Citrix 1Y0-351 NetScaler 10.5 Essentials and Networking Exam Set 3

An engineer has two NetScaler devices in two different datacenters and wants to create a high availability (HA) pair with the two devices, even though they are on two different subnets. How can the engineer configure the HA Pair between the two NetScaler devices?


Options are :

  • Ensure that INC mode is enabled during the creation of the HA Pair.
  • Enable the HAMonitors on all interfaces after the HA Pair has been created.
  • Change the NSIP of the second appliance to be on the same subnet as the first appliance.
  • Configure StaySecondary on the second datacenter appliance.

Answer : Ensure that INC mode is enabled during the creation of the HA Pair.

Scenario: For security reasons, the NSIP needs to be configured to only be accessible on interface 0/1, which is VLAN 300. The NSIP address is 10.110.4.254 and the subnet mask is 255.255.255.0. How would the network engineer achieve this configuration?


Options are :

  • set ns config -nsvlan 300 -ifnum 0/1
  • set ns ip 10.110.4.254 -gui ENABLED -vrID 300
  • set ns config -IPAddress 10.110.4.254 -netmask 255.255.255.0

Answer : set ns config -nsvlan 300 -ifnum 0/1

A company wants to implement a policy where all passwords should be encrypted while transiting the network. Where in the GUI would the net work engineer prevent access to unsecured management protocols?


Options are :

  • AppExpert -> Pattern Sets
  • Protection Features -> Filter
  • Network -> IPs
  • System -> Auditing

Answer : Network -> IPs

Citrix 1Y0-351 NetScaler 10.5 Essentials and Networking Exam Set 4

Scenario: The NetScaler is connected to two subnets. The NSIP is 10.2.9.12. The external SNIP is 10.2.7.3. The MIP for internal access is 10.2.9.3. Web servers, authentication servers and time servers are on the 10.2.10.0/24 network which is available through the 10.2.9.1 router. The external firewall has the 10.2.7.1 address. Traffic bound for Internet clients should flow through the external firewall. Which command should be used to set the default route?


Options are :

  • add route 0.0.0.0 0.0.0.0 10.2.7.1
  • add route 10.0.0.0 255.0.0.0 10.2.7.1
  • add route 10.0.0.0 255.0.0.0 10.2.9.1
  • add route 0.0.0.0 0.0.0.0 10.2.9.1

Answer : add route 0.0.0.0 0.0.0.0 10.2.7.1

Scenario: A network engineer created an IPv6 virtual server on the NetScaler. The virtual server is using a service group with two IPv4 servers bound to it. When testing access to the virtual server from a client configured with an IPv6 address, he is unable to connect. What could be the reason for this issue?


Options are :

  • IPv6 protocol translation is disabled.
  • An IPv6 address on the NetScaler is not bound to the correct VLAN.
  • The NetScaler is disabled for NAT.
  • The NetScaler does not have an INAT rule to convert IPv4 to IPv6 from the back-end servers.

Answer : IPv6 protocol translation is disabled.

Scenario: The IT department in an organization manages servers and network devices from an internal management subnet. A NetScaler device has recently been installed into the DMZ network. The intranet firewall allows TCP 443 from the management subnet to the NetScaler device.How could the engineer ensure that only workstations in the management network are permitted to manage the NetScaler?


Options are :

  • Create an Extended ACL based on the source IP address.
  • Create a restricted route from the internal network to the DMZ.
  • Enable the management access control option on the NSIP address.
  • Enable the management access control on the internal SNIP address.

Answer : Create an Extended ACL based on the source IP address.

1Y0-200 Managing Citrix XenDesktop 7 Solutions Exam Set 1

Scenario: An engineer has been asked to implement load balancing of an existing unsecured web application. The engineer needs to ensure that users will access the web application using HTTPS, but no changes can be made to the web servers hosting the web application. In order to fulfill the requirements, the engineer must create an __________ service group and add members with port __________; and bind the service group to an __________ virtual server. (Choose the correct set of options to complete the sentence.)


Options are :

  • SSL; 443; SSL
  • SSL; 80; HTTP
  • HTTP; 80; SSL
  • HTTPS; 443; HTTP

Answer : HTTP; 80; SSL

Scenario: A network engineer has bound four policies to an HTTP virtual server as follows: PolicyA is bound with a priority of 10 and has the following expression: REQ.IP.SOURCEIP == 10.10.10.0 PolicyB is bound with a priority of 15 and has the following expression: REQ.IP.SOURCEIP!= 10.10.11.0 PolicyC is bound with a priority of 20 and has the following expression: REQ.IP.SOURCEIP== 10.10.12.0 PolicyD is bound with a priority of 25 and has the following expression: REQ.IP.SOURCEIP != 10.10.13.0 When a connection is made from a PC with an IP address of 10.10.12.15, which policy will be applied?


Options are :

  • PolicyB
  • PolicyC
  • PolicyA
  • PolicyD

Answer : PolicyB

A network engineer is investigating a recent failure of NetScaler high availability and confirms that some recent changes were made to the configuration. What is a likely cause of the failure?


Options are :

  • RPC node password changed on an appliance.
  • Load balancing virtual server marked DOWN.
  • The network command policy has been modified.
  • SNIP has had management access removed.

Answer : RPC node password changed on an appliance.

1Y0-200 Managing Citrix XenDesktop 7 Solutions Exam Set 2

A network engineer has configured two NetScaler MPX appliances as a high availability (HA) pair.What can the engineer configure to prevent failover if only a single interface fails?


Options are :

  • VMAC
  • SNMP
  • FIS
  • PBR

Answer : FIS

A network engineer might choose to use SSL_Bridge instead of a SSL virtual server in order to __________. (Choose the correct option to complete the sentence.)


Options are :

  • be able to decrypt the SSL traffic
  • pass user certificates to the back-end servers
  • enable SSL server certificates on the service group
  • enable use of OCSP for revoked certificates

Answer : pass user certificates to the back-end servers

When a network engineer logs onto a new NetScaler device in the London datacenter, data output indicates that the device is NOT configured for the local time. How can the network engineer synchronize the correct time with an NTP server in the local data center?


Options are :

  • Logon using the nsrecover/nsroot credentials and restart.
  • Configure the NetScaler as a secondary NTP server and restart.
  • Modify the ntp.conf and rc.netscaler files and restart.
  • Configure the correct time from the GUI and restart.

Answer : Modify the ntp.conf and rc.netscaler files and restart.

1Y0-200 Managing Citrix XenDesktop 7 Solutions Exam Set 3

Company policy states that SNMP management should only be allowed from specific hosts.What should the network engineer do to prevent unauthorized access to SNMP?


Options are :

  • Add an SNMP trap destination.
  • Add an SNMP manager.
  • Add an SNMP community name that is difficult to guess.
  • Check secure access only on the NSIP.

Answer : Add an SNMP manager.

A network engineer needs to configure smart card-based authentication on NetScalerAccess Gateway.Which type of authentication policy could the engineer configure in order to accomplish this task?


Options are :

  • Certificate
  • Local
  • RADIUS
  • Secure LDAP

Answer : Certificate

An engineer is checking that ports are configured correctly between the NetScaler system and a back-end web server. Which command should the engineer use to test that the web server is responding on port 80?


Options are :

  • telnet webA.example.com 80
  • telnet webA.example.com -port 80
  • telnet webA.example.com port=80
  • telnet webA.example.com:80

Answer : telnet webA.example.com 80

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Exam Set 1

A network engineer needs to investigate why a few users have issues logging on to the NetScaler system. How can the engineer troubleshoot authentication issues on the NetScaler system?


Options are :

  • Use the CAT aaad.debug command.
  • Run a violations report in Reporting.
  • Use ECV monitoring.
  • Check the system-authentication setting in the GUI.

Answer : Use the CAT aaad.debug command.

Scenario: An engineer has been hired to manage the content-switching configurations onthe NetScaler. The user account for this engineer must have the standard rules that apply to the other administrators.What should the engineer do to allow for the extra privileges?


Options are :

  • Remove the custom Command Policy and then create one with the new requirements.
  • Modify the current Command Policy and then save the changes.
  • Create a custom Command Policy and bind it to the user account with the highest priority.
  • Unbind the current Command Policy of the user account and then save the changes.

Answer : Create a custom Command Policy and bind it to the user account with the highest priority.

Scenario: An engineer created a new test Web Interface site for the new XenDesktop farm that the IT Department is developing. Several weeks later the engineer finds out that several people across the company have been accessing the new test site. The engineer needs to ensure that only the IT Department subnets can access the test site. How could the engineer restrict access to the site so that only certain subnets can access this resource?


Options are :

  • Enable USNIP Mode on the appliance to allow specific subnets to the Web Interface Site.
  • Add an Extended ACL to only allow specific subnets to the Web Interface Site.
  • Modify an existing simple ACL to allow specific subnets to the Web Interface Site.
  • Change the Access Method on the Web Interface Site to allow specific subnets to the Web lnterface Site.

Answer : Add an Extended ACL to only allow specific subnets to the Web Interface Site.

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Exam Set 2

Scenario: The NetScaler has connections to a large number of VPNs. The network engineer wants to minimize the number of ARP requests. Which feature should the network engineer enable to minimize ARP requests?


Options are :

  • Edge Configuration
  • MAC based forwarding
  • Use Source IP
  • TCP Buffering

Answer : MAC based forwarding

A network engineer needs to upgrade both appliances of a High Availability (HA) pair. In which order should the network engineer upgrade the appliances?


Options are :

  • Perform the upgrade simultaneously without disabling high availability.
  • Disable high availability and upgrade one node at a time.
  • Upgrade the primary node first without disabling high availability.
  • Upgrade the secondary node first without disabling high availability.

Answer : Upgrade the secondary node first without disabling high availability.

A network engineer has started at a new company and has been instructed to restrict access to an external facing VIP to selected third party clients, based on their source IP address range. What could the engineer do to accomplish this task?


Options are :

  • Create a SNIP address in the external VLAN limited to the source IP addresses.
  • Create an Extended ACL based on the source IP address.
  • Enable the host route option on the external VIP.
  • Enable USNIP mode on the Netscaler.

Answer : Create an Extended ACL based on the source IP address.

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Exam Set 3

A network engineer wants to optimize a published load balanced SSL virtual server for WAN connection with long delay, high bandwidth with minimal packet drops. What would the network engineer use to do this type of optimization for the SSL virtual server?


Options are :

  • SSL policy
  • TCP profile
  • Priority queuing policy
  • Compression policy

Answer : TCP profile

Scenario: A network engineer is managing a NetScaler environment that has two NetScaler devices running as a high availability pair. The engineer must upgrade the current version from NetScaler 9 to NetScaler 10.5. Which action must the engineer take?


Options are :

  • Break the high availability pair, upgrade each NetScaler device, and then reconfigure high availability.
  • Upgrade the primary node and then upgrade the secondary node.
  • Upgrade the secondary node and then upgrade the primary node.
  • Upgrade the primary node and perform HA sync.

Answer : Upgrade the secondary node and then upgrade the primary node.

Scenario: An engineer executes the following commands: add vlan 2 bind vlan 2 -ifnum 1/2 add ns ip 10.110.4.200 255.255.255.0 bind vlan 2 -IPAddress 10.110.4.200 255.255.255.0 What type of IP address has been added to the NetScaler?


Options are :

  • GSLB Site IP address
  • SNIP address
  • NSIP address
  • VIP address

Answer : SNIP address

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Exam Set 4

Scenario: A NetScaler Engineer is configuring a new system with connected interfaces 10/1 - 10/4 and runs the following commands: add ip 10.10.10.1 255.255.255.0 -type snip add vlan 10 bind vlan 10 -ifnum 10/1 On which interface(s) will subnet 10.10.10.1 respond to requests?


Options are :

  • Only interface 10/1
  • Interfaces on VLAN 10
  • Interfaces 10/1 through 10/4
  • Only interfaces on VLAN 1

Answer : Interfaces 10/1 through 10/4

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Test Set 1

Scenario: A company is hosting an external, Internet-facing website that is load balanced by a NetScaler. The backend servers are on a 1 Gbps network and clients connect over 3G connections. The Server Administrator reviewed the performance metrics on the backend servers and noticed a lot of overall network retirements and retransmissions. Which NetScaler feature would help improve the network performance of the backend servers in this scenario?


Options are :

  • SureConnect
  • Compression
  • Surge Protection
  • TCP Buffering

Answer : TCP Buffering

What is the default load-balancing method?


Options are :

  • Least Response Time
  • Round Robin
  • Source IP Hash
  • Least Connection

Answer : Least Connection

A NetScaler Engineer has been given the task of protecting an internal web site by requiring users to enter their credentials. Which feature should the engineer configure?


Options are :

  • AAA
  • Content Filtering
  • SSL Offloading
  • Application Firewall

Answer : Application Firewall

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Test Set 2

Scenario: A NetScaler Engineer retrieves the following configuration from support and enters it into the command-line interface: add rewrite action remove_server_header delete_http_header Server add rewrite policy RP_remove_srv_header "HTTP.REQ.IS_VALID && !CLIENT.IP.SRC.IN_SUBNET(172.16.0.0/16)" remove_server_header bind lb vserver lb_vsrv -policyName RP_remove_srv_header - priority 100 -gotoPriorityExpression END -type REQUEST The immediate effect of this configuration is that it will __________ the server header in the __________ if the request is coming from a network other than 172.16.0.0/16. (Choose the correct set of options to complete the sentence.)


Options are :

  • keep; response
  • remove; response
  • keep; request
  • remove; request

Answer : remove; response

Scenario: NetScaler features are NOT licensed. A NetScaler Engineer has checked that the proper platform license file has been uploaded. Why are the NetScaler features NOT licensed?


Options are :

  • The NetScaler needs to be restarted.
  • There is no universal license on the NetScaler.
  • The features are NOT enabled.
  • The NetScaler initial setup is NOT completed.

Answer : The NetScaler needs to be restarted.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions