1Y0-340 Exam - Analyzing Citrix NetScaler Advanced Topics: Security - Management - and Optimization

NEW QUESTION 1
Which setting should be enabled to convert the content-length form submission requests to chunked requests, when HTML SQL Injection protection is enabled?

• A. Optimize Partial Requests
• B. Streaming
• C. Enable form tagging
• D. Percentage Recursive Decoding

Answer: B

NEW QUESTION 2
A Citrix Engineer needs to ensure that clients always receive a fresh answer from the integrated cache for positive responses (response of 200).
Which two settings can the engineer configure to make sure that clients receive a fresh response when it is needed? (Choose two.)

• A. –flashCache NO
• B. - pollEveryTime YES
• C. –prefetch YES
• D. –quickAbortSize

Answer: AB

NEW QUESTION 3
A Citrix Engineer needs to configure an AppQoE action to deliver content from an alternate service. Which three parameters should the engineer configure to meet this requirement? (Choose three.)

• A. TCP Profile
• B. Header Name
• C. Action Type
• D. Maximum Connections
• E. Alternate Content Path

Answer: BCD

NEW QUESTION 4
Scenario: A Citrix Engineer observes that when going through NetScaler, user connections fail and users are unable to access Exchange server. However, users can connect directly to the Exchange server. After checking the logs, the engineer finds that the POST request is blocked through the NetScaler.
The log in/ var/log/ns.log is as follows:
Jul 20 11:00: 38 <local0.info>x.x.x. 1 07/20/2021:11:00:38 GMT ns 0-PPE-0:APPFW AF_400_RESP 29362
0: x.x.x.1 439800-PPEO- urlwdummy
https://test.abc.com/rpc/rpcproxy.dll?mail.sfmta.com:6004 Bad request headers. Content-length exceeds post body limit <blocked>
Which parameter can the engineer modify to resolve the issue while maintaining security?

• A. Increase the Maximum Header Length under nshttp_default_profile.
• B. Increase the POST body limit using the HTTP profile.
• C. Add an Application Firewall policy with the expression “HTTP.REQ.METHOD.EQ( “POST”)” with APPFW_BYPASS profile bound.
• D. Increase the POST body limit under common settings in Application Firewall profile settings.

Answer: D

NEW QUESTION 5
Which protocol does NetScaler Management and Analytics System (NMAS) use when Discovery is run to locate instances?

• A. RIP
• B. TCP
• C. ICMP
• D. NITRO

Answer: C

Explanation:
The NetScaler MAS server sends an Internet Control Message Protocol (ICMP) ping to locate the instance. Then, it uses the instance profile details to log on to the instance. Using a NetScaler NITRO call, NetScaler MAS retrieves the license information of the instance. On the basis of the licensing information, it determines whether the instance is a NetScaler instance and the type of NetScaler platform (for example, NetScaler MPX, NetScaler VPX, NetScaler SDX, or NetScaler Gateway). On succesful detection of the NetScaler instance, it is added to the NetScaler MAS server’s database.

NEW QUESTION 6
A Citrix Engineer has found issues in the websites after enabling Application Firewall.
Which logs on the NetScaler can the engineer check to verify that the issues are NOT caused by Application Firewall?

• A. newnslog
• B. ns.log
• C. nslog
• D. aaad.debug

Answer: B

NEW QUESTION 7
Scenario: A Citrix Engineer needs to set up a NetScaler Web Logging (NSWL) client system for logging. The engineer attempted to start the NSWL service on the client system and found that the service is NOT starting.
What could be causing this issue?

• A. TCP 3011 is NOT open between the NetScaler SNIP and the NSWL client.
• B. log.conf file is NOT properly configured on the NSWL client.
• C. Web Logging feature is NOT installed on the NetScaler.
• D. “nswl-verify” command has NOT yet been run on the NSWL client.

Answer: D

NEW QUESTION 8
Which action can be used to place the rule on the relaxation list without being deployed and ensuring that the rule is NOT learned again?

• A. Skip
• B. Deploy
• C. Delete
• D. Edit& Deploy

Answer: A

NEW QUESTION 9
A Citrix Engineer has configured SQL Injection security check to block all special characters. Which two requests will be blocked after enabling this check? (Choose two.)

• A. Citrix; Sqltest
• B. 175// OR 1//=1//
• C. Citrix” OR “1”=”1
• D. Citrix OR 1=1
• E. 175’ OR ‘1’= ‘1’

Answer: AB

NEW QUESTION 10
Which requirement must be addressed to implement the IP Reputation feature on a NetScaler MPX appliance?

• A. The NetScaler appliance must be able to connect to api.bcti.brightcloud.com on port 443.
• B. The NetScaler appliance must be able to connect to wiprep-rtu.s3-us-west-2.amazonaws.com on port 80.
• C. The NetScaler appliance must be able to connect to api.bcss.brightcloud.com on port 80.
• D. The NetScaler appliance must be able to connect to wiprep-rtu.s3-us-west-2.amazonaws.com on port 443.

Answer: A

NEW QUESTION 11
Which meta-character can be used as a wildcard to match a single character in a given position?

• A. A forward slash (/)
• B. A period (.)
• C. An asterisk (*)
• D. A dollar Sign ($)

Answer: D

NEW QUESTION 12
Scenario: A Citrix Engineer is trying to optimize a website that is load balanced on a NetScaler and is accessed by mobile users. The web application is complex and made up of hundreds of embedded images, scripts, and other objects per page. This limitation is creating a significant bottleneck, resulting in excessive load times.
Which NetScaler feature can the engineer use to optimize the web application?

• A. Domain Sharding
• B. SPDY (Speedy)
• C. Multipath TCP
• D. Minification

Answer: A

Explanation: The leading capability in this category is domain sharding. By default, browsers restrict the number of parallel connections that can be open to any one domain. Typically, fewer than ten are allowed. For complex web applications with hundreds of embedded images, scripts and other objects per page, this limitation can create a significant bottleneck resulting in excessive load times. With domain sharding, NetScaler MobileStream modifies administrator-selected URLs by breaking them into sub-domains to allow client web browsers to open multiple groups of parallel connections. As a result, object-heavy pages are downloaded and can be rendered up to 10 times faster. Also included in this category is cache extension, a capability that leverages advanced browser settings and NetScaler AppCache functionality to further improve performance by maximizing the practice of locally caching static content.

NEW QUESTION 13
Scenario: A Citrix Engineer has configured LDAP group extraction on the NetScaler Management and Analytics System (NMAS) for the administration. The engineer observes that extraction is NOT working for one of the five configured groups.
What could be the cause of the issue?

• A. The admin bind user has read-only permissions on the LDAP server.
• B. The NMAS group does NOT match the one on the external LDAP servers.
• C. The LDAP bind DN is incorrectly configured in the LDAP profile.
• D. The user group extraction is NOT supported with plaintext LDAP.

Answer: B

NEW QUESTION 14
What can a Citrix Engineer use in NetScaler Management and Analytics System (NMAS) to troubleshoot an issue in which users report long response times when accessing a virtual desktop?

• A. Web Insight
• B. WAN Insight
• C. HDX Insight
• D. Gateway Insight

Answer: A

NEW QUESTION 15
A Citrix Engineer is configuring an Application Firewall Policy to protect a website. Which expression will the engineer use in the policy?

• A. HTTP.RES.IS_VALID
• B. HTTP.REQ.HOSTNAME.EQ (“true”)
• C. HTTP.RES.HEADER (“hostname”).EQ (“true”)
• D. HTTP.REQ.IS_VALID

Answer: B

NEW QUESTION 16
Scenario: A Citrix Engineer configures the Application Firewall for protecting a sensitive website. The security team captures traffic between a client and the website and notes the following cookie:
citrix_ns_id
The security team is concerned that the cookie name is a risk, as it can be easily determined that the NetScaler is protecting the website.
Where can the engineer change the cookie name?

• A. Application Firewall Policy
• B. Application Firewall Engine Settings
• C. Application Firewall Default Signatures
• D. Application Firewall Profile

Answer: D