EMT Practice Test

1. Question Content...


Question List

Question1: Scenario: A NetScaler Engineer needs to enable access to a load-balancing virtual server from two customers that belong to different VLANs, VLAN500 and VLAN600. Each customer must access the services and servers specific to their VLAN and should never be able to reach another customer service or servers.
Traffic Domain (TD) 1 has been created for VLAN500 and Traffic Domain (TD) 2 for VLAN600. Load- balancing services have also been created for each server on TD1 and TD2. The TD for the virtual server is TD 3 and IP address 172.10.0.30.
In order to complete this setup, the engineer should create a load-balancing virtual server with IP
172.10.0.30 on TD 3 and use __________. (Choose the correct option to complete the sentence.)

Question2: A network engineer should use a HTTP-ECV monitor type to control the status of a load balanced web server resource when __________. (Choose the correct option to complete the sentence.)

Question3: During a recent security penetration test, several ports on the management address were identified as providing unsecured services.
Which two methods could the network engineer use to restrict these services? (Choose two.)

Question4: Scenario: An engineer configures two NetScaler appliances in a high availability (HA) pair. As part of a monthly health check, the engineer attempts to log on to the second node of the HA pair and is unable to access the management IP Address. The engineer logs on to the first NetScaler node and verifies that HA is working and operational.
What does the engineer need to do to resolve this problem?

Question5: Scenario: A network engineer has created and bound an UDP-ECV monitor to identify the status of a UDP service. However, no matter what the response is, the service is always marked as UP.
A possible cause of this behavior is that the network engineer __________. (Choose the correct option to complete the sentence.)

Question6: Scenario: A website that provides hotel bookings lists each hotel through their membership number on the site URL. For example, the Martello Tower member ID is 6754 and its web presence is at http:// www.hoteltestwebsite.com/hotels/6754/index.html.
There are 20,000 hotels in the database of the website. The website business owner no longer wants to display the hotel sites for hotel numbers 1-10000, inclusive. A NetScaler Engineer must configure an appropriate responder page to indicate that these sites are unavailable.
Which expression will meet the requirements of the business owner?

Question7: Scenario: A NetScaler Engineer is viewing Authentication, Authorization and Access (AAA) events on the NetScaler appliance to determine why a user is unable to log on. The events below have been logged during this timeframe:
Fri Oct 17 18:17:16 2014
/usr/home/build/rs_80_48/usr.src/usr.bin/nsaaad/../../netscaler/aaad/ldap_drv.c[40\]: start_ldap_auth attempting to
auth scottli @ 10.12.33.216
Fri Oct 17 18:17:18 2014
/usr/home/build/rs_80_48/usr.src/usr.bin/nsaaad/../../netscaler/aaad/ldap_drv.c[291\]:
recieve_ldap_bind_event receive ldap bind event
Fri Oct 17 18:17:18 2014
/usr/home/build/rs_80_48/usr.src/usr.bin/nsaaad/../../netscaler/aaad/ldap_drv.c[326\]:
recieve_ldap_bind_event ldap_bind with binddn bindpw failed:Invalid credentials Fri Oct 17 18:17:18
2014 /usr/home/build/rs_80_48/usr.src/usr.bin/nsaaad/../../netscaler/aaad/naaad.c[1198\]: send_reject sending reject to kernel for : scottli
What is the root cause of this issue?

Question8: Scenario: A NetScaler Engineer has discovered that the object home.php is NOT found in the cache on the system.
Below is the relevant configuration:
add cache contentGroup cache_content_group_1 -relExpiry 0
add cache policy cache_pol_1 -rule "http.REQ.URL.CONTAINS(\"home.php\")" -action MAY_CACHE - storeInGroup cache_content_group_1
add cache policy cache_pol_2 -rule "http.REQ.METHOD.EQ(\"GET\")" -action NOCACHE add cache policy cache_pol_3 -rule "HTTP.RES.HEADER(\"Set-Cookie\").EXISTS" -action NOCACHE bind cache global cache_pol_1 -priority 90 -gotoPriorityExpression END -type REQ_OVERRIDE bind cache global cache_pol_2 -priority 100 -gotoPriorityExpression END -type REQ_OVERRIDE bind cache global cache_pol_3 -priority 100 -gotoPriorityExpression END -type RES_OVERRIDE The data from the client and the server are as following:
GET /home.php HTTP/1.1
Host: www.website.com
User-Agent: Mozilla Firefox/3.0.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Date: Thu, 09 Oct 2014 18:25:00 GMT
Cookie: sessionid=100xyz
HTTP/1.1 200 OK
Date: Thu, 09 Oct 2014 18:25:00 GMT
Server: Apache/2.2.3 (Fedora)
Last-Modified: Wed, 09 Jul 2014 21:55:36 GMT
ETag: "27db3c-12ce-5e52a600"
Accept-Ranges: bytes
Cache-Control: private, max-age=0
Set-Cookie: sessionid=100xyz; expires=Thu, 09-Oct-2014 18:30:00 GMT; path=/ Content-Length: 119
Connection: close
Content-Type: text/html; charset=UTF-8
Why does the object NOT persist in the cache?

Question9: Scenario: Example.com runs a dating service site that provides a service with videos of candidates. They want to use RTSP load balancing to stream the videos more effectively.
Which load balancing method should the engineer select?

Question10: What does the TCP Buffering feature on the NetScaler accomplish?

Question11: A network engineer has configured two NetScaler MPX appliances as a high availability (HA) pair.
What can the engineer configure to prevent failover if only a single interface fails?

Question12: What are the supported protocols for management authentication?

Question13: Which command will allow an engineer to change the NetScaler IP (NSIP) from the command-line interface?

Question14: Which item needs to be configured to enable content prefetch in Integrated Caching on the NetScaler appliance?

Question15: Company policy states that all passwords should travel the network in encrypted packets except SNMP.
Which command should the network engineer execute to comply with this policy?

Question16: Scenario: An engineer is configuring services to allow load balancing of backend web servers on the internal network. The engineer bound multiple monitors to the first service, but notices that the service is reporting as DOWN. The monitor threshold default has NOT been changed.
What could be causing this issue?

Question17: When would it be necessary to configure Failover Interface Set (FIS) in an environment that has two NetScaler appliances in high availability (HA) mode?

Question18: Scenario: A NetScaler high availability (HA) pair has the following interfaces connected:
1/1 - Test network
1/2 - Production network
The network engineer needs to re-cable the test network and wants to ensure that, when the cable is removed, HA fail over does NOT occur unless the production network also goes down.
Which step should the engineer take to meet these requirements?

Question19: What type of protocol does AppFlow use for reporting?

Question20: A network engineer has noted that the primary node in an HA pair has been alternating as many as three times a day due to intermittent issues.
What should the engineer configure to ensure that HA failures are alerted?

Question21: The upgrade script copies the updated NetScaler kernel file to the __________ NetScaler directory.
(Choose the correct option to complete the sentence.)

Question22: What should a network engineer do to prevent unauthorized users from using the root user account?

Question23: Scenario: A network engineer has configured a load balancing virtual server for an HTTP application. Due to the application architecture, it is imperative that a user's session remains on a single server during the session. The session has an idle timeout of 60 minutes. Some devices are getting inconsistent application access while most are working fine. The problematic devices all have tighter security controls in place.
Which step should the engineer take to resolve this issue?

Question24: Users have reported that they are receiving a confusing error message related to SSL sessions when connecting from older browsers.
How could the network engineer present this error to users in a customized format?

Question25: When a network engineer logs onto a new NetScaler device in the London datacenter, data output indicates that the device is NOT configured for the local time.
How can the network engineer synchronize the correct time with an NTP server in the local data center?

Question26: Scenario: GSLB has been configured for use within a multisite environment. The MEP status is reported as down on all GSLB appliances. The appliances have been configured for unsecured MEP exchange.
Which port must the network engineer ensure is open between the NetScaler appliances?

Question27: Scenario: A network engineer created an IPv6 virtual server on the NetScaler. The virtual server is using a service group with two IPv4 servers bound to it. When testing access to the virtual server from a client configured with an IPv6 address, he is unable to connect.
What could be the reason for this issue?

Question28: What are two benefits of using Link Aggregation Control Protocol (LACP)? (Choose two.)

Question29: Scenario: When the NetScaler was set up, compression was enabled. The network engineer would like to disable compression ONLY for a particular virtual server.
How could the engineer accomplish this?

Question30: What are two valid ways of checking that a back-end web server is reachable from the NetScaler SNIP address using port 80? (Choose two.)

Question31: Scenario: A network engineer needs to add an NTP server to a NetScaler appliance. The NTP service is configured on 10.10.1.49.
Which command should the network engineer use within the command-line interface to add in an NTP server for time synchronization?

Question32: Scenario: A network engineer has modified the configuration of a content-switching virtual server, Website_main, because a second content-switching server that is capable of handling more connections has been added to the NetScaler implementation. Both servers will remain in operation.
The engineer made the following configuration changes:
>set cs vserver Website_main -lbvserver New_Server -backupVserver Old_Server -redirectURL http:// www.mydomain.com/maintenance -soMethod Connection -soThreshold 1000
Why did the engineer enable the spillover option?

Question33: How could a network engineer gather detailed network information?

Question34: Scenario: A NetScaler Engineer has created an SSL virtual server that utilizes SSL services. The engineer needs to configure certificate authentication from the NetScaler to the backend web services.
What should the engineer do to meet the requirements outlined in the scenario?

Question35: Scenario: A web server needs to be load-balanced but the content for the web page is retrieved from different server pools. There is a server pool for images, another for text files, and another for documents.
Which NetScaler feature would allow a user to retrieve content from all pools through a single IP address by leveraging the ability of NetScaler to forward traffic based on the incoming request?

Question36: In which two places could a NetScaler Engineer enable TCP Buffering? (Choose two.)

Question37: Scenario: A network engineer suspects that there is a duplex mismatch in the network configuration. The NSIP address is 10.10.1.206.
How can the administrator verify the configuration in this scenario?

Question38: What is the purpose of binding Certificate Authority (CA) certificates to a virtual server?

Question39: Scenario: Company Inc. wants to tag incoming requests with a header that indicates which browser is being used on the connection. This helps the server keep track of the browsers after the NetScaler has delivered the connections to the back end.
The engineer should create __________ actions to __________. (Choose the correct set of options to complete the sentence.)

Question40: Scenario: A NetScaler Engineer has configured a virtual server as follows:
set lb vserver web_vserver -redirectURL http://www.external.hosting.com -backupVServer maint_vserver The virtual server web_vserver is marked as DOWN; maint_vserver is marked as UP.
The following request is sent to the web_vserver:
GET /path/query HTTP/1.1
What would happen to this request?

Question41: What is the purpose of the SSL Certificate Authority (CA) root certificate during an SSL connection?

Question42: Traffic to which destination is sourced from the NetScaler IP (NSIP) by default?

Question43: A network engineer has enabled USIP and USNIP and set a unique IP address as the source IP using the proxyIP parameter on an INAT policy.
Which is the correct order of precedence for the IP addresses?

Question44: Which policy expression must an engineer use to enable compression for javascript files?

Question45: Which two virtual servers could a NetScaler Engineer configure to redirect GET requests to application servers? (Choose two.)

Question46: A security test has been completed on an SSL offload implementation and it has been determined that the certificate key length is too short and must be increased.
Which two steps must the network engineer complete to resolve this? (Choose two.)

Question47: On which two objects could a NetScaler Engineer bind cipher groups? (Choose two.)

Question48: A network engineer must determine which SSL protocols are enabled on a virtual server named SSL01.
Which command could the engineer run to see this information?

Question49: A network engineer needs to investigate why a few users have issues logging on to the NetScaler system.
How can the engineer troubleshoot authentication issues on the NetScaler system?

Question50: A network engineer needs to upgrade both appliances of a High Availability (HA) pair.
In which order should the network engineer upgrade the appliances?

Question51: An engineer is checking that ports are configured correctly between the NetScaler system and a back-end web server. Which command should the engineer use to test that the web server is responding on port 80?

Question52: Scenario: A NetScaler Engineer has configured COOKIEINSERT persistence with a timeout value of two minutes on an SSL LBvServer. The idle time requirement for the application itself CANNOT be determined.
Users report connections are intermittent. Once a session is disconnected, a user must re-authenticate in order to regain access.
In order to correct this issue, the engineer should set persistence to __________ with a timeout of
__________ minutes. (Choose the correct set of options to complete the sentence.)

Question53: A NetScaler Engineer has created a new custom user monitor script and needs to place it in the NetScaler filesystem for use.
Where must the engineer place the custom script so that it is available for use?

Question54: Scenario: A NetScaler Engineer has a high-availability (HA) pair of NetScaler MPX devices (NS1 and NS2) connected on interfaces 0/1, 1/1 and 1/2. NS1 is currently the primary unit. Fail-safe mode is NOT enabled.
High-availability monitor is enabled on all the connected interfaces. The engineer sees the following line in the output of his "show node" command from the command-line interface:
Interfaces on which heartbeats are not seen: 1/1 1/2
Interfaces causing Partial Failure: None
What will happen if the 0/1 interface fails?

Question55: Scenario: An engineer needs to configure a monitor to ensure that each server is tested every 10 seconds and requires that the server pass the test four consecutive times before marking a server as UP. If the test fails, the server should be marked as down for 60 seconds.
To configure the monitor, the engineer should configure an interval of 10 seconds, down-time of 60 seconds; __________ as 4; and retries as __________. (Choose the correct set of options to complete the sentence.)

Question56: A NetScaler Engineer is reviewing the performance of a NetScaler appliance and notices that TCP multiplexing (TCP connection reuse) appears to NOT be working for a virtual server.
What could be the cause of this issue?

Question57: Which two certificate formats are supported when creating a certificate key pair on the NetScaler? (Choose two.)

Question58: Scenario: An engineer has a NetScaler system with NSIP 192.168.10.1 with subnet mask 255.255.0.0.
The company changed the IP network to use subnet mask 255.255.255.0.
Which two commands could the engineer run to modify the subnet mask of the NSIP? (Choose two.)

Question59: The security department just conducted a penetration test on the published virtual servers and all of the SSL virtual servers returned the result "Allowed changing to weak certificate standard" in the report.
The reason for this result could be that the network engineer who configured the virtual servers forgot to
__________. (Choose the correct option to complete the sentence.)

Question60: A public SSL certificate on a virtual server is about to expire and the NetScaler engineer needs to renew the certificate before it expires.
Which step must the engineer take to renew the SSL Certificate?

Question61: Which load-balancing method is used in connection mirroring and firewall load balancing?

Question62: Which persistence method is only applicable to load-balancing SIP?

Question63: Scenario: A NetScaler Engineer creates a new HTTP VServer using the following command:
add lb vserver lb_test HTTP 172.20.10.85 80 -lbMethod LEASTCONNECTION -persistencetype COOKIEINSERT -timeout 0 -authentication ON -cacheable YES
During testing, the engineer notices a cookie named NSC_iuuq2 with a value of:
ffffffff020a1d1545525d5f4f58455e445a4a423660
What is the purpose of this cookie?

Question64: Scenario: Primary NetScaler (NS1) is licensed for 10000 Maximum ICA users and 305 Access Gateway users. Secondary NetScaler (NS2) is licensed for 10000 Maximum ICA users and five Access Gateway users.
From where and which command should a network engineer run to display diagnostics on the licenses?

Question65: Which expression must an engineer use to prevent compression of Cascading Style Sheets?

Question66: Scenario: A NetScaler engineer is adding a new SSL certificate to a NetScaler device. During the process the engineer receives an error message:
"Certificate with key size greater than RSA512 or DSA512 bits not supported." The same process has been followed previously on the same model of NetScaler successfully.
What is the likely cause of this error?

Question67: A NetScaler Engineer would like to encrypt the LDAP authentication traffic from a NetScaler to the internal LDAP servers.
Which type of load-balancing service should the engineer create?

Question68: Scenario: A NetScaler Engineer is configuring a new system with connected interfaces 10/1 - 10/4 and runs the following commands:
add ip 10.10.10.1 255.255.255.0 -type snip
add vlan 10
bind vlan 10 -ifnum 10/1
On which interface(s) will subnet 10.10.10.1 respond to requests?

Question69: Scenario: An engineer has been given the task of selecting the TCP profile for a NetScaler appliance. The appliance has a 1.5Mbit WAN interface that has considerable and intermittent packet loss.
Which TCP profile should the engineer choose to optimize traffic for the WAN interface?

Question70: Scenario: A NetScaler Engineer is using the DataStream feature. The NetScaler appliance is located in front of a MySQL Database server in the network topology.
The engineer would like to block requests that would drop a database. The engineer comes up with the expression MYSQL.REQ.QUERY.TEXT.CONTAINS("drop database").
The engineer should configure the expression with the ___________ feature to block these requests.
(Choose the correct option to complete the sentence.)

Question71: A network engineer wants to optimize a published load balanced SSL virtual server for WAN connection with long delay, high bandwidth with minimal packet drops.
What would the network engineer use to do this type of optimization for the SSL virtual server?

Question72: Scenario: A network engineer has created an SSL offload virtual server. The virtual server shows as a DOWN state.
Which two scenarios could cause the virtual server showing as DOWN? (Choose two.)

Question73: The network engineer is investigating issues and suspects that one of the administrators recently changed the NetScaler configuration.
Which command could the engineer run to check the logs that will contain such details?

Question74: A NetScaler implementation is experiencing intermittent network issues, specifically regarding traffic to a back-end service associated with IP address 10.10.1.86.
Which command should a network engineer execute to generate diagnostic information to investigate this issue?

Question75: Scenario: A NetScaler environment uses two-factor authentication and the second authentication method is AD. A user logs in to the environment but does NOT receive access to the resources that the user should have access to.
How can an engineer determine the AD authentication issue on the NetScaler?

Question76: In order to create a three-node NetScaler cluster, all nodes must __________ and __________. (Choose the two correct options to complete the sentence.)

Question77: A NetScaler Engineer has been given the task of protecting an internal web site by requiring users to enter their credentials.
Which feature should the engineer configure?

Question78: What is the purpose of the flash cache option in integrated caching?

Question79: Which client c the NetScaler may use?

Question80: Scenario: A NetScaler Engineer retrieves the following configuration from support and enters it into the command-line interface:
add rewrite action remove_server_header delete_http_header Server
add rewrite policy RP_remove_srv_header "HTTP.REQ.IS_VALID && !CLIENT.IP.SRC.IN_SUBNET (172.16.0.0/16)" remove_server_header
bind lb vserver lb_vsrv -policyName RP_remove_srv_header -priority 100 -gotoPriorityExpression END - type REQUEST
The immediate effect of this configuration is that it will __________ the server header in the __________ if the request is coming from a network other than 172.16.0.0/16. (Choose the correct set of options to complete the sentence.)

Question81: Scenario: A network engineer is going to roll out an upgrade from a 9.x version on a standalone NetScaler appliance using the command-line interface.
Which two items does the engineer need to download before proceeding with the upgrade? (Choose two.)

Question82: Which three command-line interface commands should a NetScaler Engineer execute to configure an authentication virtual server? (Choose three.)

Question83: An network engineer is asked to perform an export of the captured trace output files as requested by Citrix Tech support.
In which directory could the engineer retrieve the captured log files in the NetScaler system?

Question84: A network engineer has enabled BGP routing.
Which two additional features should the network engineer enable for BGP routing to function? (Choose two.)

Question85: Which two of the listed statements are true about Access Control Lists (ACLs) on the NetScaler? (Choose two.)

Question86: Which troubleshooting tool will show policy hits and verify that a policy expression is being invoked?

Question87: Scenario: NetScaler features are NOT licensed. A NetScaler Engineer has checked that the proper platform license file has been uploaded.
Why are the NetScaler features NOT licensed?

Question88: Which two NetScaler command-line interface commands could an engineer execute to change TCP Window Scaling settings on the NetScaler? (Choose two.)

Question89: In a high-availability (HA) configuration, a NetScaler Engineer notices that the HA Synchronization status shows as failed.
What could be causing the HA Synchronization to fail?

Question90: What are two ways in which the NetScaler TCP buffering feature improves application performance?
(Choose two.)

Question91: Scenario: A network engineer needs to implement high availability (HA) for a pair of NetScaler appliances.
The existing appliance was recently restarted and the new appliance has been rack mounted and turned on for several weeks waiting to be configured. The engineer needs to create an HA pair, but is concerned that his original appliance will get erased when the HA pair is created.
Which two tasks could the engineer do before the creation of the HA pair to ensure that the exiting unit stays the main appliance? (Choose two.)

Question92: Which command would an engineer run to deny access to destination port 103 from a host with an IP address of 10.0.1.1?

Question93: Which step is required to ensure that SSL traffic is passed through the NetScaler to backend services without processing SSL on the NetScaler appliance?

Question94: A company has a new CEO and wants to update their website with the new CEO's name.
What could the engineer do on the website while this modification is being made?

Question95: Which two encryption algorithms are supported on the NetScaler to store the encrypted SSL private key with a password? (Choose two.)

Question96: Scenario: NetScaler is configured with a Subnet IP (SNIP) 192.168.1.10/24 on VLAN 1 and a SNIP
172.168.1.50/24 on VLAN 100.
VLAN 100 has been properly associated with interface 1/1 and SNIP 172.168.1.50.
A user on VLAN 100 is attempting to access a virtual server on 192.168.1.25 and NOT getting a response.
After troubleshooting the network, an engineer identifies that asymmetric packet flows are NOT using the right interfaces on the return path to the client.
Which NetScaler setting must be enabled to avoid this behavior?

Question97: A network engineer notes that a high availability pair (HA) is NOT synchronizing correctly and decides to open a ticket with Citrix Support.
When opening the new ticket with Citrix Support, the engineer should run show __________ and
__________. (Choose the correct set of options to complete the sentence.)

Question98: As a result of connecting two NetScaler interfaces in the same L2 broadcast domain/VLAN (unless link aggregation is configured), the NetScaler will __________. (Choose the correct option to complete the sentence.)

Question99: On a load-balancing virtual server with multiple bound services, Redirect URL will be invoked when
__________. (Choose the correct phrase to complete the sentence.)

Question100: Scenario: A NetScaler Engineer has the following set in the Global Server Load Balancing (GSLB) configuration:
set gslb site SiteB -triggerMonitor MEPDOWN
How does this influence the default service monitoring behavior on the remote site?

Question101: In order to configure integrated cache, a NetScaler Engineer would need to reboot the NetScaler when the integrated caching feature is __________ and cache memory limit is set to __________. (Choose the correct set of options to complete the sentence.)

Question102: Which type of authentication server could an engineer configure in order to provide the use of RSA token authentication as a permitted authentication method to access a AAA Virtual Server?

Question103: Scenario: A NetScaler Engineer has created a local account for a user according to the below configuration:
add system user NSUser userpassword -timeout 900
add system group "NetScaler users" -timeout 900
add system cmdPolicy netscaler-users ALLOW "(^man.*)|(^show\\s+(?!system)(?!configstatus)(?!ns ns\
\.conf)(?!ns savedconfig)(?!ns runningConfig)(?!gslb runningConfig)(?!audit messages)(?!techsupport).*)| (^stat.*)"
bind system group "NetScaler users" -userName NSUser
bind system group "NetScaler users" -policyName netscaler-users 100
The user is able to log on but is NOT able to execute certain commands. The engineer goes back and looks at the logs, and the following is displayed:
Oct 6 13:34:15 <local0.info> 192.168.10.50 10/06/2014:13:34:15 GMT ns1 0-PPE-0 : CLI CMD_EXECUTED 4303 0 : User NSUser - Remote_ip 192.168.10.10 - Command "show ns runningConfig" - Status "ERROR: Not authorized to execute this command" Why is the command NOT working for the user?

Question104: The network engineer would like all HTTP and HTTPS requests that travel through the NetScaler to have an HTTP header added with the source IP address for logging on the web servers.
How should the network engineer accomplish this?

Question105: The Lazy Load action of Front End Optimization (FEO) improves the end-user experience by allowing images to __________. (Choose the correct phrase to complete the sentence.)

Question106: A recent security audit has identified that NetScaler management is available on all Subnet IP (SNIP) adresses.
Which step could an engineer take to ensure that these services are only available through the NetScaler IP (NSIP)?

Question107: Scenario: A network engineer needs to generate a certificate on the NetScaler appliance. The environment requires a private key with 4096-bit encryption.
To generate a new SSL certificate from a NetScaler Appliance, the engineer must first create __________.
(Choose the correct option to complete the sentence.)

Question108: An environment network has:
- High bandwidth
- Low packet loss
- High Round-Trip Time (RTT)
Which TCP profile should an engineer configure for the environment described?

Question109: An engineer should use the filter (content filtering) feature to prevent __________ and __________.
(Choose the two correct options to complete the sentence.)

Question110: Scenario: An engineer has configured a virtual server that users access using HTTP port 80. The web application also uses TCP port 81 and 8080 for non-user access. The engineer would like to prevent users from connecting to web servers if any of the ports go down.
How should the engineer set this configuration to ensure service availability?

Question111: Which client header indicates support for the type of compression the NetScaler may use?

Question112: Which protocol can be monitored by Insight Center?

Question113: Which two content types are, by default, compressible content on the NetScaler? (Choose two.)

Question114: Scenario: A NetScaler Engineer connected a new NetScaler MPX appliance to the network. However, some of the interfaces were blocked on the uplink switch. The engineer needs to perform a network packet trace on the NetScaler appliance. For troubleshooting purposes, the engineer needs to separate trace files for each interface. The engineer executed the following command from the NetScaler CLI:
start nstrace -perNIC ENABLED
However, NetScaler created a single trace file.
What should the engineer do to produce separate trace files for each interface?

Question115: Scenario: A NetScaler Engineer has received complaints from some users stating that their business applications are running slow. The engineer analyzes the application servers and sees the following CPU utilization:
ServerA is utilizing 20% CPU
ServerB is utilizing 20% CPU
ServerC is utilizing 100% CPU
The engineer had set the load-balancing method to round robin but decided to change the load-balancing configuration for the business applications.
Which load-balancing method could the engineer use to address this issue?

Question116: Which IP address type should be bound to a VLAN in order to isolate traffic to backend services?

Question117: Scenario: A network engineer deployed a new NetScaler MPX appliance on the network and all interfaces are connected to the core switch. The network engineer notices the CPU utilization has become very high on the switch since the NetScaler deployment.
Which two actions could the engineer perform on the NetScaler to resolve this issue? (Choose two.)

Question118: While binding a certificate key pair where the key is a 2048-bit, a NetScaler Engineer receives the following error message:
"Certificate with key size greater than RSA512 or DSA512 bits not supported" What could be causing this error?

Question119: A network engineer wants to hide the IP address of the outgoing packets by changing it to the IP of the VIP.
Which feature should the administrator use?

Question120: Which feature could a Network Engineer configure in order to restrict client connections to a specific bandwidth limit?

Question121: While performing some re-cabling, a NetScaler engineer noticed that a power supply unit failed on a NetScaler appliance. What should the engineer enable to receive notification of a future hardware failure?

Question122: A network engineer selected the option on a SSL certificate to provide notification upon expiration of the certificate; however when a certificate expires, NO notification is sent to the engineer. Which step could the engineer take to enable notification?

Question123: Scenario: A NetScaler Engineer wants to make it easier for the help desk group to access the active node in a high-availability pair. Members of the help desk group must be able to access the NetScaler in a secure way without being notified of warnings in their web browsers.
Which two of the listed steps must the engineer take to meet the requirements of the scenario? (Choose two.)

Question124: Scenario: An organization has a fair usage policy that limits each customer to a maximum of five active connections in any given second. A NetScaler Engineer is given the task of implementing the requirements to enforce a policy using the Rate Limiting feature on NetScaler.
Which commands should the network engineer execute to create a proper selector and limit identifier that fulfills the policy requirement?

Question125: Which step could a network engineer take to prevent brute force logon attacks?

Question126: Scenario: A network engineer has configured GSLB for a multisite environment. All GSLB services show as UP with an UP MEP status.
The engineer has observed that DNS queries are directed to the SNIP of the NetScaler; however, no DNS response is being received.
How can the engineer resolve this issue?

Question127: A network engineer needs to configure smart card-based authentication on NetScaler Access Gateway.
Which type of authentication policy could the engineer configure in order to accomplish this task?

Question128: Scenario: The NetScaler is connected to two subnets. The NSIP is 10.2.9.12. The external SNIP is
10.2.7.3. The MIP for internal access is 10.2.9.3. Web servers, authentication servers and time servers are on the 10.2.10.0/24 network which is available through the 10.2.9.1 router. The external firewall has the
10.2.7.1 address. Traffic bound for Internet clients should flow through the external firewall.
Which command should be used to set the default route?

Question129: What would a NetScaler Engineer configure to allow internal IPv4 servers on a private subnet access to the external Internet through the NetScaler?

Question130: Scenario: The NetScaler has connections to a large number of VPNs. The network engineer wants to minimize the number of ARP requests.
Which feature should the network engineer enable to minimize ARP requests?

Question131: A network engineer has started at a new company and has been instructed to restrict access to an external facing VIP to selected third party clients, based on their source IP address range.
What could the engineer do to accomplish this task?

Question132: Scenario: A NetScaler Engineer has enabled the HTTP Compression feature on an existing production NetScaler. The engineer is using the built-in policies. The engineer reviews the HTTP Compression statistics but does NOT see any compression statistic data.
What is the likely reason?

Question133: Scenario: A network engineer needs to re-configure the NetScaler to utilize two new VLANs - VLAN2 and VLAN3. VLAN2 is an untagged VLAN and VLAN3 will require a .1q compliant tag. Interface 1/1 is the only interface that will be used on the NetScaler.
How could the engineer configure the NetScaler so that it can communicate with both networks?

Question134: Scenario: The NetScaler is configured with a NSIP of 10.20.30.40. Management access is NOT enabled on any other IP address.
Which command should an engineer execute to prevent access to the NetScaler using HTTP and only allow HTTPS access?

Question135: Scenario: A network engineer has bound four policies to an HTTP virtual server as follows:
PolicyA is bound with a priority of 10 and has the following expression: REQ.IP.SOURCEIP == 10.10.10.0 PolicyB is bound with a priority of 15 and has the following expression: REQ.IP.SOURCEIP != 10.10.11.0 PolicyC is bound with a priority of 20 and has the following expression: REQ.IP.SOURCEIP == 10.10.12.0 PolicyD is bound with a priority of 25 and has the following expression: REQ.IP.SOURCEIP != 10.10.13.0 When a connection is made from a PC with an IP address of 10.10.12.15, which policy will be applied?

Question136: A network engineer needs to prevent too many simultaneous HTTP requests that can cause a Denial Of Service (DDoS). What could the engineer enable to prevent too many simultaneous HTTP requests?

Question137: Scenario: A company has three HTTP servers that are load balanced using NetScaler. When users connect to the HTTP application they often receive inconsistent data or are advised that they need to log on again. Which step should the engineer take to correct this?

Question138: Scenario: Company Inc. wants to modify the HTTP Server header so that unauthorized users and malicious code CANNOT use the header to identify the software that the HTTP server uses.
Which two actions can the engineer take to meet the needs of the scenario? (Choose two.)

Question139: Which command must an engineer use to run a cluster with less than (n/2+1) number nodes online?

Question140: The purpose of pre-fetch in integrated caching is to automatically __________. (Choose the correct option to complete the sentence.)

Question141: Scenario: Users complain that they are NOT able to connect to a web site using the IP address. The relevant portion of the configuration is shown below:
add ssl profile srv-web -sessReuse ENABLED -sessTimeout 120 -tls11 DISABLED -tls12 DISABLED - strictCAChecks YES
add service svc-web 192.168.1.3 HTTP 80
add lb vserver srv-web SSL 192.168.1.22 443 -persistenceType NONE -cltTimeout 180 bind lb vserver srv-web svc-web
set ssl vserver srv-web -eRSA DISABLED -clientAuth ENABLED -clientCert Optional -tls11 DISABLED - tls12 DISABLED -SNIEnable ENABLED
add ssl policy svc-web -rule true -action NOOP
bind ssl vserver srv-web -certkeyName WebCert -SNICert
bind ssl vserver srv-web -policyName svc-web -priority 100
What is the likely cause of the connectivity issue?

Question142: Which NetScaler feature could be used to stall policy processing to retrieve information from an external server?

Question143: Which NetScaler caching type requires proxy configuration on all client devices?

Question144: Which two parameters in the TCP buffering settings can be controlled by a network engineer? (Choose two.)

Question145: Scenario: Users in an organization need to access several web applications daily. Management has asked a NetScaler Engineer to reduce the amount of times users have to enter credentials when accessing web applications.
What should the engineer configure to meet this requirement?

Question146: A network engineer needs to configure load balancing for secured web traffic that does NOT terminate at the NetScaler device.
Which type of session persistence method can the engineer select for this scenario?

Question147: Scenario: An engineer created a new test Web Interface site for the new XenDesktop farm that the IT Department is developing. Several weeks later the engineer finds out that several people across the company have been accessing the new test site. The engineer needs to ensure that only the IT Department subnets can access the test site.
How could the engineer restrict access to the site so that only certain subnets can access this resource?

Question148: Scenario: An engineer executes the following commands:
add vlan 2
bind vlan 2 -ifnum 1/2
add ns ip 10.110.4.200 255.255.255.0
bind vlan 2 -IPAddress 10.110.4.200 255.255.255.0
What type of IP address has been added to the NetScaler?

Question149: A company has two sites that host six cache web servers that are used to promote sales information.
Which feature on the NetScaler should an engineer enable to provide faster application performance and also provide additional capacity if the demand increases for one site?

Question150: A NetScaler Engineer has installed Command Center, Insight Center, Web Logging and an Integration Pack for System Center.
Which tool would be appropriate to see client-side rendering times?

Question151: When using static proximity load-balancing method for a Global Server Load Balancing (GSLB) virtual server, there must be a match between the IP addresses in the custom/static database to the IP address of the _________ so that it is associated with a given location. (Choose the correct option to complete the sentence.)

Question152: Which two compression actions could a NetScaler engineer use? (Choose two.)

Question153: Scenario: A NetScaler Engineer is using the following policy to forward traffic when performing content switching:
add cs action cs1_act -targetVserverExpr "HTTP.REQ.HOSTNAME"
add cs policy cs1_switch_policy -rule true -action cs1_act
bind cs vserver CS1-VIP -policyName cs1_switch_policy -priority 10
In order to make sure the policy works correctly, the engineer must name the __________ to match the hostname. (Choose the correct option to complete the sentence.)

Question154: A NetScaler Engineer needs to audit extended Access Control List (ACL) hits.
Which two areas would the engineer enable logging so that the ACL hits could be stored in the /var/log/ ns.log? (Choose two.)

Question155: An end user is receiving authentication errors when accessing a load-balancing virtual server that uses Authentication, Authorization and Access (AAA)-TM.
Which shell command should a NetScaler Engineer execute to show AAA events in real time to help diagnose this issue?

Question156: A network engineer runs the following command:
nsconmsg -K /var/nslog/newnslog -s nsdebug_pe=1 -d oldconmsg
What is the engineer trying to check in the log?

Question157: A network engineer is testing a new load balancing virtual server "test" that has the service group "test-grp" bound to it.
Which command could the engineer run to show connection details for the new virtual server?

Question158: Scenario: An engineer has three subnets configured on a NetScaler appliance. The engineer must only allow a certain group of users to access a virtual server on the appliance. The IT Manager requires that all rules are flexible and can be easily modified for ease of administration.
How could the engineer allow certain groups to access the virtual server while still being able to modify the setting in the future?

Question159: A NetScaler engineer would like to present different web pages to a user based on the device and browser type from which they are connecting.
Which responder policy could assist with this requirement?

Question160: What is the default load-balancing method?

Question161: Which connection state is included in the Current Server Connections parameter, but not affected by Max Clients?

Question162: Scenario: A network engineer plans to configure an Active Directory Server as the default authentication for a NetScaler deployment and provide users with the option to change their password if it is expired.
Which two actions should the engineer take to configure this authentication requirement on the NetScaler system? (Choose two.)

Question163: Scenario: A network engineer would like to prevent blacklisted remote clients from accessing NetScaler hosted application services. An IP address blacklist database is maintained by an external company and available to query over the Internet.
The engineer would like to reject any connections from IP addresses that are contained in the blacklist.
What could the engineer configure to achieve this goal?

Question164: NSROOT is the only account configured with super user rights.
In order to initiate the password recovery procedure, the engineer must __________. (Choose the correct option to complete the sentence.)

Question165: Some SSL certificate files may be missing from a NetScaler appliance.
Which directory should an engineer check to determine which files are missing?

Question166: Scenario: A network engineer is managing a NetScaler environment that has two NetScaler devices running as a high availability pair. The engineer must upgrade the current version from NetScaler 9 to NetScaler 10.5.
Which action must the engineer take?

Question167: The disk is full on a NetScaler appliance but NO alerts were generated by the SNMP traps.
What is the likely cause of this failed alert?

Question168: Which option must a NetScaler Engineer set to enable client keep-alive mode?

Question169: Which built-in TCP profile should a NetScaler Engineer choose to optimize backend server connections, where the servers reside on the same LAN as the appliance?

Question170: A network engineer has been tasked with identifying the cause of intermittent network connectivity issues.
Which command should the engineer use to generate the necessary network information required to diagnose the connectivity issues?

Question171: Which public IP address must a NetScaler Engineer set on a NetScaler appliance to allow for client connections?

Question172: What is the only input format supported by the NetScaler when using the NetScaler Certificate Import wizard within the configuration utility?

Question173: Scenario: A pair of NetScaler devices have recently been installed into the corporate DMZ. The Netscalers have been installed in two-arm mode, with two interfaces in a Internet-facing VLAN and two interfaces in the internal VLAN. A private management subnet also exists.
The NetScaler engineer would like to secure and restrict communication between the management subnet and the SNIP address on that subnet.
Which two actions could the engineer take to help with these goals? (Choose two.)

Question174: A network engineer wants to collect performance statistics regarding the traffic between different points in the connection, specifically from client-to-NetScaler and from NetScaler to back-end server, and be able to present this to different analysis tools.
Which feature on the NetScaler could the engineer use for this?

Question175: Scenario: A client connecting to an SSL virtual server receives the following error:
"Invalid Server Certificate The server certificate is invalid. Do you wish to accept this certificate and connect to the server anyway?"
What is a possible cause of this error message?

Question176: Scenario: A company is hosting an external, Internet-facing website that is load balanced by a NetScaler.
The backend servers are on a 1 Gbps network and clients connect over 3G connections. The Server Administrator reviewed the performance metrics on the backend servers and noticed a lot of overall network retirements and retransmissions.
Which NetScaler feature would help improve the network performance of the backend servers in this scenario?

Question177: Scenario: A network engineer gets an error message when using the configuration utility to import a PKCS#12 certificate that contains a dollar sign ($), a backquote (`), or an escape (\) character password.
In order to address this error, the network engineer could prefix it with __________. (Choose the correct option to complete the sentence.)

Question178: Which of the listed options is a simple Access Control List (ACL) attribute?

Question179: Scenario: A company is using Citrix NetScaler VPX for publishing internal resources using Citrix Access Gateway with Smart Access. Since the number of users has increased the company wants to migrate from Citrix NetScaler VPX to Citrix NetScaler MPX. The engineer is running a parallel installation of the Citrix NetScaler MPX and now needs to transfer the Citrix Access Gateway Universal Licenses from a Citrix NetScaler VPX to a Citrix NetScaler MPX platform.
How should the engineer transfer the Citrix Access Gateway Universal License files from the VPX to the MPX?

Question180: A network engineer wants to configure a NetScaler for load balancing Voice over IP traffic (VoIP).
Which hash method is the best fit for VoIP traffic?

Question181: Which protocol is responsible for exchanging site metric, network metric, and persistence information between sites using Global Server Load Balancing (GSLB)?

Question182: Scenario: A network engineer has configured an HTTP application to be load balanced using a virtual server named Svr1. Users have reported intermittent errors and the engineer has been given the client IP address of an affected user and asked to determine which back end service they are connected to.
Using the command-line interface, how could the engineer find this information?

Question183: Which setting would a NetScaler Engineer disable in order to stop the NetScaler from acting as a router for non-NetScaler owned IP addresses or entities?

Question184: Scenario: The NetScaler has been connected to two external networks provided by different Internet Service Providers (ISPs). Dynamic routing is not enabled. Traffic is expected to use the first ISP (through the 10.50.1.1 router) if possible and the second, slower ISP (through the 10.51.1.1 router) only if the Primary ISP fails.
Which two commands could the network engineer execute to configure the routes? (Choose two.)

Question185: When a content-switching virtual server is used and idle client connections must stay established longer than the default NetScaler value, in which two locations could an engineer adjust the client timeout setting?
(Choose two.)

Question186: Which service setting would a NetScaler Engineer use in the command-line interface to limit connections to server resources?

Question187: A network engineer needs to configure load balancing for an FTP site.
Which type of session persistence method can the engineer select for this scenario?

Question188: A network engineer is investigating a recent failure of NetScaler high availability and confirms that some recent changes were made to the configuration.
What is a likely cause of the failure?

Question189: Scenario: A NetScaler appliance currently has a manually configured channel containing four interfaces; however, the engineer has been told that the NetScaler must now only use a single interface for this network. The engineer removes the channel and immediately notices a decrease in network performance.
How could the engineer resolve this issue?

Question190: Scenario: A network engineer has created two selectors to use to populate a cache group in integrated caching.
One selector, "Hit," will determine what to add to the group. The other, "Inval", will select what should be invalidated.
Which command should the engineer run to create the cache group?

Question191: Scenario: An organization has recently been penetration-tested by a security company. The findings have indicated that the NetScaler device is responding to requests revealing web server information within the HTTP response headers.
Which NetScaler feature can a network engineer use to prevent this information from being leaked to a potential malicious user?

Question192: Why would an engineer want to specify a TCP Profile for a specific service group?

Question193: Scenario: A NetScaler Engineer is troubleshooting a high-availability issue. The engineer needs to determine if the port being used by the high-availability heartbeats is blocked.
Which port is used by high-availability heartbeats?

Question194: Scenario: An engineer is upgrading the NetScaler firmware from version 10.1 to 10.5 and has a high- availability (HA) setup of two NetScaler MPX appliances.
What is the best practice process to upgrade this HA pair?

Question195: How could a NetScaler Engineer ensure that a content-switching virtual server is marked as DOWN if all target load-balancing servers show as DOWN?

Question196: Scenario: For security reasons, the NSIP needs to be configured to only be accessible on interface 0/1, which is VLAN 300.
The NSIP address is 10.110.4.254 and the subnet mask is 255.255.255.0.
How would the network engineer achieve this configuration?

Question197: A client is trying to reach a back-end server with an IP address of 10.192.31.5 given the following routing table:

Which route would the NetScaler use for this client?

Question198: Which two virtual server types could have a compression policy bound to them? (Choose two.)

Question199: Scenario: A network engineer has bound four policies to a virtual server as follows:
- PolicyA has a priority of 10
- PolicyB has a priority of 20
- PolicyC has a priority of 30
- PolicyD has a priority of 0
Which policy will be evaluated first?

Question200: Scenario: A virtual server named New_Server has been disabled to perform an emergency upgrade; however requests from clients are NOT being redirected to the maintenance page.
The redirected URL configuration is:
>set cs vserver Website_main -lbvserver New_Server -backupVserver Backup_Server - redirectURL http:// www.mydomain.com/maintenance -soMethod Connection -soThreshold 1000 - soPersistence enabled Why are requests from clients NOT being redirected to the maintenance page?

Question201: How could an engineer configure a monitor to ensure that a server is marked as DOWN if the monitor test is successful?

Question202: What is the key benefit to enabling Session Reuse on an SSL offload VServer?

Question203: An engineer has configured a DNS virtual server on a NetScaler appliance but the monitors are showing DOWN and DNS resolution is failing.
Which of the following should the engineer check?

Question204: Scenario: A network engineer has bound a service group containing four web servers to a virtual server.
The virtual server is UP but users report that they are unable to access the virtual server.
In order to troubleshoot this issue, the engineer should use telnet from __________. (Choose the correct option to complete the sentence.)

Question205: Scenario: An engineer has been hired to manage the content-switching configurations on the NetScaler.
The user account for this engineer must have the standard rules that apply to the other administrators.
What should the engineer do to allow for the extra privileges?

Question206: Which two are HTTP response codes from a successful cache hit by default? (Choose two.)

Question207: Scenario: The marketing department would like a short URL to use for a product launch that will redirect users to the product information page on the company's website.
The marketing URL they require is http://www.turboappliances.com/prima. It should redirect the user to
http://www.turboappliances.com/products/solutions/primaversion1234.html.
Which NetScaler command should a NetScaler Engineer run in order to meet the requirements of the scenario?

Question208: Scenario: A NetScaler engineer configured a service and server for RADIUS authentication. To ensure that the RADIUS service is available and responding to authentication requests, the engineer has added the NetScaler built-in monitor to the service. On inspecting the RADIUS service the engineer notices it is marked as DOWN.
What could be causing this issue?

Question209: A NetScaler Engineer created an SSL virtual server but the status is showing as state DOWN.
What could be causing the virtual server to show as state DOWN?

Question210: Scenario: A NetScaler Engineer needs to perform a network packet trace on a NetScaler appliance. For troubleshooting purposes the engineer needs to capture traffic only from interfaces 1/3 and 1/4; traffic from other interfaces should NOT be captured. The resulting file should be saved in NetScaler format.
What should the engineer do to accomplish this task?

Question211: On which two types of virtual servers is the SOURCEIP persistence type supported? (Choose two.)

Question212: On a NetScaler system, the __________ timeout value will mark any session that has reached the idle timeout for cleanup. (Choose the correct option to complete the sentence.)

Question213: When creating a link aggregation channel on the NetScaler, the "-throughput" option sets the __________.
(Choose the correct option to complete the sentence.)

Question214: Scenario: A network engineer needs to provide web server administrators with access to monitoring and reporting after changing the default root password during the initial setup of the NetScaler. The engineer needs to ensure that the web server administrators can perform this task.
What should the engineer do in order to ensure that the administrators are able to log on to the NetScaler?

Question215: A network engineer should use the Advanced tab when configuring load balancing to enable __________.
(Choose the correct option to answer the question.)

Question216: Scenario: A NetScaler Engineer configures COOKIEINSERT persistence method for an HTTP VServer named 'myApp'. Many clients do NOT allow the persistence cookie to be set and application sessions fail as a result. All clients are behind a network address translation (NAT) gateway, which will insert the client IP address into an HTTP header called X-Forwarded-For.
Which command could the engineer execute to provide persistence for clients while still distributing the requests across the bound services?

Question217: An engineer has two NetScaler devices in two different datacenters and wants to create a high availability (HA) pair with the two devices, even though they are on two different subnets.
How can the engineer configure the HA Pair between the two NetScaler devices?

Question218: A network engineer is investigating issues and suspects that a new server that has been recently added to the environment has the same IP address as a virtual server that is configured on the NetScaler.
Which command could the engineer run to check the logs that will contain such details?

Question219: Scenario: An application that uses HTTP for connections and other protocols for different types of content has been deployed. Load balancing virtual servers have been created for each protocol and the engineer now needs to ensure that once a load balancing decision has occurred, further requests for different content are served from the same server.
How could the engineer achieve this?

Question220: What should a network engineer configure to set high availability for a load balanced virtual server?

Question221: A network engineer should enable the Rate Limiting feature of a NetScaler system to mitigate the threat of
__________ attack. (Choose the correct option to complete the sentence.)

Question222: Scenario: An engineer has been asked to implement load balancing of an existing unsecured web application. The engineer needs to ensure that users will access the web application using HTTPS, but no changes can be made to the web servers hosting the web application.
In order to fulfill the requirements, the engineer must create an __________ service group and add members with port __________; and bind the service group to an __________ virtual server. (Choose the correct set of options to complete the sentence.)

Question223: A company wants to implement a policy where all passwords should be encrypted while transiting the network.
Where in the GUI would the network engineer prevent access to unsecured management protocols?

Question224: An engineer has bound a policy to a test virtual server.
How could the engineer verify that the policy is being applied?

Question225: Which outcome does the minify JavaScript option of the Front End Optimization (FEO) feature provide?

Question226: Scenario: A network engineer monitoring an HTTP service-related issue needs to view only the relevant data pertaining to the service being monitored. The IP address of the back-end service being monitored is
10.10.1.99. The NSIP address is 10.10.1.230.
Which command should the engineer execute to monitor data relevant to this issue only in real time?

Question227: Which setting must an engineer ensure is configured before a Subnet IP (SNIP) could be used to communicate with servers on the same network segment?

Question228: Which two response codes and pages can be cached on the NetScaler using Integrated Caching? (Chose two)

Question229: Scenario: A NetScaler Engineer has been tasked with reconfiguring an existing NetScaler deployment. The engineer is currently running a high-availability (HA) pair of NetScaler 10.5 appliances, but the Vice President of IT has requested a more efficient way of preserving and balancing network resources and throughput while having a single point of management for the NetScaler appliances.
What should the engineer configure to satisfy the requirements outlined by the Vice President of IT?

Question230: Scenario: A call center has deployed Access Gateway Enterprise to provide its employees with access to work resources from home. Due to the number of available licenses, only selected employees should access the environment remotely based on their user account information.
How could the engineer configure access to meet the needs of this scenario?

Question231: Company policy states that SNMP management should only be allowed from specific hosts.
What should the network engineer do to prevent unauthorized access to SNMP?

Question232: A network engineer needs to configure Citrix NetScaler to provide Access Gateway services to VLAN 2 using interface 1/1 only, while also using interface 1/2 to provide load balancing services to VLAN 3.
How could this result be achieved?

Question233: Scenario: A NetScaler Engineer is configuring LACP (Link Aggregation Configuration Protocol) on the NetScaler. The engineer adds interface 10/3 and 10/4 to LA/1 (which already contains interfaces 10/1 and
10/2) and is configured for VLAN 500.
VLAN 100 is bound to interface 10/3 and VLAN 200 is bound to interface 10/4.
VLAN 500 is bound to channel LA/1.
Which VLAN is shown with a "show interface" command for interface 10/3?

Question234: Scenario: A network engineer configured a new NetScaler MPX appliance without any VLANs and with a single interface connected to the network. The engineer has not completed any other configurations. The interface is then accidentally disabled and contact is lost with the appliance.
Which two actions can the network engineer take to restore communications to the appliance? (Choose two.)

Question235: Scenario: A security test has shown that the NetScaler is forwarding IP packets. Company standard operating procedure is that the routers should be the only devices forwarding packets.
Which step should the network engineer take to prevent forwarding packets?

Question236: A NetScaler is configured with two-factor authentication. A user reported that authentication failed.
How can an engineer determine which factor of the authentication method failed?

Question237: Scenario: A network engineer created an SSL virtual server and enabled smart card on it. The engineer tried browsing to the server and noticed the back-end system could NOT see the users certificates.
What could be causing this issue?

Question238: Scenario: A NetScaler Engineer is configuring a NetScaler that has three interfaces. The first interface is connected to the internal network, the second interface is connected to the DMZ1-network, and the third interface is connected to the DMZ2-network.
DMZ1 and DMZ2 networks are behind different firewalls, and both firewalls are sending traffic through network address translation (NAT) to the DMZ networks.
The default route is to the gateway on the DMZ1-network.
DMZ1: 10.10.10.0/24 (Gateway: 10.10.10.1)
DMZ2: 10.20.20.0/24 (Gateway: 10.20.20.1)
Internal: 192.168.0.0/24 (Gateway: 192.168.0.1)
Internet traffic reaches the virtual servers located in DMZ1 but NOT the virtual servers located in DMZ2.
Which policy-based route (PBR) would resolve the issue?

Question239: A NetScaler Engineer would like to direct identical requests for the same service to specific cache servers.
Which load-balancing method should the engineer use?

Question240: What should a NetScaler Engineer configure to create load-balancing virtual servers and services on the same VLAN with overlapping IP addresses?

Question241: A NetScaler Engineer plans to deploy a third-party application that will perform scheduled configuration auditing by using NITRO API with a REST interface.
Which management protocol should the engineer enable to allow NITRO API access?

Question242: Scenario: A NetScaler Engineer is asked to interpret the following configuration:
add audit syslogAction syslog_srv_1 192.168.0.1 -logLevel ERROR
add audit syslogAction syslog_srv_2 192.168.0.2 -logLevel WARNING
add audit syslogAction syslog_srv_3 192.168.0.3 -logLevel CRITICAL
add audit syslogAction syslog_srv_4 192.168.0.4 -logLevel ALERT
add audit syslogPolicy audit_pol_1 ns_true syslog_srv_1
add audit syslogPolicy audit_pol_2 ns_true syslog_srv_2
add audit syslogPolicy audit_pol_3 ns_true syslog_srv_3
add audit syslogPolicy audit_pol_4 ns_true syslog_srv_4
bind system global audit_pol_1 -priority 100
bind system global audit_pol_2 -priority 100
bind system global audit_pol_3 -priority 100
bind system global audit_pol_4 -priority 100
add audit messageaction log-act1 CRITICAL '"Client:"+CLIENT.IP.SRC+" accessed "+HTTP.REQ.URL' - bypassSafetyCheck YES
add responder policy RP_pol http.REQ.IS_VALID NOOP -logAction log-act1
bind responder global RP_pol 100 END -type REQ_OVERRIDE
Which syslog server will receive log information?

Question243: Scenario: A NetScaler Engineer is troubleshooting an issue and using /var/log/ns.log to view the errors.
The logs are being filled with messages like the ones below:
Oct 6 14:03:23 <local0.info> 192.168.10.50 10/06/2014:14:03:23 GMT ns1 0-PPE-0 : TCP CONN_DELINK 4471 0 : Source 192.168.10.10:52187 - Vserver 192.168.10.50:80 - NatIP
192.168.10.10:52187 - Destination 192.168.10.50:80 - Delink Time 10/06/2014:14:03:23 GMT - Total_bytes_send 1075 - Total_bytes_recv 352
Oct 6 14:03:30 <local0.info> 192.168.10.50 10/06/2014:14:03:30 GMT ns1 0-PPE-0 : TCP CONN_TERMINATE 4472 0 : Source 192.168.10.35:80 - Destination 192.168.10.51:35341 - Start Time
10/06/2014:14:02:43 GMT - End Time 10/06/2014:14:03:30 GMT - Total_bytes_send 1 - Total_bytes_recv
1
Oct 6 14:03:30 <local0.info> 192.168.10.50 10/06/2014:14:03:30 GMT ns1 0-PPE-0 : TCP CONN_TERMINATE 4473 0 : Source 127.0.0.1:7776 - Destination 127.0.0.2:55623 - Start Time
10/06/2014:14:02:45 GMT - End Time 10/06/2014:14:03:30 GMT - Total_bytes_send 1 - Total_bytes_recv
1
Oct 6 14:03:30 <local0.info> 192.168.10.50 10/06/2014:14:03:30 GMT ns1 0-PPE-0 : TCP CONN_TERMINATE 4474 0 : Source 127.0.0.1:80 - Destination 127.0.0.2:39771 - Start Time
10/06/2014:14:02:46 GMT - End Time 10/06/2014:14:03:30 GMT - Total_bytes_send 1 - Total_bytes_recv
1
Which option should the engineer modify to stop these types of messages from getting logged in /var/log/ ns.log?

Question244: A NetScaler Engineer needs an SNMP alert to be sent when CPU utilization is 90% or higher on a NetScaler instance.
Which two steps must the engineer take to configure the SNMP alert? (Choose two.)

Question245: Which two options could a NetScaler Engineer configure to ensure that a revoked client certificate CANNOT be used for a client certificate authentication? (Choose two.)

Question246: A NetScaler Engineer has created a new monitor using the following command:
add lb monitor mon_inline HTTP-INLINE -respCode 200 302 401 -httpRequest "HEAD /" -interval 10 - reverse YES -secure YES
This monitor adds an HTTP-INLINE monitor __________. (Choose the correct phrase to complete the sentence.)

Question247: Scenario: The network engineer is unable to access a specific SSL site through the NetScaler. While reviewing traces on the NetScaler, the network engineer noticed "Handshake" failures from the server.
These handshake failures could be the result of the virtual server __________. (Choose the correct option to complete the sentence.)

Question248: A network engineer might choose to use SSL_Bridge instead of a SSL virtual server in order to
__________. (Choose the correct option to complete the sentence.)

Question249: Scenario: A NetScaler engineer has received an SSL certificate and bound it to the vServer. However, users are unable to browse to the website using HTTPS. When the NetScaler engineer browses to the site using HTTPS, the engineer notices that the certificate chain is incomplete.
Which two steps should the administrator take to fix the virtual server? (Choose two.)

Question250: Server Name Indication (SNI) is required when __________. (Choose the correct option to complete the sentence.)

Question251: Scenario: An engineer implementing a NetScaler is tasked with creating a new VLAN, named VLAN 2, and adding it to the current interfaces. A new IP address of 10.102.29.54 with a network mask of 255.255.255.0 must be configured for VLAN 2.
Which commands could the engineer use to achieve this configuration in the command-line interface prior to binding VLAN 2?

Question252: Scenario: A NetScaler engineer is on the phone with Technical Support to troubleshoot an issue. The NetScaler engineer generated a support archive and needs to send the file to the Technical Support Specialist to help resolve the problem with the appliance.
In which directory could the engineer retrieve the information?

Question253: Which option needs to be set on the service in order to maintain the original client-IP to the backend service?

Question254: A NetScaler Engineer is required to use SNMP v3 on a NetScaler instance and needs to use authentication and encryption for all SNMP v3 communication.
What are two places where the engineer could set mandatory authentication and encryption? (Choose two.)

Question255: Which NetScaler feature would a NetScaler Engineer configure to allow users from a certain IP range to have access to a special Web portal?

Question256: Which tool could a NetScaler Engineer use to monitor client-side rendering times for a Web application that is load-balanced by NetScaler?

Question257: When binding a certificate to a virtual server, which two certificate formats are supported by NetScaler?
(Choose two.)

Question258: Which NetScaler IP address must a NetScaler Engineer set for management and general system access purposes?

Question259: Scenario: A NetScaler Engineer must implement load-balancing on a web server farm that serves video clips to end users. Video clip files vary in size. The engineer needs to send traffic to the server with the least amount of network utilization.
Which load-balancing method should the engineer use?