1Y0-A28 - Implementing NetScaler 10 for Networking and Traffic Optimization

Go back to Citrix

Example Questions

Scenario: A NetScaler engineer is adding a new SSL certificate to a NetScaler device. During the process the engineer receives an error message: "Certificate with key size greater than RSA512 or DSA512 bits not supported." The same process has been followed previously on the same model of NetScaler successfully. What is the likely cause of this error? How could an engineer configure a monitor to ensure that a server is marked as DOWN if the monitor test is successful? A network engineer wants to collect performance statistics regarding the traffic between different points in the connection, specifically from client-to-NetScaler and from NetScaler to back-end server, and be able to present this to different analysis tools. Which feature on the NetScaler could the engineer use for this? Which step could a network engineer take to prevent brute force logon attacks? Scenario: An engineer has three subnets configured on a NetScaler appliance. The engineer must only allow a certain group of users to access a virtual server on the appliance. The IT Manager requires that all rules are flexible and can be easily modified for ease of administration. How could the engineer allow certain groups to access the virtual server while still being able to modify the setting in the future? Scenario: When the NetScaler was set up, compression was enabled. The network engineer would like to disable compression ONLY for a particular virtual server. How could the engineer accomplish this? What should a network engineer do to prevent unauthorized users from using the root user account? What should a network engineer configure to set high availability for a load balanced virtual server? An engineer has two NetScaler devices in two different datacenters and wants to create a high availability (HA) pair with the two devices, even though they are on two different subnets. How can the engineer configure the HA Pair between the two NetScaler devices? A company has a new CEO and wants to update their website with the new CEO's name. What could the engineer do on the website while this modification is being made? Scenario: A network engineer would like to prevent blacklisted remote clients from accessing NetScaler hosted application services. An IP address blacklist database is maintained by an external company and available to query over the Internet. The engineer would like to reject any connections from IP addresses that are contained in the blacklist. What could the engineer configure to achieve this goal? A network engineer needs to configure load balancing for an FTP site. Which type of session persistence method can the engineer select for this scenario? Scenario: A NetScaler engineer needs to enable access to some web servers running on an IPv6-only network. The clients connecting the services are on an IPv4 network. The engineer has already enabled IPv6 on the NetScaler. What does the engineer need to do in order to provide access to the services on the IPv6 network? Scenario: An engineer executes the following commands: add vlan 2 bind vlan 2 -ifnum 1/2 add ns ip bind vlan 2 -IPAddress What type of IP address has been added to the NetScaler? Scenario: A NetScaler environment uses two-factor authentication and the second authentication method is AD. A user logs in to the environment but does NOT receive access to the resources that the user should have access to. How can an engineer determine the AD authentication issue on the NetScaler? Scenario: A network engineer has created two selectors to use to populate a cache group in integrated caching. One selector, "Hit," will determine what to add to the group. The other, "Inval", will select what should be invalidated. Which command should the engineer run to create the cache group? Scenario: An engineer has configured a virtual server that users access using HTTP port 80. The web application also uses TCP port 81 and 8080 for non-user access. The engineer would like to prevent users from connecting to web servers if any of the ports go down. How should the engineer set this configuration to ensure service availability? Scenario: A NetScaler appliance currently has a manually configured channel containing four interfaces; however, the engineer has been told that the NetScaler must now only use a single interface for this network. The engineer removes the channel and immediately notices a decrease in network performance. How could the engineer resolve this issue? Users have reported that they are receiving a confusing error message related to SSL sessions when connecting from older browsers. How could the network engineer present this error to users in a customized format? A network engineer selected the option on a SSL certificate to provide notification upon expiration of the certificate; however when a certificate expires, NO notification is sent to the engineer. Which step could the engineer take to enable notification? A NetScaler implementation is experiencing intermittent network issues, specifically regarding traffic to a back-end service associated with IP address Which command should a network engineer execute to generate diagnostic information to investigate this issue? The purpose of pre-fetch in integrated caching is to automatically __________. (Choose the correct option to complete the sentence.) Scenario: The NetScaler is configured with a NSIP of Management access is NOT enabled on any other IP address. Which command should an engineer execute to prevent access to the NetScaler using HTTP and only allow HTTPS access? Some SSL certificate files may be missing from a NetScaler appliance. Which directory should an engineer check to determine which files are missing? The network engineer would like all HTTP and HTTPS requests that travel through the NetScaler to have an HTTP header added with the source IP address for logging on the web servers. How should the network engineer accomplish this? Which policy expression must an engineer use to enable compression for javascript files? Scenario: A network engineer has created and bound an UDP-ECV monitor to identify the status of a UDP service. However, no matter what the response is, the service is always marked as UP. A possible cause of this behavior is that the network engineer __________. (Choose the correct option to complete the sentence.) An engineer has bound three monitors to a service group and configured each of the monitors with a weight of 10. How should the engineer ensure that the members of the service group are marked as DOWN when at least two monitors fail? Scenario: A network engineer has configured a load balancing virtual server for an HTTP application. Due to the application architecture, it is imperative that a user's session remains on a single server during the session. The session has an idle timeout of 60 minutes. Some devices are getting inconsistent application access while most are working fine. The problematic devices all have tighter security controls in place. Which step should the engineer take to resolve this issue? Scenario: Example.com runs a dating service site that provides a service with videos of candidates. They want to use RTSP load balancing to stream the videos more effectively. Which load balancing method should the engineer select? Scenario: A network engineer needs to configure Citrix NetScaler to provide Access Gateway services to VLAN 2 using interface 1/1 only, while also using interface 1/2 to provide load balancing services to VLAN 3. How could this result be achieved? A network engineer wants to configure a NetScaler for load balancing Voice over IP traffic (VoIP). Which hash method is the best fit for VoIP traffic? Scenario: An application that uses HTTP for connections and other protocols for different types of content has been deployed. Load balancing virtual servers have been created for each protocol and the engineer now needs to ensure that once a load balancing decision has occurred, further requests for different content are served from the same server. How could the engineer achieve this? What type of protocol does AppFlow use for reporting? A NetScaler engineer would like to present different web pages to a user based on the device and browser type from which they are connecting. Which responder policy could assist with this requirement? A company wants to implement a policy where all passwords should be encrypted while transiting the network. Where in the GUI would the network engineer prevent access to unsecured management protocols? Scenario: An organization has recently been penetration-tested by a security company. The findings have indicated that the NetScaler device is responding to requests revealing web server information within the HTTP response headers. Which NetScaler feature can a network engineer use to prevent this information from being leaked to a potential malicious user? Why would an engineer want to specify a TCP Profile for a specific service group? A network engineer needs to upgrade both appliances of a High Availability (HA) pair. In which order should the network engineer upgrade the appliances? Scenario: The IT department in an organization manages servers and network devices from an internal management subnet. A Netscaler device has recently been installed into the DMZ network. The intranet firewall allows TCP 443 from the management subnet to the Netscaler device. How could the engineer ensure that only workstations in the management network are permitted to manage the Netscaler? A network engineer has configured two NetScaler MPX appliances as a high availability (HA) pair. What can the engineer configure to prevent failover if only a single interface fails? Scenario: An engineer is configuring services to allow load balancing of backend web servers on the internal network. The engineer bound multiple monitors to the first service, but notices that the service is reporting as DOWN. The monitor threshold default has NOT been changed. What could be causing this issue? Scenario: A company has three HTTP servers that are load balanced using NetScaler. When users connect to the HTTP application they often receive inconsistent data or are advised that they need to log on again. Which step should the engineer take to correct this? A network engineer needs to investigate why a few users have issues logging on to the NetScaler system. How can the engineer troubleshoot authentication issues on the NetScaler system? A network engineer has been tasked with identifying the cause of intermittent network connectivity issues. Which command should the engineer use to generate the necessary network information required to diagnose the connectivity issues? Scenario: A network engineer needs to re-configure the NetScaler to utilize two new VLANs - VLAN2 and VLAN3. VLAN2 is an untagged VLAN and VLAN3 will require a .1q compliant tag. Interface 1/1 is the only interface that will be used on the NetScaler. How could the engineer configure the NetScaler so that it can communicate with both networks? Scenario: The NetScaler is connected to two subnets. The NSIP is The external SNIP is The MIP for internal access is Web servers, authentication servers and time servers are on the network which is available through the router. The external firewall has the address. Traffic bound for Internet clients should flow through the external firewall. Which command should be used to set the default route? A network engineer needs to prevent too many simultaneous HTTP requests that can cause a Denial Of Service (DDoS). What could the engineer enable to prevent too many simultaneous HTTP requests? Scenario: The network engineer has created a monitor and bound it to a service group containing four web servers to verify that the web application responds. During routine maintenance one of the web servers is shut down; however, the server state remains UP and user requests are still attempting to communicate with the server. What could be causing this problem? Scenario: A call center has deployed Access Gateway Enterprise to provide its employees with access to work resources from home. Due to the number of available licenses, only selected employees should access the environment remotely based on their user account information. How could the engineer configure access to meet the needs of this scenario?