1Y0-340 Exam - Analyzing Citrix NetScaler Advanced Topics: Security - Management - and Optimization

NEW QUESTION 1
A website hosts highly dynamic content that is frequently requested in bursts of high user access. Which configuration will reduce traffic to the origin server while optimizing client performance?

• A. –pollEveryTime NO
• B. –expireAtLastByte YES
• C. –flashCache YES
• D. –heurExpiryParam 0

Answer: A

NEW QUESTION 2
A Citrix Engineer needs to migrate the NetScaler Insight Center virtual appliance to NetScaler Management and Analytics System (NMAS).
Which two actions should be met before migrating the NetScaler Insight Center virtual appliance to NMAS? (Choose two.)

• A. Install NetScaler Insight Center 11.1 Build 47.14 or later.
• B. Install NetScaler MAS License on the NMAS.
• C. Download the NetScaler MAS build to the /var/mps/mps_images.
• D. Remove the NetScaler instances added to the Insight Center.
• E. Migrate the NMAS virtual machine to XenServer.

Answer: AC

NEW QUESTION 3
A Citrix Engineer needs to configure the authentication feature on NetScaler Management and Analytics System (NMAS) to enable local authentication to take over if the external authentication fails.
What can the engineer configure to meet this requirement?

• A. Select LOCAL as the Server Type when configuring authentication.
• B. Select EXTERNAL as the Server Type when configuring authentication.
• C. Enable the fallback local authentication option.
• D. Configure Cascade authentication with External as primary and LOCAL as secondary.

Answer: B

NEW QUESTION 4
A Citrix Engineer enabled Credit Card Security check in the Application Firewall Profile. Which response header will be dropped by Application Firewall after this check is enabled?

• A. Content-Encoding
• B. Content-Location
• C. Content-Type
• D. Content-Length

Answer: D

NEW QUESTION 5
Which mechanism does the NetScaler use to enable a safe and speedy data exchange between a client/server initial TCP handshake?

• A. TCP Fast Open (TFO)
• B. TCP Burst Rate Control
• C. TCP Hystart
• D. TCP Time Stamp

Answer: A

NEW QUESTION 6
Scenario: A Citrix Engineer has configured a NetScaler Management Analytics System (NMAS) policy mandating that all certificates must have minimum key strengths of 2048 bits and must be authorized by trusted CA/Issuers.
How does NMAS alert the engineer about non-compliance?

• A. NMAS highlights any non-compliance with the ‘Non-Recommended’ tag.
• B. NMAS disables any non-compliant policies.
• C. NMAS does NOT alert the engineer.
• D. NMAS disables any non-compliant certificates.

Answer: A

NEW QUESTION 7
When the NetScaler marks a client connection as “non-trackable”, the default behavior of the NetScaler without making any change to the HTTP Profile is to . (Choose the correct option to complete the sentence.)

• A. proxy the connection to the target.
• B. proxy the connection to the client.
• C. track the connection.
• D. drop the connection.

Answer: D

NEW QUESTION 8
A Citrix Engineer needs generate and present a NetScaler PCI-DSS report to management. The report should include a PCI-DSS summary of the required security measures for PCI-DSS compliance.
Where can the engineer generate the report from?

• A. Documentation > Nitro API
• B. Reporting> System
• C. Dashboard>System Overview
• D. Configuration>System>Reports

Answer: D

NEW QUESTION 9
Scenario: A Citrix Engineer has configured an IP Reputation policy and Profile in Application Firewall.
However, the engineer is NOT able to see any hits on the policy during testing.
Which logs can the engineer check to ensure that IP Reputation is configured correctly?

• A. websocketd.log
• B. snmpd.log
• C. iprep.log
• D. httpaccess.log

Answer: C

NEW QUESTION 10
Scenario: A Citrix Engineer needs to configure an Application Firewall policy for an online shopping website called “mycompany.com”. As a security measure, the shopping cart application is hosted on a separate directory “/mycart” on the backend server. The engineer configured a profile to secure the connections to this shopping cart and now needs to ensure that this profile is allied to all incoming connections to the shopping cart.
Which policy expression will accomplish this requirement?

• A. http.req.ur
• B. contains(“/mycart”) & http:req.url.hostname.eq(“mycompany.com”)
• C. http.req.ur
• D. contains(“/mycart”) || http:req.url.hostname.eq(“mycompany.com”)
• E. http.req.header (“url”).contains (“/mycart”) || http.req.url.contains (“mycompany.com”)
• F. http.req.header (“url”).contains (“/mycart”) && http:req.url.contains (“mycompy.com”)

Answer: A

NEW QUESTION 11
A Citrix Engineer executed the below commands on the NetScaler command-line interface (CLI): add stream selector cacheStreamSelector http.req.url
add ns limitidentifier cacheRateLimitIdentifier –threshold 5 –timeSlice 2000 –selectorName cacheStreamSelector
add cache policy cacheRateLimitPolicy –rule “http.req.method.eq(get) && sys.check_limit ( “cacheRateLimitIdentifier”)” –action cache
bind cache global cacheRateLimitPolicy- priority 10 What will be the effect of executing these commands?

• A. NetScaler will cache a response if the request URL rate exceeds 5 per 2000 milliseconds.
• B. NetScaler will cache a request if the request URL rate exceeds 5 per 2000 seconds.
• C. NetScaler will NOT cache a request if the request URL rate exceeds 5 per 2000 milliseconds.
• D. NetScaler will cache a response if the request URL rate exceeds 5 per 2000 seconds.

Answer: B

NEW QUESTION 12
A Citrix Engineer has correctly installed and configured the NetScaler Web Logging (NSWL) client but has noticed that logs are NOT being updated.
What could be causing this issue?

• A. The TCP port 3011 is NOT open between the NSWL client and NetScaler.
• B. The NSWL client executable is NOT running on the client.
• C. The NSWL buffer is full on the NetScaler.
• D. An NSIP is missing in the log.conf file

Answer: D

NEW QUESTION 13
Scenario: A Citrix Engineer has configured the Signature file with new patterns and log strings and uploaded the file to Application Firewall. However, after the upload, the Signature rules are NOT implemented.
What can the engineer modify to implement Signature rules?

• A. The Signature update URL should have an older version than the one on Application Firewall.
• B. The new Signature file should have new ID and version number.
• C. The NetScaler version should be upgraded before upgrading the signatures.
• D. The Signature upgrade will take effect only after a restart.

Answer: D

NEW QUESTION 14
A Citrix Engineer is considered that malicious users could exploit a web system by sending a large cookie. Which security check can the engineer implement to address this concern?

• A. Field Formats
• B. Content-type
• C. Buffer Overflow
• D. Start URL

Answer: C

NEW QUESTION 15
What criteria must be met in order to create a certificate bundle by linking multiple certificates in NetScaler Management and Analytics System (NMAS)?

• A. The issuer of the first certificate must match the domain of the second certificate.
• B. The issuer if the first certificate must NOT have issued the second certificate.
• C. The certificates must be created on the NetScaler.
• D. The certificates must be issued by an external Certificate Authority.

Answer: A

NEW QUESTION 16
Scenario: A Citrix Engineer has deployed four NetScaler MPXs with the following network configuration:
-Management traffic is on VLAN 5 (NSIP).
-Application and server traffic is on VLAN 10 (SNIP).
The engineer added the NetScaler Management and Analytics System (NMAS) interface to VLAN 10 to deploy a NMAS High Availability (HA) pair to manage and monitor the applications and virtual servers. After doing so, the engineer is NOT able to see the NetScaler or applications that need to be managed.
How can the engineer resolve the issue?

• A. Configure VLAN 5 as NSVLAN 5
• B. Move the NMAS interface to VLAN 5
• C. Configure VLAN 5 as NSSYNC VLAN
• D. Bind SNIP to VLAN 5

Answer: A