1Y0-A13 - Implementing Citrix Access Gateway 9.0 Enterprise Edition
Go back to Citrix
An administrator just configured a client security check using the following expression: CLIENT.OS(winxp).SP == 2 -frequency 2 The "2-frequency 2" portion of the policy expression indicates __________. (Choose the correct option to complete the sentence.)
Service Pack 2 and run every 2 minutes
Scenario: A company currently has Secure Gateway in its environment. The company has been undergoing major expansions, and the number of employees has grown by 60% over the past three years. Recently, the company acquired a new company and the network administrators were instructed to integrate the new company into the existing environment. Due to the increase in the number of employees, there is a higher demand for more servers and rack space. The senior network administrator intends to replace Secure Gateway with Access Gateway 9.0, Enterprise Edition in order to avoid having to purchase more servers in order to expand the existing Secure Gateway implementation to meet the growing needs of the environment. Which Access Gateway 9.0, Enterprise Edition connection type would meet the needs of this environment?
ICA Proxy mode
Scenario: Access Gateway 9.0, Enterprise Edition is deployed in an environment where packet loss is prevalent. The administrator in the environment has been instructed to log all the users' requests to HTTP resources in a reliable manner so that all the audit logs generated will be logged and preserved for a very long period of time.Which logging option will preserve audit logs for a very long period of time?
Use the auditserver running on a remote system with at least 10 GB of disk space
A public research university needs to provide remote access to the students in its distance learning program. Which Access Gateway 9.0, Enterprise Edition plugin should the network administrator configure in order to ensure that students are able to connect to the environment regardless of the operating systems on their end devices? http://certvn.wordpress.com
Citrix Access Gateway Plugin for Java
An administrator must configure an IP address that will be used by the Access Gateway appliance as a source IP address to connect to internal servers on the corporate network. Which IP type must the administrator configure?
An administrator must ensure that every user device runs personal firewall software before the device can establish a secure channel in full client mode to the intranet.Which policy must the administrator configure to meet the need of this scenario?
In which two instances must an Access Gateway 9.0, Enterprise Edition policy name match the name of a filter that is bound to another policy? (Choose two.)
Access Gateway 9.0, Enterprise Edition is being configured for SmartAccess integration with XenApp
The other policy is being applied to a XenApp hosted application that is being accessed through the Access Gateway appliance
What must an administrator do in order to obtain a certificate from an authorized Certificate Authority?
Create and submit a Certificate Signing Request
When configuring the access control properties of a published application on a XenApp server, http://certvn.wordpress.com which name should an administrator specify for the Access Gateway filter?
Which policy or filter must be set up correctly when configuring SmartAccess integration with XenApp in order for the policy to be applied on a XenApp server?
The policy name on the Access Gateway appliance must match the filter name that is bound to the policy that is being applied to the XenApp server hosted application
The Policy Precedence Model for Access Gateway 9.0, Enterprise Edition is the priority level in which multiple ________________ are prioritized, evaluated and enforced. (Choose the correct phrase to complete the sentence.)
Policies of the same type
Scenario: An Access Gateway appliance was deployed and an Access Gateway virtual server site was created for external users. When members of the "Sales" group log in, they should see the NavUI with three bookmarks for different sales related applications. When members of the "Shift Worker" group log in, they should get two published applications. The system administrator gets a call stating that everyone trying to access the virtual server is getting the "Page could not be found" error message.What are two possible reasons for this? (Choose two.)
The Access Gateway virtual server is in a down state.
The SSL certificate is NOT bound to the Access Gateway virtual server.
A network administrator needs to configure the Citrix Access Gateway Plugin for Windows in order for it to uninstall from client devices during logout from a session through the Access Gateway appliance. Which client cleanup level should the administrator configure in order to meet the stated requirement? http://certvn.wordpress.com
An administrator needs to use RADIUS as an authentication method for the users.Which IP address type should the administrator add in the client file of the RADIUS server for the authentication to work correctly?
Scenario: Due to recent security breaches, an administrator must immediately change the default password for the nsroot account to mysecret. Access to the Configuration Utility is unavailable. Which command line-interface command should the administrator use to change the default password for the nsroot account?
Set system user nsroot mysecret
When configuring a Web Interface XenApp Services site for SmartAccess where the Citrix Access Gateway Plugin for Windows is present and traffic is being tunneled to Web Interface, which access method should an administrator configure in the "Edit DMZ Settings" portion of the Access Management Console?
An administrator configures a traffic policy with the following expression:REQ.HTTP.URL CONTAINS sapcip06What will the traffic policy do when in use?
Apply traffic profile attributes to the HTTP requests that contain sapcip06 in the URL
http://certvn.wordpress.com Scenario: An administrator is responsible for replacing a Secure Gateway server with an Access Gateway appliance. The administrator needs to make use of the existing Secure Gateway server certificates.What are two certificate formats that Access Gateway 9.0, Enterprise Edition supports? (Choose two.)
While configuring Access Gateway 9.0, Enterprise Edition, an administrator wants to implement encryption services by using a private key type featured in the product.Which two private key types should the administrator select from the "Choose private key type" drop-down list in the SSL Certificate Wizard to meet this requirement? (Choose two.)
Scenario: A system administrator created a new virtual server, "admin.widget.com", on an Access Gateway appliance. Only system administrators will be connecting to this virtual server. These system administrators require a full SSL VPN tunnel when connecting. Other users connect to another virtual server, "users.widget.com", which runs on the same Access Gateway appliance. Any user connecting through "users.widget.com" currently connects clientlessly. Which action must the administrator take to give the system administrators full VPN access?
Create a session policy, select Citrix Access Gateway Plugin for Windows as the "Windows PluginType" in the profile associated with the policy and apply the policy to admin.widget.com
A network administrator has been instructed to configure intranet applications for the Access Gateway Plugin for Windows and the Access Gateway Plugin for Java. Which two interception modes should the administrator select when configuring the intranet applications for the plugins in this environment? (Choose two.)
Which two options must be specified in a session profile to allow access to Web Interface through an Access Gateway 9.0, Enterprise Edition appliance? (Choose two.)
Web Interface Address
Single Sign-on Domain
When creating a Web Interface XenApp Services site for use with Access Gateway 9.0, Enterprise Edition, which access method or authentication should be specified for the XenApp Services site?
Advanced Access Control
Which policy can an administrator use to modify the default authorization setting for an environment?
An administrator has been instructed to configure Access Gateway 9.0, Enterprise Edition in an environment where the Access Gateway appliance is capable of resolving all intranet/Internet host names in split tunneling off mode.How must the administrator configure the split DNS setting to accomplish this?
Scenario: An administrator wants users to be able to access resources running on file servers and application servers in an environment. The administrator has deployed Access Gateway 9.0, Enterprise Edition. The Citrix Access Gateway Plugin for Windows is used to establish connections to the corporate network. There are no intranet applications configured in this environment and split tunneling is turned off. The default authorization policy is set to "Deny." Users in this environment will be able to access applications on file and application servers as long as ______. (Choose the correct phrase to complete the sentence.)
An authorization policy is configured to grant them access
What is the minimum assignment of rights that users must have in order to install the Citrix Access Gateway Plugin for Windows for the first time on a client device? http://certvn.wordpress.com
Once a pre-authentication policy is configured, what does an administrator need to do in order for the policy to work?
Bind the policy at the global or virtual server level
An IT manager instructed the network administrator to separate the Access Gateway appliance in an environment from the Web Interface server using a firewall that performs Network Address Translation (NAT).Which two access methods could the administrator configure for Access Gateway 9.0, Enterprise Edition based on the requirements of this scenario? (Choose two.)
Scenario: An Access Gateway virtual server is configured with the following three global settings: Client Security is set to "CLIENT.APP.AV == SYMANTEC EXISTS" http://certvn.wordpress.com Client Choices is set to ON Clientless Access is set to ON Which client choice(s) will be available to a user logging in from a device running a Windows operating system but which is NOT running the Symantec Antivirus?
Clientless Access only
Which two issues may prevent a user from installing the Citrix Access Gateway Plugin for Windows on a remote device? (Choose two.)
The user is running a client firewall that may be blocking the installation process.
The user is NOT an administrator nor a member of the local administrative group.
Scenario: A group of students need access to an online examination for only one hour. The group must be prompted periodically about the logout time during the last three minutes of their one hour session, and the session must time out exactly after one hour. Which setting should the http://certvn.wordpress.com administrator enable when configuring Access Gateway to provide access to these students?
Configure a session profile with a forced time out warning value of three minutes and forced time out time of one hour
An administrator should disable split tunneling when __________. (Choose the correct phrase to complete the sentence.)
All traffic must go through the established VPN tunnel
An administrator for Access Gateway 9.0, Enterprise Edition suspects that some users in the environment are misusing the remote access granted to them by accessing and downloading some restricted intranet web resources.What should the administrator check first on the Access Gateway appliance in order to investigate these users' remote access behavior?
Scenario: An administrator has set the default authorization action to DENY. A specific group of http://certvn.wordpress.com users needs access to some resources.Which two steps should the administrator take to allow these users to access the necessary resources? (Choose two.)
Bind a new authorization policy at the group level
Create a new authorization policy to ALLOW access to the resources
Scenario: An administrator wants to ensure that whenever users connecting over the Access Gateway Plugin for Windows try to access corporate network resources and servers by name, the name of those resources and servers resolves to the IP addresses in the corporate network. What are two ways the administrator can configure the settings to meet the needs of this environment? (Choose two.)
Set split tunneling to OFF http://certvn.wordpress.com
Set split tunneling to ON and DNS to Remote
Which policy should a senior administrator configure in order to grant a junior administrator read- only access on an Access Gateway appliance?
Scenario: An administrator is configuring Access Gateway 9.0, Enterprise Edition in an environment that consists of a double-hop DMZ deployment. The administrator wants connections from the Citrix XenApp Plugin for Hosted Apps on the Internet to go through the first firewall in order to connect to the Access Gateway appliance in the first DMZ.Which port should the administrator enable on the first firewall?
Scenario: An Access Gateway virtual server is configured with the following settings: A group named QUARGRP A session profile named QUARPROF, with Clientless Access mode set to ON A session policy named QUARPOL, with the expression, "NS_TRUE" and the profile QUARPROF The QUARPOL session policy is bound to the QUARGRP group The global settings with Client Security is set to "CLIENT.APP.AV == SYMANTEC EXISTS" and the quarantine group is set to QUARGRP Which client will be provided to a user who logs on to the virtual server from a client device that is NOT running Symantec Antivirus?
Scenario: A network administrator needs to configure access to published resources in a Citrix XenApp farm through Access Gateway. The administrator will implement Access Gateway as a replacement for the current Secure Gateway deployment, which does NOT have SmartAccess. Which three steps must the administrator take for this scenario? (Choose three.)
Set ICA Proxy to ON
Set Single Sign-on Domain
Configure the Secure Ticket Authority server
An administrator has been instructed to give a specific employee in the Finance group access to Engineering resources. To which level should the administrator assign the policy when configuring access for this employee?
Which three kinds of IP addresses are required at a minimum when setting up an Access Gateway appliance in an environment? (Choose three.)
An administrator runs maintenance on ServerA every Friday between 9:00 pm -11:00 pm. The http://certvn.wordpress.com administrator has been instructed to deny access through the Access Gateway appliance to ServerA during this period only. What must the administrator configure in the Access Gateway environment to meet this requirement?
Authorization policies based on date and time and the IP address of ServerA
An administrator wants to provide access to published applications hosted on XenApp servers only, without requiring the use of a Citrix Access Gateway Plugin for Windows.Which feature should the administrator enable in order to meet the needs of this environment?
Which three entities could be used to configure SmartAccess? (Choose three.)
A network administrator wants to create different intranet applications for users running the Citrix Access Gateway Plugin for Windows.The administrator should create the intranet application by _______ . (Choose the correct phrase to complete the sentence.)
Creating a range of IP addresses with interception transparent mode
Scenario: A consultant is in charge of a new Access Gateway 9.0, Enterprise Edition implementation at a large customer site and must address the following security requirements: 1.If APP1.EXE is running on the local machine, do NOT allow access to the virtual server authentication page 2.If APP2.EXE is running on the local machine, allow access to the virtual server authentication page after CMD.EXE is closed 3.If APP3.EXE is NOT found on the local machine, allow access to the virtual server authentication page Which policy type must be used to configure these security requirements?
An administrator needs to enable single sign-on (SSO) for HTTP web pages residing on a server (ServerABC). Which rule should the administrator configure in a traffic policy to enable SSO for HTTP web pages on the server?
REQ.IP.DESTIP == ServerABC & REQ.TCP.DESTPORT == 80
An administrator is configuring client-side clean up for users accessing resources through an Access Gateway virtual server and using the Citrix Access Gateway Plugin for Windows. Which three settings must the administrator configure in order to implement client-side cleanup for users http://certvn.wordpress.com connecting to the virtual server in this environment? (Choose three.)
Clean up IE browser cookies
Clean up IE browser auto-completion
Clean up CIFS password when accessing Intranet file systems through CIFS connections
An administrator has enabled split tunneling for an environment. What must the administrator do to ensure that the plugin on user devices intercepts intranet traffic only and routes other traffic directly to the appropriate servers?
Define an intranet application