1Y0-351 Online Practice Questions and Answers

Which two of the listed statements are true about Access Control Lists (ACLs) on the NetScaler? (Choose two.)

A. Extended ACLs may BRIDGE traffic.

B. Simple ACLs are bound on ALL interfaces.

C. Extended ACLs are evaluated after creation.

D. Simple ACLs are processed after Extended ACLs.

Scenario: A NetScaler Engineer is working with a NetScaler appliance that has two network interface cards (NICs). The first NIC is placed on the DMZ network and the second NIC is on the internal network. The default route is configured to the gateway on the internal network. A virtual server is configured on the DMZ-network and the firewall on the DMZ is using network address translation (NAT) to allow external traffic to the virtual server.

When a user from the Internet attempts to connect to the NAT'd external address, the session never establishes. The engineer performs an nstrace and sees that the user's traffic hits the NetScaler. The engineer then discovers that the problem is an asymmetrical packet flow.

Which two settings could the engineer configure to resolve the issue? (Choose two.)

A. Link load balancing (LLB)

B. Policy-based routing (PBR)

C. Extended access list (ACL)

D. MAC-based forwarding (MBF)

E. Reverse network address translation (RNAT)

Scenario: A NetScaler Engineer is configuring a new system with connected interfaces 10/1 - 10/4 and runs the following commands:

add ip 10.10.10.1 255.255.255.0 -type snip add vlan 10 bind vlan 10 -ifnum 10/1 On which interface(s) will subnet 10.10.10.1 respond to requests?

A. Only interface 10/1

B. Interfaces on VLAN 10

C. Only interfaces on VLAN 1

D. Interfaces 10/1 through 10/4

Scenario: An organization has a fair usage policy that limits each customer to a maximum of five active connections in any given second. A NetScaler Engineer is given the task of implementing the requirements to enforce a policy using the Rate Limiting feature on NetScaler.

Which commands should the network engineer execute to create a proper selector and limit identifier that fulfills the policy requirement?

A. add stream selector API_selector CLIENT.IP.SRC add ns limitIdentifier API_limitidf -threshold 5 -mode CONNECTION -timeslice 1000 selectorName API_selector

B. add stream selector API_selector HTTP.REQ.URL add ns limitIdentifier API_limitidf -threshold 5 -mode CONNECTION -timeslice 1000 selectorName API_selector

C. add stream selector API_selector HTTP.REQ.URL add ns limitidentifier limit_req -mode request_rate -limitType smooth -timeslice 1000 -Threshold 5 selectorName API_selector

D. add stream selector API_selector CLIENT.IP.SRC add ns limitidentifier limit_req -mode request_rate -limitType smooth -timeslice 1000 -Threshold 5 selectorName API_selector

Which two virtual servers could a NetScaler Engineer configure to redirect GET requests to application servers? (Choose two.)

A. Load balancing

B. Authentication

C. Wildcard

D. Content switching

Scenario: A network engineer has bound a service group containing four web servers to a virtual server. The virtual server is UP but users report that they are unable to access the virtual server.

In order to troubleshoot this issue, the engineer should use telnet from __________. (Choose the correct option to complete the sentence.)

A. a PC to the virtual IP address

B. a PC to the subnet IP address

C. a PC to the mapped IP address

D. the NetScaler shell to one of the web servers

A public SSL certificate on a virtual server is about to expire and the NetScaler engineer needs to renew the certificate before it expires.

Which step must the engineer take to renew the SSL Certificate?

A. Generate a new CSR

B. Recreate the Private Keys

C. Execute CRL Management

D. Update the existing certificate

Scenario: A network engineer needs to re-configure the NetScaler to utilize two new VLANs VLAN2 and VLAN3. VLAN2 is an untagged VLAN and VLAN3 will require a .1q compliant tag. Interface 1/1 is the only interface that will be used on the NetScaler.

How could the engineer configure the NetScaler so that it can communicate with both networks?

A. Change the NSVLAN to 3 Add VLAN 2 and bind interface 1/1 as untagged

B. Enable the Tag all VLANs option on interface 1/1.

C. Add VLAN2 and bind interface 1/1 as untagged Add VLAN3 and bind interface 1/1 as tagged

D. Add a SNIP for each VLAN Enable management access on the SNIP for VLAN3

Why would an engineer want to specify a TCP Profile for a specific service group?

A. To enable use of features like SSL over TCP for that specific service group.

B. To adjust the TCP settings for traffic to and from that specific service group.

C. To use a specific SNIP for traffic to the back-end servers in that service group.

D. To enable features like use source IP, TCP keep alive and TCP buffering for a specific service group.

Scenario: The IT department in an organization manages servers and network devices from an internal management subnet. A NetScaler device has recently been installed into the DMZ network. The intranet firewall allows TCP 443 from the management subnet to the NetScaler device.

How could the engineer ensure that only workstations in the management network are permitted to manage the NetScaler?

A. Create an Extended ACL based on the source IP address.

B. Create a restricted route from the internal network to the DMZ.

C. Enable the management access control option on the NSIP address.

D. Enable the management access control on the internal SNIP address.