Citrix 1Y0-440 Practice Test - Questions Answers, Page 10
Question list
List of questions
Which format must a Citrix Architect utilize while importing the StyleBook in Citrix Application Delivery Management to compose the content of a StyleBook in the YAML editor?
Scenario: A Citrix Architect has set up Citrix ADC MPX devices in high availability mode with version 12.0.53.13 nc. These are placed behind a Cisco ASA 5505 firewall. The Cisco ASA firewall is configured to block traffic using access control lists. The network address translation (NAT) is also performed on the firewall. The following requirements were captured by the architect during the discussion held as part of the Citrix ADC security implementation project with the customer's security team: The Citrix ADC MPX device:
* should monitor the rate of traffic either on a specific virtual entity or on the device. It should be able to mitigate the attacks from a hostile client sending a flood of requests. The Citrix ADC device should be able to stop the HTTP, TOP, and DNS based requests.
* needs to protect backend servers from overloading.
* needs to queue all the incoming requests on the virtual server level instead of the service level.
* should provide access to resources on the basis of priority.
* should provide protection against well-known Windows exploits, virus-infected personal computers, centrally managed automated botnets. compromised webservers, known spammersThackers. and phishing proxies.
* should provide flexibility to enforce the desired level of security check inspections for the requests originating from a specific geolocation database.
* should block the traffic based on a predetermined header length, URL length, and cookie length.The device should ensure that characters such as a single straight quote (') backslash (): and semicolon (;) are either blocked, transformed, or dropped while being sent to the backend server.
Which security feature should the architect implement to meet these requirements?
Scenario: A Citrix Architect is asked by management at the Workspacelab organization to review their existing configuration and make the necessary upgrades. The architect recommends small changes to the pre-existing Citrix ADC configuration. Currently, the Citrix ADC MPX devices are configured in a high availability pair, and the outbound traffic is load balanced between two Internet service providers (ISPs). However, the failover is NOT happening correctly. The following requirements were discussed during the design requirement phase:
* The return traffic for a specific flow should be routed through the same path while using Link Load Balancing.
* The link should fail over even if the ISP router is up and intermediary devices to an ISP router are down.
* Traffic going through one ISP router should fail over to the secondary ISP, and the traffic should NOT flow through both routers simultaneously. What should the architect configure to meet this requirement?
Scenario: A Citrix Architect has configured two MPX devices in high availability mode with version 12.0.53.13 nc. After a discussion with the security teamf the architect enabled the Application Firewall feature for additional protection. In the initial deployment phase, the following security features were enabled:
* IP address reputation
* HTML SQL injection check
* Start URL
* HTML Cross-site scripting
* Form-Field consistency
After deployment in pre-production, the team identifies the following additional security features and changes as further requirements:
* Application Firewall should retain the response of form field in its memory. When a client submits the form in the next request Application Firewall should check for inconsistency in the request before sending it to the web server.
* All the requests dropped by Application Firewall should get a pre-configured HTML error page with appropriate information.
* The Application Firewall profile should be able to handle the data from an RSS feed and an ATOM-based site. Click the Exhibit button to view an excerpt of the existing configuration.
What should the architect do to meet these requirements?
Scenario: A Citrix Architect needs to assess an existing on-premises NetScaler deployment which includes Advanced Endpoint Analysis scans. During a previous security audit, the team discovered that certain endpoint devices were able to perform unauthorized actions despite NOT meeting pre-established criteria.
The issue was isolated to several endpoint analysis (EPA) scan settings.
Click the Exhibit button to view the endpoint security requirements and configured EPA policy settings.
Which setting is preventing the security requirements of the organization from being met?
Which two parameters are required to ensure that after authentication, the cookies can be transferred from browser to non-browser applications? (Choose two.)
Scenario: More than 10,000 users will access a customer's environment. The current networking infrastructure is capable of supporting the entire workforce of users. However, the number of support staff is limited, and management needs to ensure that they are capable of supporting the full user base.
Which two business driver is prioritized, based on the customer's requirements?
Scenario: A Citrix Architect and a team of Workspacelab members have met for a design discussion about the NetScaler Design Project. They captured the following requirements:
Two pairs of NetScaler MPX appliances will be deployed in the DMZ network and the internal network.
High availability will be accessible between the pair of NetScaler MPX appliances in the DMZ network.
Multi-factor authentication must be configured for the NetScaler Gateway virtual server.
The NetScaler Gateway virtual server is integrated with XenApp/XenDesktop environment.
Load balancing must be deployed for the users from the workspacelab.com and vendorlab.com domains.
The logon page must show the workspacelab logo.
Certificate verification must be performed to identify and extract the username.
The client certificate must have UserPrincipalName as a subject.
All the managed workstations for the workspace users must have a client identifications certificate installed on it.
The workspacelab users connecting from a managed workstation with a client certificate on it should be authenticated using LDAP.
The workspacelab users connecting from a workstation without a client certificate should be authenticated using LDAP and RADIUS.
The vendorlab users should be authenticated using Active Directory Federation Service.
The user credentials must NOT be shared between workspacelab and vendorlab.
Single Sign-on must be performed between StoreFront and NetScaler Gateway.
A domain drop down list must be provided if the user connects to the NetScaler Gateway virtual server externally.
The domain of the user connecting externally must be identified using the domain selected from the domain drop down list.
On performing the deployment, the architect observes that users are always prompted with two-factor authentication when trying to assess externally from an unmanaged workstation.
Click the exhibit button to view the configuration.
What should the architect do to correct this configuration?
Scenario: A Citrix Architect and a team of Workspacelab members met to discuss a Citrix ADC design project. They captured the following requirements from this design discussion:
* All three (3) Workspacelab sites (DC, NDR, and DR) will have similar Citrix ADC configurations and design.
* The external Citrix ADC MPX appliances will have Global Server Load Balancing (GSLB) configured and deployed in Active/Active mode.
<a target='_blank' href='http://nsg.workspaceIab.com/'>* ADNS service should be configured on the Citrix ADC to make it authoritative for domain nsg.workspaceIab.com.</a>
* In GSLB deployment, the DNS resolution should be performed to connect the user to the site with least network latency.
* On the internal Citrix ADC, load balancing for StoreFront services, Citrix XML services, and Citrix Director services must be configured.
* On the external Citrix ADC, the Gateway virtual server must be configured in ICA proxy mode.
Which GSLB method should the architect utilize to meet the design requirements?
Scenario: Based on a discussion between a Citrix Architect and a team of Workspacelab members, the MPX Logical layout for Workspacelab has been created across three (3) sites.
The requirements captured during the design discussion held for a NetScaler design project are as follows:
Two (2) pairs of Citrix ADC MPX appliances deployed in the DMZ and internal network.
High Availability will be accessible for each Citrix ADC MPX
The external Citrix ADC MPX appliance will be deployed in multi-arm mode.
The internal Citrix ADC MPX will be deployed in single-arm mode wherein it will be connected to Cisco ACI Fabric.
All three (3) Workspacelab sites: Dc, NDR and DR, will have similar Citrix ADC configurations and design.
How many Citrix ADC MPX appliances should the architect deploy at each site to meet the design requirements above?
Question