Special Discount Limited Time 65% Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Citrix 1Y0-440 Architecting a Citrix Networking Solution Exam Practice Test

Page: 1 / 15
Total 152 questions

Architecting a Citrix Networking Solution Questions and Answers

Question 1

Scenario: A Citrix Architect has setup Citrix ADC MPX devices in high availability mode with version 12.0.53.13 nc. These are placed behind a Cisco ASA 5505 firewall. The Cisco ASA firewall is configured to block traffic using access control lists. The network address translation (NAT) is also performed on the firewall. The following requirements were captured by the architect during the discussion held as part of the Citrix ADC security implementation project with the customer's security team: The Citrix ADC MPX device:

  • should monitor the rate of traffic either on a specific virtual entity or on the device. It should be able to mitigate the attacks from a hostile client sending a flood of requests. The Citrix ADC device should be able to stop the HTTP. TOP, and DNS based requests.
  • needs to protect backend servers from overloading.
  • needs to queue all the incoming requests on the virtual server level instead of the service level.
  • should provide access to resources on the basis of priority.
  • should provide protection against well-known Windows exploits, virus-infected personal computers, centrally managed automated botnets. compromised webservers, known spammersThackers. and phishing proxies.
  • should provide flexibility to enforce the desired level of security check inspections for the requests originating from a specific geolocation database.
  • should block the traffic based on a predetermined header length, URL length, and cookie length.The device should ensure that characters such as a single straight quote (') backslash (); and semicolon (;) are either blocked, transformed, or dropped while being sent to the backend server.

Which security feature should the architect implement to meet these requirements?

Options:

A.

Configure HTML SQL injection check on Application Firewall and enable Transform SQL special characters.

B.

Configure signatures manually and apply them to the Application Firewall profile.

C.

Configure HTML SQL Injection check on Application Firewall and enable Block SQLSpICharANDKeyword.

D.

Configure HTML cross-Site scripting and enable Check Request headers.

Question 2

Scenario: A Citrix Architect observes the following configurations while performing an assessment of a Citrix ADC deployment:

  • Citrix Gateway virtual server nsg-dmz-001 is configured in ICA Proxy mode.
  • The authentication method used is Plaintext LDAP.
  • The session policies bound are configured to integrate with StoreFront in ICA proxy mode to perform Single Sign-on.
  • The connection to LDAP server is performed using SNIP by Citrix ADC.
  • To meet the new design requirement the architect needs to change the SNIP used for communication with LDAP servers.

Which AAA parameter must the architect verify to update the source IP address for the communication from Citrix ADC to the LDAP server?

Options:

A.

AAA Session IP

B.

NetProfile

C.

aaadnatip

D.

MappedlPAddress

Question 3

A Citrix Architect needs to configure advanced features of Citrix ADC by using StyleBooks as a resource in the Heat service.

What is the correct sequence of tasks to be completed for configuring Citrix ADC using the Heat stack?

Options:

A.

1. Install Citrix ADC Bundle for OpenStack

2 Register OpenStack with Citrix Application Delivery Management

3. Add Citrix ADC instances (Optional)

4. Create service packages (Add OpenStack tenants)

5. Prepare the HOT by using the Citrix ADC Heat resources and Citrix ADC Network Resource

6. Deploy the Heat stack

B.

1. Install Citrix ADC Bundle for OpenStack

2 Add Citrix ADC instances (Optional)

3. Create service packages (Add OpenStack tenants)

4. Prepare the HOT by using the Citrix ADC Heat resources and Citrix ADC Network Resource

5. Register OpenStack with Citrix Application Delivery Management

6. Deploy the Heat stack

C.

1. Install Citrix ADC Bundle for OpenStack

2. Deploy the Heat stack

3. Register OpenStack with Citrix Application Delivery Management

4. Add Citrix ADC instances (Optional)

5. Prepare the HOT by using the Citrix ADC Heat resources and Citrix ADC Network Resource

6. Create service packages (Add OpenStack tenants)

D.

1. Install NetScaler Bundle for OpenStack

2. Prepare the HOT by using the NetScaler heat resources and NetScaler Network Resource

3. Register OpenStack with NMAS

4. Deploy the Heat stack

5. Add NetScaler instances (Optional)

6. Create service packages (Add OpenStack tenants)

Question 4

Scenario: A Citrix Architect needs to design a NetScaler deployment in Microsoft Azure. An Active-Passive NetScaler VPX pair will provide load balancing for three distinct web applications. The architect has identified the following requirements:

  • Minimize deployment costs where possible.
  • Provide dedicated bandwidth for each web application.
  • Provide a different public IP address for each web application.

For this deployment, the architect should configure each NetScaler VPX machine to have ______ network interface(s) and configure IP address by using ________. (Choose the correct option to complete the sentence).

Options:

A.

4; Port Address Translation

B.

1; Network Address Translation

C.

1; Port Address Translation

D.

2; Network Address Translation

E.

4; Network Address Translation

F.

2; Port Address Translation

Question 5

Scenario: A Citrix Architect has met with a team of Workspacelab members for a design discussion They have captured the following requirements for the Citrix ADC design project:

The authentication must be deployed for the users from the workspacelab com and vendorlab com domains.

  • The workspacelab users connecting from the internal (workspacelab) network should be authenticated using LDAP
  • The workspacelab users connecting from the external network should be authenticated using LDAP and RADIUS.
  • The vendorlab users should be authenticated using Active Directory Federation Service
  • The user credentials must NOT be shared between workspacelab and vendorlab
  • Single Sign-on must be performed between StoreFront and Citrix Gateway
  • A domain drop down list must be provided if the user connects to the Citrix Gateway virtual server externally

Which method must the architect utilize for user management between the two domains?

Options:

A.

Create a global catalog containing the objects of Vendorlab and Workspacelab domains.

B.

Create shadow accounts for the users of the Vendorlab domain in the Workspacelab domain C. Create a two-way trust between the Vendorlab and Workspacelab domains

C.

Create shadow accounts for the users of the Workspacelab domain in the Vendorlab domain

Question 6

Scenario: A Citrix Architect needs to plan for a customer environment in which more than 10,000 users will need access. The networking infrastructure needs to be able to handle the expected usage.

Which business driver should be prioritized based on the customer’s requirement?

Options:

A.

Increase flexibility

B.

Enable mobile work styles

C.

Simplify management

D.

Increase Scalability

E.

Reduce Costs

F.

Increase Security

Question 7

Scenario: A Citrix Architect needs to design a new NetScaler Gateway deployment to provide secure RDP access to backend Windows machines.

Click the Exhibit button to view additional requirements collected by the architect during the design discussions.

To meet the customer requirements, the architect should deploy the RDP proxy through ______ using a________ solution. (Choose the correct option to complete the sentence.)

Options:

A.

CVPN: single gateway

B.

CVPN, stateless gateway

C.

ICAProxy: single gateway

D.

ICAProxy; stateless gateway

Question 8

Scenario: A Citrix Architect needs to design a hybrid Citrix Virtual App and Citrix Virtual Desktop environment which will include Citrix Cloud as well as resource locations in on-premises datacenter and Microsoft Azure.

Organizational details and requirements are as follows:

  • Active Citrix Virtual App and Citrix Virtual Desktop Service subscription
  • No existing NetScaler deployment
  • About 3,000 remote users are expected to regularly access the environment
  • Multi-factor authentication should be used for all external connections
  • Solution must provide load balancing for backend application servers
  • Load-balancing services must be in Location B

Click the Exhibit button to view the conceptual environment architecture.

The architect should use ________ in Location A, and should use _________ in Location B. (Choose the correct option to complete the sentence.)

Options:

A.

Citrix Gateway as a Service, no Ctrix products

B.

No Citrix products, Citrix ADC (BYO)

C.

Citrix Gateway as a Service, Citrix ADC (BYO)

D.

No Citrix products, Citrix ICA Proxy (cloud-licensed)

E.

Citrix Gateway as a Service, Citrix ICA Proxy (cloud-licensed)

F.

No Citrix products; Citrix Gateway appliance

Question 9

Which StyleBook group should a Citrix Architect use to deploy the configuration for Microsoft SharePoint servers on Citrix ADC Management and Analytics (Citrix Application Delivery Management)?

Options:

A.

Default

B.

Public

C.

Private

D.

Custom

Question 10

Scenario: A Citrix Architect has deployed two MPX devices. 12.0.53.13 nc and MPX 11500 models, in a high availability (HA) pair for the Workspace labs team. The deployment method is two-arm and the devices are installed behind a CISCO ASA 5585 Firewall. The architect enabled the following features on the Citrix ADC devices. Content Switching. SSL Offloading, Load Balancing, Citrix Gateway. Application Firewall in hybrid security and Appflow. All are enabled to send monitoring information to Citrix Application Delivery Management 12.0.53.13 nc build. The architect is preparing to configure load balancing for Microsoft Exchange 2016 server.

The following requirements were discussed during the implementation:

  • All traffic needs to be segregated based on applications, and the fewest number of IP addresses should be utilized during the configuration.
  • All traffic should be secured and any traffic coming Into FITTP should be redirected to HTTPS.
  • Single Sign-on should be created for Microsoft Outlook web access (OWA).
  • Citrix ADC should recognize Uniform Resource Identifier (URI) and close the session to Citrix ADC when users hit the Logoff button In Microsoft Outlook web access.
  • Users should be able to authenticate using either user principal name (UPN) or sAMAccountName.
  • The Layer 7 monitor should be configured to monitor the Microsoft Outlook web access servers and the monitor probes must be sent on SSL.

Which monitor will meet these requirements?

Options:

A.

add lb monitor mon.rpc HTTP-ECV -send "GET /rpc/healthcheck.htm" recv 200 -LRTM DISABLED -secure YES

B.

add lb monitor mon.rpc HTTP -send "GET /rpc/healthcheck.htm" recv 200 -LRTM DISABLED -secure YES

C.

add lb monitor mon.rpc HTTP-ECV -send "GET /owa/healthcheck.htm" recv 200 -LRTM DISABLED

D.

add lb monitor mon.rpc HTTP-ECV -send "GET /owa/healthcheck.htm" recv 200 -LRTM ENABLED

E.

add lb monitor mon.rpc HTTP-ECV -send "GET /rpc/healthcheck.htm" recv 200 -LRTM ENABLED

Question 11

Which two settings should a Citrix Architect use on Citrix Application Delivery Management for configuring CPX using a pre-existing CPX device? (Choose two.)

Options:

A.

Event Manager

B.

instance

C.

File

D.

PIug and Play

E.

Action

Question 12

Scenario: Based on a discussion between a Citrix Architect and team of Workspacelab has been created across three (3) sites.

They captured the following requirements during the design discussion held for NetScaler design projects:

  • All three (3) Workspacelab sites (DC, NDR, and DR) will have similar NetScaler configuration and design.
  • Both external and internal NetScaler MPX appliances will have Global Server Load balancing (GSLB) configured and deployed in Active/Passive mode.
  • GSLB should resolve both A and AAA DNS queries.
  • In the GSLB deployment, the NDR site will act as backup for the DC site. whereas the DR site will act as backup for the NDR site.
  • When the external NetScaler replies to DNS traffic coming in through Cisco Firepower IPS, the replies should be sent back through the same path.
  • On the internal NetScaler, both front-end VIP and back-end SNIP will be part of the same subnet.
  • USIP is configured on the DMZ NetScaler appliances.
  • The external NetScaler will act default gateway for back-end servers.
  • All three (3) sites (DC, NDR, and DR) will have two (2) links to the Internet from different service providers configured in Active/Standby mode.

Which design decision must the architect make to meet the design requirements above?

Options:

A.

Interface 0/1 must be used for DNS traffic.

B.

The SNIP of the external NetScaler must be configured as default gateway on the back-end servers.

C.

ADNS service must be used with IPv6 address.

D.

Policy-Based Route with next hop as CISCO IPS must be configured on the external NetScaler.

Question 13

Scenario: The Workspacelab team has configured their Citrix ADC Management and Analytics (Citrix Application Delivery Management) environment. A Citrix Architect needs to log on to the Citrix Application Delivery Management to check the settings.

Which two authentication methods are supported to meet this requirement? (Choose two.)

Options:

A.

Certificate

B.

RADIUS

C.

TACACS

D.

Director

E.

SAML

F.

AAA

Question 14

Scenario: A Citrix Architect needs to design a hybrid XenApp and XenDesktop environment which will include Citrix Cloud as well as resource locations in an on-premises datacenter and Microsoft Azure.

Organizational details and requirements are as follows:

  • Active XenApp and XenDesktop Service subscription
  • No existing NetScaler deployment
  • Global Server Load Balancing is used to direct connection requests to Location B, if the StoreFront server in Location B fails, connections should be directed to Location A.

Click the Exhibit button to view the conceptual environment architecture.

The architect should use _____ in Location A, and should use ________ in Location B. (Choose the correct option to complete the sentence.)

Options:

A.

NetScaler ADC (BYO); NetScaler gateway appliance

B.

NetScaler ADC (BYO); No NetScaler products

C.

NetScaler ADC (BYO); NetScaler ADC (BYO)

D.

NetScaler Gateway appliance; NetScaler Gateway appliance

E.

NetScaler Gateway appliance; NetScaler ADC (BYO)

Question 15

Scenario: A Citrix Architect holds a design discussion with a team of Workspacelab members, and they capture the following requirements for the NetScaler design project.

  • A pair of NetScaler MPX appliances will be deployed in the DMZ network and another pair in the internal network.
  • High availability will be accessible between the pair of NetScaler MPX appliances in the DMZ network.
  • Multi-factor authentication must be configured for the NetScaler Gateway virtual server.
  • The NetScaler Gateway virtual server is integrated with the StoreFront server.
  • Load balancing must be deployed for users from the workspacelab.com domain.
  • The workspacelab users should be authenticated using Cert Policy and LDAP.
  • All the client certificates must be SHA 256-signed, 2048 bits, and have UserPrincipalName as the subject.
  • Single Sign-on must be performed between StoreFront and NetScaler Gateway.

After deployment, the architect observes that LDAP authentication is failing.

Click the Exhibit button to review the output of aaad debug and the configuration of the authentication policy.

Exhibit 1

Exhibit 2

What is causing this issue?

Options:

A.

UserNamefield is set as subjection

B.

Password used is incorrect

C.

User does NOT exist in database

D.

IdapLoginName is set as sAMAccountName

Question 16

Scenario: A Citrix Architect needs to design a new Citrix ADC Gateway deployment to provide secure RDP access to backend Windows machines.

Click the Exhibit button to view additional requirements collected by the architect during the design discussions.

To meet the customer requirements, the architect should deploy the RDP proxy through _______, using a _________ solution. (Choose the correct option to complete the sentence.)

Options:

A.

ICAProxy, stateless gateway

B.

CVPN; single gateway

C.

CVPN; stateless gateway

D.

ICAProxy; single gateway

Question 17

Scenario: A Citrix Architect has set up Citrix ADC MPX devices in high availability mode with version 12.0.53.13 nc. These are placed behind a Cisco ASA 5505 firewall. The Cisco ASA firewall is configured to block traffic using access control lists. The network address translation (NAT) is also performed on the firewall. The following requirements were captured by the architect during the discussion held as part of the Citrix ADC security implementation project with the customer's security team: The Citrix ADC MPX device:

• should monitor the rate of traffic either on a specific virtual entity or on the device. It should be able to mitigate the attacks from a hostile client sending a flood of requests. The Citrix ADC device should be able to stop the HTTP, TOP, and DNS based requests.

• needs to protect backend servers from overloading.

• needs to queue all the incoming requests on the virtual server level instead of the service level.

• should provide access to resources on the basis of priority.

• should provide protection against well-known Windows exploits, virus-infected personal computers, centrally managed automated botnets. compromised webservers, known spammersThackers. and phishing proxies.

• should provide flexibility to enforce the desired level of security check inspections for the requests originating from a specific geolocation database.

• should block the traffic based on a predetermined header length, URL length, and cookie length.The device should ensure that characters such as a single straight quote (') backslash (): and semicolon (;) are either blocked, transformed, or dropped while being sent to the backend server.

Which security feature should the architect implement to meet these requirements?

Options:

A.

Configure HTML SQL injection check on Application Firewall and enable Transform SQL special characters.

B.

Configure signatures manually and apply them to the Application Firewall profile.

C.

Configure HTML SQL Injection check on Application Firewall and enable Block SQLSplCharANDKeyword.

D.

Configure HTML cross-Site scripting and enable Check Request headers.

Question 18

Which three parameters must a Citrix Architect designate when creating a new session policy? (Choose three.)

Options:

A.

Single Sign-on Domain

B.

Request Profile

C.

Name

D.

Enable Persistent Cookie

E.

Expression

Question 19

Which encoding type can a Citrix Architect use to encode the StyleBook content, when importing the StyleBook configuration under source attribute?

Options:

A.

Hex

B.

AS

C.

URL

D.

Unicode

Question 20

Scenario: A Citrix Architect needs to design a hybrid XenApp and XenApp and XenDesktop environment which will include Citrix Cloud as well as resource locations in on-premises datacenter and Microsoft Azure.

Organizational details and requirements are as follows:

  • Active XenApp and XenDesktop Service subscription
  • No existing Citrix deployment
  • About 3,000 remote users are expected to regularly access the environment
  • Multi-factor authentication should be used for all external connections
  • Solution must provide load balancing for backend application servers
  • Load-balancing services must be in Location B

Click the Exhibit button to view the conceptual environment architecture.

The architect should use ________ in Location A, and should use _________ in Location B. (Choose the correct option to complete the sentence.)

Options:

A.

Citrix Gateway as a Service, no Citrix products

B.

No Citrix products, Citrix ADC (BYO)

C.

Citrix Gateway as a Service, Citrix ADC (BYO)

D.

No Citrix products, Citrix ICA Proxy (cloud-licensed)

E.

Citrix Gateway as a Service, Citrix ICA Proxy (cloud-licensed)

F.

No Citrix products; Citrix Gateway appliance

Question 21

Which session parameter does the default authorization setting control when authentication, authorization, and auditing profiles are configured?

Options:

A.

Determines the default logging level

B.

Determines whether the NetScaler appliance will allow or deny access to content for which there is no specific authorization policy

C.

Determines the default period after which the user is automatically disconnected and must authenticate again to access the intranet

D.

Determines whether the NetScaler appliance will log users onto all web applications automatically after they authenticate or will pass users to the web application logon page to authenticate for each application.

E.

Controls are amount of time the users can be idle before they are automatically disconnected.

Question 22

What can help a Citrix Architect prepare to discuss time scales and resource requirements?

Options:

A.

Creating a high-level project plan.

B.

Meeting with each member of the project team to assign tasks.

C.

Designing the new environment.

D.

Setting expectations with the project’s key stakeholders.

E.

Identifying challenges associated with the project.

Page: 1 / 15
Total 152 questions