Citrix Architecting a Citrix Networking Solution - 1Y0-440 模擬練習
Scenario: A Citrix Architect needs to assess an existing NetScaler gateway deployment. During the assessment, the architect collected key requirements for VPN users, as well as the current session profile settings that are applied to those users.
Click the Exhibit button to view the information collected by the architect.
Which configuration should the architect change to meet all the stated requirements?
Click the Exhibit button to view the information collected by the architect.
Which configuration should the architect change to meet all the stated requirements?
正解: C
Scenario: A Citrix Architect has setup Citrix ADC MPX devices in high availability mode with version 12.0.53.13 nc. These are placed behind a Cisco ASA 5505 firewall. The Cisco ASA firewall is configured to block traffic using access control lists. The network address translation (NAT) is also performed on the firewall. The following requirements were captured by the architect during the discussion held as part of the Citrix ADC security implementation project with the customer's security team: The Citrix ADC MPX device:
should monitor the rate of traffic either on a specific virtual entity or on the device. It should be able to mitigate the attacks from a hostile client sending a flood of requests. The Citrix ADC device should be able to stop the HTTP. TOP, and DNS based requests.
needs to protect backend servers from overloading.
needs to queue all the incoming requests on the virtual server level instead of the service level.
should provide access to resources on the basis of priority.
should provide protection against well-known Windows exploits, virus-infected personal computers, centrally managed automated botnets. compromised webservers, known spammersThackers. and phishing proxies.
should provide flexibility to enforce the desired level of security check inspections for the requests originating from a specific geolocation database.
should block the traffic based on a predetermined header length, URL length, and cookie length.The device should ensure that characters such as a single straight quote (') backslash (); and semicolon (;) are either blocked, transformed, or dropped while being sent to the backend server.
Which security feature should the architect implement to meet these requirements?
should monitor the rate of traffic either on a specific virtual entity or on the device. It should be able to mitigate the attacks from a hostile client sending a flood of requests. The Citrix ADC device should be able to stop the HTTP. TOP, and DNS based requests.
needs to protect backend servers from overloading.
needs to queue all the incoming requests on the virtual server level instead of the service level.
should provide access to resources on the basis of priority.
should provide protection against well-known Windows exploits, virus-infected personal computers, centrally managed automated botnets. compromised webservers, known spammersThackers. and phishing proxies.
should provide flexibility to enforce the desired level of security check inspections for the requests originating from a specific geolocation database.
should block the traffic based on a predetermined header length, URL length, and cookie length.The device should ensure that characters such as a single straight quote (') backslash (); and semicolon (;) are either blocked, transformed, or dropped while being sent to the backend server.
Which security feature should the architect implement to meet these requirements?
正解: B
Scenario: A Citrix Architect needs to design a new NetScaler Gateway deployment for a customer. During the design discussions, the architect learns that the customer would like to allow external RDP connections to internal Windows machines but does NOT want client drive redirection enabled on these connections.
Where should the architect enable the options to allow the customer to complete their requirement?
Where should the architect enable the options to allow the customer to complete their requirement?
正解: A
Scenario: A Citrix Engineer is asked by management at the workspacelab organization to review their existing Citrix ADC Configurations and make the necessary upgrades. The architect recommends small changes to the pre-existing Citrix ADC configuration. Currently, the Citrix ADC MPX devices are configured in high-availability pair, and the outbound traffic is load balanced between two internet service providers (ISPs), however, the failover is NOT happening correctly. The following requirements were discussed during the design requirement phase:
The return traffic for a specific flow should be routed through the same path while using Link Load Balancing.
The link should fail over even if the ISP router is up and intermediary devices to an ISP router are down.
Traffic going through one ISP router should fail over to the secondary ISP, and the traffic should not flow through both routers simultaneously.
What should the architect configure with Link Load Balancing LLB) to meet the requirement?
The return traffic for a specific flow should be routed through the same path while using Link Load Balancing.
The link should fail over even if the ISP router is up and intermediary devices to an ISP router are down.
Traffic going through one ISP router should fail over to the secondary ISP, and the traffic should not flow through both routers simultaneously.
What should the architect configure with Link Load Balancing LLB) to meet the requirement?
正解: B
Scenario: A Citrix Architect and a team of Workspacelab members have met for a design discussion about the NetScaler Design Project. They captured the following requirements:
Two pairs of NetScaler MPX appliances will be deployed in the DMZ network and the internal network.
High availability will be accessible between the pair of NetScaler MPX appliances in the DMZ network.
Multi-factor authentication must be configured for the NetScaler Gateway virtual server.
The NetScaler Gateway virtual server is integrated with XenApp/XenDesktop environment.
Load balancing must be deployed for the users from the workspacelab.com and vendorlab.com domains.
The logon page must show the workspacelab logo.
Certificate verification must be performed to identify and extract the username.
The client certificate must have UserPrincipalName as a subject.
All the managed workstations for the workspace users must have a client identifications certificate installed on it.
The workspacelab users connecting from a managed workstation with a client certificate on it should be authenticated using LDAP.
The workspacelab users connecting from a workstation without a client certificate should be authenticated using LDAP and RADIUS.
The vendorlab users should be authenticated using Active Directory Federation Service.
The user credentials must NOT be shared between workspacelab and vendorlab.
Single Sign-on must be performed between StoreFront and NetScaler Gateway.
A domain drop down list must be provided if the user connects to the NetScaler Gateway virtual server externally.
The domain of the user connecting externally must be identified using the domain selected from the domain drop down list.
On performing the deployment, the architect observes that users are always prompted with two-factor authentication when trying to assess externally from an unmanaged workstation.
Click the exhibit button to view the configuration.
What should the architect do to correct this configuration?
Two pairs of NetScaler MPX appliances will be deployed in the DMZ network and the internal network.
High availability will be accessible between the pair of NetScaler MPX appliances in the DMZ network.
Multi-factor authentication must be configured for the NetScaler Gateway virtual server.
The NetScaler Gateway virtual server is integrated with XenApp/XenDesktop environment.
Load balancing must be deployed for the users from the workspacelab.com and vendorlab.com domains.
The logon page must show the workspacelab logo.
Certificate verification must be performed to identify and extract the username.
The client certificate must have UserPrincipalName as a subject.
All the managed workstations for the workspace users must have a client identifications certificate installed on it.
The workspacelab users connecting from a managed workstation with a client certificate on it should be authenticated using LDAP.
The workspacelab users connecting from a workstation without a client certificate should be authenticated using LDAP and RADIUS.
The vendorlab users should be authenticated using Active Directory Federation Service.
The user credentials must NOT be shared between workspacelab and vendorlab.
Single Sign-on must be performed between StoreFront and NetScaler Gateway.
A domain drop down list must be provided if the user connects to the NetScaler Gateway virtual server externally.
The domain of the user connecting externally must be identified using the domain selected from the domain drop down list.
On performing the deployment, the architect observes that users are always prompted with two-factor authentication when trying to assess externally from an unmanaged workstation.
Click the exhibit button to view the configuration.
What should the architect do to correct this configuration?
正解: C
A Citrix Architect needs to evaluate and define the architecture and operational processes required to implement and maintain the production environment. In which two phases of the Citrix Methodology will the architect define this? (Choose two.)
正解: A,B
Scenario: A Citrix Architect needs to design a hybrid XenApp and XenApp and XenDesktop environment which will include Citrix Cloud as well as resource locations in on-premises datacenter and Microsoft Azure.
Organizational details and requirements are as follows:
Active XenApp and XenDesktop Service subscription
No existing NetScaler deployment
About 3,000 remote users are expected to regularly access the environment Multi-factor authentication should be used for all external connections Solution must provide load balancing for backend application servers Load-balancing services must be in Location B Click the Exhibit button to view the conceptual environment architecture.
The architect should use ________ in Location A, and should use _________ in Location B. (Choose the correct option to complete the sentence.)
Organizational details and requirements are as follows:
Active XenApp and XenDesktop Service subscription
No existing NetScaler deployment
About 3,000 remote users are expected to regularly access the environment Multi-factor authentication should be used for all external connections Solution must provide load balancing for backend application servers Load-balancing services must be in Location B Click the Exhibit button to view the conceptual environment architecture.
The architect should use ________ in Location A, and should use _________ in Location B. (Choose the correct option to complete the sentence.)
正解: B
Scenario: A Citrix Architect has set up NetScaler MPX devices in high availability mode with version 12.0.53.13 nc. These are placed behind a Cisco ASA 5505 Firewall. The Cisco ASA Firewall is configured to block traffic using access control lists. The network address translation (NAT) is also performed on the firewall.
The following requirements were captured by the architect during the discussion held as part of the NetScaler security implementation project with the customer's security team:
The NetScaler MPX device:
should monitor the rate of traffic either on a specific virtual entity or on the device. It should be able to mitigate the attacks from a hostile client sending a flood of requests. The NetScaler device should be able to stop the HTTP, TCP, and DNS based requests.
needs to protect backend servers from overloading.
needs to queue all the incoming requests on the virtual server level instead of the service level.
should provide protection against well-known Windows exploits, virus-infected personal computers, centrally managed automated botnets, compromised webservers, known spammers/hackers, and phishing proxies.
should provide flexibility to enforce the decided level of security check inspections for the requests originating from a specific geolocation database.
should block the traffic based on a pre-determined header length, URL length, and cookie length. The device should ensure that characters such as a single straight quote ("); backslash (\); and semicolon (;) are either blocked, transformed, or dropped while being sent to the backend server.
Which security feature should the architect configure to meet these requirements?
The following requirements were captured by the architect during the discussion held as part of the NetScaler security implementation project with the customer's security team:
The NetScaler MPX device:
should monitor the rate of traffic either on a specific virtual entity or on the device. It should be able to mitigate the attacks from a hostile client sending a flood of requests. The NetScaler device should be able to stop the HTTP, TCP, and DNS based requests.
needs to protect backend servers from overloading.
needs to queue all the incoming requests on the virtual server level instead of the service level.
should provide protection against well-known Windows exploits, virus-infected personal computers, centrally managed automated botnets, compromised webservers, known spammers/hackers, and phishing proxies.
should provide flexibility to enforce the decided level of security check inspections for the requests originating from a specific geolocation database.
should block the traffic based on a pre-determined header length, URL length, and cookie length. The device should ensure that characters such as a single straight quote ("); backslash (\); and semicolon (;) are either blocked, transformed, or dropped while being sent to the backend server.
Which security feature should the architect configure to meet these requirements?
正解: A
Scenario: A Citrix Architect needs to assess an existing NetScaler Gateway deployment. During the assessment, the architect collected key requirements for VPN users, as well as the current session profile settings that are applied to those users.
Click the Exhibit button to view the information collected by the architect.
Which configurations should the architect change to meet all the stated requirements?
Click the Exhibit button to view the information collected by the architect.
Which configurations should the architect change to meet all the stated requirements?
正解: B
Under which two circumstances will a service be taken out of the slow start phase with automated slow start? (Choose Two)
正解: B,E
Scenario: The following NetScaler environment requirements were discussed during a design meeting between a Citrix Architect and the Workspacelab team:
All traffic should be secured, and any traffic coming into HTTP should be redirected to HTTPS.
Single Sign-on should be created for Microsoft Outlook web access (OWA).
NetScaler should recognize Uniform Resource Identifier (URI) and close the session to NetScaler when users hit the Logoff button in Microsoft Outlook web access.
Users should be able to authenticate using user principal name (UPN).
The Layer 7 monitor should be configured to monitor the Microsoft Outlook web access servers and the monitor probes must be sent on SSL.
Which method can the architect use to redirect the user accessing https://mail.citrix.com to https://mail.citrix.com?
All traffic should be secured, and any traffic coming into HTTP should be redirected to HTTPS.
Single Sign-on should be created for Microsoft Outlook web access (OWA).
NetScaler should recognize Uniform Resource Identifier (URI) and close the session to NetScaler when users hit the Logoff button in Microsoft Outlook web access.
Users should be able to authenticate using user principal name (UPN).
The Layer 7 monitor should be configured to monitor the Microsoft Outlook web access servers and the monitor probes must be sent on SSL.
Which method can the architect use to redirect the user accessing https://mail.citrix.com to https://mail.citrix.com?
正解: B
Scenario: A Citrix Architect and a team of Workspacelab members met to discuss a NetScaler design project. They captured the following requirements from this design discussion:
A pair of NetScaler MPX appliances will be deployed in the DMZ network.
High Availability will be accessible in the NetScaler MPX in the DMZ Network.
Load balancing should be performed for the internal network services like Microsoft Exchange Client Access Services and Microsoft App-V.
The load balancing should be performed for StoreFront.
The NetScaler Gateway virtual server will be utilizing the StoreFront load-balancing virtual server.
The NetScaler Gateway virtual server and StoreFront.
The NetScaler Gateway virtual service and StoreFront and load-balancing services are publicly accessible.
The traffic for internal and external services must be isolated.
Click the Exhibit button to review the logical network diagram.
Which two design decisions are incorrect based on these requirements? (Choose two.)
A pair of NetScaler MPX appliances will be deployed in the DMZ network.
High Availability will be accessible in the NetScaler MPX in the DMZ Network.
Load balancing should be performed for the internal network services like Microsoft Exchange Client Access Services and Microsoft App-V.
The load balancing should be performed for StoreFront.
The NetScaler Gateway virtual server will be utilizing the StoreFront load-balancing virtual server.
The NetScaler Gateway virtual server and StoreFront.
The NetScaler Gateway virtual service and StoreFront and load-balancing services are publicly accessible.
The traffic for internal and external services must be isolated.
Click the Exhibit button to review the logical network diagram.
Which two design decisions are incorrect based on these requirements? (Choose two.)
正解: A,D
Which three methods can a Citrix Architect use to assess the capabilities of a network infrastructure? (Choose three.)
正解: A,B,D
Scenario: Based on a discussion between a Citrix Architect and a team of Workspacelab members, the MPX Logical layout for Workspacelab has been created across three (3) sites.
The requirements captured during the design discussion held for a NetScaler design project are as follows:
Two (2) pairs of NetScaler MPX appliances deployed in the DMZ and internal network.
High Availability will be accessible for each NetScaler MPX
The external NetScaler MPX appliance will be deployed in multi-arm mode.
The internal NetScaler MPX will be deployed in single-arm mode wherein it will be connected to Cisco ACI Fabric.
All three (3) Workspacelab sites: Dc, NDR and DR, will have similar NetScaler configurations and design.
How many NetScaler MPX appliances should the architect deploy at each site to meet the design requirements above?
The requirements captured during the design discussion held for a NetScaler design project are as follows:
Two (2) pairs of NetScaler MPX appliances deployed in the DMZ and internal network.
High Availability will be accessible for each NetScaler MPX
The external NetScaler MPX appliance will be deployed in multi-arm mode.
The internal NetScaler MPX will be deployed in single-arm mode wherein it will be connected to Cisco ACI Fabric.
All three (3) Workspacelab sites: Dc, NDR and DR, will have similar NetScaler configurations and design.
How many NetScaler MPX appliances should the architect deploy at each site to meet the design requirements above?
正解: B