1Y0-306 - Citrix Access Gateway 4.2 with Advanced Access Control:Admin
Go back to
Citrix
Example Questions
Which type of IP addressing is needed to enable internal and external connection to the Access Gateway appliance?
Static IP addressing
From which node in the Access Suite Console can an administrator configure event logging?
Access Server Farm node
Which two statements are true of adding an Access Gateway appliance to an Advanced Access Control deployment? (Choose two.)
The Access Gateway appliance must be assigned at least one IP address.
The Access Gateway appliance must be configured to point to the FQDN/IP address of one or more Advanced Access Control servers in the farm.
Which two clients can be used to access published applications on Citrix Presentation Servers? (Choose two.)
Web Client
Client for Java
Scenario: Tim, a member of the Sales and Marketing groups, calls the Help Desk to report difficulties accessing email when connecting to the corporate Advanced Access Control access server farm. Using the Policy Overview Tool you notice that the web-based email resource belongs to multiple policies which have different access rights to the resource. The environment has these policy configurations: In Policy A, web-based email is set to "Not Configured" for all authenticated users. In Policy B, web-based email is set to "Allow" for the Marketing Group and the Sales Group. In Policy C, web-based email is set to "Deny" for the Marketing Group. Based on the listed policy configurations, which statement accurately describes the outcome of the policies?
The "Deny" setting in Policy C takes precedence over Policy A and B. Tim will be denied access to web-based email.
Scenario: To ensure that a service pack level scan is run whenever Windows XP or 98 operating system is encountered, which configuration is required?
Configure two rules for the scan with operating system conditions and the respective service pack as the property values for the scan.
Scenario: Advanced Access Control is configured to use LDAP for primary authentication and authorization. An administrator needs to enable pass-through authentication in order for Active Directory credentials to be passed automatically to applications. What is the administrator required to do to meet the requirements of this scenario?
Ensure that the same logon account exists for LDAP and Active Directory.
In an environment that restricts client device access to resources based upon the presence of a specific version of an antivirus software, which step must be completed for a continuous process scan?
Browse to the client version of the antivirus executable.
An administrator wants to grant internal users access to resources in an access server farm. Which two things should be provided to the users to ensure that they have access to published resources? (Choose two.)
The name of the logon point
The FQDN of the Advanced Access Control server hosting the logon point
Scenario: An environment requires that client devices accessing resources through the Access Gateway have a specific antivirus software installed. In addition, all client devices must have a valid SSL certificate installed. Which detail must be included when configuring a filter to meet the SSL certificate requirement?
The presence of an SSL client certificate must be specified
Scenario: Ken configured an Exchange Server and Outlook clients for email synchronization. Client devices are using Microsoft Outlook 2000 and running on Windows XP operating systems. The Secure Access Client is installed on all client devices. What are two requirements to perform the configurations required for this scenario? (Choose two.)
The administrator must create and configure a policy.
The administrator verifies connectivity from the Access Gateway to the Exchange Server on all the ports to which the Exchange Server listens.
Which server role must be selected for Advanced Access Control servers that will process CDAs?
Agent server
Scenario: An administrator wants to perform additional analysis in the Event Log Consolidator on aggregated data collected from multiple Advanced Access Control servers in the farm. In which three ways can this be done? (Choose three.)
By using the logon point
By using the User Name
By using the Reference ID
What is required to administer an access server farm using the Access Suite Console?
An account which is in the Administrators role of the Access Gateway Server COM+ application.
Which two syntaxes can be used when entering the administrator's credentials into the "Administrator Bind DN" field to configure LDAP authentication against Active Directory? (Choose two.)
[email protected]
cn=administrator,cn=users,dc=citrix,dc=com
An administrator wants to ensure that all clients have anti-virus signatures that are no more than three days old. How can this be accomplished?
Use endpoint analysis command-line tools and scripts to update the anti-virus package parameters.
In order to import a scan package into a different scan group than that which it was originally a part of, an administrator must __________. (Complete the sentence with an option from the list.)
delete all rules and filters that refer to the scan package
Scenario: You just added a new server to the access server farm however it is not displaying in the Access Suite Console. Which two steps can you take to display this server in the Access Suite Console? (Choose two.)
Close and reopen the Access Suite Console.
Run discovery from the Servers node in the Access Suite Console.
Which policy setting should be enabled if an administrator wants users to be able to open documents with a published application?
File Type Association
Scenario: An administrator wants to provide access to intranet site from the access server farm. The home page for the intranet site includes several links to external web pages. The administrator wants to ensure that all links can be accessed through this resource. How can this be configured?
Within the New Web Resource Wizard add URLs for the home page and each page linked from the home page.
How can an administrator control whether users are allowed or denied logon privileges through policies?
Include the Allow Logon Resource in the access policy
What does a port of zero (0) mean when defining a network resource?
All ports
Which connection setting should be configured in a connection policy if a connection will be made using the Secure Access Client?
Launch Secure Access Client if access is allowed
Which statement regarding the rules for configuring a connection policy is true?
IP address pools can be defined in the connection policy for dynamic IP addressing.
When a logon point is renamed just after it is deployed, __________. (Fill in the blank with a listed option.)
it must be redeployed using the update/refresh function in the Server Configuration Wizard before users can begin using the logon point to access resources
When implementing Advanced Access Control in an environment in which users will access resources through a VPN tunnel created by an Access Gateway appliance, which client must be used?
Secure Access Client
While configuring a web email resource, what must an administrator do to ensure that users can email attachments from the web resource?
Create a policy granting users the appropriate permissions
In which two ways can an accessible network be specified for an Access Gateway appliance? (Choose two.)
Using Classless Inter Domain Routing (CIDR)
Using the IP address and subnet mask of the network
In which location must the Advanced Access Control Software be installed?
On a server which can communicate with the Access Gateway appliance
Which connection settings should be configured if the user is required to re-authenticate after their system goes into hibernation?
Authenticate after system resume
Along with Active Directory, which other two authentications could be implemented in order to provide Advanced Authentication? (Choose two.)
RSA Security SecurID
Secure Computing SafeWord PremierAccess
Which data included in each event included in the event log consolidator correlates with the error message that an end-user reports?
Reference ID
To use tokens while defining a file share for an access server farm __________. (Choose the option which best completes the sentence.)
you must have Active Directory implemented in the environment
In an environment where there are multiple logon points and an endpoint analysis scan that requires a specific browser version, which logical operators should be used to so that users who access from specific logon points are also scanned to ensure that they meet the browser version requirements for the implementation? (Choose the string that matches the need for this environment.)
(logon point A or logon point B) and endpoint analysis_1
Scenario: 's Contractors Acitve Directory group is allowed to launch Outlook and SAP only when using a corporate-supplied laptop. The same users are allowed to view Office and Adobe Reader applications regardless of the accessing device. Which type of scan can the administrator perform to ensure that the requirements for this scenario are met?
Citrix scans for MAC addresses
Scenario: An administrator is implementing Access Gateway with Advanced Access Control for use in his environment. The implementation will be used primarily for mobile workers who may access resources from diverse client devices, which may be locked down and may not allow files such as client software to be downloaded. For this environment, which type of access should be given to the clients?
Browser-only access
Why would an administrator need to setup a network resource?
To allow users direct access to a subnet on the company's intranet
Scenario: An administrator gives a user the URL https://Accounting1.net/CitrixLogonPoint/AccountAccess to access a logon page. "Accounting1.net" is the FQDN of the Advanced Access Control server hosting the logon point and "AccountAccess" is the name of the logon point. From the URL given to the user, which access method will be used to obtain resources from the access server farm?
Browser-only access
Which two steps must an administrator take to remove an Access Gateway appliance server from an Advanced Access Control deployment? (Choose two.)
The administrator must execute the Remove Access Gateway task from the Gateway Appliances node in the Access Suite Console.
The administrator must configure the Access Gateway appliance server so that it no longer points itself to an Advanced Access Control server in the deployment.
Where does an administrator configure the conditions that users must meet to be able to see the logon page?
In logon point properties
Scenario: An administrator wants to make documents from a defined file share open from a Citrix Presentation Server session. Which policy setting should be enabled for this purpose?
File type association
Which rule must be followed when attempting to change the service account for an access server farm in which the credentials have been compromised?
The administrator must use the Server Configuration Tool to change the service account on each server in the farm.
What are two requirements for enabling access to file share resources from the default navigation page (Access Navigator)? (Choose two.)
Permission to the share must be granted in an access policy.
The file server hosting the file share must be accessible to the Advanced Access Control servers on the network.
An administrator is creating logon points and needs to configure the session settings. What is true about the configuration of session settings for logon points?
Secure Access Client (VPN) time-out should always be longer than session time-out.
Which three can directly reference scan outputs? (Choose three.)
Filters
Other scans
Logon points
Which three options are available to deploy the Endpoint Analysis Client? (Choose three.)
Active X /Plug-in
Access Client Packager
Endpoint Analysis Client MSI
Where can an administrator configure the endpoint analysis scan for an operating system?
From the Operating System scan group node
An administrator needs to make a change to the default logon point settings for an Advanced Access Control implementation. Where can the administrator locate the default logon point?
In the Access Suite Console
Scenario: An administrator is required to create a scan that will scan client devices to ensure that all clients running Windows XP Professional also have service pack 1(SP1) installed and running. All users in the environment are required to have a specific version of an antivirus software running on their systems. Due to the addition of a newly acquired office, the scan requirements have to be modified. Newly acquired remote offices, which will obtain access to company resources through Access Gateway, have client devices that run on Windows 98 and are not required to submit to the same scans that are required of the other users. By configuring rules for the end point analysis scan, the administrator can ensure that only the devices in the new offices will not be required to meet the same security requirements that are required for the other corporate users. Which condition type should be added to the rules for the scan to ensure that the requirements for the scenario are met?
Operating system
Scenario: An administrator is required to configure the setting that determines whether users can reconnect to both active and disconnected sessions or only to disconnected sessions while creating a logon point. Which option should the administrator enable?
Workspace Control