Citrix Citrix Certification 1Y0-440 Questions & Answers

• Question 1:

  Scenario: A Citrix Architect has sent the following request to the NetScaler: Which response would indicate the successful execution of the NITRO command?

  

  A. 302

  B. 201

  C. 202

  D. 200

  Correct Answer: D

• Question 2:

  Scenario: Based on a discussion between a Citrix Architect and team of Workspacelab has been created across three (3) sites.

  They captured the following requirements during the design discussion held for NetScaler design projects:

  1.

  All three (3) Workspacelab sites (DC, NDR, and DR) will have similar NetScaler configuration and design.

  2.

  Both external and internal NetScaler MPX appliances will have Global Server Load balancing (GSLB) configured and deployed in Active/Passive mode.

  3.

  GSLB should resolve both A and AAA DNS queries.

  4.

  In the GSLB deployment, the NDR site will act as backup for the DC site. whereas the DR site will act as backup for the NDR site.

  5.

  When the external NetScaler replies to DNS traffic coming in through Cisco Firepower IPS, the replies should be sent back through the same path.

  6.

  On the internal NetScaler, both front-end VIP and back-end SNIP will be part of the same subnet.

  7.

  USIP is configured on the DMZ NetScaler appliances.

  8.

  The external NetScaler will act default gateway for back-end servers.

  9.

  All three (3) sites (DC, NDR, and DR) will have two (2) links to the Internet from different service providers configured in Active/Standby mode.

  Which design decision must the architect make to meet the design requirements above?

  A. Interface 0/1 must be used for DNS traffic.

  B. The SNIP of the external NetScaler must be configured as default gateway on the back-end servers.

  C. ADNS service must be used with IPv6 address.

  D. Policy-Based Route with next hop as CISCO IPS must be configured on the external NetScaler.

  Correct Answer: C

• Question 3:

  Which step does a Citrix Architect need to ensure during the Define phase when following the Citrix Methodology?

  A. Testing steps were integrated.

  B. The project manager agrees with road map timelines.

  C. A phased roll out was completed.

  D. Existing networking infrastructure is ready.

  E. The redundancy deployment decision was made.

  Correct Answer: E

  Reference: https://www.slideshare.net/davidmcg/designing-your-xenapp-75-environment

• Question 4:

  For which three reasons should a Citrix Architect perform a capabilities assessment when designing and deploying a new NetScaler in an existing environment? (Choose three.)

  A. Understand the skill set of the company.

  B. Assess and identify potential risks for the design and build phase.

  C. Establish and prioritize the key drivers behind a project.

  D. Determine operating systems and application usage.

  E. Identify other planned projects and initiatives that must be integrated with the design and build phase.

  Correct Answer: BDE

• Question 5:

  Scenario: A Citrix Architect needs to assess an existing NetScaler configuration. The customer recently found that certain user groups were receiving access to an internal web server with an authorization configuration that does NOT align with the designed security requirements.

  Click the Exhibit button view the configured authorization settings for the web server.

  

  Which item should the architect change or remove to align the authorization configuration with the security requirements of the organization?

  A. Item 1

  B. Item 3

  C. Item 4

  D. Item 5

  E. Item 2

  Correct Answer: E

• Question 6:

  Scenario: A Citrix Architect needs to assess an existing NetScaler gateway deployment. During the assessment, the architect collects key requirements for different user groups, as well as the current session profile settings that are applied to those users.

  Click the Exhibit button to view the information collected by the architect.

  

  Which configuration should the architect make to meet these requirements?

  A. Change the Clientless Access settings in an existing session profile.

  B. Change the remote Access settings in StoreFront.

  C. Change ICA proxy settings in an existing session profile.

  D. Change the policy expression in an existing session policy.

  E. Create a new session profile and policy.

  Correct Answer: D

• Question 7:

  Scenario: A Citrix Architect has deployed Authentication for the SharePoint server through NetScaler. In order to ensure that users are able to edit or upload documents, the architect has configured persistent cookies on the NetScaler profile.

  Which action should the architect take to ensure that cookies are shared between the browser and non-browser applications?

  A. The time zone should be the same on the NetScaler, client, and SharePoint server.

  B. The SharePoint load-balancing VIP FQDN and the AAA VIP FQDN should be in the trusted site of the client browser.

  C. The Secure flag must be enabled on the cookie.

  D. The cookie type should be HttpOnly.

  Correct Answer: B

  Reference: https://support.citrix.com/article/CTX209054

• Question 8:

  Scenario: A Citrix Architect has deployed an authentication setup with a ShareFile load-balancing virtual

  server. The NetScaler is configured as the Service Provider and Portalguard server is utilized as the SAML

  Identity Provider. While performing the functional testing, the architect finds that after the users enter their

  credentials on the logon page provided by Portalguard, they get redirected back to the Netscaler Gateway

  page at uri /cgi/samlauth/ and receive the following error.

  "SAML Assertion verification failed; Please contact your administrator."

  The events in the /var/log/ns.log at the time of this issue are as follows:

  Feb 23 20:35:21 10.148.138.5 23/02/2018:20:35:21 GMT vorsb1 0-PPE-0 : default AAATM

  Message 3225369 0 : "SAML : ParseAssertion:

  parsed attribute NameID, value is nameid"

  Feb 23 20:35:21 10.148.138.5 23/02/2018:20:35:21 GMT vorsb1 0-PPE-0 : default AAATM

  Message 3225370 0 : "SAML verify digest:

  algorithms differ, expected SHA1 found SHA256"

  Feb 23 20:35:44 10.148.138.5 23/02/2018:20:35:44 GMT vorsb1 0-PPE-0 : default AAATM

  Message 3225373 0 : "SAML : ParseAssertion:

  parsed attribute NameID, value is named

  Feb 23 20:35:44 10.148.138.5 23/02/2018:20:35:44 GMT vorsb1 0-PPE-0 : default AAATM

  Message 3225374 0 : "SAML verify digest:

  algorithms differ, expected SHA1 found SHA256"

  Feb 23 20:37:55 10.148.138.5 23/02/2018:20:37:55 GMT vorsb1 0-PPE-0 : default AAATM

  Message 3225378 0 : "SAML : ParseAssertion:

  parsed attribute NameID, value is nameid"

  Feb 23 20:37:55 10.148.138.5 23/02/2018:20:37:55 GMT vorsb1 0-PPE-0 : default AAATM

  Message 3225379 0 : "SAML verify digest:

  algorithms differ, expected SHA1 found SHA256"

  What should the architect change in the SAML action to resolve this issue?

  A. Signature Algorithm to SHA 256

  B. The Digest Method to SHA 256

  C. The Digest Method to SHA 1

  D. Signature Algorithm to SHA 1

  Correct Answer: D

• Question 9:

  Scenario: A Citrix Architect has set up NetScaler MPX devices in high availability mode with version

  12.0.53.13 nc. These are placed behind a Cisco ASA 5505 Firewall. The Cisco ASA Firewall is configured to block traffic using access control lists. The network address translation (NAT) is also performed on the firewall.

  The following requirements were captured by the architect during the discussion held as part of the NetScaler security implementation project with the customer's security team:

  The NetScaler MPX device:

  1.

  should monitor the rate of traffic either on a specific virtual entity or on the device. It should be able to mitigate the attacks from a hostile client sending a flood of requests. The NetScaler device should be able to stop the HTTP, TCP, and DNS based requests.

  2.

  needs to protect backend servers from overloading.

  3.

  needs to queue all the incoming requests on the virtual server level instead of the service level.

  4.

  should provide protection against well-known Windows exploits, virus-infected personal computers, centrally managed automated botnets, compromised webservers, known spammers/hackers, and phishing proxies.

  5.

  should provide flexibility to enforce the decided level of security check inspections for the requests originating from a specific geolocation database.

  6.

  should block the traffic based on a pre-determined header length, URL length, and cookie length. The device should ensure that characters such as a single straight quote ("); backslash (\); and semicolon (;) are either blocked, transformed, or dropped while being sent to the backend server.

  Which security feature should the architect configure to meet these requirements?

  A. Global Server Load balancing with Dynamic RTT

  B. Global Server Load Balancing with DNS views

  C. Geolocation-based blocking using Application Firewall

  D. geolocation-based blocking using Responder policies

  Correct Answer: A

• Question 10:

  Under which two circumstances will a service be taken out of the slow start phase with automated slow start? (Choose two.)

  A. The service does NOT receive traffic for three successive increment intervals.

  B. The server request rate parameters are set above 25 requests per second.

  C. The actual request rate is slower than the new service request rate.

  D. The percentage of traffic that the new service must receive is greater or equal to 50.

  E. The request rate has been incremented 100 times.

  Correct Answer: AC

  Reference: https://docs.citrix.com/en-us/netscaler/12/load-balancing/load-balancing-advanced-settings/ slow-start-service.html