1Y0-440 Online Practice Questions and Answers

A Citrix Architect has deployed NetScaler Management and Analytics System (NMAS) to monitor a high availability pair of NetScaler VPX devices.

The architect needs to deploy automated configuration backup to meet the following requirements:

1.

The configuration backup file must be protected using a password.

2.

The configuration backup must be performed each day at 8:00 AM GMT.

3.

The configuration backup must also be performed if any changes are made in the ns.conf file.

4.

Once the transfer is successful, auto-delete the configuration file from the NMAS.

Which SNMP trap will trigger the configuration file backup?

A. netScalerConfigSave

B. sysTotSaveConfigs

C. netScalerConfigChange

D. sysconfigSave

Scenario: Based on a discussion between a Citrix Architect and a team of Workspacelab members, the MPX Logical layout for Workspacelab has been created across three (3) sites.

The requirements captured during the design discussion held for a NetScaler design project are as follows:

1.

Two (2) pairs of NetScaler MPX appliances deployed in the DMZ and internal network.

2.

High Availability will be accessible for each NetScaler MPX

3.

The external NetScaler MPX appliance will be deployed in multi-arm mode.

4.

The internal NetScaler MPX will be deployed in single-arm mode wherein it will be connected to Cisco ACI Fabric.

5.

All three (3) Workspacelab sites: Dc, NDR and DR, will have similar NetScaler configurations and design.

How many NetScaler MPX appliances should the architect deploy at each site to meet the design requirements above?

A. 4

B. 12

C. 6

D. 2

Scenario: The Workspacelab team has configured their NetScaler Management and Analytics (NMAS) environment. A Citrix Architect needs to log on to the NMAS to check the settings.

Which two authentication methods are supported to meet this requirement? (Choose two.)

A. Certificate

B. RADIUS

C. TACACS

D. Director

E. SAML

F. AAA

Scenario: A Citrix Architect has set up NetScaler MPX devices in high availability mode with version 12.0.

53.13 nc. These are placed behind a Cisco ASA 5505 Firewall is configured to block traffic using access control lists. The network address translation (NAT) is also performed on the firewall.

The following requirements were captured by the architect during the discussion held as part of the NetScaler security implementation project with the customer's security team:

The NetScaler device:

1.

Should monitor the rate of traffic either on a specific virtual entity or on the device. It should be able to mitigate the attacks from a hostile client sending a flood of requests. The NetScaler device should be able to stop the HTTP, TCP, and DNS based requests.

2.

Needs to protect backend servers from overloading.

3.

Needs to queue all the incoming requests on the virtual server level instead of the service level.

4.

Should provide access to resources on the basis of priority.

5.

Should provide protection against well-known Windows exploits, virus-infected personal computers, centrally managed automated botnets, compromised webservers, known spammers/hackers, and phishing

proxies.

6.

Should provide flexibility to enforce the desired level of security check inspections for the requests originating from a specific geolocation database.

7.

Should block the traffic based on a pre-determined header length, URL length, and cookie length. The device should ensure that characters such as a single straight quote (*); backslash(\), and semicolon (;) are either blocked, transformed, or dropped while being sent to the backend server.

Which two security features should the architect configure to meet these requirements? (Choose two.)

A. Pattern sets

B. Rate limiting

C. HTTP DDOS

D. Data sets

E. APPQOE

Scenario: A Citrix Architect needs to assess an existing on-premises NetScaler deployment which includes Advanced Endpoint Analysis scans. During a previous security audit, the team discovered that certain endpoint devices were able to perform unauthorized actions despite NOT meeting pre-established criteria.

The issue was isolated to several endpoint analysis (EPA) scan settings.

Click the Exhibit button to view the endpoint security requirements and configured EPA policy settings.

Which setting is preventing the security requirements of the organization from being met?

A. Item 6

B. Item 7

C. Item 1

D. Item 3

E. Item 5

F. Item 2

G. Item 4

Which parameter indicates the number of current users logged on to the NetScaler gateway?

A. ICA connections

B. Total Connected Users

C. Active user session

D. Maximum User session

Which session parameter does the default authorization setting control when authentication, authorization, and auditing profiles are configured?

A. Determines the default logging level

B. Determines whether the NetScaler appliance will allow or deny access to content for which there is no specific authorization policy

C. Determines the default period after which the user is automatically disconnected and must authenticate again to access the intranet

D. Determines whether the NetScaler appliance will log users onto all web applications automatically after they authenticate or will pass users to the web application logon page to authenticate for each application.

E. Controls are amount of time the users can be idle before they are automatically disconnected.

Scenario: A Citrix Architect needs to configure a full VPN session profile to meet the following requirements:

1.

Users should be able to send the traffic only for the allowed networks through the VPN tunnel.

2.

Only the DNS requests ending with the configured DNS suffix workspacelab.com must be sent to NetScaler Gateway.

3.

If the DNS query does NOT contain a domain name, then DNS requests must be sent to NetScaler gateway.

Which settings will meet these requirements?

A. Split Tunnel to OFF, Split DNS Both

B. Split Tunnel to ON, Split DNS Local

C. Split Tunnel to OFF, Split DNS Remote

D. Split Tunnel to ON, Split DNS Remote

Scenario: A Citrix Architect has deployed Authentication for the SharePoint server through NetScaler. In order to ensure that users are able to edit or upload documents, the architect has configured persistent cookies on the NetScaler profile.

Which action should the architect take to ensure that cookies are shared between the browser and non-browser applications?

A. The time zone should be the same on the NetScaler, client, and SharePoint server.

B. The SharePoint load-balancing VIP FQDN and the AAA VIP FQDN should be in the trusted site of the client browser.

C. The Secure flag must be enabled on the cookie.

D. The cookie type should be HttpOnly.

For which three reasons should a Citrix Architect perform a capabilities assessment when designing and deploying a new NetScaler in an existing environment? (Choose three.)

A. Understand the skill set of the company.

B. Assess and identify potential risks for the design and build phase.

C. Establish and prioritize the key drivers behind a project.

D. Determine operating systems and application usage.

E. Identify other planned projects and initiatives that must be integrated with the design and build phase.