Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
30 Cards in this Set
- Front
- Back
|
Scenario: An engineer is upgrading the NetScaler firmware from version 10.1 to 10.5 and has a high-availability (HA) setup of two NetScaler MPX appliances
What is the best practice process to upgrade this HA pair? A. Upgrade the primary unit, test on the new build, and then upgrade the secondary unit. B. Disable the secondary unit, upgrade the primary, test the new build and then upgrade the other unit. C. Upgrade the secondary unit, do the failover, test on the new build, and then upgrade the primary unit. D. Upgrade and restart both units at the same time and test on the new build after they both are running. |
Correct Answer:C
|
|
|
What is the purpose of binding Certificate Authority (CA) certificates to a virtual server? A. For SSL Offload B. To validate the server certificate C. For client certificate authentication D. To provide intermediate certificates to the client |
Correct Answer:C
|
|
|
Scenario: NetScaler is configured with a Subnet IP (SNIP) 192.168.1.10/24 on VLAN 1 and a SNIP 172.168.1.50/24 on VLAN 100. VLAN 100 has been properly associated with interface 1/1 and SNIP 172.168.1.50. A user on VLAN 100 is attempting to access a virtual server on 192.168.1.25 and NOT getting a response.www.vceplus.com - Website designed to help IT pros advance their careers - Born to LearnAfter troubleshooting the network, an engineer identifies that asymmetric packet flows are NOT using the right interfaces on the return path to the client.
Which NetScaler setting must be enabled to avoid this behavior? A. Layer 3 Mode B. Layer 2 Mode C. Direct Route Advertisement D. MAC-based forwarding (MBF) |
Correct Answer:D
|
|
|
What is the purpose of the SSL Certificate Authority (CA) root certificate during an SSL connection?
A. SSL Cipher Exchange B. Session Key Exchange C. Pre Shared Master Secret Generation D. Server Certificate Signature Verification |
Correct Answer:A
|
|
|
Which two options could a NetScaler Engineer configure to ensure that a revoked client certificate CANNOT be used for a client certificate authentication? (Choose two.)
A. Server Name Indication (SNI) B. Certificate Revocation List (CRL) C. Certificate Signing Request (CSR) D. Online Certification Status Protocol (OCSP) |
Correct Answer:BD
|
|
|
Scenario: A NetScaler Engineer is using the DataStream feature. The NetScaler appliance is located in front of a MySQL Database server in the network topology. The engineer would like to block requests that would drop a database. The engineer comes up with the expression MYSQL.REQ.QUERY.TEXT.CONTAINS("drop database"). The engineer should configure the expression with the ___________ feature to block these requests. (Choose the option to complete the sentence.)
A. Responder B. Rate Limiting C. Content Filtering D. Access Control List |
Correct Answer:A
|
|
|
A NetScaler Engineer has created a new custom user monitor script and needs to place it in the NetScaler filesystem for use. Where must the engineer place the custom script so that it is available for use?
A. /nsconfig/monitors B. /netscaler/monitors C. /var/nstemp/monitors D. /netscaler/monitors/perl_mod |
A. /nsconfig/monitors B. /netscaler/monitors C. /var/nstemp/monitors D. /netscaler/monitors/perl_mod
|
|
|
Which setting would a NetScaler Engineer disable in order to stop the NetScaler from acting as a router for non-NetScaler owned IP addresses or entities?
A. Layer 2 mode B. Layer 3 mode C. MAC-based forwarding D. Use Subnet IP (USNIP) |
Correct Answer:C
|
|
|
Scenario: A NetScaler Engineer recently enabled the HTTP Compression feature. In reviewing the HTTP compression statistics, the engineer notices that content from all HTTP virtual servers created prior to enabling the compression feature is NOT being compressed. What should the engineer do to allow compression for any pre-existing HTTP virtual servers?
A. Recreate the HTTP virtual servers. B. Recreate any existing compression policies. C. Enable compression on the associated bound services. D. Ensure 'Allow Server side compression' is unchecked on the NetScaler. |
Correct Answer:C
|
|
|
In a high-availability (HA) configuration, a NetScaler Engineer notices that the HA Synchronization status shows as failed. What could be causing the HA Synchronization to fail?
A. Port 3003 is being blocked B. Port 3009 is being blocked C. The RPC passwords are incorrect D. The nsroot passwords are incorrect |
Correct Answer:C
|
|
|
Scenario: An organization has a fair usage policy that limits each customer to a maximum of five active connections in any given second. A NetScaler Engineer is given the task of implementing the requirements to enforce a policy using the Rate Limiting feature on NetScaler.
Which commands should the network engineer execute to create a proper selector and limit identifier that fulfills the policy requirement? A. add stream selector API_selector CLIENT.IP.SRC add ns limitIdentifier API_limitidf -threshold 5 -mode CONNECTION -timeslice 1000 - selectorName API_selector B. add stream selector API_selector HTTP.REQ.URL add ns limitIdentifier API_limitidf -threshold 5 -mode CONNECTION -timeslice 1000 - selectorName API_selector C. add stream selector API_selector HTTP.REQ.URL add ns limitidentifier limit_req -mode request_rate -limitType smooth -timeslice 1000 - Threshold 5 -selectorName API_selector D. add stream selector API_selector CLIENT.IP.SRC add ns limitidentifier limit_req -mode request_rate -limitType smooth -timeslice 1000 - Threshold 5 -selectorName API_selector |
Correct Answer:A |
|
|
A network engineer needs to prevent too many simultaneous HTTP requests that can cause a Denial Of Service (DDoS).
What could the engineer enable to prevent too many simultaneous HTTP requests? A. Rate Limiting B. SureConnect C. Priority Queuing D. Authorization Policy |
Correct Answer:A |
|
|
Scenario: A network engineer created an IPv6 virtual server on the NetScaler. The virtual server is using a service group with two IPv4 servers bound to it. When testing access to the virtual server from a client configured with an IPv6 address, he is unable to connect.
What could be the reason for this issue? A. The NetScaler is disabled for NAT. B. IPv6 protocol translation is disabled. C. An IPv6 address on the NetScaler is not bound to the VLAN. D. The NetScaler does not have an INAT rule to convert IPv4 to IPv6 from the back-end servers |
Correct Answer:B |
|
|
What should a network engineer do to prevent unauthorized users from using the root user account? A. Reset the nsroot account. B. Change the nsroot password. C. Create an authorization policy. D. Bind a policy to the root user account |
Correct Answer:B
Changing the Password of the Default User Account The default user account provides complete access to all features of the Citrix SDX appliance. Therefore, to preserve security, the nsroot account should be used only when necessary, and only individuals whose duties require full access should know the password for the nsroot account. Citrix recommends changing the nsroot password frequently. If you lose the password, you can reset the password to the default by reverting the appliance settings to factory defaults. You can change the password of the default user account in the Users pane. In the Users pane, you can view the following details: Name Lists the user accounts configured on the SDX appliance. Permission Displays the permission level assigned to the user account. To change the password of the default user account On the Configuration tab, in the navigation pane, expand System, and then click Users. In the Users pane, click the default user account, and then click Modify. In the Modify System User dialog box, in Password and Confirm Password, enter the password of your choice. Click OK. |
|
|
Scenario: A NetScaler Engineer connected a new NetScaler MPX appliance to the network. However, some of the interfaces were blocked on the uplink switch. The engineer needs to perform a network packet trace on the NetScaler appliance. For troubleshooting purposes, the engineer needs to separate trace files for each interface. The engineer executed the following command from the NetScaler CLI: start nstrace -perNIC ENABLED However, NetScaler created a single trace file. What should the engineer do to produce separate trace files for each interface? A. Specify the nodes parameter. B. Use the nsconmsg command. C. Specify the tcpdump parameter. D. Use the nstracemerge.sh command. |
Correct Answer:C
|
|
|
Scenario: A NetScaler Engineer is configuring a new system with connected interfaces 10/1 - 10/4 and runs the following commands:
add ip 10.10.10.1 255.255.255.0 -type snip add vlan 10 bind vlan 10 -ifnum 10/1 On which interface(s) will subnet 10.10.10.1 respond to requests? A. Only interface 10/1 B. Interfaces on VLAN 10 C. Only interfaces on VLAN 1 D. Interfaces 10/1 through 10/4 |
Correct Answer:D
|
|
|
Which tool could a NetScaler Engineer use to monitor client-side rendering times for a Web application that is load-balanced by NetScaler?
A. Tcpdump B. Insight Center C. Command Center D. NetScaler Dashboard |
Correct Answer:A
|
|
|
A NetScaler Engineer needs to audit extended Access Control List (ACL) hits. Which two areas would the engineer enable logging so that the ACL hits could be stored in the /var/log/ns.log?
(Choose two.) A. The ACL B. The syslogAction C. The nslog parameters D. The syslog parameters |
Correct Answer:AD
|
|
|
A NetScaler Engineer would like to direct identical requests for the same service to specific cache servers. Which load-balancing method should the engineer use?
A. URL Hash B. Domain Hash C. Source IP Hash D. Source IP Destination IP Hash |
Correct Answer:A
|
|
|
Scenario: A NetScaler Engineer is addressing an issue discovered during a vulnerability scan. The security team is requiring that the engineer disable specific SSL ciphers on the SSL VServer.
Which two methods could the engineer use to meet this requirement? (Choose two.) A. Modify the list of ciphers in the Default cipher group. B. Change the list of bound ciphers on the VServer directly. C. Enable Cipher Redirect on the VServer and configure OCSP. D. Disable SSLv2 Redirect on the VServer and update the CRLs. E. Un-assign the default group, create a custom cipher group and assign it to the VServer |
Correct Answer:BE
|
|
|
Scenario: A network engineer needs to re-configure the NetScaler to utilize two new VLANs - VLAN2 and VLAN3. VLAN2 is an untagged VLAN and VLAN3 will require a .1q compliant tag. Interface 1/1 is the only interface that will be used on the NetScaler.
How could the engineer configure the NetScaler so that it can communicate with both networks? A. Change the NSVLAN to 3 Add VLAN 2 and bind interface 1/1 as untagged B. Enable the Tag all VLANs option on interface 1/1. C. Add VLAN2 and bind interface 1/1 as untagged Add VLAN3 and bind interface 1/1 as tagged D. Add a SNIP for each VLAN Enable management access on the SNIP for VLAN3 |
Correct Answer:C
|
|
|
Which feature could a Network Engineer configure in order to restrict client connections to a specific bandwidth limit?
A. Spillover B. Rate Limiting C. SureConnect D. Filter Policies |
Correct Answer:B
|
|
|
Scenario: A NetScaler Engineer is working with a NetScaler appliance that has two network interface cards (NICs). The first NIC is placed on the DMZ network and the second NIC is on the internal network. The default route is configured to the gateway on the internal network. A virtual server is configured on the DMZ-network and the firewall on the DMZ is using network address translation (NAT) to allow external traffic to the virtual server.
When a user from the Internet attempts to connect to the NAT'd external address, the session never establishes. The engineer performs an nstrace and sees that the user's traffic hits the NetScaler. The engineer then discovers that the problem is an asymmetrical packet flow. Which two settings could the engineer configure to resolve the issue? (Choose two.) A. Link load balancing (LLB) B. Policy-based routing (PBR) C. Extended access list (ACL) D. MAC-based forwarding (MBF) E. Reverse network address translation (RNAT) |
Correct Answer:BD
|
|
|
A company has an external-facing web application that requires end-to-end encryption and Layer-7 functionality.
Which protocol type would an engineer choose for the virtual server and service? A. SSL B. SSL_TCP C. SSL_PUSH D. SSL_BRIDGE |
Correct Answer:B
|
|
|
When configuring NetScaler authentication to access a web site, which two things should a network engineer verify in the environment? (Choose two.)
A. AAA is enabled. B. One DNS server exists. C. A Keytab file is available. D. An authentication virtual server exists. E. A traffic management virtual server exists.
|
Correct Answer:AD
|
|
|
Scenario: A NetScaler Engineer is viewing Authentication, Authorization and Access (AAA) events on the NetScaler appliance to determine why a user is unable to log on. The events below have been logged during this timeframe:
Fri Oct 17 18:17:16 2014 /usr/home/build/rs_80_48/usr.src/usr.bin/nsaaad/../../netscaler/aaad/ldap_drv.c[40\]: start_ldap_auth attempting to auth scottli @ 10.12.33.216 Fri Oct 17 18:17:18 2014 /usr/home/build/rs_80_48/usr.src/usr.bin/nsaaad/../../netscaler/aaad/ldap_drv.c[291\]: recieve_ldap_bind_event receive ldap bind event Fri Oct 17 18:17:18 2014 /usr/home/build/rs_80_48/usr.src/usr.bin/nsaaad/../../netscaler/aaad/ldap_drv.c[326\]: recieve_ldap_bind_event ldap_bind with binddn bindpw failed:Invalid credentials Fri Oct 17 18:17:18 2014 /usr/home/build/rs_80_48/usr.src/usr.bin/nsaaad/../../netscaler/aaad/naaad.c[1198\]: send_reject sending reject to kernel for : scottli What is the root cause of this issue? A. The LDAP Base DN is incorrect. B. The Bind DN credentials are invalid. C. The LDAP server is NOT responding. D. The user has entered an invalid password |
Correct Answer:B
|
|
|
Scenario: A NetScaler Engineer has created an SSL virtual server that utilizes SSL services. The engineer needs to configure certificate authentication from the NetScaler to the backend web services.
What should the engineer do to meet the requirements outlined in the scenario? A. Bind a CA Certificate to the SSL Services. B. Bind a Client Certificate to the SSL Services. C. Create an SSL policy to present the Client Certificate to the web services. D. Enable Client Authentication and set Client Certificate to mandatory on the virtual server. |
Correct Answer:B
|
|
|
A NetScaler Engineer created an HTTP service
and did NOT bind any monitors to the service. Which monitor will the NetScaler automatically bind to the HTTP service? A. tcp B. http C. tcp-ecv D. http-ecv E. tcp-default F. ping-default |
Correct Answer:E
|
|
|
A NetScaler Engineer plans to deploy a third-party application that will perform scheduled configuration auditing by using NITRO API with a REST interface.
Which management protocol should the engineer enable to allow NITRO API access? A. SSH B. HTTP C. Telnet D. SNMP |
Correct Answer:B
|
|
|
A NetScaler implementation is experiencing intermittent network issues, specifically regarding traffic to a back-end service associated with IP address 10.10.1.86. Which command should a network engineer execute to generate diagnostic information to investigate this issue?
A. traceroute 10.10.1.86 B. show run | grep 10.10.1.86 C. nstcpdump.sh host 10.10.1.86 D. show service 10.10.1.86 -summary |
Correct Answer:C
|
