns config -nsvlan 300 -ifnum 0/1
  • set ns ip 10.110.4.254 -gui ENABLED -vrID 300 C. add vlan 300

Answer : set ns config -nsvlan 300 -ifnum 0/1

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Exam Set 1

Scenario: The NetScaler is connected to two subnets. The NSIP is 10.2.9.12. The external SNIP is 10.2.7.3. The MIP for internal access is 10.2.9.3. Web servers, authentication servers and time servers are on the 10.2.10.0/24 network which is available through the 10.2.9.1 router. The external firewall has the 10.2.7.1 address. Traffic bound for Internet clients should flow through the external firewall. Which command should be used to set the default route?


Options are :

  • add route 10.0.0.0 255.0.0.0 10.2.7.1
  • add route 0.0.0.0 0.0.0.0 10.2.9.1
  • add route 0.0.0.0 0.0.0.0 10.2.7.1
  • add route 10.0.0.0 255.0.0.0 10.2.9.1

Answer : add route 0.0.0.0 0.0.0.0 10.2.7.1

The security department just conducted a penetration test on the published virtual servers and all of the SSL virtual servers returned the result “Allowed changing to weak certificate standard” in the report. The reason for this result could be that the network engineer who configured the virtual servers forgot to __________. (Choose the correct option to complete the sentence.)


Options are :

  • configure the DEFAULT Cipher group only
  • configure the HIGH Cipher group only
  • apply the SSL policy
  • block TLSv1

Answer : configure the HIGH Cipher group only

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Exam Set 2

Scenario: A network engineer has configured a load balancing virtual server for an HTTP application. Due to the application architecture, it is imperative that a user’s session remains on a single server during the session. The session has an idle timeout of 60 minutes. Some devices are getting inconsistent application access while most are working fine. The problematic devices all have tighter security controls in place. Which step should the engineer take to resolve this issue?


Options are :

  • Configure a backup persistence of SourceIP.
  • Set the cookie timeout to 60 minutes.
  • Change the HTTP parameters to Cookie Version 1.
  • Utilize SSL offload to enable the application to use SSL.

Answer : Configure a backup persistence of SourceIP.

The purpose of pre-fetch in integrated caching is to automatically __________. (Choose the correct option to complete the sentence.)


Options are :

  • retrieve all objects on a published website after a policy is applied
  • retrieve an object in the expression from a website after a policy is applied
  • refresh a cached object before expiring
  • fetch objects from the forwarding cache before expiring

Answer : refresh a cached object before expiring

A network engineer must determine which SSL protocols are enabled on a virtual server named SSL01. Which command could the engineer run to see this information?


Options are :

  • Show ssl vServer SSL01
  • Show server SSL01
  • Show vServer SSL01
  • Show ssl stats

Answer : Show ssl vServer SSL01

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Exam Set 3

Scenario: A NetScaler engineer is adding a new SSL certificate to a NetScaler device. During the process the engineer receives an error message: "Certificate with key size greater than RSA512 or DSA512 bits not supported." The same process has been followed previously on the same model of NetScaler successfully. What is the likely cause of this error?


Options are :

  • The CSR has not been submitted to the certificate authority.
  • The certificate hostname is invalid.
  • The NetScaler has not been licensed correctly.
  • RSA authentication has been added to the VIP.

Answer : The NetScaler has not been licensed correctly.

Scenario: An engineer created a new test Web Interface site for the new XenDesktop farm that the IT Department is developing. Several weeks later the engineer finds out thatseveral people across the company have been accessing the new test site. The engineer needs to ensure that only the IT Department subnets can access the test site. How could the engineer restrict access to the site so that only certain subnets can access this resource?


Options are :

  • Modify an existing simple ACL to allow specific subnets to the Web Interface Site.
  • Add an Extended ACL to only allow specific subnets to the Web Interface Site.
  • Enable USNIP Mode on the appliance to allow specific subnets to the Web Interface Site.
  • Change the Access Method on the Web Interface Site to allow specific subnets to the Web Interface Site.

Answer : Add an Extended ACL to only allow specific subnets to the Web Interface Site.

Which expression must an engineer use to prevent compression of Cascading Style Sheets?


Options are :

  • HTTP.RES.HEADER("Content-Type").CONTAINS("text/css")
  • HTTP.RES.BODY(0).CONTAINS("text/css")
  • HTTP.REQ.HEADER("Content-Type").CONTAINS("text/css")
  • HTTP.REQ.BODY(0).CONTAINS("text/css")

Answer : HTTP.RES.HEADER("Content-Type").CONTAINS("text/css")

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Exam Set 4

Scenario: An engineer is configuring services to allow load balancing of backend web servers on the internal network. The engineer bound multiple monitors to the first service, but notices that the service is reporting as DOWN. The monitor threshold default has NOT been changed. What could be causing this issue?


Options are :

  • One of the monitors' tests is failing.
  • Some of the monitors have a higher weight.
  • The service type is HTTP.
  • The monitors are both reporting an UP status.

Answer : One of the monitors' tests is failing.

A network engineer needs to configure load balancing for secured web traffic that does NOT terminate at the NetScaler device. Which type of session persistence method can the engineer select for this scenario?


Options are :

  • SRCIPDESTIP
  • URL Passive
  • Cookie Insert
  • Source IP

Answer : Source IP

Scenario: The IT department in an organization manages servers and network devices from an internal management subnet. A NetScaler device has recently been installed into the DMZ network. The intranet firewall allows TCP 443 from the management subnet to the NetScaler device. How could the engineer ensure that only workstations in the management network are permitted to manage the NetScaler?


Options are :

  • Create an Extended ACL based on the source IP address.
  • Enable the management access control option on the NSIP address.
  • Create a restricted route from the internal network to the DMZ.
  • Enable the management access control on the internal SNIP address.

Answer : Create an Extended ACL based on the source IP address.

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Test Set 1

Users have reported that they are receiving a confusing error message related to SSL sessions when connecting from older browsers. How could the network engineer present this error to users in a customized format?


Options are :

  • Add a redirect URL to the virtual server.
  • Enable the SSL v2 protocol.
  • Configure SSL v2 Redirection for the virtual server.
  • Set a URL on the backup virtual server

Answer : Configure SSL v2 Redirection for the virtual server.

Scenario: Example.com runs a dating service site that provides a service with videos of candidates. They want to use RTSP load balancing to stream the videos more effectively. Which load balancing method should the engineer select?


Options are :

  • Round Robin
  • Least packet
  • Least connection
  • Least bandwidth

Answer : Least bandwidth

Which policy expression must an engineer use to enable compression for javascript files?


Options are :

  • HTTP.RES.BODY(0).CONTAINS("javascript")
  • HTTP.REQ.HEADER("Content-Type").CONTAINS("javascript")
  • HTTP.REQ.BODY(0).CONTAINS("javascript")
  • HTTP.RES.HEADER("Content-Type").CONTAINS("javascript")

Answer : HTTP.RES.HEADER("Content-Type").CONTAINS("javascript")

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Test Set 2

A network engineer needs to configure load balancing for an FTP site. Which type of session persistence method can the engineer select for this scenario?


Options are :

  • Cookie Insert
  • Rule
  • Source IP
  • Custom Server ID

Answer : Source IP

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions