Citrix 1Y0-351 NetScaler 10.5 Essentials and Networking Exam Set 2

Which two authentication types on the NetScaler support password changes?


Options are :

  • LDAP (SSL) (Correct)
  • LDAP (TLS) (Correct)
  • RADIUS (PAP)
  • LDAP (PLAINTEXT)
  • RADIUS (MSCHAPv2)
  • TACACS+

Answer : LDAP (SSL) LDAP (TLS)

Citrix 1Y0-614 Access Suite 4.0 Design Practice Exam Set 5

Which option needs to be set on the service in order to maintain the original client-IP to the backend service?


Options are :

  • #NAME?
  • #NAME?
  • #NAME? (Correct)
  • #NAME?

Answer : #NAME?

Which setting would a NetScaler Engineer disable in order to stop the NetScaler from acting as a router for non-NetScaler owned IP addresses or entities?


Options are :

  • MAC-based forwarding (Correct)
  • Layer 2 mode
  • Layer 3 mode
  • Use Subnet IP (USNIP)

Answer : MAC-based forwarding

Which outcome does the minify JavaScript option of the Front End Optimization (FEO) feature provide?


Options are :

  • It will compress JavaScript with the GZIP algorithm.
  • It will remove all comments from the JavaScript. (Correct)
  • It will replace characters with shorter names.
  • It will change all uppercase letters to lowercase.

Answer : It will remove all comments from the JavaScript.

Citrix 1Y0-327 Password Manager 4.5 Administration Test Set 1

Scenario: Users complain that they are NOT able to connect to a web site using the IP address. The relevant portion of the configuration is shown below: add ssl profile srv-web - sessReuse ENABLED -sessTimeout 120 -tls11 DISABLED -tls12 DISABLED - strictCAChecks YES add service svc-web 192.168.1.3 HTTP 80 add lb vserver srv-web SSL 192.168.1.22 443 -persistenceType NONE -cltTimeout 180 bind lb vserver srv-web svc-web set ssl vserver srv-web -eRSA DISABLED -clientAuth ENABLED -clientCert Optional -tls11 DISABLED -tls12 DISABLED -SNIEnable ENABLED add ssl policy svc-web -rule true -action NOOP bind ssl vserver srv-web -certkeyName WebCert -SNICert bind ssl vserver srv-web - policyName svc-web -priority 100 What is the likely cause of the connectivity issue?


Options are :

  • Load Balancing persistence is set to NONE.
  • SSL policy is incorrect.
  • Client Authentication is enabled.
  • Server Name Indication is enabled. (Correct)

Answer : Server Name Indication is enabled.

In order to configure integrated cache, a NetScaler Engineer would need to reboot the NetScaler when the integrated caching feature is __________ and cache memory limit is set to __________. (Choose the correct set of options to complete the sentence.)


Options are :

  • enabled; non-zero
  • enabled; zero (Correct)
  • disabled; zero
  • disabled; non-zero

Answer : enabled; zero

Scenario: A NetScaler Engineer is asked to interpret the following configuration: add audit syslogAction syslog_srv_1 192.168.0.1 -logLevel ERROR add audit syslogAction syslog_srv_2 192.168.0.2 -logLevel WARNING add audit syslogAction syslog_srv_3 192.168.0.3 - logLevel CRITICAL add audit syslogAction syslog_srv_4 192.168.0.4 -logLevel ALERT add audit syslogPolicy audit_pol_1 ns_true syslog_srv_1 add audit syslogPolicy audit_pol_2 ns_true syslog_srv_2 add audit syslogPolicy audit_pol_3 ns_true syslog_srv_3 add audit syslogPolicy audit_pol_4 ns_true syslog_srv_4 bind system global audit_pol_1 -priority 100 bind system global audit_pol_2 -priority 100 bind system global audit_pol_3 -priority 100 bind system global audit_pol_4 -priority 100 add audit messageaction log-act1 CRITICAL '"Client:"+CLIENT.IP.SRC+" accessed "+HTTP.REQ.URL' -bypassSafetyCheck YES add responder policy RP_pol http.REQ.IS_VALID NOOP - logAction log-act1 bind responder global RP_pol 100 END -type REQ_OVERRIDE Which syslog server will receive log information?


Options are :

  • syslog_srv_3 (Correct)
  • syslog_srv_4
  • syslog_srv_1
  • syslog_srv_2

Answer : syslog_srv_3

Citrix 1Y0-992 Meta Frame Presentation Server Feature Exam Set 4

What should a NetScaler Engineer configure to create load-balancing virtual servers and services on the same VLAN with overlapping IP addresses?


Options are :

  • Dynamic routing
  • Policy-based routing
  • Traffic domains (Correct)
  • Listen policies

Answer : Traffic domains

Scenario: A NetScaler Engineer is viewing Authentication, Authorization and Access (AAA) events on the NetScaler appliance to determine why a user is unable to log on. The events below have been logged during this timeframe: Fri Oct 17 18:17:16 2014 /usr/home/build/rs_80_48/usr.src/usr.bin/nsaaad/../../netscaler/aaad/ldap_drv.c[40\]: start_ldap_auth attempting to auth scottli @ 10.12.33.216 Fri Oct 17 18:17:18 2014/usr/home/build/rs_80_48/usr.src/usr.bin/nsaaad/../../netscaler/aaad/ldap_drv.c[291\]: recieve_ldap_bind_event receive ldap bind event Fri Oct 17 18:17:18 2014 /usr/home/build/rs_80_48/usr.src/usr.bin/nsaaad/../../netscaler/aaad/ldap_drv.c[326\]: recieve_ldap_bind_event ldap_bind with binddn bindpw failed:Invalid credentials Fri Oct 17 18:17:18 2014 /usr/home/build/rs_80_48/usr.src/usr.bin/nsaaad/../../netscaler/aaad/naaad.c[1198\]: send_reject sending reject to kernel for : scottli What is the root cause of this issue?


Options are :

  • The LDAP server is NOT responding.
  • The user has entered an invalid password.
  • The LDAP Base DN is incorrect.
  • The Bind DN credentials are invalid. (Correct)

Answer : The Bind DN credentials are invalid.

Scenario: A NetScaler Engineer is working with a NetScaler appliance that has two network interface cards (NICs). The first NIC is placed on the DMZ network and the second NIC is on the internal network. The default route is configured to the gateway on the internal network. A virtual server is configured on the DMZ-network and the firewall on the DMZ is using network address translation (NAT) to allow external traffic to the virtual server. When a user from the Internet attempts to connect to the NAT'd external address, the session never establishes. The engineer performs an nstrace and sees that the user's traffic hits the NetScaler. The engineer then discovers that the problem is an asymmetrical packet flow. Which two settings could the engineer configure to resolve the issue?


Options are :

  • Reverse network address translation (RNAT)
  • MAC-based forwarding (MBF) (Correct)
  • Link load balancing (LLB)
  • Policy-based routing (PBR) (Correct)
  • Extended access list (ACL)

Answer : MAC-based forwarding (MBF) Policy-based routing (PBR)

Citrix 1Y0-992 Meta Frame Presentation Server Feature Exam Set 3

A NetScaler Engineer needs to gather information from a NetScaler VPX before allocating the platform license. Which shell command could the engineer use to gather the needed information?


Options are :

  • lmutil lmhostid -ether (Correct)
  • lmutil lmhostid -hostname
  • lmutil lmhostid -user
  • lmutil lmhostid -internet

Answer : lmutil lmhostid -ether

Which two encryption algorithms are supported on the NetScaler to store the encrypted SSL private key with a password?


Options are :

  • DES3 (Correct)
  • DES (Correct)
  • RC4
  • AES

Answer : DES3 DES

When creating a link aggregation channel on the NetScaler, the "-throughput" option sets the __________.


Options are :

  • max interface speed of the channel
  • interface bandwidth limit for the channel
  • interface speed of each member of the channel
  • interface threshold for channel failover (Correct)

Answer : interface threshold for channel failover

1Y0-301 Deploying Citrix XenDesktop 7.6 Solutions Exam Set 4

What does the TCP Buffering feature on the NetScaler accomplish?


Options are :

  • It buffers incoming client connections on the NetScaler.
  • It enables the TCP options field syn-cookie.
  • It optimizes the client and server TCP window size.
  • It offloads the server response to the NetScaler before delivering it to the client. (Correct)

Answer : It offloads the server response to the NetScaler before delivering it to the client.

In order to create a three-node NetScaler cluster, all nodes must __________ and __________. (Choose the two correct options to complete the sentence.)


Options are :

  • be physical appliances
  • be using the same build (Correct)
  • have Platinum licensing
  • be the same platform model (Correct)

Answer : be using the same build be the same platform model

A company has an external-facing web application that requires end-to-end encryption and Layer-7 functionality. Which protocol type would an engineer choose for the virtual server and service?


Options are :

  • SSL
  • SSL_TCP (Correct)
  • SSL_PUSH
  • SSL_BRIDGE

Answer : SSL_TCP

1Y0-264 Citrix Presentation Server 4.5 Support Practice Test Set 3

Scenario: Users in an organization need to access several web applications daily. Management has asked a NetScaler Engineer to reduce the amount of times users have to enter credentials when accessing web applications. What should the engineer configure to meet this requirement?


Options are :

  • An authentication VServer and an authentication policy (Correct)
  • An authentication VServer and an authorization policy
  • A content switching VServer and an authentication profile
  • A load-balancing VServer and an authorization policy

Answer : An authentication VServer and an authentication policy

Scenario: A NetScaler Engineer has configured COOKIEINSERT persistence with a timeout value of two minutes on an SSL LBvServer. The idle time requirement for the application itself CANNOT be determined. Users report connections are intermittent. Once a session is disconnected, a user must re-authenticate in order to regain access. In order to correct this issue, the engineer should set persistence to __________ with a timeout of __________ minutes. (Choose the correct set of options to complete the sentence.)


Options are :

  • COOKIEINSERT; zero (Correct)
  • SSLSESSION; ten
  • SRCIPDESTIP; two
  • SOURCEIP; two

Answer : COOKIEINSERT; zero

Which two of the listed statements are true about Access Control Lists (ACLs) on the NetScaler?


Options are :

  • Extended ACLs are evaluated after creation.
  • Extended ACLs may BRIDGE traffic. (Correct)
  • None
  • Simple ACLs are processed after Extended ACLs.
  • Simple ACLs are bound on ALL interfaces. (Correct)

Answer : Extended ACLs may BRIDGE traffic. Simple ACLs are bound on ALL interfaces.

Citrix 1Y0-731 Netscaler 8.0 Administration Practice Test Set 3

In which two places could a NetScaler Engineer enable TCP Buffering?


Options are :

  • Virtual server
  • Service (Correct)
  • HTTP profile
  • Globally (Correct)

Answer : Service Globally

Why would an engineer want to specify a TCP Profile for a specific service group?


Options are :

  • To enable use of features like SSL over TCP for that specific service group.
  • To adjust the TCP settings for traffic to and from that specific service group. (Correct)
  • To enable features like use source IP, TCP keep alive and TCP buffering for a specific service group.
  • To use a specific SNIP for traffic to the back-end servers in that service group.

Answer : To adjust the TCP settings for traffic to and from that specific service group.

Citrix 1Y0-614 Access Suite 4.0 Design Practice Exam Set 3

Which two of the following settings could be configured using a TCP profile that is bound to a service?


Options are :

  • Number of max concurrent TCP connections
  • Window scaling (Correct)
  • Allowed bandwidth throughput
  • TCP buffer size (Correct)
  • Source IP for specific subnet
  • TCP Server time-out values

Answer : Window scaling TCP buffer size

Scenario: A NetScaler engineer needs to enable access to some web servers running on an IPv6-only network. The clients connecting the services are on an IPv4 network. The engineer has already enabled IPv6 on the NetScaler. What does the engineer need to do in order to provide access to the services on the IPv6 network?


Options are :

  • Create an IPv6 ACL and a IPv4 virtual server and bind the ACL to the virtual server.
  • Create an IPv6 tunnel and a IPv4 virtual server.
  • Configure an IPv6 VLAN and bind the required interface.
  • Create a IPv4 virtual server and bind the service group to it. (Correct)

Answer : Create a IPv4 virtual server and bind the service group to it.

Scenario: A network engineer is going to roll out an upgrade from a 9.x version on a standalone NetScaler appliance using the command-line interface. Which two items does the engineer need to download before proceeding with the upgrade?


Options are :

  • NetScaler Documentation File (Correct)
  • SSL Certificates Files
  • NetScaler Configuration file
  • NetScaler Firmware File (Correct)

Answer : NetScaler Documentation File NetScaler Firmware File

Citrix 1Y0-327 Password Manager 4.5 Administration Exam Set 3

Scenario: The NetScaler is configured with a NSIP of 10.20.30.40. Management access is NOT enabled on any other IP address. Which command should an engineer execute to prevent access to the NetScaler using HTTP and only allow HTTPS access?


Options are :

  • set ns ip 10.20.30.40 -gui disabled -telnet disabled
  • set ns ip 10.20.30.40 -gui enabled -restrictAccess enabled
  • set ip 10.20.30.40 -gui secureonly -mgmtaccess enabled (Correct)
  • set ip 10.20.30.40 -mgmtaccess disabled -gui secureonly

Answer : set ip 10.20.30.40 -gui secureonly -mgmtaccess enabled

Scenario: The network engineer is setting up a new NetScaler using a direct connection. Three networks are connected to the NetScaler. After initial configuration and restart, the engineer would like to confirm the routing table entries. From which location and which command should the engineer run to display the routing table?


Options are :

  • From the shell 'route monitor'
  • From the command-line interface 'show route' (Correct)
  • From the command-line interface 'show pbr'
  • From the shell 'netstat -r'

Answer : From the command-line interface 'show route'

Some SSL certificate files may be missing from a NetScaler appliance. Which directory should an engineer check to determine which files are missing?


Options are :

  • /var/netscaler/ssl/
  • /nsconfig/ssh
  • /nsconfig/ssl (Correct)
  • flash/nsconfig/

Answer : /nsconfig/ssl

Citrix 1Y0-351 NetScaler 10.5 Essentials and Networking Exam Set 6

Scenario: An engineer has three subnets configured on a NetScaler appliance. The Engineer must only allow a certain group of users to access a virtual server on the appliance. The IT Manager requires that all rules are flexible and can be easily modified forease of administration. How could the engineer allow certain groups to access the virtual server while still being able to modify the setting in the future?


Options are :

  • Create an Extended ACL. (Correct)
  • Add a Host Route to the virtual server.
  • Add a Simple ACL.
  • Disable USNIP Mode.

Answer : Create an Extended ACL.

A network engineer notes that a high availability pair (HA) is NOT synchronizing correctly and decides to open a ticket with Citrix Support. When opening the new ticket with Citrix Support, the engineer should run show _________ and __________.


Options are :

  • ha node; provide the hello and dead interval data
  • ha node; provide any public IP addresses listed
  • techsupport on both the primary and secondary devices; send the output to Citrix support (Correct)
  • techsupport on the primary device; send the output to Citrix Support

Answer : techsupport on both the primary and secondary devices; send the output to Citrix support

A network engineer runs the following command: nsconmsg -K /var/nslog/newnslog -s nsdebug_pe=1 -d oldconmsg What is the engineer trying to check in the log?


Options are :

  • Memory utilization information
  • Bandwidth information (Correct)
  • Load-balancing information
  • Content-switching statistics

Answer : Bandwidth information

Citrix 1Y0-731 Netscaler 8.0 Administration Practice Exam Set 3

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions