Citrix 1Y0-351 NetScaler 10.5 Essentials and Networking Exam Set 5

On which two objects could a NetScaler Engineer bind cipher groups?


Options are :

  • Server
  • SSL policy
  • SSL profile
  • Service
  • Virtual server

Answer : Service Virtual server

Citrix 1Y0-351 NetScaler 10.5 Essentials and Networking Exam Set 6

Scenario: A NetScaler Engineer has created a local account for a user according to the below configuration: add system user NSUser userpassword -timeout 900 add system group "NetScaler users" -timeout 900 add system cmdPolicy netscaler-users ALLOW "(^man.*)|(^show\\s+(?!system)(?!configstatus)(?!ns ns\\.conf)(?!ns savedconfig)(?!ns runningConfig)(?!gslb runningConfig)(?!audit messages)(?!techsupport).*)|(^stat.*)" bind system group "NetScaler users" -userName NSUser bind system group "NetScaler users" - policyName netscaler-users 100 The user is able to log on but is NOT able to execute certain commands. The engineer goes back and looks at the logs, and the following is displayed: Oct 6 13:34:15 <local0.info> 192.168.10.50 10/06/2014:13:34:15 GMT ns1 0-PPE-0 : CLI CMD_EXECUTED 4303 0 : User NSUser - Remote_ip 192.168.10.10 - Command "show ns runningConfig" - Status "ERROR: Not authorized to execute this command" Why is the command NOT working for the user?


Options are :

  • The user should be bound to the cmdPolicy netscaler-users
  • The priority of the cmdPolicy bound to the group "NetScaler users" should be higher
  • cmdPolicy is NOT configured to allow the command
  • cmdPolicy should be set to DENY, instead of ALLOW

Answer : cmdPolicy is NOT configured to allow the command

Scenario: A client connecting to an SSL virtual server receives the following error: "Invalid Server Certificate The server certificate is invalid. Do you wish to accept this certificate and connect to the server anyway?" What is a possible cause of this error message?


Options are :

  • The intermediate CA certificate is NOT linked to the server certificate.
  • The private key is NOT password-protected.
  • Certificate Revocation Lists (CRLs) have NOT been defined on the NetScaler.
  • The certificate key pair is password-protected.

Answer : The intermediate CA certificate is NOT linked to the server certificate.

Scenario: A NetScaler Engineer wants to make it easier for the help desk group to access the active node in a high-availability pair. Members of the help desk group must be able to access the NetScaler in a secure way without being notified of warnings in their web browsers Which two of the listed steps must the engineer take to meet the requirements of the scenario?


Options are :

  • Enable management access to the SNIP.
  • nable management access to the VIP.
  • Create a self-signed certificate on the NetScaler and assign it to the internal service.
  • Bind a trusted certificate to the internal service.
  • Bind the ns-server-certificate to the SNIP to the internal service.

Answer : Enable management access to the SNIP. Bind a trusted certificate to the internal service.

1Y0-200 Managing Citrix XenDesktop 7 Solutions Exam Set 1

A NetScaler Engineer created an SSL virtual server but the status is showing as state DOWN. What could be causing the virtual server to show as state DOWN?


Options are :

  • The virtual server is configured for port 444.
  • The SSL certificate is NOT bound to the virtual server.
  • HTTP services are used instead of HTTPS services.
  • The certificate bound to the virtual server has a private key of 512-bits.

Answer : The SSL certificate is NOT bound to the virtual server.

Scenario: A NetScaler Engineer must implement load-balancing on a web server farm that serves video clips to end users. Video clip files vary in size. The engineer needs to send traffic to the server with the least amount of network utilization. Which load-balancing method should the engineer use?


Options are :

  • Least Request
  • Least Connection
  • Least Bandwidth
  • Least Response Time

Answer : Least Bandwidth

Scenario: A NetScaler Engineer recently enabled the HTTP Compression feature. In reviewing the HTTP compression statistics, the engineer notices that content from all HTTP virtual servers created prior to enabling the compression feature is NOT being compressed. What should the engineer do to allow compression for any pre-existing HTTP virtual servers?


Options are :

  • Recreate the HTTP virtual servers.
  • Ensure 'Allow Server side compression' is unchecked on the NetScaler.
  • Recreate any existing compression policies.
  • Enable compression on the associated bound services.

Answer : Enable compression on the associated bound services.

1Y0-200 Managing Citrix XenDesktop 7 Solutions Exam Set 2

Scenario: A NetScaler Engineer is troubleshooting an issue and using /var/log/ns.log to view the errors. The logs are being filled with messages like the ones below: Oct 6 14:03:23 <local0.info> 192.168.10.50 10/06/2014:14:03:23 GMT ns1 0-PPE-0 : TCP CONN_DELINK 4471 0 : Source 192.168.10.10:52187 - Vserver 192.168.10.50:80 - NatIP 192.168.10.10:52187 - Destination 192.168.10.50:80 - Delink Time 10/06/2014:14:03:23 GMT - Total_bytes_send 1075 - Total_bytes_recv 352 Oct 6 14:03:30 <local0.info> 192.168.10.50 10/06/2014:14:03:30 GMT ns1 0-PPE-0 : TCP CONN_TERMINATE 4472 0 : Source 192.168.10.35:80 - Destination 192.168.10.51:35341 - Start Time 10/06/2014:14:02:43 GMT - End Time 10/06/2014:14:03:30 GMT - Total_bytes_send 1 - Total_bytes_recv 1 Oct 6 14:03:30 <local0.info> 192.168.10.50 10/06/2014:14:03:30 GMT ns1 0-PPE-0 : TCP CONN_TERMINATE 4473 0 : Source 127.0.0.1:7776 - Destination 127.0.0.2:55623 - Start Time 10/06/2014:14:02:45 GMT - End Time 10/06/2014:14:03:30 GMT - Total_bytes_send 1 - Total_bytes_recv 1 Oct 6 14:03:30 <local0.info> 192.168.10.50 10/06/2014:14:03:30 GMT ns1 0-PPE-0 : TCP CONN_TERMINATE 4474 0 : Source 127.0.0.1:80 - Destination 127.0.0.2:39771 - Start Time 10/06/2014:14:02:46 GMT - End Time 10/06/2014:14:03:30 GMT - Total_bytes_send 1 - Total_bytes_recv 1 Which option should the engineer modify to stop these types of messages from getting logged in /var/log/ns.log?


Options are :

  • TCP logging in the syslog parameters
  • ACL logging in the nslog parameters
  • ACL logging in the syslog parameters
  • TCP logging in the nslog parameters

Answer : TCP logging in the syslog parameters

A recent security audit has identified that NetScaler management is available on all Subnet IP (SNIP) adresses. Which step could an engineer take to ensure that these services are only available through the NetScaler IP (NSIP)?


Options are :

  • Disable the 'GUI' option on all SNIPs.
  • Unbind all SNIPs from the NSVLAN.
  • Enable the 'Restrict Access' option on all SNIPs.
  • Disable the 'Management Access' option on all SNIPs.

Answer : Disable the 'Management Access' option on all SNIPs.

A NetScaler Engineer would like to direct identical requests for the same service to specific cache servers. Which load-balancing method should the engineer use?


Options are :

  • URL Hash
  • Source IP Hash
  • Domain Hash
  • Source IP Destination IP Hash

Answer : URL Hash

1Y0-200 Managing Citrix XenDesktop 7 Solutions Exam Set 3

What would a NetScaler Engineer configure to allow internal IPv4 servers on a private subnet access to the external Internet through the NetScaler?


Options are :

  • Reverse network address translation (RNAT)
  • Network Address Translation 64 (NAT64)
  • Inbound Network Address Translation (INAT)
  • Link Load Balancing (LLB)

Answer : Reverse network address translation (RNAT)

Which of the listed options is a simple Access Control List (ACL) attribute?


Options are :

  • Destination IP address
  • Source IP address
  • VLAN ID
  • NetScaler interface

Answer : VLAN ID

When a content-switching virtual server is used and idle client connections must stay established longer than the default NetScaler value, in which two locations could an engineer adjust the client timeout setting?


Options are :

  • Load-balancing services
  • Global Timeout Settings
  • Content-switching virtual server
  • Load-balancing virtual server

Answer : Global Timeout Settings Content-switching virtual server

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Exam Set 1

An end user is receiving authentication errors when accessing a load-balancing virtual server that uses Authentication, Authorization and Access (AAA)-TM. Which shell command should a NetScaler Engineer execute to show AAA events in real time to help diagnose this issue?


Options are :

  • cat /tmp/aaad.debug
  • grep aaa /tmp/nskrb.debug
  • egrep aaa /tmp/pitboss.debug
  • tail /tmp/aaad.debug

Answer : cat /tmp/aaad.debug

Scenario: A user browses to a page and is presented with a warning that he is trying to enter a web site with an untrusted certificate. The network engineer had added the correct certificate to the SSL virtual server. What could be the cause of this issue?


Options are :

  • TLS is disabled on the virtual server.
  • The CA certificate has not been added to the SSL virtual server.
  • The certificate is not linked to the intermediate CA.
  • The certificate has expired and needs to be renewed.

Answer : The certificate is not linked to the intermediate CA.

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Exam Set 2

Scenario: An organization has recently been penetration-tested by a security company. The findings have indicated that the NetScaler device is responding to requests revealing web server information within the HTTP response headers. Which NetScaler feature can a network engineer use to prevent this information from being leaked to a potential malicious user?


Options are :

  • Responder
  • Web Logging
  • Rewrite
  • URL Transformation

Answer : Rewrite

A network engineer has noted that the primary node in an HA pair has been alternating as many as three times a day due to intermittent issues. What should the engineer configure to ensure that HA failures are alerted?


Options are :

  • Failover Interface Set
  • Route monitors
  • SNMP
  • LACP

Answer : SNMP

Scenario: The network engineer is unable to access a specific SSL site through the NetScaler. While reviewing traces on the NetScaler, the network engineer noticed "Handshake" failures from the server. These handshake failures could be the result of the virtual server __________. (Choose the correct option to complete the sentence.)


Options are :

  • not allowing SSLv3
  • not allowing correct ciphers
  • only allowing TLS
  • configured to demand client authentication

Answer : not allowing correct ciphers

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Exam Set 3

Scenario: A network engineer monitoring an HTTP service-related issue needs to view only the relevant data pertaining to the service being monitored. The IP address of the back-end service being monitored is 10.10.1.99. The NSIP address is 10.10.1.230. Which command should the engineer execute to monitor data relevant to this issue only in real time?


Options are :

  • telnet
  • traceroute
  • nsconmsg
  • nstcpdump

Answer : nstcpdump

Scenario: An engineer has configured a virtual server that users access using HTTP port 80. The web application also uses TCP port 81 and 8080 for non-user access. The engineer would like to prevent users from connecting to web servers if any of the ports go down. How should the engineer set this configuration to ensure service availability?


Options are :

  • Lower the server timeout value.
  • Increase the monitor threshold.
  • Create additional virtual servers for ports 81 and 8080.
  • Create monitors for ports 81 and 8080, and bind to the service or service group.

Answer : Create monitors for ports 81 and 8080, and bind to the service or service group.

An engineer has bound three monitors to a service group and configured each of the monitors with a weight of 10. How should the engineer ensure that the members of the service group are marked as DOWN when at least two monitors fail?


Options are :

  • Re-configure the weight of each monitor to 5, and configure the service group threshold to 15.
  • Re-configure the weight of each monitor to 0.
  • Configure the service group with a threshold of 20.
  • Configure the service group with a threshold of 21.

Answer : Configure the service group with a threshold of 20.

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Exam Set 4

Scenario: A company is using Citrix NetScaler VPX for publishing internal resources using Citrix Access Gateway with Smart Access. Since the number of users has increased the company wants to migrate from Citrix NetScaler VPX to Citrix NetScaler MPX. The engineer is running a parallel installation of the Citrix NetScaler MPX and now needs to transfer the Citrix Access Gateway Universal Licenses from a Citrix NetScaler VPX to a Citrix NetScaler MPX platform. How should the engineer transfer the Citrix Access Gateway Universal License files from the VPX to the MPX?


Options are :

  • Logon to www.MyCitrix.com, return the Citrix Access Gateway Universal License file(s), reallocate the Citrix Access Gateway Universal License file using the hostname of the Citrix NetScaler MPX.
  • Logon to www.MyCitrix.com, return the Citrix Access Gateway Universal License file(s), reallocate the Citrix Access Gateway Universal License file using the MAC Address of the Citrix NetScaler MPX.
  • Download the Access Gateway Universal License file(s) from the Citrix NetScaler VPX using SCP. Upload the Access Gateway Universal License file(s) to the Citrix NetScaler MPX using SCP.
  • Backup the /nsconfig directory from the Citrix NetScaler VPX using SCP, restore the /nsconfig directory to the Citrix NetScaler MPX using SCP.

Answer : Logon to www.MyCitrix.com, return the Citrix Access Gateway Universal License file(s), reallocate the Citrix Access Gateway Universal License file using the hostname of the Citrix NetScaler MPX.

A NetScaler is configured with two-factor authentication. A user reported that authentication failed. How can an engineer determine which factor of the authentication method failed?


Options are :

  • Check the dashboard
  • Use nsconmsg
  • Check NSlog
  • Use cat aaad.debug command

Answer : Use cat aaad.debug command

Scenario: A network engineer created an SSL virtual server and enabled smart card on it. The engineer tried browsing to the server and noticed the back-end system could NOT see the users certificates. What could be causing this issue?


Options are :

  • The network engineer forgot to enable the SSL policy allowing smart card forwarding on the SSL virtual server.
  • The SSL virtual server cannot forward a client certificate.
  • The network engineer has not set smart card to mandatory.
  • The network engineer has not enabled SNI on the virtual server.
  • The SSL virtual server cannot use smart card authentication.

Answer : The SSL virtual server cannot forward a client certificate.

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Test Set 1

Scenario: A network engineer has created and bound an UDP-ECV monitor to identify the status of a UDP service. However, no matter what the response is, the service is always marked as UP. A possible cause of this behavior is that the network engineer __________.


Options are :

  • forgot to add a receive string
  • added the string ns_true as receive string
  • added a string that is invalid and thus skipped
  • added a string that is always part of the UDP handshake

Answer : forgot to add a receive string

A network engineer has enabled USIP and USNIP and set a unique IP address as the source IP using the proxyIP parameter on an INAT policy. Which is the correct order of precedence for the IP addresses?


Options are :

  • USIP-unique IP-USNIP-MIP-Error
  • USIP-USNIP-MIP-Unique IP-Error
  • USIP-Unique IP-MIP-USNIP-Error
  • Unique IP-USIP-MIP-Error

Answer : USIP-unique IP-USNIP-MIP-Error

NSROOT is the only account configured with super user rights. In order to initiate the password recovery procedure, the engineer must __________. (Choose the correct option to complete the sentence.)


Options are :

  • logon using SCP and modify ns.conf
  • connect to the physical NetScaler device
  • logon using nsrecover/nsroot and reallocate licenses
  • connect using SSH to the NetScaler device

Answer : connect to the physical NetScaler device

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Test Set 2

A network engineer should enable the Rate Limiting feature of a NetScaler system to mitigate the threat of __________ attack. (Choose the correct option to complete the sentence.)


Options are :

  • reverse proxying
  • source code disclosure
  • Java decompilation
  • brute force logon attacks

Answer : brute force logon attacks

A network engineer is investigating issues and suspects that a new server that has been recently added to the environment has the same IP address as a virtual server that is configured on the NetScaler. Which command could the engineer run to check the logs that will contain such details?


Options are :

  • nsconmsg -K newnslog -d stats
  • nsconmsg -K /var/nslog/newnslog -s ConLb=1 -d oldconmsg
  • nsconmsg -K /var/nslog/newnslog -d consmsg
  • nsconmsg -K /var/nslog/newnslog -s ConMon=x -d oldconmsg

Answer : nsconmsg -K /var/nslog/newnslog -d consmsg

A network engineer should use a HTTP-ECV monitor type to control the status of a load balanced web server resource when __________. (Choose the correct option to complete the sentence.)


Options are :

  • wanting to use a customized HTTP Request
  • checking for a specific pattern in the HTTP Response header
  • checking for multiple HTTP response codes
  • checking for a specific pattern in the HTTP Response body

Answer : checking for a specific pattern in the HTTP Response header

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Test Set 3

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions