1Y0-440 Dumps

1Y0-440 Braindumps 1Y0-440 Real Questions 1Y0-440 Practice Test

1Y0-440 Actual Questions

killexams.com

Citrix

1Y0-440

Architecting a Citrix Networking Solution (CCE-AppDS)

https://killexams.com/pass4sure/exam-detail/1Y0-440

Question: 99

content type supports sending NITRO commands to NetScaler. (Choose the correct option to complete sentence.)

1. Application/sgml

2. Text/html

3. Application/json

4. Text/enriched

Answer: B

Question: 100

Scenario: A Citrix Architect needs to assess a NetScaler Gateway deployment that was recently completed by a customer and is currently in pre-production testing. The NetScaler Gateway needs to use ICA proxy to provide access to a XenApp and XenDesktop environment. During the assessment, the customer informs the architect that users are NOT able to launch published resources using the Gateway virtual server.

Click the Exhibit button to view the troubleshooting details collected by the customer.

What is the cause of this issue?

1. The required ports have NOT been opened on the firewall between the NetScaler gateway and the Virtual Delivery Agent (VDA) machines.

2. The StoreFront URL configured in the NetScaler gateway session profile is incorrect.

3. The Citrix License Server is NOT reachable.

4. The Secure Ticket Authority (STA) servers are load balanced on the NetScaler.

Answer: D

Question: 101

Scenario: A Citrix Architect needs to deploy SAML integration between NetScaler (Identity Provider) and ShareFile (Service Provider).

The design requirements for SAML setup are as follows:

• NetScaler must be deployed as the Identity Provider (IDP).

• ShareFile server must be deployed as the SAML Service Provider (SP).

  
  

• The users in domain workspacelab.com must be able to perform Single Sign-on to ShareFile after authenticating at the NetScaler.

  
  

• The User ID must be UserPrincipalName.

  
  

• The User ID and Password must be evaluated by NetScaler against the Active Directory servers SFOADS-001 and SFO-ADS-002.

  
  

• After successful authentication, NetScaler creates a SAML Assertion and passes it back to ShareFile.

  
  

• Single Sign-on must be performed.

  
  

• SHA 1 algorithm must be utilized.

  
  

  The verification environment details are as follows:

  
  

• Domain Name: workspacelab.com

  
  

• NetScaler AAA virtual server URL https://auth.workspacelab.com

  
  

• ShareFile URL https://sharefile.workspacelab.com

  
  

  Which SAML IDP action will meet the design requirements?

  1. add authentication samIIdPProfile SAMI-IDP CsamISPCertName Cert_1 CsamIIdPCertName Cert_2 C assertionConsimerServiceURL “https://auth.workspacelab.com/samIIssueName auth.workspacelab.com -signatureAlg RSA-SHA256-digestMethod SHA256-encryptAssertion ON serviceProviderUD sharefile.workspacelad.com

  2. add authentication samIIdPProfile SAMI-IDP CsamISPCertName Cert_1 CsamIIdPCertName Cert_2 C assertionConsimerServiceURL https://sharefile.workspacelab.com/saml/acs” CsamIIssuerName sharefile.workspacelab.com CsignatureAlg RSA-SHA256 CdigestMethod SHA256 CserviceProviderID sharefile.workspacelab.com

  3. add authentication samIIdPProfile SAMI-IDP CsamISPCertName Cert_1 CsamIIdPCertName Cert_2 C assertionConsimerServiceURL https://sharefile.workspacelab.com/saml/acs” CsamIIssuerName auth.workspacelab.com CsignatureAlg RSA-SHA1-digestMethod SHA1 CencryptAssertion ON C serviceProviderID sharefile.workspacelab.com

  4. add authentication samIIdPProfile SAMI-IDP CsamISPCertName Cert_1 CsamIIdPCertName Cert_2 C assertionConsimerServiceURL https://sharefile.workspacelab.com/saml/acs” CsamIIssuerName sharefile.workspacelab.com CsignatureAlg RSA-SHA1 CdigestMethod SHA1 CencryptAssertion ON C serviceProviderID sharefile.workspacelab.com

  
  

  Answer: C

  
  

  Question: 102

  
  

  13 nc. These are placed behind a Cisco ASA 5505 Firewall is configured to block traffic using access control lists. The network address translation (NAT) is also performed on the firewall.

  
  

  The following requirements were captured by the architect during the discussion held as part of the NetScaler security implementation project with the customer’s security team:

  
  

  The NetScaler device:

• Should monitor the rate of traffic either on a specific virtual entity or on the device. It should be able to mitigate the attacks from a hostile client sending a flood of requests. The NetScaler device should be able to stop the HTTP, TCP, and DNS based requests.

  
  

• Needs to protect backend servers from overloading.

  
  

• Needs to queue all the incoming requests on the virtual server level instead of the service level.

  
  

• Should provide access to resources on the basis of priority.

  
  

• Should provide protection against well-known Windows exploits, virus-infected personal computers, centrally managed automated botnets, compromised webservers, known spammers/hackers, and phishing proxies.

  
  

• Should provide flexibility to enforce the desired level of security check inspections for the requests originating from a specific geolocation database.

  
  

• Should block the traffic based on a pre-determined header length, URL length, and cookie length. The device should ensure that characters such as a single straight quote (*); backslash(), and semicolon (;) are either blocked, transformed, or dropped while being sent to the backend server.

  
  

  Which two security features should the architect configure to meet these requirements? (Choose two.)

  1. Pattern sets

  2. Rate limiting

  3. HTTP DDOS

  4. Data sets

  5. APPQOE

  
  

  Answer: BE Explanation:

  Reference: https://docs.citrix.com/en-us/citrix-adc/12-1/appexpert/appqoe.html https://docs.citrix.com/en-us/citrix- adc/12-1/appexpert/rate-limiting.html

  
  

  Question: 103

  
  

  Scenario: A Citrix Architect needs to assess an existing NetScaler Gateway deployment. During the assessment, the architect collected key requirements for VPN users, as well as the current session profile settings that are applied to those users.

  
  

  Click the Exhibit button to view the information collected by the architect.

  
  

  Which configurations should the architect change to meet all the stated requirements?

  1. Item 4

  2. Item 3

  3. Item 5

  4. Item 2

  5. Item 1

  
  

  Answer: E

  
  

  Question: 104

  
  

  Scenario: A Citrix Architect needs to assess an existing on-premises NetScaler deployment which includes Advanced Endpoint Analysis scans. During a previous security audit, the team discovered that certain endpoint devices were able to perform unauthorized actions despite NOT meeting pre-established criteria.

  
  

  The issue was isolated to several endpoint analysis (EPA) scan settings.

  
  

  Click the Exhibit button to view the endpoint security requirements and configured EPA policy settings.

  
  

  
  

  Which setting is preventing the security requirements of the organization from being met?

  1. Item 6

  2. Item 7

  3. Item 1

  4. Item 3

  5. Item 5

  6. Item 2

  7. Item 4

  
  

  Answer: F

  
  

  Question: 105

  
  

  Scenario: A Citrix Architect holds a design discussion with a team of Workspacelab members, and they capture the following requirements for the NetScaler design project.

  
  

  A pair of NetScaler MPX appliances will be deployed in the DMZ network and another pair in the internal network. High availability will be accessible between the pair of NetScaler MPX appliances in the DMZ network.

• Multi-factor authentication must be configured for the NetScaler Gateway virtual server.

  
  

• The NetScaler Gateway virtual server is integrated with the StoreFront server.

  
  

• Load balancing must be deployed for users from the workspacelab.com domain.

  
  

• The workspacelab users should be authenticated using Cert Policy and LDAP.

  
  

• All the client certificates must be SHA 256-signed, 2048 bits, and have UserPrincipalName as the subject.

  
  

• Single Sign-on must be performed between StoreFront and NetScaler Gateway. After deployment, the architect observes that LDAP authentication is failing.

  Click the Exhibit button to review the output of aaad debug and the configuration of the authentication policy. Exhibit 1

  
  

  Exhibit 2

  
  

  
  

  What is causing this issue?

  1. UserNamefield is set as subjection

  2. Password used is incorrect

  3. User does NOT exist in database

  4. IdapLoginName is set as sAMAccountName

  
  

  Answer: A

  
  

  Question: 106

  
  

  Scenario: A Citrix Architect has met with a team of Workspacelab members for a design discussion. They have captured the following requirements for NetScaler design project:

• The authentication must be deployed for the users from the workspacelab.com and vendorlab.com domains.

  
  

• The workspacelab users connecting from the internal (workspacelab) network should be authenticated using LDAP.

  
  

• The workspacelab users connecting from the external network should be authenticated using LDAP and RADIUS.

  
  

• The vendorlab users should be authenticated using Active Directory Federation Service.

  
  

• The user credentials must NOT be shared between workspacelab and vendorlab.

  
  

• Single Sign-on must be performed between StoreFront and NetScaler Gateway.

• A domain drop down list must be provided if the used connects to the NetScaler gateway virtual server externally. Which method must the architect utilize for user management between the two domains?

  1. Create shadow accounts for the users of the Workspacelab domain in the Vendorlab domain.

  2. Create a global catalog containing the objects of Vendorlab and Workspacelab domains.

  3. Create shadow accounts for the Vendorlab domain in the Workspacelab domain.

  4. Create a two-way trust between the Vendorlab and Workspacelab domains.

  
  

  Answer: B

  
  

  Question: 107

  
  

  A Citrix Architect has deployed NetScaler Management and Analytics System (NMAS) to monitor a high availability pair of NetScaler VPX devices.

  
  

  The architect needs to deploy automated configuration backup to meet the following requirements:

  
  

• The configuration backup file must be protected using a password.

  
  

• The configuration backup must be performed each day at 8:00 AM GMT.

  
  

• The configuration backup must also be performed if any changes are made in the ns.conf file.

  
  

• Once the transfer is successful, auto-delete the configuration file from the NMAS. Which SNMP trap will trigger the configuration file backup?

1. netScalerConfigSave

2. sysTotSaveConfigs

3. netScalerConfigChange

4. sysconfigSave

Answer: A Explanation:

Reference: https://docs.citrix.com/en-us/netscaler-mas/12/instance-management/how-to-backup-andrestore-using- mas.html#configuring-instance-backup-settings