citrix 1y0-351 - gratis exam...jul 08, 2015 · time limit : 120 min file version : 5.0 ... citrix...

Citrix_1Y0-351

Number: 1Y0-351Passing Score: 800Time Limit: 120 minFile Version: 5.0

http://www.gratisexam.com/

Citrix 1Y0-351 Questions & Answers

Citrix NetScaler 10.5 Essentials and Networking

Version: 5.0Citrix 1Y0-351 Exam

Exam A

QUESTION 1A NetScaler Engineer has created a new custom user monitor script and needs to place it in the NetScalerfilesystem for use.

Where must the engineer place the custom script so that it is available for use?

A. /nsconfig/monitorsB. /netscaler/monitorsC. /var/nstemp/monitorsD. /netscaler/monitors/perl_mod

Correct Answer: ASection: (none)Explanation

Explanation/Reference:Explanation:

QUESTION 2What are the supported protocols for management authentication?

A. LOCAL, LDAP, and SAMLB. RADIUS, LDAP and TACACS+C. CERTIFICATE, LDAP and SAMLD. RADIUS, TACACS+ and CERTIFICATE

Correct Answer: BSection: (none)Explanation


QUESTION 3Which two authentication types on the NetScaler support password changes? (Choose two.)

A. TACACS+B. LDAP (TLS)C. LDAP (SSL)D. RADIUS (PAP)E. LDAP (PLAINTEXT)F. RADIUS (MSCHAPv2)

Correct Answer: BCSection: (none)Explanation


QUESTION 4Scenario: A NetScaler Engineer is viewing Authentication, Authorization and Access (AAA) events on theNetScaler appliance to determine why a user is unable to log on. The events below have been loggedduring this timeframe:

Fri Oct 17 18:17:16 2014

/usr/home/build/rs_80_48/usr.src/usr.bin/nsaaad/../../netscaler/aaad/ldap_drv.c[40\]:

start_ldap_auth attempting to

auth scottli @ 10.12.33.216

"Leading the way in IT Testing & Certification Tools" - www.testking.com 4 Citrix 1Y0-351 ExamFri Oct 17 18:17:18 2014

/usr/home/build/rs_80_48/usr.src/usr.bin/nsaaad/../../netscaler/aaad/ldap_drv.c[291\]:recieve_ldap_bind_event receive ldap bind event

Fri Oct 17 18:17:18 2014

/usr/home/build/rs_80_48/usr.src/usr.bin/nsaaad/../../netscaler/aaad/ldap_drv.c[326\]:

recieve_ldap_bind_event ldap_bind with binddn bindpw failed:Invalid credentials Fri Oct 1718:17:18 2014/usr/home/build/rs_80_48/usr.src/usr.bin/nsaaad/../../netscaler/aaad/naaad.c[1198\]: send_reject sendingreject to kernel for : scottli

What is the root cause of this issue?

A. The LDAP Base DN is incorrect.B. The Bind DN credentials are invalid.C. The LDAP server is NOT responding.D. The user has entered an invalid password.



QUESTION 5A company has an external-facing web application that requires end-to-end encryption and Layer- 7functionality.


Which protocol type would an engineer choose for the virtual server and service?

A. SSLB. SSL_TCPC. SSL_PUSHD. SSL_BRIDGE



QUESTION 6Scenario: A NetScaler Engineer has enabled the HTTP Compression feature on an existing productionNetScaler. The engineer is using the built-in policies. The engineer reviews the HTTP Compression

statistics but does NOT see any compression statistic data.

What is the likely reason?

A. SSL protocol is being used for encryption.B. The Compression Policy engine is set to default.C. "Allow Server side compression" is checked on the NetScaler.D. Responses with the Content-Length or Chunked header are being sent from the server.

Correct Answer: CSection: (none)Explanation


QUESTION 7Which two of the listed statements are true about Access Control Lists (ACLs) on the NetScaler? (Choosetwo.)

A. Extended ACLs may BRIDGE traffic.B. Simple ACLs are bound on ALL interfaces.C. Extended ACLs are evaluated after creation.D. Simple ACLs are processed after Extended ACLs.

Correct Answer: ABSection: (none)Explanation


QUESTION 8What is the purpose of the SSL Certificate Authority (CA) root certificate during an SSL connection?

A. SSL Cipher ExchangeB. Session Key ExchangeC. Pre Shared Master Secret GenerationD. Server Certificate Signature Verification



QUESTION 9In order to create a three-node NetScaler cluster, all nodes must __________ and __________. (Choosethe two correct options to complete the sentence.)

A. be physical appliancesB. have Platinum licensingC. be using the same buildD. be the same platform model

Correct Answer: CDSection: (none)Explanation


QUESTION 10Scenario: A NetScaler Engineer has been tasked with reconfiguring an existing NetScaler deployment. Theengineer is currently running a high-availability (HA) pair of NetScaler 10.5 appliances, but the VicePresident of IT has requested a more efficient way of preserving and balancing network resources andthroughput while having a single point of management for the NetScaler appliances.

What should the engineer configure to satisfy the requirements outlined by the Vice President of IT?

A. Switch from traditional HA to -INC mode HA.B. Break the HA pair and configure clustering instead.C. Break the HA pair and configure three standalone NetScaler nodes.D. Leave HA enabled and increase bandwidth to both NetScaler nodes.



QUESTION 11A NetScaler Engineer plans to deploy a third-party application that will perform scheduled configurationauditing by using NITRO API with a REST interface.

Which management protocol should the engineer enable to allow NITRO API access?

A. SSHB. HTTPC. TelnetD. SNMP



QUESTION 12Traffic to which destination is sourced from the NetScaler IP (NSIP) by default?

A. NTP serversB. Clients on the InternetC. Load-balanced web servicesD. Load-balanced authentication services



QUESTION 13Scenario: A NetScaler Engineer configures COOKIEINSERT persistence method for an HTTP VServernamed 'myApp'. Many clients do NOT allow the persistence cookie to be set and application sessions failas a result. All clients are behind a network address translation (NAT) gateway, which will insert the client

IP address into an HTTP header called X-Forwarded-For.

Which command could the engineer execute to provide persistence for clients while still distributing therequests across the bound services?

A. set lb vserver myApp -persistenceType SOURCEIPB. set lb vserver myApp -persistenceType NONE -lbmethod SRCIPDESTIPHASHC. set lb vserver myApp -persistenceType COOKIEINSERT -timeout 0 -cookieName X- Forwarded-ForD. set lb vserver myApp -persistenceType NONE -lb method TOKEN -rule "HTTP.REQ.HEADER(\"X-

Forwarded-For\").VALUE(0)

Correct Answer: DSection: (none)Explanation


QUESTION 14Scenario: A NetScaler Engineer has created an SSL virtual server that utilizes SSL services. The engineerneeds to configure certificate authentication from the NetScaler to the backend web services.

What should the engineer do to meet the requirements outlined in the scenario?

A. Bind a CA Certificate to the SSL Services.B. Bind a Client Certificate to the SSL Services.C. Create an SSL policy to present the Client Certificate to the web services.D. Enable Client Authentication and set Client Certificate to mandatory on the virtual server.



QUESTION 15Which service setting would a NetScaler Engineer use in the command-line interface to limit connections toserver resources?

A. -maxReqB. -maxClientC. -monThresholdD. -maxBandwidth



QUESTION 16Which statement is true about interface link-state on the NetScaler?

A. Interface link-state is controlled by ifconfig in BSD.B. Interface link-state is dependent on the HAMON setting.C. Interface link-state CANNOT be brought down from the NetScaler.D. Interface link-state on both appliances is unaffected by the force failover command.



QUESTION 17In order to configure integrated cache, a NetScaler Engineer would need to reboot the NetScaler when theintegrated caching feature is __________ and cache memory limit is set to __________. (Choose thecorrect set of options to complete the sentence.)

A. enabled; zeroB. disabled; zeroC. enabled; non-zeroD. disabled; non-zero



QUESTION 18Which two certificate formats are supported when creating a certificate key pair on the NetScaler? (Choosetwo.)

A. PEMB. DERC. PKCS7D. PKCS12



QUESTION 19As a result of connecting two NetScaler interfaces in the same L2 broadcast domain/VLAN (unless linkaggregation is configured), the NetScaler will __________. (Choose the correct option to complete thesentence.)

A. restartB. disable one interfaceC. cause a network loopD. disable both interfaces



QUESTION 20Scenario: Users in an organization need to access several web applications daily. Management has askeda NetScaler Engineer to reduce the amount of times users have to enter credentials when accessing web

applications.

What should the engineer configure to meet this requirement?

A. A load-balancing VServer and an authorization policyB. An authentication VServer and an authorization policyC. An authentication VServer and an authentication policyD. A content switching VServer and an authentication profile



QUESTION 21The upgrade script copies the updated NetScaler kernel file to the __________ NetScaler directory.(Choose the correct option to complete the sentence.)

A. /varB. /flashC. /nsconfigD. /flash/boot



QUESTION 22Which setting must an engineer ensure is configured before a Subnet IP (SNIP) could be used tocommunicate with servers on the same network segment?

A. Static route is definedB. USIP mode is enabledC. USNIP mode is enabledD. Default gateway is defined



QUESTION 23Which tool could a NetScaler Engineer use to monitor client-side rendering times for a Web application thatis load-balanced by NetScaler?

A. TcpdumpB. Insight CenterC. Command CenterD. NetScaler Dashboard

Correct Answer: ASection: (none)

Explanation


QUESTION 24What should a NetScaler Engineer configure to create load-balancing virtual servers and services on thesame VLAN with overlapping IP addresses?

A. Listen policiesB. Traffic domainsC. Dynamic routingD. Policy-based routing



QUESTION 25Scenario: NetScaler is configured with a Subnet IP (SNIP) 192.168.1.10/24 on VLAN 1 and a SNIP172.168.1.50/24 on VLAN 100.

VLAN 100 has been properly associated with interface 1/1 and SNIP 172.168.1.50.

A user on VLAN 100 is attempting to access a virtual server on 192.168.1.25 and NOT getting a response.

After troubleshooting the network, an engineer identifies that asymmetric packet flows are NOT using theright interfaces on the return path to the client.

Which NetScaler setting must be enabled to avoid this behavior?

A. Layer 3 ModeB. Layer 2 ModeC. Direct Route AdvertisementD. MAC-based forwarding (MBF)



QUESTION 26Which outcome does the minify JavaScript option of the Front End Optimization (FEO) feature provide?

A. It will replace characters with shorter names.B. It will change all uppercase letters to lowercase.C. It will remove all comments from the JavaScript.D. It will compress JavaScript with the GZIP algorithm.



QUESTION 27Which feature could a Network Engineer configure in order to restrict client connections to a specificbandwidth limit?

A. SpilloverB. Rate LimitingC. SureConnectD. Filter Policies



QUESTION 28Scenario: A web server needs to be load-balanced but the content for the web page is retrieved fromdifferent server pools. There is a server pool for images, another for text files, and another for documents.

Which NetScaler feature would allow a user to retrieve content from all pools through a single IP addressby leveraging the ability of NetScaler to forward traffic based on the incoming request?

A. Load BalancingB. Content FilteringC. Content SwitchingD. Global Server Load Balancing



QUESTION 29Server Name Indication (SNI) is required when __________. (Choose the correct option to complete thesentence.)


A. TLS 1.1/1.2 is enabled exclusivelyB. a SAN extension certificate is usedC. multiple certificates are used on multiple domains on the same VServerD. configuring a content switching SSL VServer with a single domain certificate



QUESTION 30

What should an engineer configure in an environment where two NetScaler appliances are configured inhigh availability (HA) mode to prevent both nodes from reporting a state of NOT_UP at the same time?

A. Fail-Safe ModeB. Route MonitorsC. Command PropagationD. Configuration Synchronization



QUESTION 31When creating a link aggregation channel on the NetScaler, the "-throughput" option sets the __________.(Choose the correct option to complete the sentence.)

A. max interface speed of the channelB. interface threshold for channel failoverC. interface bandwidth limit for the channelD. interface speed of each member of the channel



QUESTION 32Scenario: A NetScaler Engineer is asked to interpret the following configuration:

add audit syslogAction syslog_srv_1 192.168.0.1 -logLevel ERROR

add audit syslogAction syslog_srv_2 192.168.0.2 -logLevel WARNING

add audit syslogAction syslog_srv_3 192.168.0.3 -logLevel CRITICAL

add audit syslogAction syslog_srv_4 192.168.0.4 -logLevel ALERT

add audit syslogPolicy audit_pol_1 ns_true syslog_srv_1




bind system global audit_pol_1 -priority 100




add audit messageaction log-act1 CRITICAL '"Client:"+CLIENT.IP.SRC+" accessed "+HTTP.REQ.URL' -bypassSafetyCheck YES

add responder policy RP_pol http.REQ.IS_VALID NOOP -logAction log-act1

bind responder global RP_pol 100 END -type REQ_OVERRIDE

Which syslog server will receive log information?

A. syslog_srv_3B. syslog_srv_4C. syslog_srv_1D. syslog_srv_2



QUESTION 33Scenario: A NetScaler Engineer is working with a NetScaler appliance that has two network interface cards(NICs). The first NIC is placed on the DMZ network and the second NIC is on the internal network. Thedefault route is configured to the gateway on the internal network. A virtual server is configured on theDMZ-network and the firewall on the DMZ is using network address translation (NAT) to allow externaltraffic to the virtual server.

When a user from the Internet attempts to connect to the NAT'd external address, the session neverestablishes. The engineer performs an nstrace and sees that the user's traffic hits the NetScaler. Theengineer then discovers that the problem is an asymmetrical packet flow.

Which two settings could the engineer configure to resolve the issue? (Choose two.)

A. Link load balancing (LLB)B. Policy-based routing (PBR)C. Extended access list (ACL)D. MAC-based forwarding (MBF)E. Reverse network address translation (RNAT)

Correct Answer: BDSection: (none)Explanation


QUESTION 34Scenario: A NetScaler Engineer connected a new NetScaler MPX appliance to the network. However,some of the interfaces were blocked on the uplink switch. The engineer needs to perform a network packettrace on the NetScaler appliance. For troubleshooting purposes, the engineer needs to separate trace filesfor each interface. The engineer executed the following command from the NetScaler CLI:

start nstrace -perNIC ENABLED

However, NetScaler created a single trace file.

What should the engineer do to produce separate trace files for each interface?

A. Specify the nodes parameter.B. Use the nsconmsg command.C. Specify the tcpdump parameter.D. Use the nstracemerge.sh command.

Correct Answer: C

Section: (none)Explanation


QUESTION 35On a load-balancing virtual server with multiple bound services, Redirect URL will be invoked when__________. (Choose the correct phrase to complete the sentence.)

A. a backup virtual server has been configuredB. Health Based Spillover has been configuredC. one of the bound services is marked as DOWND. the load-balancing virtual server is marked as DOWN



QUESTION 36Which two encryption algorithms are supported on the NetScaler to store the encrypted SSL private keywith a password? (Choose two.)

A. AESB. RC4C. DESD. DES3

Correct Answer: CDSection: (none)Explanation


QUESTION 37Scenario: A website that provides hotel bookings lists each hotel through their membership number on thesite URL. For example, the Martello Tower member ID is 6754 and its web presence is at http://www.hoteltestwebsite.com/hotels/6754/index.html.

There are 20,000 hotels in the database of the website. The website business owner no longer wants todisplay the hotel sites for hotel numbers 1-10000, inclusive. A NetScaler Engineer must configure anappropriate responder page to indicate that these sites are unavailable.

Which expression will meet the requirements of the business owner?

A. HTTP.REQ.URL.PATH.GET(2).TYPECAST_NUM_T(DECIMAL).BETWEEN(0, 10000)B. HTTP.REQ.URL.AFTER_STR("hotels").TYPECAST_NUM_T(DECIMAL).BETWEEN(0, 10000)C. HTTP.REQ.URL.BEFORE_STR("index.html").TYPECAST_NUM_T(DECIMAL).BETWEEN(0, 10000)D. HTTP.REQ.URL.PATH.GET(1).TYPECAST_NUM_T(DECIMAL).GT(0) &&

HTTP.REQ.URL.PATH.GET(1).TYPECAST_NUM_T(DECIMAL).LT(10000)


Explanation/Reference:

Explanation:

QUESTION 38In which two places could a NetScaler Engineer enable TCP Buffering? (Choose two.)

A. ServiceB. GloballyC. HTTP profileD. Virtual server



QUESTION 39Which two content types are, by default, compressible content on the NetScaler? (Choose two.)

A. zipB. pngC. cssD. jpegE. html

Correct Answer: CESection: (none)Explanation


QUESTION 40On a NetScaler system, the __________ timeout value will mark any session that has reached the idletimeout for cleanup. (Choose the correct option to complete the sentence.)

A. ClientB. ServerC. ZombieD. NATPCB



QUESTION 41Scenario: A NetScaler Engineer has configured COOKIEINSERT persistence with a timeout value of twominutes on an SSL LBvServer. The idle time requirement for the application itself CANNOT be determined.Users report connections are intermittent. Once a session is disconnected, a user must re-authenticate inorder to regain access.

In order to correct this issue, the engineer should set persistence to __________ with a timeout of__________ minutes. (Choose the correct set of options to complete the sentence.)

A. SOURCEIP; twoB. SSLSESSION; ten

C. SRCIPDESTIP; twoD. COOKIEINSERT; zero



QUESTION 42What does the TCP Buffering feature on the NetScaler accomplish?

A. It enables the TCP options field syn-cookie.B. It optimizes the client and server TCP window size.C. It buffers incoming client connections on the NetScaler.D. It offloads the server response to the NetScaler before delivering it to the client.



QUESTION 43Which setting would a NetScaler Engineer disable in order to stop the NetScaler from acting as a router fornon-NetScaler owned IP addresses or entities?

A. Layer 2 modeB. Layer 3 modeC. MAC-based forwardingD. Use Subnet IP (USNIP)



QUESTION 44What is the purpose of binding Certificate Authority (CA) certificates to a virtual server?

A. For SSL OffloadB. To validate the server certificateC. For client certificate authenticationD. To provide intermediate certificates to the client



QUESTION 45Which option needs to be set on the service in order to maintain the original client-IP to the backendservice?


A. -cka yesB. -usip yesC. -cip disabledD. -useproxyport yes



QUESTION 46A NetScaler Engineer is required to use SNMP v3 on a NetScaler instance and needs to use authenticationand encryption for all SNMP v3 communication.

What are two places where the engineer could set mandatory authentication and encryption? (Choosetwo.)

A. SNMP trap propertiesB. SNMP user propertiesC. SNMP group propertiesD. SNMP manager properties



QUESTION 47Scenario: Users complain that they are NOT able to connect to a web site using the IP address. Therelevant portion of the configuration is shown below:

add ssl profile srv-web -sessReuse ENABLED -sessTimeout 120 -tls11 DISABLED -tls12 DISABLED -strictCAChecks YES

add service svc-web 192.168.1.3 HTTP 80

add lb vserver srv-web SSL 192.168.1.22 443 -persistenceType NONE -cltTimeout 180

bind lb vserver srv-web svc-web

set ssl vserver srv-web -eRSA DISABLED -clientAuth ENABLED -clientCert Optional -tls11 DISABLED -tls12 DISABLED -SNIEnable ENABLED

add ssl policy svc-web -rule true -action NOOP

bind ssl vserver srv-web -certkeyName WebCert -SNICert

bind ssl vserver srv-web -policyName svc-web -priority 100

What is the likely cause of the connectivity issue?

A. SSL policy is incorrect.B. Client Authentication is enabled.C. Server Name Indication is enabled.D. Load Balancing persistence is set to NONE.



QUESTION 48A NetScaler Engineer needs to gather information from a NetScaler VPX before allocating the platformlicense.

Which shell command could the engineer use to gather the needed information?

A. lmutil lmhostid -userB. lmutil lmhostid -etherC. lmutil lmhostid -internetD. lmutil lmhostid -hostname



QUESTION 49Scenario: A NetScaler Engineer has received complaints from some users stating that their businessapplications are running slow. The engineer analyzes the application servers and sees the following CPUutilization:

ServerA is utilizing 20% CPU

ServerB is utilizing 20% CPU

ServerC is utilizing 100% CPU

The engineer had set the load-balancing method to round robin but decided to change the load- balancingconfiguration for the business applications.

Which load-balancing method could the engineer use to address this issue?

A. Custom LoadB. Least PacketsC. Least ConnectionsD. Least Response time



QUESTION 50In a high-availability (HA) configuration, a NetScaler Engineer notices that the HA Synchronization statusshows as failed.

What could be causing the HA Synchronization to fail?

A. Port 3003 is being blockedB. Port 3009 is being blockedC. The RPC passwords are incorrectD. The nsroot passwords are incorrect



QUESTION 51When using static proximity load-balancing method for a Global Server Load Balancing (GSLB) virtualserver, there must be a match between the IP addresses in the custom/static database to the IP address ofthe _________ so that it is associated with a given location. (Choose the correct option to complete thesentence.)

A. GSLB serviceB. ADNS serviceC. Load-balancing serverD. Client local DNS (LDNS)



QUESTION 52Scenario: A NetScaler Engineer must implement load-balancing on a web server farm that serves videoclips to end users. Video clip files vary in size. The engineer needs to send traffic to the server with theleast amount of network utilization. Which load-balancing method should the engineer use?

A. Least RequestB. Least BandwidthC. Least ConnectionD. Least Response Time



QUESTION 53Which protocol is responsible for exchanging site metric, network metric, and persistence informationbetween sites using Global Server Load Balancing (GSLB)?

A. SSHB. MEPC. RPC

D. NITRO



QUESTION 54Scenario: The marketing department would like a short URL to use for a product launch that will redirectusers to the product information page on the company's website.

The marketing URL they require is http://www.turboappliances.com/prima. It should redirect the user tohttp://www.turboappliances.com/products/solutions/primaversion1234.html.

Which NetScaler command should a NetScaler Engineer run in order to meet the requirements of thescenario?

A. add responder action MarketingURL redirect"\"http://www.turboappliances.com/products/solutions/primaversion1234.html\""

B. add rewrite action MarketingURL4 replace_http_res"\"http://www.turboappliances.com/products/solutions/primaversion1234.html\""

C. add rewrite action MarketingURL1 insert_http_header Location "\"http://www.turboappliances.com/products/solutions/primaversion1234.html\""

D. add transform action MarketingURL2 -priority 100 -reqUrlFrom www.turboappliances.com/ - reqUrlInto"http://www.turboappliances.com/products/solutions/primaversion1234.html"



QUESTION 55Which command must an engineer use to run a cluster with less than (n/2+1) number nodes online?

A. add cluster <node> -quorumType MajorityB. add cluster instance <name> -quorum NoneC. add cluster instance <clid> -quorumType NoneD. add cluster instance <clid> -quorumType Majority



QUESTION 56Which of the listed options is a simple Access Control List (ACL) attribute?

A. VLAN IDB. Source IP addressC. NetScaler interfaceD. Destination IP address

Correct Answer: ASection: (none)

Explanation


QUESTION 57While binding a certificate key pair where the key is a 2048-bit, a NetScaler Engineer receives the followingerror message:

"Certificate with key size greater than RSA512 or DSA512 bits not supported"

What could be causing this error?

A. The certificate being used is invalid.B. The license file is saved in UTF-8 format.C. The NetScaler does NOT have an SSL offloading card.D. The NetScaler appliance does NOT have an appropriate license.



QUESTION 58A NetScaler Engineer has been given the task of protecting an internal web site by requiring users to entertheir credentials.

Which feature should the engineer configure?

A. AAAB. SSL OffloadingC. Content FilteringD. Application Firewall



QUESTION 59Multiple Subnet IPs (SNIPs) are defined in the same network.


A NetScaler Engineer could specify the SNIP to use to communicate with servers on that network byconfiguring a __________. (Choose the correct option to complete the sentence.)

A. net profileB. listen policyC. traffic domainD. policy-based route



QUESTION 60Scenario: A NetScaler Engineer has created a local account for a user according to the belowconfiguration:

add system user NSUser userpassword -timeout 900

add system group "NetScaler users" -timeout 900

add system cmdPolicy netscaler-users ALLOW"(^man.*)|(^show\\s+(?!system)(?!configstatus)(?!ns ns\\.conf)(?!ns savedconfig)(?!ns runningConfig)(?!gslb runningConfig)(?!audit messages)(?!techsupport).*)|(^stat.*)"

bind system group "NetScaler users" -userName NSUser

bind system group "NetScaler users" -policyName netscaler-users 100

The user is able to log on but is NOT able to execute certain commands. The engineer goes back andlooks at the logs, and the following is displayed:

Oct 6 13:34:15 <local0.info> 192.168.10.50 10/06/2014:13:34:15 GMT ns1 0-PPE-0 : CLICMD_EXECUTED 4303 0 : User NSUser - Remote_ip 192.168.10.10 - Command "show ns runningConfig"- Status "ERROR: Not authorized to execute this command"

Why is the command NOT working for the user?

A. cmdPolicy is NOT configured to allow the commandB. cmdPolicy should be set to DENY, instead of ALLOWC. The user should be bound to the cmdPolicy netscaler-usersD. The priority of the cmdPolicy bound to the group "NetScaler users" should be higher



QUESTION 61Scenario: A NetScaler Engineer is using the following policy to forward traffic when performing contentswitching:

add cs action cs1_act -targetVserverExpr "HTTP.REQ.HOSTNAME"

add cs policy cs1_switch_policy -rule true -action cs1_act

bind cs vserver CS1-VIP -policyName cs1_switch_policy -priority 10

In order to make sure the policy works correctly, the engineer must name the __________ to match thehostname. (Choose the correct option to complete the sentence.)

A. load-balancing serversB. load-balancing servicesC. load-balancing virtual serversD. content-switching virtual server



QUESTION 62What are two benefits of using Link Aggregation Control Protocol (LACP)? (Choose two.)

A. RedundancyB. CompressionC. Reduce TCP latencyD. Increased throughputE. Automatic configuration of TCP windows

Correct Answer: ADSection: (none)Explanation


QUESTION 63A NetScaler Engineer created an HTTP service and did NOT bind any monitors to the service.

Which monitor will the NetScaler automatically bind to the HTTP service?

A. tcpB. httpC. tcp-ecvD. http-ecvE. tcp-defaultF. ping-default

Correct Answer: ESection: (none)Explanation


QUESTION 64Which troubleshooting tool will show policy hits and verify that a policy expression is being invoked?

A. nspepiB. nsapimgrC. nstrace.shD. nsconmsg



QUESTION 65Which NetScaler caching type requires proxy configuration on all client devices?

A. SOCKSB. REVERSEC. FORWARDD. TRANSPARENT



QUESTION 66Scenario: A client connecting to an SSL virtual server receives the following error:

"Invalid Server Certificate The server certificate is invalid. Do you wish to accept this certificate and connectto the server anyway?"

What is a possible cause of this error message?

A. The private key is NOT password-protected.B. The certificate key pair is password-protected.C. The intermediate CA certificate is NOT linked to the server certificate.D. Certificate Revocation Lists (CRLs) have NOT been defined on the NetScaler.



QUESTION 67Which two NetScaler command-line interface commands could an engineer execute to change TCPWindow Scaling settings on the NetScaler? (Choose two.)

A. set netProfileB. add ns tcpProfileC. unset ns tcpParamD. set ns tcpbufParamE. add autoscale profile



QUESTION 68On which two objects could a NetScaler Engineer bind cipher groups? (Choose two.)

A. ServerB. ServiceC. SSL policyD. SSL profileE. Virtual server

Correct Answer: BESection: (none)Explanation


QUESTION 69Which protocol can be monitored by Insight Center?

A. FTPB. HTTPC. RTSPD. RADIUS



QUESTION 70Scenario: A NetScaler Engineer is configuring a new system with connected interfaces 10/1 - 10/4 and runsthe following commands:

add ip 10.10.10.1 255.255.255.0 -type snip

add vlan 10

bind vlan 10 -ifnum 10/1

On which interface(s) will subnet 10.10.10.1 respond to requests?

A. Only interface 10/1B. Interfaces on VLAN 10C. Only interfaces on VLAN 1D. Interfaces 10/1 through 10/4



QUESTION 71Which connection state is included in the Current Server Connections parameter, but not affected by MaxClients?

A. OpenB. ListenC. ClosingD. Open Established



Explanation:

QUESTION 72Which command must a NetScaler Engineer run at the command-line interface to enable a LinkAggregation Control Protocol (LACP) channel?

A. Use "set lacp" with sysPriority parameter.B. Use "set lacp" with ownerNode parameter.C. Use "set interface" with lacpKey parameter.D. Use "set interface" with lacpPriority parameter.



QUESTION 73A NetScaler Engineer created an SSL virtual server but the status is showing as state DOWN.

What could be causing the virtual server to show as state DOWN?

A. The virtual server is configured for port 444.B. HTTP services are used instead of HTTPS services.C. The SSL certificate is NOT bound to the virtual server.D. The certificate bound to the virtual server has a private key of 512-bits.



QUESTION 74Which client header indicates support for the type of compression the NetScaler may use?

A. AcceptB. User-AgentC. Content-TypeD. Accept-Encoding



QUESTION 75Scenario: A NetScaler Engineer has discovered that the object home.php is NOT found in the cache on thesystem.

Below is the relevant configuration:

add cache contentGroup cache_content_group_1 -relExpiry 0

add cache policy cache_pol_1 -rule "http.REQ.URL.CONTAINS(\"home.php\")" -action MAY_CACHE -storeInGroup cache_content_group_1

add cache policy cache_pol_2 -rule "http.REQ.METHOD.EQ(\"GET\")" -action NOCACHE

add cache policy cache_pol_3 -rule "HTTP.RES.HEADER(\"Set-Cookie\").EXISTS" -action CACHE

bind cache global cache_pol_1 -priority 90 -gotoPriorityExpression END -type REQ_OVERRIDE

bind cache global cache_pol_2 -priority 100 -gotoPriorityExpression END -type REQ_OVERRIDE

bind cache global cache_pol_3 -priority 100 -gotoPriorityExpression END -type RES_OVERRIDE

The data from the client and the server are as following:

GET /home.php HTTP/1.1

Host: www.website.com

User-Agent: Mozilla Firefox/3.0.3

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

Accept-Encoding: gzip,deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Keep-Alive: 300

Connection: keep-alive

Date: Thu, 09 Oct 2014 18:25:00 GMT

Cookie: sessionid=100xyz

HTTP/1.1 200 OK

Date: Thu, 09 Oct 2014 18:25:00 GMT

Server: Apache/2.2.3 (Fedora)

Last-Modified: Wed, 09 Jul 2014 21:55:36 GMT

ETag: "27db3c-12ce-5e52a600"

Accept-Ranges: bytes

Cache-Control: private, max-age=0

Set-Cookie: sessionid=100xyz; expires=Thu, 09-Oct-2014 18:30:00 GMT; path=/

Content-Length: 119

Connection: close

Content-Type: text/html; charset=UTF-8

Why does the object NOT persist in the cache?

A. The request is a GET request.B. The response has Set-Cookie.C. The content group is missing a cache selector.D. The content group has been configured with relExpiry 0.

Correct Answer: D

Section: (none)Explanation


QUESTION 76Which IP address type should be bound to a VLAN in order to isolate traffic to backend services?


A. Virtual IP (VIP)B. Cluster IP (CLIP)C. Subnet IP (SNIP)D. NetScaler IP (NSIP)



QUESTION 77Scenario: NetScaler features are NOT licensed. A NetScaler Engineer has checked that the properplatform license file has been uploaded.

Why are the NetScaler features NOT licensed?

A. The features are NOT enabled.B. The NetScaler needs to be restarted.C. The NetScaler initial setup is NOT completed.D. There is no universal license on the NetScaler.



QUESTION 78Which SSL parameter should an engineer configure to bind multiple certificate key pairs to a virtual server?

A. SNI enableB. Session reuseC. Send close-notifyD. Client authentication



Explanation:

QUESTION 79What is the key benefit to enabling Session Reuse on an SSL offload VServer?

A. The number of HTTP requests to the backend services are decreased.B. Resumed SSL sessions are more secure than sessions that require renegotiation.C. Reusing existing sessions decreases the number of TCP connections made to backend services.D. A partial SSL handshake is sent over the existing SSL connection, reducing CPU and bandwidth usage.



QUESTION 80Which two are HTTP response codes from a successful cache hit by default? (Choose two.)

A. 304B. 500C. 200D. 401

Correct Answer: ACSection: (none)Explanation


QUESTION 81How could a NetScaler Engineer ensure that a content-switching virtual server is marked as DOWN if alltarget load-balancing servers show as DOWN?

A. Specify a monitorB. Enable State UpdateC. Specify a route monitorD. Configure a backup virtual server



QUESTION 82Scenario: A NetScaler Engineer needs to enable access to a load-balancing virtual server from twocustomers that belong to different VLANs, VLAN500 and VLAN600. Each customer must access theservices and servers specific to their VLAN and should never be able to reach another customer service orservers.

Traffic Domain (TD) 1 has been created for VLAN500 and Traffic Domain (TD) 2 for VLAN600. Load-balancing services have also been created for each server on TD1 and TD2. The TD for the virtual serveris TD 3 and IP address 172.10.0.30.

In order to complete this setup, the engineer should create a load-balancing virtual server with IP172.10.0.30 on TD 3 and use __________. (Choose the correct option to complete the sentence.)

A. TD2 services as a backup virtual serverB. TD1 and TD2 services on one virtual serverC. TD1 and TD2 services on two virtual serversD. TD1 on one virtual server and TD2 on second



QUESTION 83Which item needs to be configured to enable content prefetch in Integrated Caching on the NetScalerappliance?

A. Cache PolicyB. Cache ObjectC. Cache SelectorD. Cache Content Group



QUESTION 84Scenario: A NetScaler Engineer recently enabled the HTTP Compression feature. In reviewing the HTTPcompression statistics, the engineer notices that content from all HTTP virtual servers created prior toenabling the compression feature is NOT being compressed.

What should the engineer do to allow compression for any pre-existing HTTP virtual servers?

A. Recreate the HTTP virtual servers.B. Recreate any existing compression policies.C. Enable compression on the associated bound services.D. Ensure 'Allow Server side compression' is unchecked on the NetScaler.



QUESTION 85Scenario: A NetScaler Engineer has configured a virtual server as follows:

set lb vserver web_vserver -redirectURL http://www.external.hosting.com -backupVServer maint_vserver

The virtual server web_vserver is marked as DOWN; maint_vserver is marked as UP.

The following request is sent to the web_vserver:

GET /path/query HTTP/1.1

What would happen to this request?

A. Redirected to http://www.external.hosting.comB. Forwarded to the backup server, ignoring the queryC. Forwarded to the backup server, preserving the queryD. Redirected to http://www.external.hosting.com/path/query



QUESTION 86Scenario: A NetScaler Engineer retrieves the following configuration from support and enters it into thecommand-line interface:

add rewrite action remove_server_header delete_http_header Server

add rewrite policy RP_remove_srv_header "HTTP.REQ.IS_VALID && !CLIENT.IP.SRC.IN_SUBNET(172.16.0.0/16)" remove_server_header

bind lb vserver lb_vsrv -policyName RP_remove_srv_header -priority 100 -gotoPriorityExpression END -type REQUEST

The immediate effect of this configuration is that it will __________ the server header in the __________ ifthe request is coming from a network other than 172.16.0.0/16. (Choose the correct set of options tocomplete the sentence.)

A. keep; requestB. keep; responseC. remove; requestD. remove; response



QUESTION 87What is the only input format supported by the NetScaler when using the NetScaler Certificate Importwizard within the configuration utility?

A. JKSB. PEMC. DERD. PKCS#12



QUESTION 88A NetScaler Engineer would like to encrypt the LDAP authentication traffic from a NetScaler to the internalLDAP servers.

Which type of load-balancing service should the engineer create?

A. SSLB. TCPC. RADIUSD. SSL_TCP



QUESTION 89Scenario: A NetScaler Engineer has the following set in the Global Server Load Balancing (GSLB)configuration:

set gslb site SiteB -triggerMonitor MEPDOWN

How does this influence the default service monitoring behavior on the remote site?

A. The service monitor will take precedence over MEP.B. The state of the GSLB service will always be controlled by MEP.C. The service monitor is invoked only when MEP has marked the service as down for any reason.D. The service monitor is invoked only when MEP connectivity has been lost between SiteA and SiteB.



QUESTION 90Which command would an engineer run to deny access to destination port 103 from a host with an IPaddress of 10.0.1.1?

A. add ns acl rule1 DENY -srcIP 10.0.1.1 -srcPort 103 -TTL 600B. add ns acl rule1 DENY -srcIP 10.0.1.1 -srcPort 103 -protocol TCPC. add ns acl rule1 DENY -srcport 103 -destIP 10.0.1.1 -protocol TCPD. add ns simpleacl rule1 DENY -srcIP 10.0.1.1 -destport 103 -protocol TCP



QUESTION 91A NetScaler Engineer has installed Command Center, Insight Center, Web Logging and an IntegrationPack for System Center.

Which tool would be appropriate to see client-side rendering times?

A. Web LoggingB. Insight CenterC. Command CenterD. Integration Pack for System Center



QUESTION 92A NetScaler Engineer needs to audit extended Access Control List (ACL) hits.

Which two areas would the engineer enable logging so that the ACL hits could be stored in the /var/log/ns.log? (Choose two.)

A. The ACLB. The syslogActionC. The nslog parametersD. The syslog parameters



QUESTION 93A NetScaler Engineer needs an SNMP alert to be sent when CPU utilization is 90% or higher on aNetScaler instance.

Which two steps must the engineer take to configure the SNMP alert? (Choose two.)

A. Enable SNMP trap logging.B. Add an SNMP trap destination.C. Set an SNMP community string.D. Set the CPU-USAGE alarm thresholds.E. Add an SNMP manger to poll the instance.



QUESTION 94A NetScaler Engineer has created a new monitor using the following command:

add lb monitor mon_inline HTTP-INLINE -respCode 200 302 401 -httpRequest "HEAD /" -interval 10 -reverse YES -secure YES

This monitor adds an HTTP-INLINE monitor __________. (Choose the correct phrase to complete thesentence.)

A. whose success criteria is an HTTP response code of 200,302,401B. whose success criteria is any HTTP response code OTHER than 200,302,401C. that will probe the Service every 10 seconds over an SSL connection whose success criteria is an

HTTP response code of 200,302,401D. that will probe the Service every 10 seconds over an SSL connection whose success criteria is any

HTTP response code OTHER than 200,302,401



QUESTION 95Scenario: An organization has a fair usage policy that limits each customer to a maximum of five activeconnections in any given second. A NetScaler Engineer is given the task of implementing the requirementsto enforce a policy using the Rate Limiting feature on NetScaler.

Which commands should the network engineer execute to create a proper selector and limit identifier thatfulfills the policy requirement?

A. add stream selector API_selector CLIENT.IP.SRCadd ns limitIdentifier API_limitidf -threshold 5 -mode CONNECTION -timeslice 1000 - selectorNameAPI_selector

B. add stream selector API_selector HTTP.REQ.URLadd ns limitIdentifier API_limitidf -threshold 5 -mode CONNECTION -timeslice 1000 - selectorNameAPI_selector

C. add stream selector API_selector HTTP.REQ.URLadd ns limitidentifier limit_req -mode request_rate -limitType smooth -timeslice 1000 -Threshold 5 -selectorName API_selector

D. add stream selector API_selector CLIENT.IP.SRCadd ns limitidentifier limit_req -mode request_rate -limitType smooth -timeslice 1000 -Threshold 5 -selectorName API_selector



QUESTION 96The Lazy Load action of Front End Optimization (FEO) improves the end-user experience by allowingimages to __________. (Choose the correct phrase to complete the sentence.)

A. load faster due to compressionB. load images from the bottom of the page and then upward to the topC. NOT load until a user scrolls the page to the location where they are displayedD. load from the local browser cache so it does NOT have to fetch them from the origin server



QUESTION 97Scenario: A NetScaler Engineer is addressing an issue discovered during a vulnerability scan. The securityteam is requiring that the engineer disable specific SSL ciphers on the SSL VServer.

Which two methods could the engineer use to meet this requirement? (Choose two.)

A. Modify the list of ciphers in the Default cipher group.B. Change the list of bound ciphers on the VServer directly.C. Enable Cipher Redirect on the VServer and configure OCSP.

D. Disable SSLv2 Redirect on the VServer and update the CRLs.E. Un-assign the default group, create a custom cipher group and assign it to the VServer.

Correct Answer: BESection: (none)Explanation


QUESTION 98Scenario: A NetScaler Engineer is configuring LACP (Link Aggregation Configuration Protocol) on theNetScaler. The engineer adds interface 10/3 and 10/4 to LA/1 (which already contains interfaces 10/1 and10/2) and is configured for VLAN 500.

VLAN 100 is bound to interface 10/3 and VLAN 200 is bound to interface 10/4.

VLAN 500 is bound to channel LA/1.

Which VLAN is shown with a "show interface" command for interface 10/3?

A. 1B. 100C. 200D. 500



QUESTION 99Scenario: An engineer is upgrading the NetScaler firmware from version 10.1 to 10.5 and has a high-availability (HA) setup of two NetScaler MPX appliances.

What is the best practice process to upgrade this HA pair?

A. Upgrade the primary unit, test on the new build, and then upgrade the secondary unit.B. Disable the secondary unit, upgrade the primary, test the new build and then upgrade the other unit.C. Upgrade the secondary unit, do the failover, test on the new build, and then upgrade the primary unit.D. Upgrade and restart both units at the same time and test on the new build after they both are running.



QUESTION 100Which two options could a NetScaler Engineer configure to ensure that a revoked client certificateCANNOT be used for a client certificate authentication? (Choose two.)

A. Server Name Indication (SNI)B. Certificate Revocation List (CRL)C. Certificate Signing Request (CSR)D. Online Certification Status Protocol (OCSP)



QUESTION 101Scenario: A NetScaler Engineer is configuring a NetScaler that has three interfaces. The first interface isconnected to the internal network, the second interface is connected to the DMZ1- network, and the thirdinterface is connected to the DMZ2-network.

DMZ1 and DMZ2 networks are behind different firewalls, and both firewalls are sending traffic throughnetwork address translation (NAT) to the DMZ networks.

The default route is to the gateway on the DMZ1-network.

DMZ1: 10.10.10.0/24 (Gateway: 10.10.10.1)

DMZ2: 10.20.20.0/24 (Gateway: 10.20.20.1)

Internal: 192.168.0.0/24 (Gateway: 192.168.0.1)

Internet traffic reaches the virtual servers located in DMZ1 but NOT the virtual servers located in DMZ2.

Which policy-based route (PBR) would resolve the issue?

A. add ns pbr PBR1 ALLOW -srcIP = 10.20.20.0-10.20.20.255 -destIP != 10.20.20.0-10.20.20.255 -nextHop 10.10.10.1 -priority 10

B. add ns pbr PBR1 ALLOW -srcIP != 10.20.20.0-10.20.20.255 -destIP = 10.20.20.0-10.20.20.255 -nextHop 10.20.20.1 -priority 10

C. add ns pbr PBR1 ALLOW -srcIP = 10.20.20.0-10.20.20.255 -destIP != 10.20.20.0-10.20.20.255 -nextHop 10.20.20.1 -priority 10

D. add ns pbr PBR1 ALLOW -srcIP != 10.20.20.0-10.20.20.255 -destIP != 10.20.20.0- 10.20.20.255 -nextHop 10.10.10.1 -priority 10



QUESTION 102Scenario: An engineer has been given the task of selecting the TCP profile for a NetScaler appliance. Theappliance has a 1.5Mbit WAN interface that has considerable and intermittent packet loss.

Which TCP profile should the engineer choose to optimize traffic for the WAN interface?

A. nstcp_default_profileB. nstcp_default_tcp_lfpC. nstcp_default_tcp_lnpD. nstcp_default_tcp_lan



QUESTION 103

Scenario: A NetScaler Engineer has a high-availability (HA) pair of NetScaler MPX devices (NS1 and NS2)connected on interfaces 0/1, 1/1 and 1/2. NS1 is currently the primary unit. Fail-safe mode is NOT enabled.High-availability monitor is enabled on all the connected interfaces. The engineer sees the following line inthe output of his "show node" command from the command-line interface:Interfaces on which heartbeats are not seen: 1/1 1/2

Interfaces causing Partial Failure: None

What will happen if the 0/1 interface fails?

A. NS1 and NS2 will both become primary.B. NS2 will fail and NS1 will remain primary.C. NS1 will fail and NS2 will become primary.D. NS1 and NS2 will both fail and become secondary.



QUESTION 104Scenario: A NetScaler Engineer creates a new HTTP VServer using the following command:

add lb vserver lb_test HTTP 172.20.10.85 80 -lbMethod LEASTCONNECTION -persistencetypeCOOKIEINSERT -timeout 0 -authentication ON -cacheable YES

During testing, the engineer notices a cookie named NSC_iuuq2 with a value of:ffffffff020a1d1545525d5f4f58455e445a4a423660


What is the purpose of this cookie?

A. It indicates that the client has been authenticated.B. It indicates that the client has NOT been authenticated.C. It is used for persistence, describing only the VServer ID and Service IP.D. It is used for persistence, describing the VServer ID, Service IP and Service Port.



QUESTION 105Which option must a NetScaler Engineer set to enable client keep-alive mode?

A. -cka yesB. -usip yesC. -cip disabledD. -useproxyport yes



QUESTION 106Which NetScaler IP address must a NetScaler Engineer set for management and general system accesspurposes?

A. NSIPB. SNIPC. VIPD. USNIP



QUESTION 107Which two virtual servers could a NetScaler Engineer configure to redirect GET requests to applicationservers? (Choose two.)

A. Load balancingB. AuthenticationC. WildcardD. Content switching




citrix 1y0-351 - gratis exam...jul 08, 2015 · time limit : 120 min file version : 5.0 ... citrix...

Documents