Ensurepass

 

QUESTION 51

A network engineer is investigating issues and suspects that a new server that has been recently added to the environment has the same IP address as a virtual server that is configured on the NetScaler.

 

Which command could the engineer run to check the logs that will contain such details?

 

A.

nsconmsg -K newnslog -d stats

B.

nsconmsg -K /var/nslog/newnslog -d consmsg

C.

nsconmsg -K /var/nslog/newnslog -s ConLb=1 -d oldconmsg

D.

nsconmsg -K /var/nslog/newnslog -s ConMon=x -d oldconmsg

 

Answer: B

 

 

QUESTION 52

A NetScaler engineer generates a techsupport archive to be sent to Technical Support.

 

Which three of the following pieces of information will be included in the archive file? (Choose three.)

 

A.

Model Number

B.

SSL Private Keys

C.

Old Configuration Files

D.

Hardware Boot sequence

E.

Webpage Customizations

F.

Certificate Revocation List

 

Answer: ACD

 

 

QUESTION 53

Citrix 1Y0-351 : Practice Test

Scenario: A network engineer needs to implement high availability (HA) for a pair of NetScaler appliances. The existing appliance was recently restarted and the new appliance has been rack mounted and turned on for several weeks waiting to be configured. The engineer needs to create an HA pair, but is concerned that his original appliance will get erased when the HA pair is created.

 

Which two tasks could the engineer do before the creation of the HA pair to ensure that the exiting unit stays the main appliance? (Choose two.)

 

A.

Set StayPrimary on the existing node.

B.

Configure StaySecondary on the new node.

C.

Enable HA Sync before adding the second node.

D.

Create a Route Monitor to ensure proper synchronization.

E.

Ensure that INC mode is enabled during creation of HA Pair.

 

Answer: AB

 

 

QUESTION 54

The network engineer is investigating issues and suspects that one of the administrators recently changed the NetScaler configuration.

 

Which command could the engineer run to check the logs that will contain such details?

 

A.

nsconmsg -K newnslog -d stats

B.

nsconmsg -K newnslog -d stats -d current

C.

nsconmsg -K /var/nslog/newnslog -d event

D.

nsconmsg -K /var/nslog/newnslog -d consmsg

 

Answer: C

 

 

QUESTION 55

Company policy states that all passwords should travel the network in encrypted packets except SNMP.

 

Which command should the network engineer execute to comply with this policy?

 

 

 

Citrix 1Y0-351 : Practice Test

 

A.

set ns ip 10.20.30.40 -ssh disabled -telnet disabled -gui enabled

B.

set ns ip 10.20.30.40 -telnet disabled -gui secureonly -ftp disabled

C.

set ns ip 10.20.30.40 -mgmtaccess disabled -restrictaccess enabled

D.

set ns ip 10.20.30.40 -gui secureonly -ssh enabled -restrictaccess enabled

 

Answer: B

 

 

QUESTION 56

The network engineer would like all HTTP and HTTPS requests that travel through the NetScaler to have an HTTP header added with the source IP address for logging on the web servers.

 

How should the network engineer accomplish this?

 

A.

Enable Web Logging

B.

Enable the client IP option

C.

Configure the TCP Parameters

D.

Enable the ‘Use Source IP mode’

 

Answer: B

Explanation:

 

 

Citrix 1Y0-351 : Practice Test

 

clip_image002

 

Enabling Use Source IP Mode

When the NetScaler appliance communicates with the physical servers or peer devices, by default, it uses one of its own IP addresses as the source IP. The appliance maintains a pool of mapped IP addresses (MIPs) and subnet IP addresses (SNIPs), and selects an IP address from this pool to use as the source IP address for a connection to the physical server. The decision of whether to select a MIP or a SNIP depends on the subnet in which the physical server resides.

If necessary, you can configure the NetScaler appliance to use the client’s IP address as source IP. Some applications need the actual IP address of the client. The following use cases are a few examples:

Client’s IP address in the web access log is used for billing purposes or usage analysis. Client’s IP address is used to determine the country of origin of the client or the originating

 

 

 

Citrix 1Y0-351 : Practice Test

 

ISP of the client. For example, many search engines such as Goggle provide content relevant to the location to which the user belongs. The application must know the client’s IP address to verify that the request is from a trustworthy source.

Sometimes, even though an application server does not need the client’s IP address, a firewall placed between the application server and the NetScaler may need the client’s IP address for filtering the traffic.

Enable Use Source IP mode (USIP) mode if you want NetScaler to use the client’s IP address for communication with the servers. By default, USIP mode is disabled. USIP mode can be enabled globally on the NetScaler or on a specific service. If you enable it globally, USIP is enabled by default for all subsequently created services. If you enable USIP for a specific service, the client’s IP address is used only for the traffic directed to that service.

As an alternative to USIP mode, you have the option of inserting the client’s IP address (CIP) in the request header of the server-side connection for an application server that needs the client’s IP address.

In earlier NetScaler releases, USIP mode had the following source-port options for server- side connections:

Use the client’s port. With this option, connections cannot be reused. For every request from the client, a new connection is made with the physical server. Use proxy port. With this option, connection reuse is possible for all requests from the same client. Before NetScaler release 8.1 this option imposed a limit of 64000 concurrent connections for all server-side connections.

In the later NetScaler releases , if USIP is enabled, the default is to use a proxy port for server-side connections and not reuse connections. Not reusing connections may not affect the speed of establishing connections.

By default, the Use Proxy Port option is enabled if the USIP mode is enabled. For more information about the Use Proxy Port option, see Using the Client Port When Connecting to the Server.

Note: If you enable the USIP mode, it is recommended to enable the Use Proxy Port option.

The following figure shows how the NetScaler uses IP addresses in USIP mode.

 

IP Addressing in USIP Mode

 

 

 

Citrix 1Y0-351 : Practice Test

 

clip_image004

 

Recommended Usage

Enable USIP in the following situations:

Load balancing of Intrusion Detection System (IDS) servers Stateless connection failover

Sessionless load balancing

If you use the Direct Server Return (DSR) mode

Note: When USIP is required in the one-arm mode installation of the NetScaler appliance, make sure that the server’s gateway is one of the IP addresses owned by the NetScaler. For more information about NetScaler owned IP addresses, see Configuring NetScaler owned IP addresses.

If you enable USIP, set the idle timeout for server connections to a value lower than the default value, so that idle connections are cleared quickly on the server side. For more information about setting an idle time-out value, see “Load Balancing” chapter of the Citrix NetScaler

Traffic Management Guide at http://support.citrix.com/article/CTX132359. For transparent cache redirection, if you enable USIP, enable L2CONN also. Because HTTP connections are not reused when USIP is enabled, a large number of server-side connections may accumulate. Idle server connections can block connections for other clients. Therefore, set limits on maximum number of connections to a service. Citrix also recommends setting the HTTP server time-out value, for a service on which USIP is enabled, to a value lower than the default, so that idle connections are cleared quickly on the server side.

To globally enable or disable USIP mode by using the NetScaler command line At the NetScaler command prompt, type one of the following commands:

Enable ns mode usip

Disable ns mode usip

To enable USIP mode for a service by using the NetScaler command line At the NetScaler command prompt, type:

Setservice <ServiceName> -usip (YES | NO)

Example

 

 

 

Citrix 1Y0-351 : Practice Test

 

Setservice Service-HTTP-1 -usip YES

To globally enable or disable USIP mode by using the configuration utility In the navigation pane, expand System and click Settings. On the Settings page, under Modes and Features, click Configure modes. In the Configure Modes dialog box, do one of the following:

To enable Use Source IP mode, select the Use Source IP check box. To disable Use Source IP mode, clear the Use Source IP check box.

Click OK.

In the Enable/Disable Feature(s)? dialog box, click Yes. To enable USIP mode for a service by using the configuration utility In the navigation pane, expand Load Balancing, and then click Services. In the details pane, select the service for which you want to enable the USIP mode, and then click Open.

In the Configure Service dialog box, click the Advanced tab. Under Settings, select the Use Source IP check box.

Click OK

 

 

QUESTION 57

An engineer is checking that ports are configured correctly between the NetScaler system and a back-end web server. Which command should the engineer use to test that the web server is responding on port 80?

 

A.

telnet webA.example.com 80

B.

telnet webA.example.com:80

C.

telnet webA.example.com port=80

D.

telnet webA.example.com -port 80

 

Answer: A

 

 

QUESTION 58

Scenario: For security reasons, the NSIP needs to be configured to only be accessible on interface 0/1, which is VLAN 300.

 

The NSIP address is 10.110.4.254 and the subnet mask is 255.255.255.0.

 

 

 

Citrix 1Y0-351 : Practice Test

How would the network engineer achieve this configuration?

 

A.

set ns config -nsvlan 300 -ifnum 0/1

B.

set ns ip 10.110.4.254 -gui ENABLED -vrID 300

C.

add vlan 300

set ns ip 10.110.4.254 -mgmtAccess ENABLED

D.

set ns config -IPAddress 10.110.4.254 -netmask 255.255.255.0

 

Answer: A

 

 

QUESTION 59

Scenario: A security test has shown that the NetScaler is forwarding IP packets. Company standard operating procedure is that the routers should be the only devices forwarding packets.

 

Which step should the network engineer take to prevent forwarding packets?

 

A.

Enable Layer 2 mode.

B.

Disable Layer 3 mode.

C.

Disable Path MTU Discovery.

D.

Enable MAC based forwarding.

 

Answer: B

 

 

QUESTION 60

Scenario: A network engineer created an SSL virtual server and enabled smart card on it. The engineer tried browsing to the server and noticed the back-end system could NOT see the users certificates.

 

What could be causing this issue?

 

A.

The SSL virtual server cannot forward a client certificate.

B.

The network engineer has not set smart card to mandatory.

C.

The SSL virtual server cannot use smart card authentication.

D.

The network engineer has not enabled SNI on the virtual server.

E.

The network engineer forgot to enable the SSL policy allowing smart card forwarding on

 

 

 

Citrix 1Y0-351 : Practice Test

the SSL virtual server.

 

Answer: A

 

 

Free VCE & PDF File for Citrix 1Y0-351 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.