Citrix 1Y0-351 NetScaler 10.5 Essentials and Networking Exam Set 8

Which NetScaler feature would a NetScaler Engineer configure to allow users from a certain IP range to have access to a special Web portal?


Options are :

  • Content Filtering
  • Global Server Load Balancing
  • Content Switching
  • Load Balancing

Answer : Content Switching

Which command will allow a NetScaler Engineer to change the NetScaler IP (NSIP) from the command-line interface?


Options are :

  • add ns ip 10.100.10.100 255.255.255.0 -type NSIP
  • set ns config -ipaddress 10.100.10.100 -netmask 255.255.255.0
  • add ns ip 10.100.10.100 255.255.255.0 -type SNIP
  • set ns ip 10.100.10.100 -netmask 255.255.255.0 -mgmtaccess enabled

Answer : set ns config -ipaddress 10.100.10.100 -netmask 255.255.255.0

Citrix 1Y0-351 NetScaler 10.5 Essentials and Networking Exam Set 9

Scenario: A NetScaler Engineer needs to perform a network packet trace on a NetScaler appliance. For troubleshooting purposes the engineer needs to capture traffic only from interfaces 1/3 and 1/4; traffic from other interfaces should NOT be captured. The resulting file should be saved in NetScaler format. What should the engineer do to accomplish this task?


Options are :

  • Run the start nstrace command from the NetScaler command-line interface and specify the PerNIC parameter
  • Run the nstcpdump.sh command from the NetScaler shell and specify the filter parameter
  • Run the start nstrace command from the NetScaler command-line interface and specify the filter parameter
  • Run the nstcpdump.sh command from the NetScaler shell and specify the interface
  • Run the start nstrace command from the NetScaler command-line interface and specify the PerNIC parameter

Answer : Run the start nstrace command from the NetScaler command-line interface and specify the filter parameter

Scenario: Example.com runs a dating service site that provides a service with videos of candidates. They want to use RTSP load balancing to stream the videos more effectively. Which load balancing method should the engineer select?


Options are :

  • Least packet
  • Least connection
  • Least bandwidth
  • Round Robin

Answer : Least bandwidth

On which two types of virtual servers is the SOURCEIP persistence type supported?


Options are :

  • SSL_Bridge
  • HTTPS
  • RTSP
  • SIP_UDP

Answer : SSL_Bridge HTTPS

1Y0-200 Managing Citrix XenDesktop 7 Solutions Exam Set 1

Which command would an engineer run to deny access to destination port 103 from a host with an IP address of 10.0.1.1?


Options are :

  • add ns acl rule1 DENY -srcIP 10.0.1.1 -srcPort 103 -TTL 600
  • add ns acl rule1 DENY -srcport 103 -destIP 10.0.1.1 -protocol TCP
  • add ns simpleacl rule1 DENY -srcIP 10.0.1.1 -destport 103 -protocol TCP
  • add ns acl rule1 DENY -srcIP 10.0.1.1 -srcPort 103 -protocol TCP

Answer : add ns simpleacl rule1 DENY -srcIP 10.0.1.1 -destport 103 -protocol TCP

Scenario: A NetScaler Engineer is using the DataStream feature. The NetScaler appliance is located in front of a MySQL Database server in the network topology. The engineer would like to block requests that would drop a database. The engineer comes up with the expression MYSQL.REQ.QUERY.TEXT.CONTAINS("drop database"). The engineer should configure the expression with the ___________ feature to block these requests. (Choose the correct option to complete the sentence.)


Options are :

  • Access Control List
  • Responder
  • Rate Limiting
  • Content Filtering

Answer : Responder

Scenario: A NetScaler Engineer is configuring a NetScaler that has three interfaces. The first interface is connected to the internal network, the second interface is connected to the DMZ1-network, and the third interface is connected to the DMZ2-network. DMZ1 and DMZ2 networks are behind different firewalls, and both firewalls are sending traffic through network address translation (NAT) to the DMZ networks. The default route is to the gateway on the DMZ1-network. DMZ1: 10.10.10.0/24 (Gateway: 10.10.10.1) DMZ2: 10.20.20.0/24 (Gateway: 10.20.20.1) Internal: 192.168.0.0/24 (Gateway: 192.168.0.1) Internet traffic reaches the virtual servers located in DMZ1 but NOT the virtual servers located in DMZ2. Which policy-based route (PBR) would resolve the issue?


Options are :

  • add ns pbr PBR1 ALLOW -srcIP = 10.20.20.0-10.20.20.255 -destIP != 10.20.20.0- 10.20.20.255 - nextHop 10.20.20.1 -priority 10
  • add ns pbr PBR1 ALLOW -srcIP != 10.20.20.0-10.20.20.255 -destIP = 10.20.20.0- 10.20.20.255 - nextHop 10.20.20.1 -priority 10
  • add ns pbr PBR1 ALLOW -srcIP = 10.20.20.0-10.20.20.255 -destIP != 10.20.20.0- 10.20.20.255 - nextHop 10.10.10.1 -priority 10
  • add ns pbr PBR1 ALLOW -srcIP != 10.20.20.0-10.20.20.255 -destIP != 10.20.20.0- 10.20.20.255 - nextHop 10.10.10.1 -priority 10

Answer : add ns pbr PBR1 ALLOW -srcIP = 10.20.20.0-10.20.20.255 -destIP != 10.20.20.0- 10.20.20.255 - nextHop 10.20.20.1 -priority 10

1Y0-200 Managing Citrix XenDesktop 7 Solutions Exam Set 2

A company has two sites that host six cache web servers that are used to promote sales information. Which feature on the NetScaler should an engineer enable to provide faster application performance and also provide additional capacity if the demand increases for one site?


Options are :

  • Load balancing
  • Integrated Cache
  • Responder Policy
  • Content switching

Answer : Load balancing

Scenario: A NetScaler Engineer is addressing an issue discovered during a vulnerability scan. The security team is requiring that the engineer disable specific SSL ciphers on the SSL VServer. Which two methods could the engineer use to meet this requirement?


Options are :

  • Disable SSLv2 Redirect on the VServer and update the CRLs.
  • Un-assign the default group, create a custom cipher group and assign it to the VServer.
  • Modify the list of ciphers in the Default cipher group.
  • Enable Cipher Redirect on the VServer and configure OCSP.
  • Change the list of bound ciphers on the VServer directly.

Answer : Un-assign the default group, create a custom cipher group and assign it to the VServer. Change the list of bound ciphers on the VServer directly.

The security department just conducted a penetration test on the published virtual servers and all of the SSL virtual servers returned the result "Allowed changing to weak certificate standard" in th report. The reason for this result could be that the network engineer who configured the virtual servers forgot to __________. (Choose the correct option to complete the sentence.)


Options are :

  • configure the HIGH Cipher group only
  • apply the SSL policy
  • block TLSv1
  • configure the DEFAULT Cipher group only

Answer : configure the HIGH Cipher group only

1Y0-200 Managing Citrix XenDesktop 7 Solutions Exam Set 3

A NetScaler Engineer is reviewing the performance of a NetScaler appliance and notices that TCP multiplexing (TCP connection reuse) appears to NOT be working for a virtual server. What could be the cause of this issue?


Options are :

  • HTTP services are bound to the virtual server
  • Persistence is enabled on the virtual server
  • The virtual server was created as type SSL_BRIDGE
  • Compression is enabled on the services

Answer : The virtual server was created as type SSL_BRIDGE

What is the purpose of the flash cache option in integrated caching?


Options are :

  • To queue simultaneous requests of an object and answer all with the same response from the server
  • To answer the client request without checking if the object has expired, objects are checked periodically instead
  • To use the flash memory for storage for a specific cache group to improve performance
  • To completely wipe a cache group when the targeted selector is hit in the cache

Answer : To queue simultaneous requests of an object and answer all with the same response from the server

Scenario: The network engineer has created a monitor and bound it to a service group containing four web servers to verify that the web application responds. During routine maintenance one of the web servers is shut down; however, the server state remains UP and user requests are still attempting to communicate with the server. What could be causing this problem?


Options are :

  • The server has been disabled.
  • The monitor is not bound at the correct bind point.
  • Health monitoring is disabled for the service group.
  • The NetScaler configuration has not been saved since before the monitor was bound.

Answer : Health monitoring is disabled for the service group.

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Exam Set 1

Users have reported that they are receiving a confusing error message related to SSL sessions when connecting from older browsers. How could the network engineer present this error to users in a customized format?


Options are :

  • Add a redirect URL to the virtual server.
  • Configure SSL v2 Redirection for the virtual server.
  • Set a URL on the backup virtual server.
  • Enable the SSL v2 protocol.

Answer : Configure SSL v2 Redirection for the virtual server.

Scenario: A network engineer has configured a load balancing virtual server for an HTTP application. Due to the application architecture, it is imperative that a user's session remains on a single server during the session. The session has an idle timeout of 60 minutes. Some devices are getting inconsistent application access while most are working fine. The problematic devices all have tighter security controls in place. Which step should the engineer take to resolve this issue?


Options are :

  • Set the cookie timeout to 60 minutes.
  • Change the HTTP parameters to Cookie Version 1.
  • Configure a backup persistence of SourceIP.
  • Utilize SSL offload to enable the application to use SSL.

Answer : Configure a backup persistence of SourceIP.

Scenario: An engineer is configuring services to allow load balancing of backend web servers on the internal network. The engineer bound multiple monitors to the first service, but notices that the service is reporting as DOWN. The monitor threshold default has NOT been changed. What could be causing this issue?


Options are :

  • One of the monitors' tests is failing.
  • The monitors are both reporting an UP status.
  • The service type is HTTP.
  • Some of the monitors have a higher weight.

Answer : One of the monitors' tests is failing.

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Exam Set 2

Scenario: A NetScaler Engineer is configuring LACP (Link Aggregation Configuration Protocol) on the NetScaler. The engineer adds interface 10/3 and 10/4 to LA/1 (which already contains interfaces 10/1 and 10/2) and is configured for VLAN 500 VLAN 100 is bound to interface 10/3 and VLAN 200 is bound to interface 10/4. VLAN 500 is bound to channel LA/1 Which VLAN is shown with a "show interface" command for interface 10/3?


Options are :

  • 500
  • 200
  • 1
  • 100

Answer : 500

A NetScaler Engineer needs an SNMP alert to be sent when CPU utilization is 90% or higher on a NetScaler instance. Which two steps must the engineer take to configure the SNMP alert?


Options are :

  • Add an SNMP trap destination.
  • Set the CPU-USAGE alarm thresholds.
  • Add an SNMP manger to poll the instance.
  • Enable SNMP trap logging.
  • Set an SNMP community string.

Answer : Add an SNMP trap destination. Set the CPU-USAGE alarm thresholds.

Scenario: A NetScaler Engineer creates a new HTTP VServer using the following command: add lb vserver lb_test HTTP 172.20.10.85 80 -lbMethod LEASTCONNECTION - persistencetype COOKIEINSERT -timeout 0 -authentication ON -cacheable YES During testing, the engineer notices a cookie named NSC_iuuq2 with a value of: ffffffff020a1d1545525d5f4f58455e445a4a423660 What is the purpose of this cookie?


Options are :

  • It indicates that the client has NOT been authenticated.
  • It is used for persistence, describing only the VServer ID and Service IP.
  • It indicates that the client has been authenticated.
  • It is used for persistence, describing the VServer ID, Service IP and Service Port.

Answer : It is used for persistence, describing the VServer ID, Service IP and Service Port.

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Exam Set 3

Which public IP address must a NetScaler Engineer set on a NetScaler appliance to allow for client connections?


Options are :

  • SNIP
  • VIP
  • USNIP
  • NSIP

Answer : VIP

The purpose of pre-fetch in integrated caching is to automatically __________. (Choose the correct option to complete the sentence.)


Options are :

  • fetch objects from the forwarding cache before expiring
  • refresh a cached object before expiring
  • retrieve all objects on a published website after a policy is applied
  • retrieve an object in the expression from a website after a policy is applied

Answer : refresh a cached object before expiring

A NetScaler Engineer needs to audit extended Access Control List (ACL) hits. Which two areas would the engineer enable logging so that the ACL hits could be stored in the /var/log/ns.log?


Options are :

  • The syslog parameters
  • The syslogAction
  • The nslog parameters
  • The ACL

Answer : The syslog parameters The ACL

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Exam Set 4

Which option must a NetScaler Engineer set to enable client keep-alive mode?


Options are :

  • cka yes
  • #NAME?
  • #NAME?
  • #NAME?

Answer : #NAME?

Scenario: A call center has deployed Access Gateway Enterprise to provide its employees with access to work resources from home. Due to the number of available licenses, only selected employees should access the environment remotely based on their user account information. How could the engineer configure access to meet the needs of this scenario?


Options are :

  • Configure an Authentication Policy using Client based expressions.
  • Configure an Authentication Server using a search filter.
  • Configure a Pre-authentication Policy.
  • Add the selected employee accounts to the Local Authentication policy.

Answer : Configure an Authentication Server using a search filter.

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Test Set 1

Company policy states that all passwords should travel the network in encrypted packets except SNMP.Which command should the network engineer execute to comply with this policy?


Options are :

  • set ns ip 10.20.30.40 -gui secureonly -ssh enabled -restrictaccess enabled
  • set ns ip 10.20.30.40 -mgmtaccess disabled -restrictaccess enabled
  • set ns ip 10.20.30.40 -telnet disabled -gui secureonly -ftp disabled
  • set ns ip 10.20.30.40 -ssh disabled -telnet disabled -gui enabled

Answer : set ns ip 10.20.30.40 -telnet disabled -gui secureonly -ftp disabled

Which two response codes and pages can be cached on the NetScaler using Integrated Caching?


Options are :

  • 302 Found pages
  • 404 Not found pages
  • 401 Unauthorized
  • 400 Bad request
  • 500 Internal server error

Answer : 302 Found pages 404 Not found pages

What are two valid ways of checking that a back-end web server is reachable from the NetScaler SNIP address using port 80?


Options are :

  • Bind a HTTP monitor to a service group containing the web server.
  • Run traceroute.
  • Run telnet using the -srcip option.
  • Run the ping command between the NetScaler and the web server.
  • Bind a DNS monitor to a service group containing the web server.

Answer : Bind a HTTP monitor to a service group containing the web server. Run telnet using the -srcip option.

1Y0-200 Managing Citrix XenDesktop 7 Solutions Practice Test Set 2

During a recent security penetration test, several ports on the management address were identified as providing unsecured services. Which two methods could the network engineer use to restrict these services?


Options are :

  • Configure Auditing policies.
  • Create Access Control Lists (ACLs).
  • Configure options on the Management IP addresses.
  • Create Content Filtering policies.

Answer : Create Access Control Lists (ACLs). Configure options on the Management IP addresses.

Scenario: A network engineer deployed a new NetScaler MPX appliance on the network and all interfaces are connected to the core switch. The network engineer notices the CPU utilization has become very high on the switch since the NetScaler deployment. Which two actions could the engineer perform on the NetScaler to resolve this issue?


Options are :

  • Utilize static routing
  • Connect a single interface only
  • Configure VMAC
  • Configure a channel

Answer : Connect a single interface only Configure a channel

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions