1Y0-440 Exam Dumps - Architecting a Citrix Networking Solution

Question # 4

Scenario: A Citrix Architect needs to assess a Citrix Gateway deployment that was recently completed by a customer and is currently in pre-production testing. The Citrix Gateway needs to use ICA proxy to provide access to a Citrix Virtual Apps and Citrix Virtual Desktops environment. During the assessment, the customer informs the architect that users are NOT able to launch published resources using the Gateway virtual server.

Click the Exhibit button to view the troubleshooting details collected by the customer.

What is the cause of this issue?

There are NO backend Virtual Delivery Agent machines available to host the selected published resource.

The Secure Ticket Authority servers have NOT been configured in the Citrix Gateway settings.

The required ports have NOT been opened on the external firewall.

The StoreFront URL configured In the Citrix Gateway session profile is NOT correct.

Full Access

Question # 5

Scenario: A Citrix Engineer is asked by management at the workspacelab organization to review their existing Citrix ADC Configurations and make the necessary upgrades. The architect recommends small changes to the pre-existing Citrix ADC configuration. Currently, the Citrix ADC MPX devices are configured in high-availability pair, and the outbound traffic is load balanced between two internet service providers (ISPs), however, the failover is NOT happening correctly. The following requirements were discussed during the design requirement phase:

The return traffic for a specific flow should be routed through the same path while using Link Load Balancing.
The link should fail over even if the ISP router is up and intermediary devices to an ISP router are down.
Traffic going through one ISP router should fail over to the secondary ISP, and the traffic should not flow through both routers simultaneously.

What should the architect configure with Link Load Balancing LLB) to meet the requirement?

Inverse NAT

Least packets load balancing method

Destination IP hash load balancing method

Reverse NAT.

Full Access

Question # 6

Scenario: A Citrix Architect has implemented two high availability pairs of MPX 5500 and MPX 11500 devices respectively with 12.0.53.13 nc version. The NetScaler devices are set up to handle NetScaler Gateway, Load Balancing, Application Firewall, and Content Switching. The Workspacelab infrastructure is set up to be monitored with NMAS version 12.0.53.13 nc by the Workspacelab administrators. The Workspacelab team wants to implement one more pair of NetScaler MPX 7500 devices with version 12.0.53.13 nc.

The Citrix consulting team has assigned the task to implement these NetScaler devices in the infrastructure and set them up to be monitored and managed by NMAS.

The following are the requirements that were discussed during the project initiation call:

NMAS should be configured to get the infrastructure information under sections such as HDX Insight, WEB Insight, and Security Insight.
Configuration on the new MPX devices should be identical to MPX 11500 devices.
Configuration changes after the deployment and initial setup should be optimized using NMAS.
NMAS should be utilized to configure templates that can be utilized by the Workspacelab team in future deployment.
As per the requirement from the Workspacelab team, NMAS should be store the audited data for only 15 days.

Which process should the architect utilize to ensure that the deployment of MPX 11500 devices are optimized and that it is correct, before deploying the devices in production?

Under Stylebooks; Inbuilt and composite stylebook templates should be utilized prior to deployment.

Under Stylebooks; Public and composite stylebook templates should be utilized prior to deployment.

Under Configuration Management; Configuration Audit and Advice should be used prior to deployment.

Under Configuration jobs; Configuration Audit and Advice should be used prior to deployment.

Full Access

Question # 7

Which encoding type can a Citrix Architect use to encode the StyleBook content, when importing the StyleBook configuration under source attribute?

Hex

base64

URL

Unicode

Full Access

Question # 8

Scenario: The Workspacelab team has configured their NetScaler Management and Analytics (NMAS) environment. A Citrix Architect needs to log on to the NMAS to check the settings.

Which two authentication methods are supported to meet this requirement? (Choose two.)

Certificate

RADIUS

TACACS

Director

SAML

AAA

Full Access

Question # 9

Scenario: A Citrix Architect needs to assess an existing on-premises NetScaler deployment which includes Advanced Endpoint Analysis scans. During a previous security audit, the team discovered that certain endpoint devices were able to perform unauthorized actions despite NOT meeting pre-established criteria.

The issue was isolated to several endpoint analysis (EPA) scan settings.

Click the Exhibit button to view the endpoint security requirements and configured EPA policy settings.

Which setting is preventing the security requirements of the organization from being met?

Item 6

Item 7

Item 1

Item 3

Item 5

Item 2

Item 4

Full Access

Question # 10

Scenario: A Citrix Architect needs to deploy Single Sign-on form-based authentication through Citrix ADC for Outlook Web Access (OWA) 2013 for the users of the domain workspacelab com The Single Sign-on (SSO) must be performed based on sAMAccountName.

Which SSO action can the architect use to meet this requirement?

add tm formSSOAction OWA_Form_SSO_SSOPro -actionURL "/owa" -userField username -passwdField password -ssoSuccessRule "http RES SET_COOKIE COOKIE(V,cadata\M).VALUE(\Mcadata\").LENGTH.GT(70)M -responsesize 15000000 -submrtMethod POST

add tm formSSOAction OWA_Form_SSO_SSOPro -actionURL "/owa/auth.owa" -userField user -passwdField password -ssoSuccessRule "http RES SET_COOKIE COOKIEC'cadataV) VALUE(\"cadata\").LENGTH.GT(70)" -responsesize 15000000 -submrtMethod GET

add tm formSSOAction OWA_Form_SSO_SSOPro -actionURL "/owa/owa.aspx" -userField usemame -passwdField password -ssoSuccessRule "http RES SET_COOKIE COOKIE(\"cadata\") VALUE(\ncadata\") LENGTH.GT(70)" -responsesize 150 -submrtMethod POST

add tm formSSOAction OWA_Form_SSO_SSOPro -actionURL "/owa/auth owa" -userField usemame -passwdField password -ssoSuccessRule "http RES SET_COOKIE COOKIE(V"cadataV,)VALUE(V,cadata\") LENGTH GT(70)M -responsesize 15000000 -submrtMethod POST

Full Access

Question # 11

Which three parameters must a Citrix Architect designate when creating a new session policy? (Choose three.)

Single Sign-on Domain

Request Profile

Name

Enable Persistent Cookie

Expression

Full Access

Question # 12

Scenario: A Citrix Architect has implemented two high availability pairs of MPX 5500 and MPX 11500 devices respectively with 12.0.53.13 nc version. The Citrix ADC devices are set up to handle Citrix Gateway. Load Balancing. Application Firewall, and Content Switching. The Workspacelab infrastructure is set up to be monitored with Citrix Application Delivery Management version 12.0.53.13 nc by the Workspacelab administrators. The Workspacelab team wants to implement one more pair(s) of Citrix ADC MPX 7500 devices with version 12.0.53.13 nc.

The Citrix consulting team has assigned the task to implement these Citrix ADC devices in the infrastructure and set them up to be monitored and managed by Citrix ADC Management and Analytics {Citrix Application Delivery Management).

The following are the requirements that were discussed during the project initiation call:

Citrix Application Delivery Management should be configured to get the infrastructure information under sections such as HDX Insight, WEB Insight, and Security Insight.
Configuration on the new MPX devices should be identical to that of MPX 11500 devices.
Configuration changes after the deployment and initial setup should be optimized using Citrix Application Delivery Management.
Citrix Application Delivery Management should be utilized to configure templates that can be utilized by the Workspacelab team in future deployments.
As per the requirement from the Workspacelab team, Citrix Application Delivery Management should store the audited data for only 15 days.

However, the architect is NOT able to view any Information under Analytics. What should the architect do to fix this issue?

Use nsconfig from MPX 11500 devices and copy the same config to MPX 7500 devices.

Use Public Stylebooks and templates to configure the new MPX 11500 devices.

Use configuration jobs to replicate the entire configuration from MPX 11500 Instance to MPX 7500 devices.

Use Inbuilt Stylebooks and templates to configure the new MPX 11500 devices.

Full Access

Question # 13

Scenario: A Citrix Architect needs to assess an existing NetScaler multi-site deployment. The deployment is using Global Server Load Balancing (GSLB) configured in a parent-child configuration.

Click the Exhibit button to view the diagram of the current GSLB configuration and parent-child relationships, as well as the status of the sites and the connectivity between them.

Based on the displayed configuration and status, Child_site1_______ a connection from _______. (Choose the correct option to complete the sentence.)

rejects; SiteP2 and SiteP3; remains a child site of SiteP1

rejects; SiteP3; remains a child site of SiteP1

accepts; SiteP3; becomes its child site

accepts; SiteP2; becomes its child site

does NOT receive; SiteP2 and SiteP3; remains a child site of SiteP1

rejects; SiteP2; remains a child site of SiteP1

Full Access

Question # 14

Scenario: A Citrix Architect has deployed an authentication setup for the load balancing virtual server for the SAP application. The authentication is being performed using RADIUS and LDAP. RADIUS is the first factor, and LDAP is the second factor in the authentication. The Single Sign-on with SAP application should be performed using LDAP credentials. Which session profile should be used to perform the Single Sign-on?

add tm sessionAction prof -sessTimeout 30 -defaultAuthorizationAction ALLOW -SSO ON -ssoCredential PRIMARY -httpOnlyCookie NO

add vpn sessionAction prof-sessTimeout 30 -defaultAuthorizationAction ALLOW -SSO ON -ssoCredential SECONDARY -httpOnlyCookie NO

add vpn sessionAction prof -sessTimeout 30 -defaultAuthorizationAction ALLOW -SSO ON -ssoCredential PRIMARY -httpOnlyCookie NO

add tm sessionAction prof -sessTimeout 30 -defaultAuthorizationAction ALLOW -SSO ON -ssoCredential SECONDARY -httpOnlyCookie NO

Full Access

Question # 15

Which response is returned by the Citrix ADC, if a negative response is present in the local cache?

NXDOMAIN

NXDATA

NODOMAIN

NO DATA

Full Access

Question # 16

Scenario: A Citrix Architect needs to design a hybrid Citrix Virtual App and Citrix Virtual Desktop environment which will include as well as resource locations in an on-premises datacenter and Microsoft Azure.

Organizational details and requirements are as follows:

Active Citrix Virtual App and Citrix Virtual Desktop Service subscription
No existing Citrix deployment
Minimization of additional costs
All users should use same access point, regardless of network location
No multi-factor authentication is required

Click the Exhibit button to view the conceptual environment architecture.

The architect should use___________ in Location A, and should use _______________ in Location B. (Choose the correct option to complete the sentence.)

No Citrix ADC products; Citrix ICA Proxy (cloud-licensed)

Citrix Gateway as a Service; Citrix ICA Proxy (cloud-licensed)

Citrix Gateway as a Service; no Citrix ADC products

No Citrix ADC products; Citrix Gateway appliance

Citrix gateway as a Service; Citrix ADC (BYO)

No Citrix ADC products; Citrix ADC (BYO)

Full Access

Question # 17

A Citrix Architect needs to configure advanced features of Citrix ADC by using StyleBooks as a resource in the Heat service.

What is the correct sequence of tasks to be completed for configuring Citrix ADC using the Heat stack?

1. Install Citrix ADC Bundle for OpenStack

2 Register OpenStack with Citrix Application Delivery Management

3. Add Citrix ADC instances (Optional)

4. Create service packages (Add OpenStack tenants)

5. Prepare the HOT by using the Citrix ADC Heat resources and Citrix ADC Network Resource

6. Deploy the Heat stack

1. Install Citrix ADC Bundle for OpenStack

2 Add Citrix ADC instances (Optional)

3. Create service packages (Add OpenStack tenants)

4. Prepare the HOT by using the Citrix ADC Heat resources and Citrix ADC Network Resource

5. Register OpenStack with Citrix Application Delivery Management

6. Deploy the Heat stack

1. Install Citrix ADC Bundle for OpenStack

2. Deploy the Heat stack

3. Register OpenStack with Citrix Application Delivery Management

4. Add Citrix ADC instances (Optional)

5. Prepare the HOT by using the Citrix ADC Heat resources and Citrix ADC Network Resource

6. Create service packages (Add OpenStack tenants)

1. Install NetScaler Bundle for OpenStack

2. Prepare the HOT by using the NetScaler heat resources and NetScaler Network Resource

3. Register OpenStack with NMAS

4. Deploy the Heat stack

5. Add NetScaler instances (Optional)

6. Create service packages (Add OpenStack tenants)

Full Access

Question # 18

Scenario: A Citrix Architect needs to configure a full VPN session profile to meet the following requirements:

Users should be able to send the traffic only for the allowed networks through the VPN tunnel.
Only the DNS requests ending with the configured DNS suffix workspacelab.com must be sent to NetScaler Gateway.
If the DNS query does NOT contain a domain name, then DNS requests must be sent to NetScaler gateway.

Which settings will meet these requirements?

Split Tunnel to OFF, Split DNS Both

Split Tunnel to ON, Split DNS Local

Split Tunnel to OFF, Split DNS Remote

Split Tunnel to ON, Split DNS Remote

Full Access

Question # 19

Scenario: A Citrix Architect and a team of Workspacelab members have met for a design discussion about the NetScaler Design Project. They captured the following requirements:

Two pairs of NetScaler MPX appliances will be deployed in the DMZ network and the internal network.
High availability will be accessible between the pair of NetScaler MPX appliances in the DMZ network.
Multi-factor authentication must be configured for the NetScaler Gateway virtual server.
The NetScaler Gateway virtual server is integrated with XenApp/XenDesktop environment.
Load balancing must be deployed for the users from the workspacelab.com and vendorlab.com domains.
The logon page must show the workspacelab logo.
Certificate verification must be performed to identify and extract the username.
The client certificate must have UserPrincipalName as a subject.
All the managed workstations for the workspace users must have a client identifications certificate installed on it.
The workspacelab users connecting from a managed workstation with a client certificate on it should be authenticated using LDAP.
The workspacelab users connecting from a workstation without a client certificate should be authenticated using LDAP and RADIUS.
The vendorlab users should be authenticated using Active Directory Federation Service.
The user credentials must NOT be shared between workspacelab and vendorlab.
Single Sign-on must be performed between StoreFront and NetScaler Gateway.
A domain drop down list must be provided if the user connects to the NetScaler Gateway virtual server externally.
The domain of the user connecting externally must be identified using the domain selected from the domain drop down list.

On performing the deployment, the architect observes that users are always prompted with two-factor authentication when trying to assess externally from an unmanaged workstation.

Click the exhibit button to view the configuration.

What should the architect do to correct this configuration?

Unbind LoginSchema Policy LDAP_RADIUS from the virtual server.

Bind the Portal theme as Domaindropdown.

Bind the LoginSchema Policy Domaindropdown to priority 90.

Bind the Default LoginSchema Policy as Domaindropdown.

Full Access

Question # 20

Scenario: A Citrix Architect has deployed load balancing for SharePoint 2010 on a Citrix ADC instance. While editing the document, the architect observed the error displayed below:

Sorry, we couldn't open 'https://sharepointcs.emea.in/Shared Documents/Citrix Enhancement Request Form.doc'

After troubleshooting, the architect discovers the issue. When a user opens a document, it opens in the browser, but while editing the document, thd session is transferred from the browser to the Word application During this time, the cookies should be transferred from the browser to the Word application.

Which two configurations should the architect modify to ensure that the cookies are shared between the browser and non-browser applications? (Choose two.)

Enable Persistent Cookie

Disable Persistent Cookie

Set HTTPOnly Cookie to NO

Set the NSC_AAAC cookie with HTTPOnly Flag

Set lb vserver -persistenceType COOKIEINSERT

Set HTTPOnly Cookie to Yes

Full Access

Question # 21

Scenario: Based on a discussion between a Citrix Architect and a team of Workspacelab members, the MPX Logical layout for Workspacelab has been created across three (3) sites.

They captured the following requirements during the design discussion held for a Citrix ADC design project:

All three (3) Workspacelab sites (DC, NDR, and DR) will have similar Citrix ADC configurations and design.
Both external and internal Citrix ADC MPX appliances will have Global Server Load Balancing (GSLB) configured and deployed in Active/Passive mode.
GSLB should resolve both A and AAA DNS queries.
In the GSLB deployment, the NDR site will act as backup for the DC site, whereas the DR site will act as backup for the NDR site.
When the external Citrix ADC replies to DNS traffic coming in through Cisco Firepower IPS, the replies should be sent back through the same path.
On the internal Citrix ADC, both the front-end VIP and backend SNIP will be part of the same subnet.
The external Citrix ADC will act as default gateway for the backend servers.
All three (3) sites, DC, NDR, and DR, will have two (2) links to the Internet from different service providers configured in Active/Standby mode.

Which design decision must the architect make the design requirements above?

MAC-based Forwarding must be enabled on the External Citrix ADC Pair.

NSIP of the External Citrix ADC must be configured as the default gateway on the backend servers.

The Internal Citrix ADC must be deployed in Transparent mode.

The ADNS service must be configured with an IPv6 address.

Full Access

Question # 22

For which three reasons should a Citrix Architect perform a capabilities assessment when designing and deploying a new NetScaler in an existing environment? (Choose three.)

Understand the skill set of the company.

Assess and identify potential risks for the design and build phase.

Establish and prioritize the key drivers behind a project.

Determine operating systems and application usage.

Identify other planned projects and initiatives that must be integrated with the design and build phase.

Full Access

Question # 23

Which IP address should be bound to VLAN 11?

40.50.60.2

192.168.30.2

40.50.60.172

192.168.20.170

192.168.20.2

192.168.30.171

40.50.60.172

Full Access

Question # 24

Scenario: A Citrix Architect needs to deploy a load balancing for an application server on the NetScaler. The authentication must be performed on the NetScaler. After the authentication, the Single Sign-on with the application servers must be performed using Kerberos impersonation.

Which three authentication methods can the Architect utilize to gather the credentials from the user in this scenario? (Choose three.)

SAML

OTP

TACACS

WEBAUTH

LDAP

Full Access

Question # 25

Scenario: A Citrix Architect needs to assess an existing Citrix ADC configuration. The customer recently found that members of certain administrator groups were receiving permissions on the production Citrix ADC appliances that do NOT align with the designed security requirements. Click the Exhibit button to view the configured command policies for the production Citrix ADC deployment.

To align the command policy configuration with the security requirements of the organization, the__________for________________should change. (Choose the correct option to complete the sentence.)

command spec; Item 6

priority; Item 5

command spec; Item 3

action; Item 4

priority; Item 2

action; Item 1

Full Access

Question # 26

Scenario: More than 10,000 users will access a customerâ€™s environment. The current networking infrastructure is capable of supporting the entire workforce of users. However, the number of support staff is limited, and management needs to ensure that they are capable of supporting the full user base.

Which two business driver is prioritized, based on the customerâ€™s requirements?

Simplify Management

Increase Scalability

Increase Flexibility

Reduce Costs

Enable Mobile Work Styles

Increase Security

Full Access

Question # 27

Scenario: A Citrix Architect needs to design a hybrid Citrix Virtual App and Citrix Virtual Desktop environment which will include Citrix Cloud as well as resource locations in an on-premises datacenter and Microsoft Azure.

Organizational details and requirements are as follows:

Active Citrix Virtual App and Citrix Virtual Desktops Service subscription
No existing NetScaler deployment
Global Server Load Balancing is used to direct connection requests to Location B, if the StoreFront server in Location B fails, connections should be directed to Location A.

Click the Exhibit button to view the conceptual environment architecture.

The architect should use _____ in Location A, and should use ________ in Location B. (Choose the correct option to complete the sentence.)

Citrix ADC (BYO); Citrix gateway appliance

Citrix ADC (BYO); No Citrix products

Citrix ADC (BYO); Citrix ADC (BYO)

Citrix Gateway appliance; Citrix Gateway appliance

Citrix Gateway appliance; Citrix ADC (BYO)

Full Access

Question # 28

Scenario: The following NetScaler environment requirements were discussed during a design meeting between a Citrix Architect and the Workspacelab team:

All traffic should be secured, and any traffic coming into HTTP should be redirected to HTTPS.
Single Sign-on should be created for Microsoft Outlook web access (OWA).
NetScaler should recognize Uniform Resource Identifier (URI) and close the session to NetScaler when users hit the Logoff button in Microsoft Outlook web access.
Users should be able to authenticate using user principal name (UPN).
The Layer 7 monitor should be configured to monitor the Microsoft Outlook web access servers and the monitor probes must be sent on SSL.

Which method can the architect use to redirect the user accessing https://mail.citrix.com to https://mail.citrix.com?

add responder action act redirect â€œhttps://mail.citrix.comâ€ -responseStatusCode 302 add responder policy pol HTTP.REQ.IS_VALID act

add lb server test SSL 10.107.149.243.80 -persistenceType NONE -cltTimeout 180 -redirectFromPort 80 -httpsRedirectUrl https://mail.citrix.com

add lb server test SSL 10.107.149.243.443 â€“persistenceType NONE -cltTimeout 180 -redirectFromPort 80 -httpsRedirectUrl https://mail.citrix.com

add responder action act redirect â€œ\https://\ + HTTP REQ.HOSTNAME. HTTP_URL_SAFE + HTTP.REQ.URL_PATH_AND_QUERY.HTTP_URL_SAFE\n\nâ€ -responseStatusCode 302 add responder policy pol HTTP.REQ.IS_VALID act

Full Access

Question # 29

Which statement is applicable to Citrix Gateway split tunneling?

If you set split tunneling to reverse, the Citrix ADC Gateway plug-in sends only traffic destined for networks protected by Citrix ADC Gateway through the VPN tunnel. The Citrix ADC Gateway plug-in does NOT send network traffic destined for unprotected networks to Citrix ADC Gateway.

If you set split tunneling to reverse, the intranet applications define the network traffic that Citrix ADC Gateway does NOT intercept.

If you enable split tunneling, the intranet applications define the network traffic that Citrix ADC Gateway does NOT intercept.

If you enable split tunneling, the Citrix ADC Gateway plug-in captures all network traffic originating from a user device and sends the traffic through the VPN tunnel to Citrix ADC Gateway.

If you set split tunneling to reverse, the Citrix ADC Gateway plug-in captures all network traffic originating from a user device and sends the traffic through the VPN tunnel to Citrix ADC Gateway.

Full Access

Question # 30

Scenario: A Citrix Architect needs to conduct a capabilities assessment for an organization that wants to create a new Citrix ADC deployment. One of the

organization's core business drivers is to ensure that key applications are always available to users.

Which capabilities must the architect verify to assess if the requirement is feasible with the current infrastructure?

Undocumented environment

issues image management processes

Disaster recovery and implementation

Training and certification of support staff and end users

Current Active Directory and DNS environment

Full Access

Question # 31

Which four settings can a Citrix Architect use to create a configuration job using Citrix Application Delivery Management? (Choose four.)

Action

File

Configuration Template

StyleBooks

Event Manager

Instance

Record and Play

Full Access

Question # 32

Scenario: A Citrix Architect needs to design a new solution within Microsoft Azure. The architect would like to create a highly available Citrix ADC VPX pair to provide load balancing for applications hosted in the Azure deployment which will receive traffic arriving from the Internet. In order to maximize its investment, the organization would like both Citrix ADC VPX instances to actively load-balance connection requests. Which two approaches are possible solutions for the architect to use to design the solution? (Choose two.)

Purchase two standalone Citrix ADC instances in the Microsoft Azure marketplace, then deploy them as a cluster.

Purchase two standalone Citrix ADC instances in the Microsoft Azure marketplace, deploy them, then use an external Azure load balancer to distribute client traffic across both instances.

Purchase a Citrix ADC HA Pair in the Microsoft Azure marketplace, then deploy them as an Active-Active GSLB configuration.

Purchase two standalone Citrix ADC instances in the Microsoft Azure marketplace, then deploy them as an Active-Passive high availability pair.

Purchase a Citrix ADC HA Pair in the Microsoft Azure marketplace, then deploy them as an Active-Passive high availability pair.

Full Access

Question # 33

Which NetScaler Management and Analytics System (NMAS) utility can a Citrix Architect utilize to verify the configuration template created by the NMAS StyleBook, before actually executing it on the NetScaler?

Dry Run

configpack

NITRO API

configcheck

Full Access

Question # 34

A Citrix Architect needs to evaluate and define the architecture and operational processes required to implement and maintain the production environment. In which two phases of the Citrix Methodology will the architect define this? (Choose two.)

Design

Define

Manage

Deploy

Assess

Full Access

Question # 35

Scenario: A Citrix Architect needs to assess an existing NetScaler configuration. The customer recently found that members of certain administrator groups were receiving permissions on the production NetScaler appliances that do NOT align with the designed security requirements.

Click the Exhibit button to view the configured command policies for the production NetScaler deployment.

To align the command policy configuration with the security requirements of the organization, the _______ for ______should change. (Choose the correct option to complete the sentence.)

command spec; item 3

priority; Item 5

action; Item 1

priority; Item 2

action; Item 4

command spec; Item 6

Full Access

Question # 36

The issue was isolated to several endpoint analysis (EPA) scan settings.

Click the Exhibit button to view the endpoint security requirements and configured EPA policy settings.

Which setting is preventing the security requirements of the organization from being met?

Item 1

Item 4

Item 2

Item 3

Full Access

Question # 37

Scenario: A Citrix Architect needs to assess a Citrix Gateway deployment that was recently completed by a customer and is currently in pre-production testing The Citrix Gateway needs to use ICA proxy to provide access to a Citrix Virtual Apps and Citrix Virtual Desktops environment. During the assessment, the customer informs the architect that users are NOT able to launch published resources using the Gateway virtual server.

Click the Exhibit button to view the troubleshooting details collected by the customer.

Which two reasons could cause this issue? (Choose two)

The StoreFront URL configured in the Citrix Gateway session profile is NOT correct.

The required ports have NOT been opened on the firewall between the Citrix Gateway and the Virtual Delivery Agent machines

There are no backend Virtual Delivery Agent (VDA) machines available to host the selected published resource

The Secure Ticket Authority (STA) servers have NOT been configured in the Citrix Gateway settings

The two-factor authentication is NOT configured on the Citrix Gateway

Full Access

Question # 38

A Citrix Architect has deployed Citrix Application Delivery Management to monitor a high availability pair of Citrix ADC VPX devices.

The architect needs to deploy automated configuration backup to meet the following requirements:

The configuration backup file must be protected using a password.
The configuration backup must be performed each day at 8:00 AM GMT.
The configuration backup must also be performed if any changes are made in the ns.conf file.
Once the transfer is successful, auto-delete the configuration file from the NMAS.

Which SNMP trap will trigger the configuration file backup?

netScalerConfigSave

sysTotSaveConfigs

netScalerConfigChange

sysconfigSave

Full Access

Question # 39

Scenario: A Citrix Architect has set up Citrix ADC MPX devices in high availability mode with version 12.0.53.13 nc. These are placed behind a Cisco ASA 5505 firewall. The Cisco ASA firewall is configured to block traffic using access control lists. The network address translation (NAT) is also performed on the firewall.

The following requirements were captured by the architect during the discussion held as part of the Citrix ADC security implementation project with the customers security team:

The Citrix ADC MPX device:

should monitor the rate of traffic either on a specific virtual entity or on the device It should be able to mitigate the attacks from a hostile client sending a flood of requests. The Citrix ADC device should be able to stop the HTTP TCP. and DNS based requests
needs to protect backend servers from overloading
needs to queue all the incoming requests on the virtual server level instead of the service level
should provide access to resources on the basis of priority
should provide protection against well-known Windows exploits virus-infected personal computers, centrally managed automated botnets, compromised webservers, known spammers/hackers, and phishing proxies
should provide flexibility to enforce the desired level of security check inspections for the requests originating from a specific geolocation database.
should block the traffic based on a pre-determined header length. URL length and cookie length. The device should ensure that characters such as a single straight quote ('): backslash (\); and semicolon (;) are either blocked, transformed, or dropped while being sent to the backend server.

Which security feature should the architect configure to meet these requirements?

Configure Application Firewall with HTML cross-site scripting to block unwanted traffic

Configure pattern sets using regular expressions to block attacks

Configure Signatures manually and apply them to the Application Firewall profile

Configure signatures to auto-update and apply them to the Application Firewall profile

Configure IP address reputation and use IPREP and webroot to block the traffic

Full Access

Question # 40

Scenario: A Citrix Architect needs to design a hybrid XenApp and XenDesktop environment which will include Citrix Cloud as well as resource locations in an on-premises datacenter and Microsoft Azure.

Organizational details and requirements are as follows:

Active XenApp and XenDesktop Service subscription
No existing NetScaler deployment
Global Server Load Balancing is used to direct connection requests to Location B, if the StoreFront server in Location B fails, connections should be directed to Location A.

Click the Exhibit button to view the conceptual environment architecture.

The architect should use _____ in Location A, and should use ________ in Location B. (Choose the correct option to complete the sentence.)

NetScaler ADC (BYO); NetScaler gateway appliance

NetScaler ADC (BYO); No NetScaler products

NetScaler ADC (BYO); NetScaler ADC (BYO)

NetScaler Gateway appliance; NetScaler Gateway appliance

NetScaler Gateway appliance; NetScaler ADC (BYO)

Full Access

Question # 41

Scenario: Based on a discussion between a Citrix Architect and a team of Workspacelab members, the MPX Logical layout for Workspacelab has been created across three (3) sites.

They captured the following requirements during the design discussion held for a Citrix ADC design project:

All three (3) Workspacelab sites (DC NDR and DR) will have similar Citrix ADC configurations and design
Both external and internal Citrix ADC MPX appliances will have Global Server Load Balancing (GSLB) configured and deployed in Active/Passive mode
GSLB should resolve both A and AAA DNS queries.
In the GSLB deployment the NDR site will act as backup for the DC site, whereas the DR site will act as backup for the NDR site
When the external Citrix ADC replies to DNS traffic coming in through Cisco Firepower IPS the replies should be sent back through the same path
On the internal Citrix ADC. both front-end VIP and back-end SNIP will be part of the same subnet
USIP is configured on the DMZ Citrix ADC appliances
The external Citrix ADC will act as default gateway for back-end servers.
All three (3) sites (DC, NDR, and DR) will have two (2) links to the Internet from different service providers configured in Active/Standby mode

Which design decision must the architect make to meet the design requirements above?

Mac Based Routing must be configured on the External Citrix ADC

Interface 0/1 must be used for DNS traffic

The SNIP of the external Citrix ADC must be configured as default gateway on the back-end servers

ADNS service must be used with IPv6 address

The SNIP of the internal Citrix ADC must be configured as the default gateway on the back-end servers.

Full Access

Question # 42

Which markup language can a Citrix use along with NITRO API to create a StyleBook?

GML

XML

HTML

YAML

Full Access

Question # 43

Organizational details and requirements are as follows:

Active Citrix Virtual App and Citrix Virtual Desktop Service subscription
No existing Citrix deployment
Minimization of additional costs
All users should correct directly to the resource locations containing the servers which will host HDX sessions

Click the Exhibit button to view the conceptual environment architecture.

The architect should use___________ in Location A, and should use _______________ in Location B. (Choose the correct option to complete the sentence.)

No Citrix products; Citrix ICA Proxy (cloud-licensed)

Citrix Gateway as a Service; Citrix ICA Proxy (cloud-licensed)

Citrix Gateway as a Service; no Citrix ADC products

No Citrix products; Citrix Gateway appliance

Citrix gateway as a Service; Citrix ADC (BYO)

Full Access

Question # 44

The issue was isolated to several endpoint analysis (EPA) scan settings.

Click the Exhibit button to view the endpoint security requirements and configured EPA policy settings.

Which setting is preventing the security requirements of the organization from being met?

Item 3

Item 4

Item 2

Item 6

Full Access

Question # 45

Scenario: A Citrix Architect has set up NetScaler MPX devices in high availability mode with version 12.0.53.13 nc. These are placed behind a Cisco ASA 5505 Firewall. The Cisco ASA Firewall is configured to block traffic using access control lists. The network address translation (NAT) is also performed on the firewall.

The following requirements were captured by the architect during the discussion held as part of the NetScaler security implementation project with the customerâ€™s security team:

The NetScaler MPX device:

should monitor the rate of traffic either on a specific virtual entity or on the device. It should be able to mitigate the attacks from a hostile client sending a flood of requests. The NetScaler device should be able to stop the HTTP, TCP, and DNS based requests.
needs to protect backend servers from overloading.
needs to queue all the incoming requests on the virtual server level instead of the service level.
should provide protection against well-known Windows exploits, virus-infected personal computers, centrally managed automated botnets, compromised webservers, known spammers/hackers, and phishing proxies.
should provide flexibility to enforce the decided level of security check inspections for the requests originating from a specific geolocation database.
should block the traffic based on a pre-determined header length, URL length, and cookie length. The device should ensure that characters such as a single straight quote (â€œ); backslash (\); and semicolon (;) are either blocked, transformed, or dropped while being sent to the backend server.

Which security feature should the architect configure to meet these requirements?

Global Server Load balancing with Dynamic RTT

Global Server Load Balancing with DNS views

Geolocation-based blocking using Application Firewall

geolocation-based blocking using Responder policies

Global Server Load Balancing with Mac Based Forwarding

Full Access