Ensurepass

 

QUESTION 41

Scenario: A network engineer is managing a NetScaler environment that has two NetScaler devices running as a high availability pair. The engineer must upgrade the current version from NetScaler 9 to NetScaler 10.5.

 

Which action must the engineer take?

 

A.

Upgrade the primary node and perform HA sync.

B.

Upgrade the secondary node and then upgrade the primary node.

C.

Upgrade the primary node and then upgrade the secondary node.

 

 

 

Citrix 1Y0-351 : Practice Test

D.

Break the high availability pair, upgrade each NetScaler device, and then reconfigure high availability.

 

Answer: B

 

 

QUESTION 42

Scenario: A network engineer has modified the configuration of a content-switching virtual server, Website_main, because a second content-switching server that is capable of handling more connections has been added to the NetScaler implementation. Both servers will remain in operation.

 

The engineer made the following configuration changes:

 

>set cs vserver Website_main -lbvserver New_Server -backupVserver Old_Server – redirectURL http://www.mydomain.com/maintenance -soMethod Connection -soThreshold Why did the engineer enable the spillover option?

 

A.

To handle incoming connections in case the new server is unavailable

B.

To handle the extra connections using the old server without dropping them

C.

To redirect the extra connections to the Maintenance website when it is needed

D.

To handle incoming connections while the server reaches its limit of connections

 

Answer: B

 

 

QUESTION 43

A network engineer wants to collect performance statistics regarding the traffic between different points in the connection, specifically from client-to-NetScaler and from NetScaler to back-end server, and be able to present this to different analysis tools.

 

Which feature on the NetScaler could the engineer use for this?

 

A.

Syslog

B.

nstrace

C.

AppFlow

 

 

 

Citrix 1Y0-351 : Practice Test

D.

nsconmsg

 

Answer: C

 

 

QUESTION 44

Scenario: A NetScaler engineer has received an SSL certificate and bound it to the vServer. However, users are unable to browse to the website using HTTPS. When the NetScaler engineer browses to the site using HTTPS, the engineer notices that the certificate chain is incomplete.

 

Which two steps should the administrator take to fix the virtual server? (Choose two.)

 

A.

Generate a new CSR.

B.

Install a new Certificate Authority (CA).

C.

Install the Intermediate Certificate from the CA.

D.

Link the Intermediate Certificate to the virtual server.

E.

Link the SSL Certificate to the Intermediate Certificate.

 

Answer: CE

 

 

QUESTION 45

A network engineer is trying to read a nstrace from the NetScaler but can only see encrypted traffic.

 

Which file is required to decrypt the network trace?

 

A.

The server certificate

B.

The servers root certificate

C.

The private key for the server certificate

D.

The private key for the server root certificate

 

Answer: C

 

 

QUESTION 46

Citrix 1Y0-351 : Practice Test

What should a network engineer configure to set high availability for a load balanced virtual server?

 

A.

Session persistence

B.

A backup virtual server

C.

Load balancing policies

D.

Load balancing services

 

Answer: B

 

 

QUESTION 47

A network engineer selected the option on a SSL certificate to provide notification upon expiration of the certificate; however when a certificate expires, NO notification is sent to the engineer. Which step could the engineer take to enable notification?

 

A.

Configure SNMP.

B.

Create a SSL policy.

C.

Enable the SSL offload feature.

D.

Ensure that the certificate is linked to a Root certificate.

 

Answer: A

 

 

QUESTION 48

A network engineer might choose to use SSL_Bridge instead of a SSL virtual server in order to __________. (Choose the correct option to complete the sentence.)

 

A.

be able to decrypt the SSL traffic

B.

enable use of OCSP for revoked certificates

C.

pass user certificates to the back-end servers

D.

enable SSL server certificates on the service group

 

Answer: C

 

 

QUESTION 49

Citrix 1Y0-351 : Practice Test

Which type of authentication server could an engineer configure in order to provide the use of RSA token authentication as a permitted authentication method to access a AAA Virtual Server?

 

A.

LDAP

B.

SAML

C.

RADIUS

D.

Negotiate

 

Answer: C

Explanation:http://support.citrix.com/article/CTX127543

 

This document describes how to configure Access Gateway 5.0 for authentication against an RSA SecurID Authentication server. It describes the configuration required in both the Access Gateway and the RSA server for various deployment topologies.

 

clip_image002

 

 

 

Citrix 1Y0-351 : Practice Test

 

Within the RSA Authentication Manager console, choose Agent Host > Generate Configuration

Files and select for One Agent Host, and choose the Agent Host created in step 1 and save the generated sdconf.rec file.

 

clip_image004

 

If using RSA 7.1

Open the RSA Security Console and navigate to Access > Authentication Agents > Add New.

Enter the name and IP Address of the Access Gateway, and set Agent type to Standard Agent. Save this new agent.

 

clip_image006

 

 

 

Citrix 1Y0-351 : Practice Test

 

Select Access > Authentication Agents > Generate Configuration File and generate the configuration file. There is no option to generate a configuration file for a single host in RSA 7.1. Save and extract the sdconf.rec from the generated zip file.

 

clip_image008

 

Log on to the Access Gateway AdminLogonPoint and go to Authentication Profiles to create an RSA authentication profile. Browse to the generated sdconf.rec file on your computer to upload it on the Appliance, and save the profile.

 

clip_image010

 

Additional Notes for Creating the Agent Record in RSA. The details entered into the Agent Host configuration are specific, and depend on the deployment configuration of your Access Gateway. The following are the different deployment methods and the associated configuration within the RSA Agent:

 

 

 

Citrix 1Y0-351 : Practice Test

 

Access Gateway is a non-HA deployment in one-arm mode.

Network Address: IP address of Access Gateway

Access Gateway is a non-HA deployment in two-arm mode, traffic to the RSA server is through the interface with the Internal role

Network Address: IP address of the interface with the Internal role Access Gateway is a non-HA deployment in two-arm mode, traffic to the RSA server is through the interface with the External role

Network Address: IP address of the interface with the Internal role Secondary Nodes: IP address of the interface with the External role Access Gateway is in an HA deployment in one-arm mode Network Address: The HA Virtual IP address

Secondary Nodes: The physical IP addresses of both Access Gateways Access Gateway is in an HA deployment in two-arm mode, traffic to the RSA server is through the interface marked as INTERNAL

Network Address: The HA Internal virtual IP address Secondary Nodes: The physical IP addresses of the interfaces with the Internal role on both Access Gateways

Access Gateway is in an HA deployment in two-arm mode, traffic to the RSA server is through the interface marked as EXTERNAL

Network Address: The HA Internal virtual IP address Secondary Nodes: The physical IP addresses of the interfaces with the External role on both Access Gateways

*In RSA 7.1 Secondary Nodes have been renamed to Alternate IP Addresses in the Authentication Agent configuration.

 

 

QUESTION 50

An environment network has:

 

High bandwidth

Low packet loss

High Round-Trip Time (RTT)

 

Which TCP profile should an engineer configure for the environment described?

 

A.

Nstcp_default_profile

B.

Nstcp_default_tcp_lfp

C.

Nstcp_default_tcp_lnp

 

 

 

Citrix 1Y0-351 : Practice Test

D.

Nstcp_default_tcp_lan

 

Answer: B

 

 

Free VCE & PDF File for Citrix 1Y0-351 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.