Scenario: An engineer created a new test Web Interface site for the new XenDesktop farm that the IT Department is developing. Several weeks later the engineer finds out that several people across the company have been accessing the new test site. The engineer needs to ensure that only the IT Department subnets can access the test site.
How could the engineer restrict access to the site so that only certain subnets can access this resource?
A. Add an Extended ACL to only allow specific subnets to the Web Interface Site.
B. Modify an existing simple ACL to allow specific subnets to the Web Interface Site.
C. Enable USNIP Mode on the appliance to allow specific subnets to the Web Interface Site.
D. Change the Access Method on the Web Interface Site to allow specific subnets to the Web Interface Site.
Scenario: An engineer has three subnets configured on a NetScaler appliance. The engineer must only allow a certain group of users to access a virtual server on the appliance. The IT Manager requires that all rules are flexible and can be easily modified for ease of administration.
How could the engineer allow certain groups to access the virtual server while still being able to modify the setting in the future?
A. Add a Simple ACL.
B. Disable USNIP Mode.
C. Create an Extended ACL.
D. Add a Host Route to the virtual server.
Scenario: The NetScaler is configured with a NSIP of 10.20.30.40. Management access is NOT enabled on any other IP address.
Which command should an engineer execute to prevent access to the NetScaler using HTTP and only allow HTTPS access?
A. set ns ip 10.20.30.40 -gui disabled -telnet disabled
B. set ip 10.20.30.40 -gui secureonly -mgmtaccess enabled
C. set ip 10.20.30.40 -mgmtaccess disabled -gui secureonly
D. set ns ip 10.20.30.40 -gui enabled -restrictAccess enabled
Company policy states that SNMP management should only be allowed from specific hosts.
What should the network engineer do to prevent unauthorized access to SNMP?
A. Add an SNMP manager.
B. Add an SNMP trap destination.
C. Check secure access only on the NSIP.
D. Add an SNMP community name that is difficult to guess.
Scenario: The IT department in an organization manages servers and network devices from an internal management subnet. A NetScaler device has recently been installed into the DMZ network. The intranet firewall allows TCP 443 from the management subnet to the NetScaler device.
How could the engineer ensure that only workstations in the management network are permitted to manage the NetScaler?
A. Create an Extended ACL based on the source IP address.
B. Create a restricted route from the internal network to the DMZ.
C. Enable the management access control option on the NSIP address.
D. Enable the management access control on the internal SNIP address.
A network engineer needs to configure smart card-based authentication on NetScaler Access Gateway. Which type of authentication policy could the engineer configure in order to accomplish this task?
A. Local
B. RADIUS
C. Certificate
D. Secure LDAP
A company wants to implement a policy where all passwords should be encrypted while transiting the network.
Where in the GUI would the network engineer prevent access to unsecured management protocols?
A. Network -> IPs
B. System -> Auditing
C. AppExpert -> Pattern Sets
D. Protection Features -> Filter
Some SSL certificate files may be missing from a NetScaler appliance.
Which directory should an engineer check to determine which files are missing?
A. /nsconfig/ssl
B. /nsconfig/ssh
C. flash/nsconfig/
D. /var/netscaler/ssl/
Scenario: An engineer has been hired to manage the content-switching configurations on the NetScaler. The user account for this engineer must have the standard rules that apply to the other administrators.
What should the engineer do to allow for the extra privileges?
A. Modify the current Command Policy and then save the changes.
B. Unbind the current Command Policy of the user account and then save the changes.
C. Remove the custom Command Policy and then create one with the new requirements.
D. Create a custom Command Policy and bind it to the user account with the highest priority.
Scenario: The NetScaler is connected to two subnets. The NSIP is 10.2.9.12. The external SNIP is
10.2.7.3. The MIP for internal access is 10.2.9.3. Web servers, authentication servers and time servers are on the 10.2.10.0/24 network which is available through the 10.2.9.1 router. The external firewall has the
10.2.7.1 address. Traffic bound for Internet clients should flow through the external firewall. Which command should be used to set the default route?
A. add route 0.0.0.0 0.0.0.0 10.2.7.1
B. add route 0.0.0.0 0.0.0.0 10.2.9.1
C. add route 10.0.0.0 255.0.0.0 10.2.9.1
D. add route 10.0.0.0 255.0.0.0 10.2.7.1
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Citrix exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 1Y0-351 exam preparations and Citrix certification application, do not hesitate to visit our Vcedump.com to find your solutions here.