NEW QUESTION 1
Which mode does a Citrix Administrator need to configure in order to allow the NetScaler to forward any packets that are NOT destined for an IP address that is NOT configured on NetScaler?

• A. USIP
• B. Layer 3 Mode
• C. Layer 2 Mode
• D. MBF

Answer: A

NEW QUESTION 2
What is the effect of the set gslb parameter – GSLBvcStateDelayTime 10 command on the Global Server Load Balancing (GSLB) environment, when Metric Exchange Protocol (MEP) is enabled?

• A. The Metric Exchange Protocol (MEP) will be marked as DOWN if the GSLB service has been DOWN for 10 seconds.
• B. The Metric Exchange Protocol (MEP) will be marked as DOWN if the GSLB vServer has been DOWN for 10 seconds.
• C. The GSLB services will be marked as DOWN, if the Metric Exchange Protocol (MEP) connection has been DOWN for 10 seconds.
• D. The GSLB services will be marked as DOWN if the service has been DOWN for 10 seconds.

Answer: C

NEW QUESTION 3
Scenario: A user is attempting to access a web server which is load balanced by the NetScaler using HTTPS. The user received the following message:
SSL/TLS error: You have not chosen to trust “Certificate Authority” the issuer of the server’s security certificate.
What can a Citrix Administrator do to prevent users from viewing this message?

• A. Ensure that the intermediate Certificate is linked to the Root Certificate.
• B. Ensure that the user has the Server Certificate installed.
• C. Ensure that the user has the Certificate’s Public key.
• D. Ensure that the intermediate Certificate is linked to the Server Certificate.

Answer: A

NEW QUESTION 4
Which three authentication types can a Citrix Administrator use for NetScaler AAA dual- factor authentication? (Choose three.)

• A. TACACS+
• B. RADIUS
• C. ADFS
• D. LINUX
• E. LDAP

Answer: ABE

NEW QUESTION 5
Scenario: A Load Balancing virtual server (lb_vsrv_www) is configured to load balance service_1 and service_2. A Citrix Administrator needs to bind a content filter policy to the virtual server, such that if the user tries to access http://xenapp.citrix.com, then the request should go to service_1.
Which policy can the administrator use in this scenario?

• A. add filter action Redirect_Service_1_Act redirect Service_1add filter policy Redirect_Service_1_Pol -rule “REQ.HTTP.HEADER HOSTANME CONTAINS xenapp.citrix.com” reqAction Redirect_Service_1_Act
• B. add filter action Redirect_Service_1_Act forward Service_1add filter policy Redirect_Service_1_Pol -rule “REQ.HTTP.HEADER HOSTANME CONTAINS xenapp.citrix.com” reqAction Redirect_Service_1_Act
• C. add filter action Redirect_Service_1_Act forward Service_1add filter policy Redirect_Service_1_Pol -rule “REQ.HTTP.HEADER HOSTANME CONTAINS xenapp.citrix.com”
• D. add filter action Redirect_Service_1_Act respond Service_1add filter policy Redirect_Service_1_Pol -rule “REQ.HTTP.HEADER HOSTANME CONTAINS xenapp.citrix.com”

Answer: A

NEW QUESTION 6
Scenario: A Citrix Administrator needs to implement a Content Filter policy to ensure the following conditions are met:
Which policy expression will meet this requirement if the policy action is RESET and the policy is bound to the server (VIP:10.10.10.1)?

• A. REQ.IP.SOURCEIP != 10.100.32.211 || REQ.IP.SOURCEIP != 10.100.32.211 –netmask 255.255.255.0
• B. REQ.IP.SOURCEIP = = 10.100.32.211 || REQ.IP.SOURCEIP != 10.100.32.0 –netmask 255.255.255.0
• C. REQ.IP.SOURCEIP != 10.100.32.211 && REQ.IP.SOURCEIP = = 10.100.32.0–netmask 255.255.255.0
• D. REQ.IP.SOURCEIP = = 10.100.32.211 && REQ.IP.SOURCEIP != 10.100.32.0–netmask 255.255.255.0

Answer: A

NEW QUESTION 7
Scenario: A Citrix Administrator manages an environment that has a NetScaler high availability (HA) pair running on two MPX appliances. The administrator notices that the state of the Secondary NetScaler is ‘Unknown’ and moves the Secondary NetScaler to a new switch as a result. Also, the administrator captured a packet trace on both NetScalers. Both sent traffic on secure port 3009 and were routing back and forth to each other.
What is causing the Secondary state to be ‘Unknown’?

• A. The firewall is blocking communication between the switches.
• B. The administrator made both NetScalers Primary.
• C. The Secondary NetScaler CANNOT communicate in HA when moved to a new switch.
• D. The remote procedure call (RPC) nodes are NOT configured correctly.

Answer: A

NEW QUESTION 8
What is the effect of the set cmp parameter –cmpBypassPct 70 command if compression is enabled on the NetScaler?

• A. Compression will be bypassed if the NetScaler bandwidth consumption is more than 70%.
• B. Compression will be bypassed if the NetScaler CPU load is 70%.
• C. Compression will be bypassed if the NetScaler bandwidth consumption is less than 70%.
• D. Compression will be bypassed if the NetScaler Memory utilization is 70%.

Answer: B

NEW QUESTION 9
A Citrix Administrator needs to block all the DNS requests from subnet 10.107.149.0/24. Which expressions can the administrator use to match the required traffic?

• A. CLIENT.IP.SRC.IN_SUBNET(10.107.149.0/24) && client.UDP.DSTPORT.EQ(53) || client.TCP.DSTPORT.EQ(53)
• B. CLIENT.IP.SRC.IN_SUBNET(10.107.149.0/24) && (client.UDP.DSTPORT.EQ(53) ||client.TCP.DSTPORT.EQ(53))
• C. CLIENT.IP.SRC(10.107.149.0) && (client.UDP.DSTPORT.EQ(53) || client.TCP.DSTPORT.EQ(53))
• D. CLIENT.IP.SRC(10.107.149.0) && client.UDP.DSTPORT.EQ(53) || client.TCP.DSTPORT.EQ(53)

Answer: B

NEW QUESTION 10
View the Exhibit.

A Citrix Administrator has executed the commands in the screenshot on the NetScaler using the command-line interface.
Click on the ‘Exhibit’ button to view the screenshot of the command-line interface.
Which two replacements will be the outcome of executing these commands? (Choose two.)

• A. http:// will be replaced by https:// in the HTTP RESPONSE
• B. https:// will be replaced by http:// in the HTTP RESPONSE
• C. http:// will be replaced by https:// in the HTTP REQUEST
• D. https:// will be replaced by http:// in the HTTP REQUEST

Answer: BD

NEW QUESTION 11
Scenario: A Citrix Administrator is running applications on thousands of load-balanced backend servers in a large infrastructure. It is difficult to track and troubleshoot problems due to the large volume of traffic received.
Which feature of NetScaler Management and Analytics System (NetScaler MAS) can the administrator configure to monitor and troubleshoot in detail for an environment of this size?

• A. AppFlow Analytics
• B. Advanced Analytics with Telemetry Node installed
• C. Application Performance Analytics
• D. Application Security Analytics

Answer: B

NEW QUESTION 12
A Citrix Administrator needs to utilize the client IP address as the source IP address for the NetScaler to server connections.
Which mode on the NetScaler will the administrator utilize to meet this requirement?

• A. Layer 2 Mode
• B. USNIP
• C. Layer 3 Mode
• D. USIP

Answer: D

NEW QUESTION 13
Which two configurations can a Citrix Administrator use to block all the post requests that are larger than 10,000 bytes in order to protect the environment against HashDoS attacks? (Choose two.)

• A. add policy expression expr_hashdos_prevention “http.REQ.METHOD.EQ(”POST”) && http.REQ.CONTENT_LENGTH.GT(10000)”add responder policy pol_resp_hashdos_prevention expr_hashdos_prevention DROP NOOPbind responder global pol_resp_hashdos_prevention 70 END –type REQ_OVERRIDE
• B. add policy expression expr_hashdos_prevention “http.REQ.METHOD.EQ(”POST”) && http.REQ.CONTENT_LENGTH.GT(10000)”add rewrite policy drop_rewrite expr_hashdos_prevention DROP bind rewrite global drop_rewrite 100 END –type REQ_OVERRIDE
• C. add policy expression expr_hashdos_prevention “http.REQ.METHOD.EQ(”POST”) || http.REQ.CONTENT_LENGTH.GT(10000)”add responder policy pol_resp_hashdos_prevention expr_hashdos_prevention DROP NOOPbind responder global pol_resp_hashdos_prevention 70 END –type REQ_OVERRIDE
• D. add policy expression expr_hashdos_prevention “http.REQ.METHOD.EQ(”POST”) || http.REQ.CONTENT_LENGTH.GT(10000)”add rewrite policy drop_rewrite expr_hashdos_prevention DROP bind rewrite global drop_rewrite 100 END –typeREQ_OVERRIDE

Answer: AC

NEW QUESTION 14
Which scenario will cause automatic high availability (HA) synchronization to fail?

• A. Different build versions
• B. Manually forced synchronization
• C. A force failover
• D. A configuration change to the primary NetScaler

Answer: B

NEW QUESTION 15
Which type of NetScaler monitor can a Citrix Administrator use to check the authentication service of the Active Directory Domain Controller?

• A. The TCP monitor with the LDAP Base DN parameters configured in the Special Parameters.
• B. A custom LDAP monitor with the LDAP Script Name, Base DN, Bind DN, Filter, Attribute and Password parameters configured in the Special Parameters.
• C. The Ping monitor with the Active Directory Domain Controller in the Special Parameters.
• D. The RADIUS monitor with the Base DN, Bind DN, Filter, Attribute and Password parameters configured in the Special Parameters.

Answer: B

NEW QUESTION 16
A Citrix Administrator notices that the NetScaler is sending the IP addresses of all the active services in the DNS response.
The administrator can use the set gslb vserver<name> ______ parameter to avoid this behavior. (Choose the correct option to complete the sentence.)

• A. EDR DISABLED
• B. EDR ENABLED
• C. MIR ENABLED
• D. MIR DISABLED

Answer: D

NEW QUESTION 17
Scenario: A Citrix Administrator is troubleshooting a NetScaler issue. The administrator
goes to the command line and from the Shell, tails the ns.log to view the log in real time to find the issue. After a few minutes, the administrator noticed that the logs stopped scrolling and the issue was missed.
How can troubleshooting continue using the ns.log?

• A. The ns.log needs to be downloaded to the client machine for full viewing.
• B. The ns.log service has stopped and needs to be restarted.
• C. The ns.log is still runnin
• D. Press ‘Enter’ and the ns.log will resume.
• E. The ns.log has reached its 100 KB limi
• F. Press ‘CTRL+C’ to stop it from running and issue the command “tail-f ns.log” to resume.

Answer: A

NEW QUESTION 18
A Citrix Administrator wants to configure independent and isolated access on a single appliance for three different departments to allow them to manage and isolate their own applications.
How can the administrator isolate department-level administration?

• A. Configure dedicated routes in the admin partitions for each department.
• B. Configure Policy-based Routes for each department in the nsroot partition.
• C. Configure admin partitions that use dedicated VLANs.
• D. Configure a SNIP in each partition and bind a VLAN for the department.

Answer: B