1Y0-440 Architecting a Citrix Networking Solution Question and Answers

Scenario: A Citrix Architect needs to deploy a load balancing for an application server on the NetScaler. The authentication must be performed on the NetScaler. After the authentication, the Single Sign-on with the application servers must be performed using Kerberos impersonation.

Which three authentication methods can the Architect utilize to gather the credentials from the user in this scenario? (Choose three.)

Which two options should a Citrix Architect evaluate during a capabilities assessment? (Choose two.)

Scenario: A Citrix Architect has configured two MPX devices in high availability mode with version 12.0.53.13 nc. After a discussion with the security team, the architect enabled the Application Firewall feature for additional protection.

In the initial deployment phase, the following security features were enabled:

• IP address reputation
• HTML SQL injection check
• Start URL
• HTML Cross-site scripting
• Form-field consistency
• After deployment in pre-production, the team identifies the following additional security features and changes as further requirements:
• Application Firewall should retain the response of form field in its memory. When a client submits the form in the request, Application Firewall should check for inconsistencies in the request before sending it to the web server.
• All the requests dropped by Application Firewall should get a pre-configured HTML error page with appropriate information.
• The Application Firewall profile should be able to handle the data from the RSS feed and an ATOM-based site. Click the Exhibit button to view an excerpt of the existing configuration.

What should the architect do to meet these requirements?

Scenario: A Citrix Architect needs to design a new Citrix Gateway deployment for a customer. During the design discussions, the architect documents the key

requirements for the Citrix Gateway.

Click the Exhibit button to view the key requirements.

The architect should configure Citrix Gateway for __________________in order to meet the stated requirements. (Choose the correct option to complete the

sentence.)

Scenario: A Citrix Architect has configured a load balancing virtual server for RADIUS authentication. The architect observes that, when the radius authentication action has the virtual server IP address, the authentication falls. However, when any of the individual server IP addresses are used, the authentication works fine.

How should the architect troubleshoot this issue?

Scenario: Based on a discussion between a Citrix Architect and a team of Workspacelab members, the MPX Logical layout for Workspacelab has been created across three (3) sites.

They captured the following requirements during the design discussion held for a Citrix ADC design project:

• All three (3) Workspacelab sites (DC, NDR, and DR) will have similar NetScaler configurations and design.
• Both external and internal NetScaler MPX appliances will have Global Server Load Balancing (GSLB) configured and deployed in Active/Passive mode.
• GSLB should resolve both A and AAA DNS queries.
• In the GSLB deployment, the NDR site will act as backup for the DC site, whereas the DR site will act as backup for the NDR site.
• When the external NetScaler replies to DNS traffic coming in through Cisco Firepower IPS, the replies should be sent back through the same path.
• On the internal NetScaler, both the front-end VIP and backend SNIP will be part of the same subnet.
• The external NetScaler will act as default gateway for the backend servers.
• All three (3) sites, DC, NDR, and DR, will have two (2) links to the Internet from different service providers configured in Active/Standby mode.

Which design decision must the architect make the design requirements above?

A Citrix Architect can execute a configuration job using a DeployMasterConfiguration template on a Citrix ADC _________deployed_________. (Choose the correct option to complete sentence.)

Which response is returned by the Citrix ADC, if a negative response is present in the local cache?

Scenario: A Citrix Architect and a team of Workspacelab members met to discuss a Citrix ADC design project. They captured the following requirements from this design discussion:

• All three (3) Workspacelab sites (DC, NDR, and DR) will have similar Citrix ADC configurations and design.

• The external Citrix ADC MPX appliances will have Global Server Load Balancing (GSLB) configured and deployed in Active/Active mode.

• ADNS service should be configured on the Citrix ADC to make it authoritative for domain nsg.workspaceIab.com.

• In GSLB deployment, the DNS resolution should be performed to connect the user to the site with least network latency.

• On the internal Citrix ADC, load balancing for StoreFront services, Citrix XML services, and Citrix Director services must be configured.

• On the external Citrix ADC, the Gateway virtual server must be configured in ICA proxy mode.

Which GSLB method should the architect utilize to meet the design requirements?

Scenario: A Citrix Architect needs to design a hybrid Citrix Virtual App and Citrix Virtual Desktop environment which will include Citrix Cloud as well as resource locations in an on-premises datacenter and Microsoft Azure.

Organizational details and requirements are as follows:

• Active Citrix Virtual App and Citrix Virtual Desktops Service subscription
• No existing NetScaler deployment
• Global Server Load Balancing is used to direct connection requests to Location B, if the StoreFront server in Location B fails, connections should be directed to Location A.

Click the Exhibit button to view the conceptual environment architecture.

The architect should use _____ in Location A, and should use ________ in Location B. (Choose the correct option to complete the sentence.)

Scenario: A Citrix Architect holds a design discussion with a team of Workspacelab members, and they capture the following requirements for the Citrix ADC design project:

• A pair of Citrlx ADC MPX appliances will be deployed in the DMZ network and another pair in the internal network.
• High availability will be accessible between the pair of Citrix ADC MPX appliances in the DMZ network.
• Multi-factor authentication must be configured for the Citrix Gateway virtual server.
• The Citrix Gateway virtual server is integrated with the StoreFront server.
• Load balancing must be configured for the StoreFront server. •Authentication must be deployed for users from the workspacelab.com domain.
• The Workspacelab users should be authenticated using Cert Policy and LDAP.
• All the client certificates must be SHA 256-signed, 2048 bits, and have UserPrincipalName as the subject.
• Single Sign-on must be performed between StoreFront and Citrix Gateway. After deployment the architect observes that LDAP authentication is failing.

Click the Exhibit button to review the output of aaad.debug and the configuration of the authentication policy.

What is causing this issue?

Which four settings can a Citrix Architect use to create a configuration job using Citrix Application Delivery Management? (Choose four.)

Scenario: A Citrix Architect has deployed two MPX devices. 12.0.53.13 nc and MPX 11500 models, in a high availability (HA) pair for the Workspace labs team. The deployment method is two-arm and the devices are installed behind a CISCO ASA 5585 Firewall. The architect enabled the following features on the Citrix ADC devices. Content Switching. SSL Offloading, Load Balancing, Citrix Gateway. Application Firewall in hybrid security and Appflow. All are enabled to send monitoring information to Citrix Application Delivery Management 12.0.53.13 nc build. The architect is preparing to configure load balancing for Microsoft Exchange 2016 server.

The following requirements were discussed during the implementation:

• All traffic needs to be segregated based on applications, and the fewest number of IP addresses should be utilized during the configuration.
• All traffic should be secured and any traffic coming Into FITTP should be redirected to HTTPS.
• Single Sign-on should be created for Microsoft Outlook web access (OWA).
• Citrix ADC should recognize Uniform Resource Identifier (URI) and close the session to Citrix ADC when users hit the Logoff button In Microsoft Outlook web access.
• Users should be able to authenticate using either user principal name (UPN) or sAMAccountName.
• The Layer 7 monitor should be configured to monitor the Microsoft Outlook web access servers and the monitor probes must be sent on SSL.

Which monitor will meet these requirements?

Scenario: A Citrix Architect needs to design a NetScaler deployment in Microsoft Azure. An Active-Passive NetScaler VPX pair will provide load balancing for three distinct web applications. The architect has identified the following requirements:

• Minimize deployment costs where possible.
• Provide dedicated bandwidth for each web application.
• Provide a different public IP address for each web application.

For this deployment, the architect should configure each NetScaler VPX machine to have ______ network interface(s) and configure IP address by using ________. (Choose the correct option to complete the sentence).

Which parameter indicates the number of current users logged on to the Citrix gateway?

Scenario: A Citrix Architect needs to deploy a NetScaler appliance for Workspacelab, which will provide application load balancing services to Partnerlab and Vendorlab.

The setup requirements are as follows:

• A pair of NetScaler MPX appliances will be deployed in the DMZ network.
• High availability will be accessible on the NetScaler MPX in the DMZ Network.
• Load balancing should be performed for the mail servers for Partnerlab and Vendorlab.
• The traffic for both of the organizations must be isolated.
• Separate Management accounts must be available for each client.
• The load-balancing IP addresses must be identical.
• A separate VLAN must be utilized for communication for each client.

Which solution can the architect utilize to meet the requirements?

Scenario: A junior Citrix Architect would like to use nFactor to perform authentication based on the domain. The junior architect has reached out to a supervisor for assistance and has been provided with the following step-by-step configuration guide:

• Create Authentication policy for LDAP. RADIUS.
• Create logon schema for Domain drop down. LDAP. LDAP+RADIUS, and noschema.
• Create Authentication policy label for OnlyLDAR LDAP+RADIUS, and RADIUS.
• Bind DOMAIN drop down as default logon schema policy
• Create Authentication profile to bind the AAA virtual server.
• Bind Authentication profile to Traffic management virtual server or Citrix Gateway virtual server.

What must the junior architect bind In order for the authentication to work correctly?

Scenario: A Citrix Architect and a team of Workspacelab members met to discuss requirements during the design discussion for a Citrix ADC design project. Specifically, the existing Citrix ADC Configuration must be modified to meet the following authentication conditions:

• Provide users with domain drop-down page

• If the users select workspacelab.com. perform single factor authentication using LDAP

• It the users select AAATM.COM, perform two factor authentication using LDAP and RADIUS

• If the users select NSI-TEST. COM. perform SAML authentication using ADFS

What should the architect use to bind the AAA virtual server to the Citrix Gateway virtual server?

Scenario: A Citrix Architect and a team of Workspacelab members met to discuss a Citrix ADC design project. They captured the following requirements from this design discussion:

• All three (3) Workspacelab sites (DC. NDR. and DR) will have similar Citrix ADC configurations and design.
• The external Citrix ADC MPX appliances will have Global Server Load Balancing (GSLB) configured and deployed in Active/Active mode
• ADNS service should be configured on the Citrix ADC to make it authoritative for domain nsg Workspacelab.com.
• In GSLB deployment, the DNS resolution should be performed to connect the user to the site with least network latency.
• On the internal Citrix ADC, load balancing for StoreFront services, Citrix XML services, and Citrix Director services must be configured
• On the external Citrix ADC. the Gateway virtual server must be configured in ICA proxy mode

Click the Exhibit button to view the logical representation of the network and the firewall policy prerequisites provided by the architect. On which two firewalls should the architect configure the policies? (Choose two.)