1Y0-A28 - Implementing NetScaler 10 for Networking and Traffic Optimization
Go back to Citrix
Scenario: A NetScaler engineer is adding a new SSL certificate to a NetScaler device. During the process the engineer receives an error message: "Certificate with key size greater than RSA512 or DSA512 bits not supported." The same process has been followed previously on the same model of NetScaler successfully. What is the likely cause of this error?
The NetScaler has not been licensed correctly.
How could an engineer configure a monitor to ensure that a server is marked as DOWN if the monitor test is successful?
Enable the Reverse option for the monitor
A network engineer wants to collect performance statistics regarding the traffic between different points in the connection, specifically from client-to-NetScaler and from NetScaler to back-end server, and be able to present this to different analysis tools. Which feature on the NetScaler could the engineer use for this?
Which step could a network engineer take to prevent brute force logon attacks?
Enable the Rate Limiting feature.
Scenario: An engineer has three subnets configured on a NetScaler appliance. The engineer must only allow a certain group of users to access a virtual server on the appliance. The IT Manager requires that all rules are flexible and can be easily modified for ease of administration. How could the engineer allow certain groups to access the virtual server while still being able to modify the setting in the future?
Create an Extended ACL.
Scenario: When the NetScaler was set up, compression was enabled. The network engineer would like to disable compression ONLY for a particular virtual server. How could the engineer accomplish this?
Disable compression on the services or service groups bound to the virtual server.
What should a network engineer do to prevent unauthorized users from using the root user account?
Change the nsroot password.
What should a network engineer configure to set high availability for a load balanced virtual server?
A backup virtual server
An engineer has two NetScaler devices in two different datacenters and wants to create a high availability (HA) pair with the two devices, even though they are on two different subnets. How can the engineer configure the HA Pair between the two NetScaler devices?
Ensure that INC mode is enabled during the creation of the HA Pair.
A company has a new CEO and wants to update their website with the new CEO's name. What could the engineer do on the website while this modification is being made?
Replace the current name on the body response using Rewrite policies.
Scenario: A network engineer would like to prevent blacklisted remote clients from accessing NetScaler hosted application services. An IP address blacklist database is maintained by an external company and available to query over the Internet. The engineer would like to reject any connections from IP addresses that are contained in the blacklist. What could the engineer configure to achieve this goal?
A network engineer needs to configure load balancing for an FTP site. Which type of session persistence method can the engineer select for this scenario?
Scenario: A NetScaler engineer needs to enable access to some web servers running on an IPv6-only network. The clients connecting the services are on an IPv4 network. The engineer has already enabled IPv6 on the NetScaler. What does the engineer need to do in order to provide access to the services on the IPv6 network?
Create a IPv4 virtual server and bind the service group to it.
Scenario: An engineer executes the following commands: add vlan 2 bind vlan 2 -ifnum 1/2 add ns ip 10.110.4.200 255.255.255.0 bind vlan 2 -IPAddress 10.110.4.200 255.255.255.0 What type of IP address has been added to the NetScaler?
Scenario: A NetScaler environment uses two-factor authentication and the second authentication method is AD. A user logs in to the environment but does NOT receive access to the resources that the user should have access to. How can an engineer determine the AD authentication issue on the NetScaler?
Use the cat aaad.debug command.
Scenario: A network engineer has created two selectors to use to populate a cache group in integrated caching. One selector, "Hit," will determine what to add to the group. The other, "Inval", will select what should be invalidated. Which command should the engineer run to create the cache group?
add cache contentgroup CacheGroup1 -hitSelector Hit -invalSelector Inval
Scenario: An engineer has configured a virtual server that users access using HTTP port 80. The web application also uses TCP port 81 and 8080 for non-user access. The engineer would like to prevent users from connecting to web servers if any of the ports go down. How should the engineer set this configuration to ensure service availability?
Create monitors for ports 81 and 8080, and bind to the service or service group.
Scenario: A NetScaler appliance currently has a manually configured channel containing four interfaces; however, the engineer has been told that the NetScaler must now only use a single interface for this network. The engineer removes the channel and immediately notices a decrease in network performance. How could the engineer resolve this issue?
Disable the unused interfaces
Users have reported that they are receiving a confusing error message related to SSL sessions when connecting from older browsers. How could the network engineer present this error to users in a customized format?
Configure SSL v2 Redirection for the virtual server.
A network engineer selected the option on a SSL certificate to provide notification upon expiration of the certificate; however when a certificate expires, NO notification is sent to the engineer. Which step could the engineer take to enable notification?
A NetScaler implementation is experiencing intermittent network issues, specifically regarding traffic to a back-end service associated with IP address 10.10.1.86. Which command should a network engineer execute to generate diagnostic information to investigate this issue?
nstcpdump.sh host 10.10.1.86
The purpose of pre-fetch in integrated caching is to automatically __________. (Choose the correct option to complete the sentence.)
refresh a cached object before expiring
Scenario: The NetScaler is configured with a NSIP of 10.20.30.40. Management access is NOT enabled on any other IP address. Which command should an engineer execute to prevent access to the NetScaler using HTTP and only allow HTTPS access?
set ip 10.20.30.40 -gui secureonly -mgmtaccess enabled
Some SSL certificate files may be missing from a NetScaler appliance. Which directory should an engineer check to determine which files are missing?
The network engineer would like all HTTP and HTTPS requests that travel through the NetScaler to have an HTTP header added with the source IP address for logging on the web servers. How should the network engineer accomplish this?
Enable the client IP option
Scenario: A network engineer has created and bound an UDP-ECV monitor to identify the status of a UDP service. However, no matter what the response is, the service is always marked as UP. A possible cause of this behavior is that the network engineer __________. (Choose the correct option to complete the sentence.)
forgot to add a receive string
An engineer has bound three monitors to a service group and configured each of the monitors with a weight of 10. How should the engineer ensure that the members of the service group are marked as DOWN when at least two monitors fail?
Configure the service group with a threshold of 20.
Scenario: A network engineer has configured a load balancing virtual server for an HTTP application. Due to the application architecture, it is imperative that a user's session remains on a single server during the session. The session has an idle timeout of 60 minutes. Some devices are getting inconsistent application access while most are working fine. The problematic devices all have tighter security controls in place. Which step should the engineer take to resolve this issue?
Configure a backup persistence of SourceIP.
Scenario: Example.com runs a dating service site that provides a service with videos of candidates. They want to use RTSP load balancing to stream the videos more effectively. Which load balancing method should the engineer select?
Scenario: A network engineer needs to configure Citrix NetScaler to provide Access Gateway services to VLAN 2 using interface 1/1 only, while also using interface 1/2 to provide load balancing services to VLAN 3. How could this result be achieved?
Disable layer 2 mode Create 2 untagged VLANs - VLAN 2 and VLAN 3 Bind VLAN 2 to Interface 1/1 Bind VLAN 3 to Interface 1/2
A network engineer wants to configure a NetScaler for load balancing Voice over IP traffic (VoIP). Which hash method is the best fit for VoIP traffic?
Scenario: An application that uses HTTP for connections and other protocols for different types of content has been deployed. Load balancing virtual servers have been created for each protocol and the engineer now needs to ensure that once a load balancing decision has occurred, further requests for different content are served from the same server. How could the engineer achieve this?
Create a persistency group.
What type of protocol does AppFlow use for reporting?
A NetScaler engineer would like to present different web pages to a user based on the device and browser type from which they are connecting. Which responder policy could assist with this requirement?
A company wants to implement a policy where all passwords should be encrypted while transiting the network. Where in the GUI would the network engineer prevent access to unsecured management protocols?
Network -> IPs
Scenario: An organization has recently been penetration-tested by a security company. The findings have indicated that the NetScaler device is responding to requests revealing web server information within the HTTP response headers. Which NetScaler feature can a network engineer use to prevent this information from being leaked to a potential malicious user?
Why would an engineer want to specify a TCP Profile for a specific service group?
To adjust the TCP settings for traffic to and from that specific service group.
A network engineer needs to upgrade both appliances of a High Availability (HA) pair. In which order should the network engineer upgrade the appliances?
Upgrade the secondary node first without disabling high availability.
Scenario: The IT department in an organization manages servers and network devices from an internal management subnet. A Netscaler device has recently been installed into the DMZ network. The intranet firewall allows TCP 443 from the management subnet to the Netscaler device. How could the engineer ensure that only workstations in the management network are permitted to manage the Netscaler?
Create an Extended ACL based on the source IP address.
A network engineer has configured two NetScaler MPX appliances as a high availability (HA) pair. What can the engineer configure to prevent failover if only a single interface fails?
Scenario: An engineer is configuring services to allow load balancing of backend web servers on the internal network. The engineer bound multiple monitors to the first service, but notices that the service is reporting as DOWN. The monitor threshold default has NOT been changed. What could be causing this issue?
One of the monitors' tests is failing.
Scenario: A company has three HTTP servers that are load balanced using NetScaler. When users connect to the HTTP application they often receive inconsistent data or are advised that they need to log on again. Which step should the engineer take to correct this?
Configure persistence with appropriate timeouts.
A network engineer needs to investigate why a few users have issues logging on to the NetScaler system. How can the engineer troubleshoot authentication issues on the NetScaler system?
Use the CAT aaad.debug command.
A network engineer has been tasked with identifying the cause of intermittent network connectivity issues. Which command should the engineer use to generate the necessary network information required to diagnose the connectivity issues?
Scenario: A network engineer needs to re-configure the NetScaler to utilize two new VLANs - VLAN2 and VLAN3. VLAN2 is an untagged VLAN and VLAN3 will require a .1q compliant tag. Interface 1/1 is the only interface that will be used on the NetScaler. How could the engineer configure the NetScaler so that it can communicate with both networks?
Add VLAN2 and bind interface 1/1 as untagged Add VLAN3 and bind interface 1/1 as tagged
Scenario: The NetScaler is connected to two subnets. The NSIP is 10.2.9.12. The external SNIP is 10.2.7.3. The MIP for internal access is 10.2.9.3. Web servers, authentication servers and time servers are on the 10.2.10.0/24 network which is available through the 10.2.9.1 router. The external firewall has the 10.2.7.1 address. Traffic bound for Internet clients should flow through the external firewall. Which command should be used to set the default route?
add route 0.0.0.0 0.0.0.0 10.2.7.1
A network engineer needs to prevent too many simultaneous HTTP requests that can cause a Denial Of Service (DDoS). What could the engineer enable to prevent too many simultaneous HTTP requests?
Scenario: The network engineer has created a monitor and bound it to a service group containing four web servers to verify that the web application responds. During routine maintenance one of the web servers is shut down; however, the server state remains UP and user requests are still attempting to communicate with the server. What could be causing this problem?
Health monitoring is disabled for the service group.
Scenario: A call center has deployed Access Gateway Enterprise to provide its employees with access to work resources from home. Due to the number of available licenses, only selected employees should access the environment remotely based on their user account information. How could the engineer configure access to meet the needs of this scenario?
Configure an Authentication Server using a search filter.