Ensurepass

 

QUESTION 11

Scenario: A NetScaler Engineer creates a new HTTP VServer using the following command:

 

add lb vserver lb_test HTTP 172.20.10.85 80 -lbMethod LEASTCONNECTION – persistencetype COOKIEINSERT -timeout 0 -authentication ON -cacheable YES

 

During testing, the engineer notices a cookie named NSC_iuuq2 with a value of:

ffffffff020a1d1545525d5f4f58455e445a4a423660

 

What is the purpose of this cookie?

 

A.

It indicates that the client has been authenticated.

B.

It indicates that the client has NOT been authenticated.

C.

It is used for persistence, describing only the VServer ID and Service IP.

D.

It is used for persistence, describing the VServer ID, Service IP and Service Port.

 

Correct Answer: D

 

 

QUESTION 12

Which two options could a NetScaler Engineer configure to ensure that a revoked client certificate CANNOT be used for a client certificate authentication? (Choose two.)

 

A.

Server Name Indication (SNI)

B.

Certificate Revocation List (CRL)

C.

Certificate Signing Request (CSR)

D.

Online Certification Status Protocol (OCSP)

 

Correct Answer: BD

 

 

 

 

QUESTION 13

Scenario: A NetScaler Engineer connected a new NetScaler MPX appliance to the network. However, some of the interfaces were blocked on the uplink switch. The engineer needs to perform a network packet trace on the NetScaler appliance. For troubleshooting purposes, the engineer needs to separate trace files for each interface. The engineer executed the following command from the NetScaler CLI:

 

start nstrace -perNIC ENABLED

 

However, NetScaler created a single trace file.

 

What should the engineer do to produce separate trace files for each interface?

 

A.

Specify the nodes parameter.

B.

Use the nsconmsg command.

C.

Specify the tcpdump parameter.

D.

Use the nstracemerge.sh command.

 

Correct Answer: C

 

 

QUESTION 14

A company has an external-facing web application that requires end-to-end encryption and Layer-7 functionality. Which protocol type would an engineer choose for the virtual server and service?

 

A.

SSL

B.

SSL_TCP

C.

SSL_PUSH

D.

SSL_BRIDGE

 

Correct Answer: B

 

 

QUESTION 15

Which client header indicates support for the type of compression the NetScaler may use?

 

A.

Accept

B.

User-Agent

C.

Content-Type

D.

Accept-Encoding

 

Correct Answer: D

 

 

QUESTION 16

A network engineer needs to prevent too many simultaneous HTTP requests that can cause a Denial Of Service (DDoS). What could the engineer enable to prevent too many simultaneous HTTP requests?

 

A.

Rate Limiting

B.

SureConnect

C.

Priority Queuing

D.

Authorization Policy

Correct Answer: A

 

 

QUESTION 17

Scenario: A call center has deployed Access Gateway Enterprise to provide its employees with access to work resources from home. Due to the number of available licenses, only selected employees should access the environment remotely based on their user account information. How could the engineer configure access to meet the needs of this scenario?

 

A.

Configure a Pre-authentication Policy.

B.

Configure an Authentication Server using a search filter.

C.

Configure an Authentication Policy using Client based expressions.

D.

Add the selected employee accounts to the Local Authentication policy.

 

Correct Answer: B

Explanation:

http://support.citrix.com/article/CTX111079

 

When you type log in credentials on the log in page of the NetScaler VPN and press Enter, the credentials are sent to the Active Directory for validation. If the user name and password are valid, then the Active Directory sends the user attributes to the NetScaler appliance.

The memberOf attribute is one of the attributes that the Active Directory sends to the NetScaler appliance. This attribute contains the group name of which you are defined as a member in the Active Directory. If you are a member of more than one Active Directory group, then multiple memberOf attributes are sent to the NetScaler appliance. The NetScaler appliance then parses this information to determine if the memberOf attribute matches the Search filter parameter set on the appliance. If attribute matches, then you are allowed to log in to the network.

The following are the sample attributes that the Active Directory can send to NetScaler appliance:

dn: CN=johnd,CN=Users,DC=citrix,DC=com

changetype: add

memberOf: CN=VPNAllowed,OU=support,DC=citrix,DC=com

cn: johnd

givenName: john

objectClass: user

sAMAccountName: johnd

 

Configuring a NetScaler Appliance to Extract the Active Directory Group To configure a NetScaler appliance to extract the Active Directory group and enable clients to access the NetScaler VPN based on the Active Directory groups by using the Lightweight Directory Access Protocol (LDAP) authentication, compete the following procedure:

Determine the Active Directory Group that has access permission. To configure the NetScaler appliance for Group Extraction, you must define the group a user needs to be a member of to allow access to the network resources. Note: To determine that exact syntax, you might need to refer to the Troubleshooting Group Extraction on the NetScaler appliance section.

Determine the Search Filter syntax.

Enter the appropriate syntax in the Search Filter field of the Create Authentication Server dialog box, as shown in the following sample screenshot:

 

clip_image001

 

Note:

Ensure that you start the value to the Search Filter filed with memberOf= and do not have any embedded spaces in the value.

To configure the LDAP authentication with Group Extractions from the command line interface of the NetScaler appliance with the values similar to the ones in the preceding screenshot, run the following command:

add authentication ldapaction LDAP-Authentication -serverip 10.3.4.15 ldapBase “CN=Users,DC=citrix,DC=com” ldapBindDn “CN=administrator,CN=Users,DC=citrix,DC=com” -ldapBindDnPassword ..dd2604527edf70 ldapLoginName sAMAccountName searchFilter “memberOf=CN=VPNAllowed,OU=support,DC=citrix,DC=com” -groupAttrName memberOf subAttributeName CN

Note: Ensure that you set the subAttributeName parameter to CN. Troubleshooting Group Extraction on the NetScaler appliance To troubleshoot group extraction on the NetScaler appliance, consider the following points:

If the LDAP policy fails after configuring it for Group Extraction, it is best to create a policy that does not have the group extraction configured to ensure that LDAP is configured appropriately.

You might need to use the LDAP Data Interchange Format Data Exchange (LDIFDE) utility from Microsoft that extracts the attributes from the Active Directory server to determine the exact content of the memberOf group.

You need to run this utility on the Active Directory server. The following is the syntax for the command to run the LDIFDE utility:

ldifde -f <File_Name> -s <AD_Server_Name> -d “dc=<Domain_Name>,dc=com” -p subtree -r “(&(objectCategory=person)(objectClass=User)(givenname=*))” -l “cn,givenName,objectclass,samAccountName,memberOf” When you run the preceding command, a text file, with the name you specified for File_Name parameter, is created. This file contains all objects from the Active Directory. The following is an example from a text file so created:

dn: CN=johnd,CN=Users,DC=citrix,DC=com

changetype: add

memberOf: CN=VPNAllowed,OU=support,DC=citrix,DC=com

cn: johnd

givenName: john

objectClass: user

sAMAccountName: johnd

 

 

QUESTION 18

Which service setting would a NetScaler Engineer use in the command-line interface to limit connections to server resources?

 

A.

-maxReq

B.

-maxClient

C.

-monThreshold

D.

-maxBandwidth

 

Correct Answer: B

 

 

QUESTION 19

Scenario: A NetScaler Engineer needs to perform a network packet trace on a NetScaler appliance. For troubleshooting purposes the engineer needs to capture traffic only from interfaces 1/3 and 1/4; traffic from other interfaces should NOT be captured. The resulting file should be saved in NetScaler format. What should the engineer do to accomplish this task?

 

A.

Run the nstcpdump.sh command from the NetScaler shell and specify the interface

B.

Run the nstcpdump.sh command from the NetScaler shell and specify the filter parameter

C.

Run the start nstrace command from the NetScaler command-line interface and specify the filter parameter

D.

Run the start nstrace command from the NetScaler command-line interface and specify the PerNIC parameter

 

Correct Answer: C

 

 

QUESTION 20

Which NetScaler caching type requires proxy configuration on all client devices?

 

A.

SOCKS

B.

REVERSE

C.

FORWARD

D.

TRANSPARENT

 

Correct Answer: C

Free VCE & PDF File for Citrix 1Y0-351 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

 

Comments are closed.