Citrix NetScaler 10.5 Essentials and Networking v7.0

Page:    1 / 12   
Exam contains 178 questions

Which command must an engineer use to run a cluster with less than (n/2+1) number nodes online?

  • A. add cluster <node> -quorumType Majority
  • B. add cluster instance <name> -quorum None
  • C. add cluster instance <clid> -quorumType None
  • D. add cluster instance <clid> -quorumType Majority

Answer : C

Scenario: A NetScaler engineer needs to enable access to some web servers running on an IPv6-only network. The clients connecting the services are on an IPv4 network. The engineer has already enabled IPv6 on the NetScaler.
What does the engineer need to do in order to provide access to the services on the IPv6 network?

  • A. Create an IPv6 tunnel and a IPv4 virtual server.
  • B. Configure an IPv6 VLAN and bind the required interface.
  • C. Create a IPv4 virtual server and bind the service group to it.
  • D. Create an IPv6 ACL and a IPv4 virtual server and bind the ACL to the virtual server.

Answer : C

Scenario: A NetScaler Engineer is using the DataStream feature. The NetScaler appliance is located in front of a MySQL Database server in the network topology.
The engineer would like to block requests that would drop a database. The engineer comes up with the expression MYSQL.REQ.QUERY.TEXT.CONTAINS("drop database").
The engineer should configure the expression with the ___________ feature to block these requests. (Choose the correct option to complete the sentence.)

  • A. Responder
  • B. Rate Limiting
  • C. Content Filtering
  • D. Access Control List

Answer : A

Scenario: A NetScaler Engineer creates a new HTTP VServer using the following command: add lb vserver lb_test HTTP 80 -lbMethod LEASTCONNECTION - persistencetype COOKIEINSERT -timeout 0 -authentication ON -cacheable YES
During testing, the engineer notices a cookie named NSC_iuuq2 with a value of: ffffffff020a1d1545525d5f4f58455e445a4a423660
What is the purpose of this cookie?

  • A. It indicates that the client has been authenticated.
  • B. It indicates that the client has NOT been authenticated.
  • C. It is used for persistence, describing only the VServer ID and Service IP.
  • D. It is used for persistence, describing the VServer ID, Service IP and Service Port.

Answer : D

A NetScaler Engineer needs to gather information from a NetScaler VPX before allocating the platform license.
Which shell command could the engineer use to gather the needed information?

  • A. lmutil lmhostid -user
  • B. lmutil lmhostid -ether
  • C. lmutil lmhostid -internet
  • D. lmutil lmhostid -hostname

Answer : B

On a load-balancing virtual server with multiple bound services, Redirect URL will be invoked when __________. (Choose the correct phrase to complete the sentence.)

  • A. a backup virtual server has been configured
  • B. Health Based Spillover has been configured
  • C. one of the bound services is marked as DOWN
  • D. the load-balancing virtual server is marked as DOWN

Answer : D

Scenario: A call center has deployed Access Gateway Enterprise to provide its employees with access to work resources from home. Due to the number of available licenses, only selected employees should access the environment remotely based on their user account information.
How could the engineer configure access to meet the needs of this scenario?

  • A. Configure a Pre-authentication Policy.
  • B. Configure an Authentication Server using a search filter.
  • C. Configure an Authentication Policy using Client based expressions.
  • D. Add the selected employee accounts to the Local Authentication policy.

Answer : B

When you type log in credentials on the log in page of the NetScaler VPN and press Enter, the credentials are sent to the Active Directory for validation. If the user name and password are valid, then the Active Directory sends the user attributes to the NetScaler appliance.
The memberOf attribute is one of the attributes that the Active Directory sends to the
NetScaler appliance. This attribute contains the group name of which you are defined as a member in the Active Directory. If you are a member of more than one Active Directory group, then multiple memberOf attributes are sent to the NetScaler appliance.
The NetScaler appliance then parses this information to determine if the memberOf attribute matches the Search filter parameter set on the appliance. If attribute matches, then you are allowed to log in to the network.
The following are the sample attributes that the Active Directory can send to NetScaler appliance: dn: CN=johnd,CN=Users,DC=citrix,DC=com changetype: add memberOf: CN=VPNAllowed,OU=support,DC=citrix,DC=com cn: johnd givenName: john objectClass: user sAMAccountName: johnd
Configuring a NetScaler Appliance to Extract the Active Directory Group
To configure a NetScaler appliance to extract the Active Directory group and enable clients to access the NetScaler VPN based on the Active Directory groups by using the
Lightweight Directory Access Protocol (LDAP) authentication, compete the following procedure:
Determine the Active Directory Group that has access permission.
To configure the NetScaler appliance for Group Extraction, you must define the group a user needs to be a member of to allow access to the network resources.
Note: To determine that exact syntax, you might need to refer to the Troubleshooting
Group Extraction on the NetScaler appliance section.
Determine the Search Filter syntax.
Enter the appropriate syntax in the Search Filter field of the Create Authentication Server dialog box, as shown in the following sample screenshot:

Note: Ensure that you start the value to the Search Filter filed with memberOf= and do not have any embedded spaces in the value.
To configure the LDAP authentication with Group Extractions from the command line interface of the NetScaler appliance with the values similar to the ones in the preceding screenshot, run the following command: add authentication ldapaction LDAP-Authentication
-ldapBase "CN=Users,DC=citrix,DC=com"
-ldapBindDn CN=administrator,CN=Users,DC=citrix,DC=com"
-ldapBindDnPassword ..dd2604527edf70
-ldapLoginName sAMAccountName
-searchFilter "memberOf=CN=VPNAllowed,OU=support,DC=citrix,DC=com"
-groupAttrName memberOf
-subAttributeName CN
Note: Ensure that you set the subAttributeName parameter to CN.
Troubleshooting Group Extraction on the NetScaler appliance
To troubleshoot group extraction on the NetScaler appliance, consider the following points:
If the L

Which three command-line interface commands should a NetScaler Engineer execute to configure an authentication virtual server? (Choose three.)

  • A. add authentication vserver <name> ssl <ipaddress>
  • B. bind ssl certkey
  • C. set authentication vserver <name> -authenticationDomain
  • D. show authentication vserver <name>
  • E. add ssl certkey

Answer : A,B,C

On which two types of virtual servers is the SOURCEIP persistence type supported?
(Choose two.)

  • A. HTTPS
  • B. RTSP
  • C. SSL_Bridge
  • D. SIP_UDP

Answer : A,C

A company has a new CEO and wants to update their website with the new CEO's name.
What could the engineer do on the website while this modification is being made?

  • A. Insert the new name on the header requests using Rewrite policies.
  • B. Hide the current name on the header request using Rewrite policies.
  • C. Delete the current name on the body response using Rewrite policies.
  • D. Replace the current name on the body response using Rewrite policies.

Answer : D

Which command will allow an engineer to change the NetScaler IP (NSIP) from the command-line interface?

  • A. add ns ip -type SNIP
  • B. add ns ip -type NSIP
  • C. set ns config -ipaddress -netmask
  • D. set ns ip -netmask -mgmtaccess enabled

Answer : C

While performing some re-cabling, a NetScaler engineer noticed that a power supply unit failed on a NetScaler appliance. What should the engineer enable to receive notification of a future hardware failure?

  • A. SMTP
  • B. SNMP
  • C. Health monitoring
  • D. EdgeSight monitoring

Answer : B

Which of the listed options is a simple Access Control List (ACL) attribute?

  • A. VLAN ID
  • B. Source IP address
  • C. NetScaler interface
  • D. Destination IP address

Answer : A

Scenario: A pair of NetScaler devices have recently been installed into the corporate DMZ.
The Netscalers have been installed in two-arm mode, with two interfaces in a Internet- facing VLAN and two interfaces in the internal VLAN. A private management subnet also exists.
The NetScaler engineer would like to secure and restrict communication between the management subnet and the SNIP address on that subnet.
Which two actions could the engineer take to help with these goals? (Choose two.)

  • A. Apply an ACL on the specified SNIP.
  • B. Remove the ACL list to the internal VLAN.
  • C. Remove the NSIP address from the Netscaler.
  • D. Configure the SNIP with the -gui SECUREONLY option.

Answer : A,D

Which feature could a Network Engineer configure in order to restrict client connections to a specific bandwidth limit?

  • A. Spillover
  • B. Rate Limiting
  • C. SureConnect
  • D. Filter Policies

Answer : B

Page:    1 / 12   
Exam contains 178 questions

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us