Highest Quality 1Y0-351 cram Reviews & Tips
Your success in Citrix 1Y0-351 is our sole target and we develop all our 1Y0-351 braindumps in a way that facilitates the attainment of this target. Not only is our 1Y0-351 study material the best you can find, it is also the most detailed and the most updated. 1Y0-351 Practice Exams for Citrix 1Y0-351 are written to the highest standards of technical accuracy.
Q51. Which type of authentication server could an engineer configure in order to provide the use of RSA token authentication as a permitted authentication method to access a AAA Virtual Server?
A. LDAP
B. SAML
C. RADIUS
D. Negotiate
Answer: C
Explanation:
http://support.citrix.com/article/CTX127543
This document describes how to configure Access Gateway 5.0 for authentication against an RSA SecurID Authentication server. It describes the configuration required in both the Access Gateway and the RSA server for various deployment topologies.
Within the RSA Authentication Manager console, choose Agent Host > Generate Configuration Files and select for One Agent Host, and choose the Agent Host created in step 1 and save the generated sdconf.rec file.
If using RSA 7.1 Open the RSA Security Console and navigate to Access > Authentication Agents > Add New. Enter the name and IP Address of the Access Gateway, and set Agent type to Standard Agent. Save this new agent.
Select Access > Authentication Agents > Generate Configuration File and generate the configuration file. There is no option to generate a configuration file for a single host in RSA
7.1. Save and extract the sdconf.rec from the generated zip file.
Log on to the Access Gateway AdminLogonPoint and go to Authentication Profiles to create an RSA authentication profile. Browse to the generated sdconf.rec file on your computer to upload it on the Appliance, and save the profile.
Additional Notes for Creating the Agent Record in RSA. The details entered into the Agent Host configuration are specific, and depend on the deployment configuration of your Access Gateway. The following are the different deployment methods and the associated configuration within the RSA Agent: Access Gateway is a non-HA deployment in one-arm mode. Network Address: IP address of Access Gateway Access Gateway is a non-HA deployment in two-arm mode, traffic to the RSA server is through the interface with the Internal role Network Address: IP address of the interface with the Internal role Access Gateway is a non-HA deployment in two-arm mode, traffic to the RSA server is through the interface with the External role Network Address: IP address of the interface with the Internal role Secondary Nodes: IP address of the interface with the External role Access Gateway is in an HA deployment in one-arm mode Network Address: The HA Virtual IP address Secondary Nodes: The physical IP addresses of both Access Gateways Access Gateway is in an HA deployment in two-arm mode, traffic to the RSA server is through the interface marked as INTERNAL Network Address: The HA Internal virtual IP address Secondary Nodes: The physical IP addresses of the interfaces with the Internal role on both Access Gateways Access Gateway is in an HA deployment in two-arm mode, traffic to the RSA server is through the interface marked as EXTERNAL Network Address: The HA Internal virtual IP address Secondary Nodes: The physical IP addresses of the interfaces with the External role on both Access Gateways *In RSA 7.1 Secondary Nodes have been renamed to Alternate IP Addresses in the Authentication Agent configuration.
Q52. What are two benefits of using Link Aggregation Control Protocol (LACP)? (Choose two.)
A. Redundancy
B. Compression
C. Reduce TCP latency
D. Increased throughput
E. Automatic configuration of TCP windows
Answer: A, D
Q53. A recent security audit has identified that NetScaler management is available on all Subnet IP (SNIP) adresses. Which step could an engineer take to ensure that these services are only available through the NetScaler IP (NSIP)?
A. Unbind all SNIPs from the NSVLAN.
B. Disable the 'GUI' option on all SNIPs.
C. Enable the 'Restrict Access' option on all SNIPs.
D. Disable the 'Management Access' option on all SNIPs.
Answer: D
Q54. When would it be necessary to configure Failover Interface Set (FIS) in an environment that has two NetScaler appliances in high availability (HA) mode?
A. Link redundancy is required.
B. Route monitors are required.
C. HA monitor is disabled in some interfaces.
D. The NetScaler appliances are configured on different networks.
Answer: A
Q55. Scenario: A NetScaler Engineer is addressing an issue discovered during a vulnerability scan.
The security team is requiring that the engineer disable specific SSL ciphers on the SSL
VServer. Which two methods could the engineer use to meet this requirement? (Choose two.)
A. Modify the list of ciphers in the Default cipher group.
B. Change the list of bound ciphers on the VServer directly.
C. Enable Cipher Redirect on the VServer and configure OCSP.
D. Disable SSLv2 Redirect on the VServer and update the CRLs.
E. Un-assign the default group, create a custom cipher group and assign it to the VServer.
Answer: B, E
Q56. A NetScaler Engineer is reviewing the performance of a NetScaler appliance and notices that
TCP multiplexing (TCP connection reuse) appears to NOT be working for a virtual server.
What could be the cause of this issue?
A. Compression is enabled on the services
B. Persistence is enabled on the virtual server
C. HTTP services are bound to the virtual server
D. The virtual server was created as type SSL_BRIDGE
Answer: D
Q57. On which two objects could a NetScaler Engineer bind cipher groups? (Choose two.)
A. Server
B. Service
C. SSL policy
D. SSL profile
E. Virtual server
Answer: B, E
Q58. Scenario: A Network Engineer needs to provide a solution for mobile users who use devices that do NOT support basic access authentication. Which three steps should be included as part of the engineer's plan to implement this requirement using NetScaler? (Choose three.)
A. Configure an OCSP responder.
B. Create an authentication VServer.
C. Configure a Pre-Authentication policy.
D. Create an LDAP authentication policy and bind it to the authentication server.
E. Enable and configure the authentication option on a VServer to use 401-based authentication.
F. Enable and configure the Authentication option on a load balancing VServer to use form- based authentication.
Answer: B, D, F
Q59. A network engineer wants to configure a NetScaler for load balancing Voice over IP traffic (VoIP). Which hash method is the best fit for VoIP traffic?
A. Call ID
B. Source IP
C. Destination IP
D. Domain name
Answer: A
Q60. Scenario: A NetScaler Engineer creates a new HTTP VServer using the following command: add lb vserver lb_test HTTP 172.20.10.85 80 -lbMethod LEASTCONNECTION - persistencetype COOKIEINSERT -timeout 0 -authentication ON -cacheable YES During testing, the engineer notices a cookie named NSC_iuuq2 with a value of: ffffffff020a1d1545525d5f4f58455e445a4a423660 What is the purpose of this cookie?
A. It indicates that the client has been authenticated.
B. It indicates that the client has NOT been authenticated.
C. It is used for persistence, describing only the VServer ID and Service IP.
D. It is used for persistence, describing the VServer ID, Service IP and Service Port.
Answer: D