1Y0-350 - Citrix NetScaler 10 Essentials and Networking
Go back to Citrix
Scenario: Example.com runs a dating service site that provides a service with videos of candidates. They want to use RTSP load balancing to stream the videos more effectively. Which load balancing method should the engineer select?
An engineer has bound a policy to a test virtual server. How could the engineer verify that the policy is being applied?
Monitor the number of hits for the policy.
A network engineer wants to hide the IP address of the outgoing packets by changing it to the IP of the VIP. Which feature should the administrator use?
An engineer has bound three monitors to a service group and configured each of the monitors with a weight of 10. How should the engineer ensure that the members of the service group are marked as DOWN when at least two monitors fail?
Configure the service group with a threshold of 20.
Scenario: An engineer configures two NetScaler appliances in a high availability (HA) pair. As part of a monthly health check, the engineer attempts to log on to the second node of the HA pair and is unable to access the management IP Address. The engineer logs on to the first NetScaler node and verifies that HA is working and operational. What does the engineer need to do to resolve this problem?
Create an ACL to allow access to the NSIP of the second node.
Scenario: A network engineer has configured a load balancing virtual server for an HTTP application. Due to the application architecture, it is imperative that a user's session remains on a single server during the session. The session has an idle timeout of 60 minutes. Some devices are getting inconsistent application access while most are working fine. The problematic devices all have tighter security controls in place. Which step should the engineer take to resolve this issue?
Configure a backup persistence of SourceIP.
Scenario: A network engineer adds a secondary node for high availability (HA) purposes. To confirm the implementation is working, the engineer initiates a fail over; however when this is complete, some virtual servers are un-reachable. What is a possible cause of this issue?
The network configuration is mismatched on the nodes.
A network engineer must determine which SSL protocols are enabled on a virtual server named SSL01. Which command could the engineer run to see this information?
Show ssl vServer SSL01
A network engineer should enable the Rate Limiting feature of a NetScaler system to mitigate the threat of __________ attack. (Choose the correct option to complete the sentence.)
brute force logon attacks
A network engineer wants to collect performance statistics regarding the traffic between different points in the connection, specifically from client-to-NetScaler and from NetScaler to back-end server, and be able to present this to different analysis tools. Which feature on the NetScaler could the engineer use for this?
Scenario: A company is using Citrix NetScaler VPX for publishing internal resources using Citrix Access Gateway with Smart Access. Since the number of users has increased the company wants to migrate from Citrix NetScaler VPX to Citrix NetScaler MPX. The engineer is running a parallel installation of the Citrix NetScaler MPX and now needs to transfer the Citrix Access Gateway Universal Licenses from a Citrix NetScaler VPX to a Citrix NetScaler MPX platform. How should the engineer transfer the Citrix Access Gateway Universal License files from the VPX to the MPX?
Logon to www.MyCitrix.com, return the Citrix Access Gateway Universal License file(s), reallocate the Citrix Access Gateway Universal License file using the hostname of the Citrix NetScaler MPX.
Scenario: A NetScaler engineer has received an SSL certificate and bound it to the vServer. However, users are unable to browse to the website using HTTPS. When the NetScaler engineer browses to the site using HTTPS, the engineer notices that the certificate chain is incomplete. Which two steps should the administrator take to fix the virtual server? (Choose two.)
Install the Intermediate Certificate from the CA.
Link the SSL Certificate to the Intermediate Certificate.
A network engineer needs to configure load balancing for an FTP site. Which type of session persistence method can the engineer select for this scenario?
A security test has been completed on an SSL offload implementation and it has been determined that the certificate key length is too short and must be increased. Which two steps must the network engineer complete to resolve this? (Choose two.)
Bind the certificate to an SSL Offload virtual server.
Use the "Server certificate wizard" to generate a CSR, request a certificate and import.
Which two parameters in the TCP buffering settings can be controlled by a network engineer? (Choose two.)
memory size for buffering
Some SSL certificate files may be missing from a NetScaler appliance. Which directory should an engineer check to determine which files are missing?
Scenario: Company Inc. wants to tag incoming requests with a header that indicates which browser is being used on the connection. This helps the server keep track of the browsers after the NetScaler has delivered the connections to the back end. The engineer should create __________ actions to __________. (Choose the correct set of options to complete the sentence.)
rewrite; insert tags on the client header
Scenario: A network engineer needs to provide web server administrators with access to monitoring and reporting after changing the default root password during the initial setup of the NetScaler. The engineer needs to ensure that the web server administrators can perform this task. What should the engineer do in order to ensure that the administrators are able to log on to the NetScaler?
Create user accounts.
Scenario: A network engineer has bound a service group containing four web servers to a virtual server. The virtual server is UP but users report that they are unable to access the virtual server. In order to troubleshoot this issue, the engineer should use telnet from __________. (Choose the correct option to complete the sentence.)
a PC to the virtual IP address
The network engineer is investigating issues and suspects that one of the administrators recently changed the NetScaler configuration. Which command could the engineer run to check the logs that will contain such details?
nsconmsg -K /var/nslog/newnslog -d event
A network engineer needs to configure Citrix NetScaler to provide Access Gateway services to VLAN 2 using interface 1/1 only, while also using interface 1/2 to provide load balancing services to VLAN 3. How could this result be achieved?
Disable layer 2 mode Create 2 untagged VLANs - VLAN 2 and VLAN 3 Bind VLAN 2 to Interface 1/1 Bind VLAN 3 to Interface 1/2
Scenario: A network engineer needs to implement high availability (HA) for a pair of NetScaler appliances. The existing appliance was recently restarted and the new appliance has been rack mounted and turned on for several weeks waiting to be configured. The engineer needs to create an HA pair, but is concerned that his original appliance will get erased when the HA pair is created. Which two tasks could the engineer do before the creation of the HA pair to ensure that the exiting unit stays the main appliance? (Choose two.)
Set StayPrimary on the existing node.
Configure StaySecondary on the new node.
A network engineer wants to optimize a published load balanced SSL virtual server for WAN connection with long delay, high bandwidth with minimal packet drops. What would the network engineer use to do this type of optimization for the SSL virtual server?
Scenario: A network engineer has created two selectors to use to populate a cache group in integrated caching. One selector, "Hit," will determine what to add to the group. The other, "Inval", will select what should be invalidated. Which command should the engineer run to create the cache group?
add cache contentgroup CacheGroup1 -hitSelector Hit -invalSelector Inval
Scenario: The NetScaler has been connected to two external networks provided by different Internet Service Providers (ISPs). Dynamic routing is not enabled. Traffic is expected to use the first ISP (through the 10.50.1.1 router) if possible and the second, slower ISP (through the 10.51.1.1 router) only if the Primary ISP fails. Which two commands could the network engineer execute to configure the routes? (Choose two.)
add route 0.0.0.0 0.0.0.0 10.51.1.1 -cost 10 -monitor arp
add route 0.0.0.0 0.0.0.0 10.50.1.1 -cost 5 -monitor PING
Scenario: The NetScaler is configured with a NSIP of 10.20.30.40. Management access is NOT enabled on any other IP address. Which command should an engineer execute to prevent access to the NetScaler using HTTP and only allow HTTPS access?
set ip 10.20.30.40 -gui secureonly -mgmtaccess enabled
Scenario: An engineer implementing a NetScaler is tasked with creating a new VLAN, named VLAN 2, and adding it to the current interfaces. A new IP address of 10.102.29.54 with a network mask of 255.255.255.0 must be configured for VLAN 2. Which commands could the engineer use to achieve this configuration in the command-line interface prior to binding VLAN 2?
add ns ip 10.102.29.54 255.255.255.0 add vlan 2
A company wants to implement a policy where all passwords should be encrypted while transiting the network. Where in the GUI would the network engineer prevent access to unsecured management protocols?
Network -> IPs
A NetScaler is configured with two-factor authentication. A user reported that authentication failed. How can an engineer determine which factor of the authentication method failed?
Use cat aaad.debug command.
Scenario: A network engineer has created an SSL offload virtual server. The virtual server shows as a DOWN state. Which two scenarios could cause the virtual server showing as DOWN? (Choose two.)
The service is not bound to the virtual server.
No SSL certificate is bound to the virtual server.
Which two response codes and pages can be cached on the NetScaler using Integrated Caching? (Chose two.)
302 Found pages
404 Not found pages
Users have reported that they are receiving a confusing error message related to SSL sessions when connecting from older browsers. How could the network engineer present this error to users in a customized format?
Configure SSL v2 Redirection for the virtual server.
Scenario: The network engineer has created a monitor and bound it to a service group containing four web servers to verify that the web application responds. During routine maintenance one of the web servers is shut down; however, the server state remains UP and user requests are still attempting to communicate with the server. What could be causing this problem?
Health monitoring is disabled for the service group.
Scenario: A network engineer plans to configure an Active Directory Server as the default authentication for a NetScaler deployment and provide users with the option to change their password if it is expired. Which two actions should the engineer take to configure this authentication requirement on the NetScaler system? (Choose two.)
Select security type as SSL on Authentication policy.
Configure Authentication server with allow password change option.
What is the purpose of the flash cache option in integrated caching?
To queue simultaneous requests of an object and answer all with the same response from the server
Scenario: A network engineer has configured an HTTP application to be load balanced using a virtual server named Svr1. Users have reported intermittent errors and the engineer has been given the client IP address of an affected user and asked to determine which back end service they are connected to. Using the command-line interface, how could the engineer find this information?
Show lb persistentSessions Svr1
Scenario: A NetScaler engineer needs to enable access to some web servers running on an IPv6- only network. The clients connecting the services are on an IPv4 network. The engineer has already enabled IPv6 on the NetScaler. What does the engineer need to do in order to provide access to the services on the IPv6 network?
Create a IPv4 virtual server and bind the service group to it.
A network engineer is troubleshooting a situation where ARP requests for IPs in other subnets (for example 10.192.12.80) are appearing in the 10.192.8.0/24 subnet. Which command could the engineer run on the NetScaler to verify IP to VLAN bindings?
What should a network engineer configure to set high availability for a load balanced virtual server?
A backup virtual server
Which two compression actions could a NetScaler engineer use? (Choose two.)
Which step could a network engineer take to prevent brute force logon attacks?
Enable the Rate Limiting feature.
A network engineer has been tasked with identifying the cause of intermittent network connectivity issues. Which command should the engineer use to generate the necessary network information required to diagnose the connectivity issues?
Scenario: A network engineer deployed a new NetScaler MPX appliance on the network and all interfaces are connected to the core switch. The network engineer notices the CPU utilization has become very high on the switch since the NetScaler deployment. Which two actions could the engineer perform on the NetScaler to resolve this issue? (Choose two.)
Configure a channel
Connect a single interface only
Scenario: An engineer has three subnets configured on a NetScaler appliance. The engineer must only allow a certain group of users to access a virtual server on the appliance. The IT Manager requires that all rules are flexible and can be easily modified for ease of administration. How could the engineer allow certain groups to access the virtual server while still being able to modify the setting in the future?
Create an Extended ACL.
Scenario: A security test has shown that the NetScaler is forwarding IP packets. Company standard operating procedure is that the routers should be the only devices forwarding packets. Which step should the network engineer take to prevent forwarding packets?
Disable Layer 3 mode.
A network engineer has enabled USIP and USNIP and set a unique IP address as the source IP using the proxyIP parameter on an INAT policy. Which is the correct order of precedence for the IP addresses?
Scenario: A user browses to a page and is presented with a warning that he is trying to enter a web site with an untrusted certificate. The network engineer had added the correct certificate to the SSL virtual server. What could be the cause of this issue?
The certificate is not linked to the intermediate CA.
Scenario: A network engineer is managing a NetScaler environment that has two NetScaler devices running as a high availability pair. The engineer must upgrade the current version from NetScaler 9 to NetScaler 10. Which action must the engineer take?
Upgrade the secondary node and then upgrade the primary node.
A client is trying to reach a back-end server with an IP address of 10.192.31.5 given the following routing table: Which route would the NetScaler use for this client?