Virtual 1Y0-340 Study Guides 2021

NEW QUESTION 1
Which two actions can a Citrix Engineer use to provide Denial of Service (DoS) protection with the AppQoE feature? (Choose two.)

• A. Simple Response
• B. HICResponse
• C. Denial Response
• D. Complex Response

Answer: AB

NEW QUESTION 2
A Citrix Engineer needs to implement Application Firewall to prevent the following tampering and vulnerabilities:
-If web server does NOT send a field to the user, the check should NOT allow the user to add that field and return data in the field.
-If a field is a read-only or hidden field, the check verifies that data has NOT changed.
-If a field is a list box or radio button field, the check verifies that data in the response corresponds to one of the values in that field.
Which security check can the engineer enable to meet this requirement?

• A. Field Formats
• B. Form Field Consistency
• C. HTML Cross-Site Scripting
• D. CSRF Form Tagging

Answer: B

NEW QUESTION 3
Scenario: A Citrix Engineer configures the Application Firewall for protecting a sensitive website. The security team captures traffic between a client and the website and notes the following cookie:
citrix_ns_id
The security team is concerned that the cookie name is a risk, as it can be easily determined that the NetScaler is protecting the website.
Where can the engineer change the cookie name?

• A. Application Firewall Policy
• B. Application Firewall Engine Settings
• C. Application Firewall Default Signatures
• D. Application Firewall Profile

Answer: D

NEW QUESTION 4
Which meta-character can be used as a wildcard to match a single character in a given position?

• A. A forward slash (/)
• B. A period (.)
• C. An asterisk (*)
• D. A dollar Sign ($)

Answer: D

NEW QUESTION 5
Which two response headers are added by Application Firewall? (Choose two.)

• A. Transfer-Encoding
• B. Accept-Language
• C. Accept-Encoding
• D. Set-Cookie
• E. Range

Answer: AD

NEW QUESTION 6
Scenario: A Citrix Engineer is configuring a Buffer Overflow Security Check. When configuring the options, the engineer notices that the Learn Mode is unavailable.
Why is the Learn Mode unavailable in this configuration?

• A. The NetScaler License is at Enterprise.
• B. The Application Firewall database is at 20 MB.
• C. The Application Firewall feature is disabled.
• D. The Learn Mode is NOT available for Buffer Overflow.

Answer: A

NEW QUESTION 7
Scenario: A Citrix Engineer observes that when going through NetScaler, user connections fail and users are unable to access Exchange server. However, users can connect directly to the Exchange server. After checking the logs, the engineer finds that the POST request is blocked through the NetScaler.
The log in/ var/log/ns.log is as follows:
Jul 20 11:00: 38 <local0.info>x.x.x. 1 07/20/2021:11:00:38 GMT ns 0-PPE-0:APPFW AF_400_RESP 29362
0: x.x.x.1 439800-PPEO- urlwdummy
https://test.abc.com/rpc/rpcproxy.dll?mail.sfmta.com:6004 Bad request headers. Content-length exceeds post body limit <blocked>
Which parameter can the engineer modify to resolve the issue while maintaining security?

• A. Increase the Maximum Header Length under nshttp_default_profile.
• B. Increase the POST body limit using the HTTP profile.
• C. Add an Application Firewall policy with the expression “HTTP.REQ.METHOD.EQ( “POST”)” with APPFW_BYPASS profile bound.
• D. Increase the POST body limit under common settings in Application Firewall profile settings.

Answer: D

NEW QUESTION 8
A Citrix Engineer needs to ensure that all traffic to the virtual server is blocked if NONE of the bound Application Firewall policies are matched.
Which setting can the engineer configure to meet this requirement?

• A. set appfw settings –undefAction APPFW_BLOCK
• B. set ns httpProfile nshttp_default_profile-dropInvalReqs DISABLED
• C. set ns httpProfie nshttp_default_profile –dropInvalReqs ENABLED
• D. set appfw settings –defaultProfile APPFW_BLOCK

Answer: D

NEW QUESTION 9
Which aspect of NetScaler Management and Analytics System (NMAS) can be used to monitor end-to-end ICA traffic flowing through a NetScaler ADC?

• A. Gateway Insight
• B. HDX Insight
• C. Security Insight
• D. Web Insight

Answer: B

NEW QUESTION 10
Which security option falls under the Negative Security Model for Citrix Application Firewall?

• A. Start URL
• B. HTML Cross-Site Scripting
• C. Content-type
• D. Signature

Answer: D

NEW QUESTION 11
Scenario: A Citrix Engineer has enabled learning on Application Firewall for all the Security checks on a basic profile that is configured in a production environment. However, after a few hours, the Application Firewall has stopped learning new data.
What is causing the issue?

• A. The learning database is limited to 20 MB in size and needs a reset.
• B. Application Firewall learning can only be enabled for an advanced profile.
• C. Application Firewall learning should only be enabled on Start URL.
• D. All the Security checks CANNOT be enabled simultaneously.

Answer: A

NEW QUESTION 12
A Citrix Engineer needs to optimize the Cascading Style Sheets (CSS) content sent from the backend server before being forwarded to the client.
Which option can the engineer use to accomplish CSS optimization?

• A. Move to Head Tag
• B. Shrink to Attributes
• C. Lazy Load
• D. Convert to WebP

Answer: A

NEW QUESTION 13
Scenario: A Citrix Engineer has configured an IP Reputation policy and Profile in Application Firewall.
However, the engineer is NOT able to see any hits on the policy during testing.
Which logs can the engineer check to ensure that IP Reputation is configured correctly?

• A. websocketd.log
• B. snmpd.log
• C. iprep.log
• D. httpaccess.log

Answer: C

NEW QUESTION 14
When the NetScaler marks a client connection as “non-trackable”, the default behavior of the NetScaler without making any change to the HTTP Profile is to . (Choose the correct option to complete the sentence.)

• A. proxy the connection to the target.
• B. proxy the connection to the client.
• C. track the connection.
• D. drop the connection.

Answer: D

NEW QUESTION 15
The NetScaler Management and Analytics System (NMAS) collects inventory from the instance by sending a(n) request. (Choose the correct option to complete the sentence.)

• A. AppFlow
• B. NITRO
• C. SNMP
• D. HTTP

Answer: B

NEW QUESTION 16
Which NetScaler Management and Analytics System (NMAS) feature will assist the Citrix Engineer in gathering the required data for issues with Endpoint Analysis?

• A. Security Insight
• B. Web Insight
• C. HDX Insight
• D. Gateway Insight

Answer: A

NEW QUESTION 17
A Citrix Engineer is configuring an Application Firewall Policy to protect a website. Which expression will the engineer use in the policy?

• A. HTTP.RES.IS_VALID
• B. HTTP.REQ.HOSTNAME.EQ (“true”)
• C. HTTP.RES.HEADER (“hostname”).EQ (“true”)
• D. HTTP.REQ.IS_VALID

Answer: B

NEW QUESTION 18
The NetScaler logging client server can be installed and configured to store the log for . (Choose the correct option to complete the sentence.)

• A. HTTP and HTTPS active connections on the NetScaler
• B. HTTP and HTTPS requests processed by the NetScaler
• C. statistics of the HTTP and HTTPS web sites load balanced on NetScaler
• D. status of all the HTTP and HTTPS backend web servers

Answer: B