QUESTION: 1

A network engineer needs to upgrade both appliances of a High Availability (HA)

pair. In which order should the network engineer upgrade the appliances?

A. Disable high availability and upgrade one node at a time.

B. Upgrade the primary node first without disabling high availability.
C. Upgrade the secondary node first without disabling high availability.
D. Perform the upgrade simultaneously without disabling high availability.

Answer: C

QUESTION: 2
Scenario: A network engineer is managing a NetScaler environment that has two
NetScaler devices running as a high availability pair. The engineer must upgrade
the current version from NetScaler 9 to NetScaler 10. Which action must the
engineer take?

A. Upgrade the primary node and perform HA sync.

B. Upgrade the secondary node and then upgrade the primary node.
C. Upgrade the primary node and then upgrade the secondary node.
D. Break the high availability pair, upgrade each NetScaler device, and then
reconfigure high availability.

Answer: B

QUESTION: 3
An engineer has two NetScaler devices in two different datacenters and wants to
create a high availability (HA) pair with the two devices, even though they are on
two different subnets. How can the engineer configure the HA Pair between the
two NetScaler devices?

A. Configure StaySecondary on the second datacenter appliance.

B. Ensure that INC mode is enabled during the creation of the HA Pair.
C. Enable the HAMonitors on all interfaces after the HA Pair has been created.
D. Change the NSIP of the second appliance to be on the same subnet as the first
appliance.

Answer: B

QUESTION: 4
When a network engineer logs onto a new NetScaler device in the London
datacenter, data output indicates that the device is NOT configured for the local
time. How can the network engineer synchronize the correct time with an NTP
server in the local data center?

A. Configure the correct time from the GUI and restart.

B. Modify the ntp.conf and rc.netscaler files and restart.
C. Logon using the nsrecover/nsroot credentials and restart.
D. Configure the NetScaler as a secondary NTP server and restart.

Answer: B

QUESTION: 5
Scenario: The NetScaler has connections to a large number of VPNs. The network
engineer wants to minimize the number of ARP requests. Which feature should the
network engineer enable to minimize ARP requests?

A. TCP Buffering
B. Use Source IP
C. Edge Configuration
D. MAC based forwarding

Answer: D

QUESTION: 6
A network engineer has configured two NetScaler MPX appliances as a high
availability (HA) pair. What can the engineer configure to prevent failover if only a
single interface fails?

A. FIS
B. PBR
C. SNMP
D. VMAC

Answer: A

QUESTION: 7
Scenario: A NetScaler appliance currently has a manually configured channel
containing four interfaces; however, the engineer has been told that the NetScaler
must now only use a single interface for this network. The engineer removes the
channel and immediately notices a decrease in network performance. How could
the engineer resolve this issue?

A. Reset the unused interfaces

B. Disable the unused interfaces
C. Enable flow control on all interfaces
D. Disable HA monitoring on the three interfaces that are no longer required

Answer: B

QUESTION: 8
Scenario: A NetScaler engineer needs to enable access to some web servers
running on an IPv6-only network. The clients connecting the services are on an
IPv4 network. The engineer has already enabled IPv6 on the NetScaler. What does
the engineer need to do in order to provide access to the services on the IPv6
network?

A. Create an IPv6 tunnel and a IPv4 virtual server.

B. Configure an IPv6 VLAN and bind the required interface. C.
Create a IPv4 virtual server and bind the service group to it.
D. Create an IPv6 ACL and a IPv4 virtual server and bind the ACL to the virtual
server.

Answer: C

QUESTION: 9
Scenario: A network engineer created an IPv6 virtual server on the NetScaler. The
virtual server is using a service group with two IPv4 servers bound to it. When
testing access to the virtual server from a client configured with an IPv6 address,
he is unable to connect. What could be the reason for this issue?

A. The NetScaler is disabled for NAT.

B. IPv6 protocol translation is disabled.
C. An IPv6 address on the NetScaler is not bound to the correct VLAN.
D. The NetScaler does not have an INAT rule to convert IPv4 to IPv6 from the
back-end servers.

Answer: B

QUESTION: 10
Scenario: An engineer executes the following commands:
add vlan 2
bind vlan 2 -ifnum 1/2
add ns ip 10.110.4.200 255.255.255.0
bind vlan 2 -IPAddress 10.110.4.200 255.255.255.0
What type of IP address has been added to the NetScaler?

A. VIP address
B. NSIP address
C. SNIP address
D. GSLB Site IP address

Answer: C

QUESTION: 11
Scenario: For security reasons, the NSIP needs to be configured to only be
accessible on interface 0/1, which is VLAN 300.
The NSIP address is 10.110.4.254 and the subnet mask is 255.255.255.0.
How would the network engineer achieve this configuration?

A. set ns config -nsvlan 300 -ifnum 0/1

B. set ns ip 10.110.4.254 -gui ENABLED -vrID 300
C. add vlan 300 set ns ip 10.110.4.254 -mgmtAccess ENABLED
D. set ns config -IPAddress 10.110.4.254 -netmask 255.255.255.0

Answer: A

QUESTION: 12
Why would an engineer want to specify a TCP Profile for a specific service group?

A. To enable use of features like SSL over TCP for that specific service group.
B. To adjust the TCP settings for traffic to and from that specific service group.
C. To use a specific SNIP for traffic to the back-end servers in that service group.

D. To enable features like use source IP, TCP keep alive and TCP buffering for a
specific service group.

Answer: B

QUESTION: 13
A network engineer wants to optimize a published load balanced SSL virtual server
for WAN connection with long delay, high bandwidth with minimal packet drops.
What would the network engineer use to do this type of optimization for the SSL
virtual server?

A. SSL policy
B. TCP profile
C. Compression policy
D. Priority queuing policy

Answer: B

QUESTION: 14
Scenario: The NetScaler is connected to two subnets. The NSIP is 10.2.9.12. The
external SNIP is 10.2.7.3. The MIP for internal access is 10.2.9.3. Web servers,
authentication servers and time servers are on the 10.2.10.0/24 network which is
available through the 10.2.9.1 router. The external firewall has the 10.2.7.1
address. Traffic bound for Internet clients should flow through the external
firewall. Which command should be used to set the default route?

A. add route 0.0.0.0 0.0.0.0 10.2.7.1

B. add route 0.0.0.0 0.0.0.0 10.2.9.1
C. add route 10.0.0.0 255.0.0.0 10.2.9.1
D. add route 10.0.0.0 255.0.0.0 10.2.7.1

Answer: A

QUESTION: 15
Some SSL certificate files may be missing from a NetScaler appliance. Which
directory should an engineer check to determine which files are missing?

A. /nsconfig/ssl

B. /nsconfig/ssh
C. flash/nsconfig/
D. /var/netscaler/ssl/

Answer: A

QUESTION: 16
Scenario: An engineer has been hired to manage the content-switching
configurations on the NetScaler. The user account for this engineer must have the
standard rules that apply to the other administrators. What should the engineer do
to allow for the extra privileges?

A. Modify the current Command Policy and then save the changes.
B. Unbind the current Command Policy of the user account and then save the
changes.
C. Remove the custom Command Policy and then create one with the new
requirements.
D. Create a custom Command Policy and bind it to the user account with the
highest priority.

Answer: D

QUESTION: 17
A network engineer needs to configure smart card-based authentication on
NetScaler Access Gateway. Which type of authentication policy could the engineer
configure in order to accomplish this task?

A. Local
B. RADIUS
C. Certificate
D. Secure LDAP

Answer: C

QUESTION: 18
A company wants to implement a policy where all passwords should be encrypted
while transiting the network. Where in the GUI would the network engineer
prevent access to unsecured management protocols?

A. Network -> IPs

B. System -> Auditing
C. AppExpert -> Pattern Sets
D. Protection Features -> Filter

Answer: A

QUESTION: 19
Scenario: The NetScaler is configured with a NSIP of 10.20.30.40. Management
access is NOT enabled on any other IP address. Which command should an
engineer execute to prevent access to the NetScaler using HTTP and only allow
HTTPS access?

A. set ns ip 10.20.30.40 -gui disabled -telnet disabled

B. set ip 10.20.30.40 -gui secureonly -mgmtaccess enabled C.
set ip 10.20.30.40 -mgmtaccess disabled -gui secureonly D.
set ns ip 10.20.30.40 -gui enabled -restrictAccess enabled

Answer: B

QUESTION: 20
Company policy states that SNMP management should only be allowed from
specific hosts. What should the network engineer do to prevent unauthorized access
to SNMP?

A. Add an SNMP manager.

B. Add an SNMP trap destination.
C. Check secure access only on the NSIP.
D. Add an SNMP community name that is difficult to guess.

Answer: A

QUESTION: 21
Scenario: The IT department in an organization manages servers and network
devices from an internal management subnet. A NetScaler device has recently been
installed into the DMZ network. The intranet firewall allows TCP 443 from the
management subnet to the NetScaler device. How could the engineer ensure that

only workstations in the management network are permitted to manage the

NetScaler?

A. Create an Extended ACL based on the source IP address.

B. Create a restricted route from the internal network to the DMZ.
C. Enable the management access control option on the NSIP address.
D. Enable the management access control on the internal SNIP address.

Answer: A

QUESTION: 22
Scenario: An engineer has three subnets configured on a NetScaler appliance. The
engineer must only allow a certain group of users to access a virtual server on the
appliance. The IT Manager requires that all rules are flexible and can be easily
modified for ease of administration. How could the engineer allow certain groups
to access the virtual server while still being able to modify the setting in the future?

A. Add a Simple ACL.

B. Disable USNIP Mode.
C. Create an Extended ACL.
D. Add a Host Route to the virtual server.

Answer: C

QUESTION: 23
Scenario: An engineer created a new test Web Interface site for the new
XenDesktop farm that the IT Department is developing. Several weeks later the
engineer finds out that several people across the company have been accessing the
new test site. The engineer needs to ensure that only the IT Department subnets can
access the test site. How could the engineer restrict access to the site so that only
certain subnets can access this resource?

A. Add an Extended ACL to only allow specific subnets to the Web Interface Site.
B. Modify an existing simple ACL to allow specific subnets to the Web Interface
Site.
C. Enable USNIP Mode on the appliance to allow specific subnets to the Web
Interface Site.
D. Change the Access Method on the Web Interface Site to allow specific subnets
to the Web Interface Site.

Answer: A

QUESTION: 24
A network engineer needs to configure load balancing for an FTP site. Which type
of session persistence method can the engineer select for this scenario?

A. Rule
B. Source IP
C. Cookie Insert
D. Custom Server ID

Answer: B

QUESTION: 25
Scenario: Example.com runs a dating service site that provides a service with
videos of candidates. They want to use RTSP load balancing to stream the videos
more effectively. Which load balancing method should the engineer select?

A. Least packet
B. Round Robin
C. Least bandwidth
D. Least connection

Answer: C

QUESTION: 26
A network engineer needs to configure load balancing for secured web traffic that
does NOT terminate at the NetScaler device. Which type of session persistence
method can the engineer select for this scenario?

A. Source IP
B. Cookie Insert
C. URL Passive
D. SRCIPDESTIP

Answer: A

QUESTION: 27
A company has two sites that host six cache web servers that are used to promote
sales information. Which feature on the NetScaler should an engineer enable to
provide faster application performance and also provide additional capacity if the
demand increases for one site?

A. Load balancing B.
Integrated Cache C.
Responder Policy D.
Content switching

Answer: A

QUESTION: 28
Scenario: A network engineer has configured a load balancing virtual server for an
HTTP application. Due to the application architecture, it is imperative that a users
session remains on a single server during the session. The session has an idle
timeout of 60 minutes. Some devices are getting inconsistent application access
while most are working fine. The problematic devices all have tighter security
controls in place. Which step should the engineer take to resolve this issue?

A. Set the cookie timeout to 60 minutes.

B. Configure a backup persistence of SourceIP.
C. Change the HTTP parameters to Cookie Version 1.
D. Utilize SSL offload to enable the application to use SSL.

Answer: B

QUESTION: 29
Scenario: The network engineer has created a monitor and bound it to a service
group containing four web servers to verify that the web application responds.
During routine maintenance one of the web servers is shut down; however, the
server state remains UP and user requests are still attempting to communicate with
the server. What could be causing this problem?

A. The server has been disabled.

B. The monitor is not bound at the correct bind point.
C. Health monitoring is disabled for the service group.

D. The NetScaler configuration has not been saved since before the monitor was
bound.

Answer: C

QUESTION: 30
Scenario: An engineer is configuring services to allow load balancing of backend
web servers on the internal network. The engineer bound multiple monitors to the
first service, but notices that the service is reporting as DOWN. The monitor
threshold default has NOT been changed. What could be causing this issue?

A. The service type is HTTP.

B. One of the monitors' tests is failing.
C. Some of the monitors have a higher weight.
D. The monitors are both reporting an UP status.

Answer: B

QUESTION: 31
What should a network engineer configure to set high availability for a load
balanced virtual server?

A. Session persistence
B. A backup virtual server
C. Load balancing policies
D. Load balancing services

Answer: B

QUESTION: 32
Scenario: A NetScaler engineer is adding a new SSL certificate to a NetScaler
device. During the process the engineer receives an error message:
"Certificate with key size greater than RSA512 or DSA512 bits not supported."
The same process has been followed previously on the same model of NetScaler
successfully. What is the likely cause of this error?

A. The certificate hostname is invalid.

B. RSA authentication has been added to the VIP.

C. The NetScaler has not been licensed correctly.

D. The CSR has not been submitted to the certificate authority.

Answer: C

QUESTION: 33
Scenario: A network engineer needs to generate a certificate on the NetScaler
appliance. The environment requires a private key with 4096-bit encryption. To
generate a new SSL certificate from a NetScaler Appliance, the engineer must first
create
. (Choose the correct option to complete the sentence.)

A. CSR
B. DSA key
C. RSA key
D. Diffie-Hellman key

Answer: C

QUESTION: 34
Scenario: An engineer has configured an SSL virtual server and has bound a
service group of type HTTP containing several servers. The service group is UP
but the virtual server is in a DOWN state. The engineer has verified that the SSL
feature is enabled. What should the engineer do to ensure that the virtual server
shows as UP?

A. Add a monitor that checks for HTTP.

B. Change the service group to type SSL.
C. Bind an SSL certificate to the virtual server.
D. Configure the service group to use port 443.
E. Change the monitor for a larger time out period.

Answer: C

QUESTION: 35
Users have reported that they are receiving a confusing error message related to
SSL sessions when connecting from older browsers. How could the network
engineer present this error to users in a customized format?

A. Enable the SSL v2 protocol.

B. Set a URL on the backup virtual server.
C. Add a redirect URL to the virtual server.
D. Configure SSL v2 Redirection for the virtual server.

Answer: D

QUESTION: 36
A network engineer must determine which SSL protocols are enabled on a virtual
server named SSL01. Which command could the engineer run to see this
information?

A. Show ssl stats

B. Show server SSL01
C. Show vServer SSL01
D. Show ssl vServer SSL01

Answer: D

QUESTION: 37
The security department just conducted a penetration test on the published virtual
servers and all of the SSL virtual servers returned the result Allowed changing to
weak certificate standard in the report. The reason for this result could be that the
network engineer who configured the virtual servers forgot to
.
(Choose the correct option to complete the sentence.)

A. block TLSv1
B. apply the SSL policy
C. configure the HIGH Cipher group only
D. configure the DEFAULT Cipher group only

Answer: C

QUESTION: 38
Which policy expression must an engineer use to enable compression for javascript
files?

A. HTTP.RES.BODY(0).CONTAINS("javascript")

B. HTTP.REQ.BODY(0).CONTAINS("javascript")
C. HTTP.RES.HEADER("Content-Type").CONTAINS("javascript")
D. HTTP.REQ.HEADER("Content-Type").CONTAINS("javascript")

Answer: C

QUESTION: 39
Which expression must an engineer use to prevent compression of Cascading Style
Sheets?

A. HTTP.RES.BODY(0).CONTAINS("text/css")
B. HTTP.REQ.BODY(0).CONTAINS("text/css")
C. HTTP.RES.HEADER("Content-Type").CONTAINS("text/css")
D. HTTP.REQ.HEADER("Content-Type").CONTAINS("text/css")

Answer: C

QUESTION: 40
The purpose of pre-fetch in integrated caching is to automatically
(Choose the correct option to complete the sentence.)

A. refresh a cached object before expiring

B. fetch objects from the forwarding cache before expiring
C. retrieve all objects on a published website after a policy is applied
D. retrieve an object in the expression from a website after a policy is applied

Answer: A

QUESTION: 41
What is the purpose of the flash cache option in integrated caching?

A. To completely wipe a cache group when the targeted selector is hit in the cache
B. To use the flash memory for storage for a specific cache group to improve
performance
C. To queue simultaneous requests of an object and answer all with the same
response from the server
D. To answer the client request without checking if the object has expired, objects
are checked periodically instead

Answer: C

QUESTION: 42
Scenario: A network engineer has created two selectors to use to populate a cache
group in integrated caching. One selector, "Hit," will determine what to add to the
group. The other, "Inval", will select what should be invalidated. Which command
should the engineer run to create the cache group?

A. add cache contentgroup CacheGroup1 -hitParams Hit -invalParam Inval

B. add cache contentgroup CacheGroup1 -hitSelector Hit -invalSelector Inval
C. set cache contentgroup CacheGroup1 - hitParams Hit -invalParam Inval -type
HTTP
D. set cache contentgroup CacheGroup1 -hitSelector Hit - invalSelector Inval -type
HTTP

Answer: B

QUESTION: 43
Scenario: An organization has recently been penetration-tested by a security
company. The findings have indicated that the NetScaler device is responding to
requests revealing web server information within the HTTP response headers.
Which NetScaler feature can a network engineer use to prevent this information
from being leaked to a potential malicious user?

A. Rewrite
B. Responder
C. Web Logging
D. URL Transformation

Answer: A

QUESTION: 44
Scenario: Company Inc. wants to tag incoming requests with a header that
indicates which browser is being used on the connection. This helps the server keep
track of the browsers after the NetScaler has delivered the connections to the back
end. The engineer should create
actions to
. (Choose the
correct set of options to complete the sentence.)

A. rewrite; insert tags on the client header

B. responder; separate the client requests
C. rewrite; insert tags on the server response
D. responder; filter the browser type on the client header

Answer: A

QUESTION: 45
Which step could a network engineer take to prevent brute force logon attacks?

A. Enable the Rate Limiting feature.

B. Enable the AAA Application feature.
C. Configure the Access Gateway policies.
D. Configure the Cache redirection policies.

Answer: A

QUESTION: 46
A network engineer should enable the Rate Limiting feature of a NetScaler system
attack. (Choose the correct option to complete
to mitigate the threat of
the sentence.)

A. reverse proxying
B. Java decompilation
C. source code disclosure
D. brute force logon attacks

Answer: D

QUESTION: 47
Which NetScaler feature could be used to stall policy processing to retrieve
information from an external server?

A. Responder
B. HTTP callout
C. AppExpert template
D. EdgeSight monitoring

Answer: B

QUESTION: 48
An engineer has bound three monitors to a service group and configured each of
the monitors with a weight of 10. How should the engineer ensure that the
members of the service group are marked as DOWN when at least two monitors fail?

A. Re-configure the weight of each monitor to 0.

B. Configure the service group with a threshold of 21.
C. Configure the service group with a threshold of 20.
D. Re-configure the weight of each monitor to 5, and configure the service group
threshold to 15.

Answer: C

QUESTION: 49
A network engineer has noted that the primary node in an HA pair has been
alternating as many as three times a day due to intermittent issues. What should the
engineer configure to ensure that HA failures are alerted?

A. LACP
B. SNMP
C. Route monitors
D. Failover Interface Set

Answer: B

QUESTION: 50
The disk is full on a NetScaler appliance but NO alerts were generated by the
SNMP traps. What is the likely cause of this failed alert?

A. Auditing is not enabled.

B. EdgeSight monitoring is not configured.
C. The threshold was not set for the alarm.
D. Health monitoring has not been enabled.

Answer: C

QUESTION: 51
What type of protocol does AppFlow use for reporting?

A. TCP B.
UDP C.
HTTP
D. SSL_TCP

Answer: B

QUESTION: 52
Scenario: A network engineer monitoring an HTTP service-related issue needs to
view only the relevant data pertaining to the service being monitored. The IP
address of the back-end service being monitored is 10.10.1.99. The NSIP address is
10.10.1.230. Which command should the engineer execute to monitor data relevant
to this issue only in realtime?

A. telnet
B. traceroute
C. nsconmsg
D. nstcpdump

Answer: D

QUESTION: 53
Scenario: A NetScaler environment uses two-factor authentication and the second
authentication method is AD. A user logs in to the environment but does NOT
receive access to the resources that the user should have access to. How can an
engineer determine the AD authentication issue on the NetScaler?

A. Check NSlogs.
B. Use nsconmsg.
C. Use the cat aaad.debug command.
D. Check the authorization configuration.

Answer: C

QUESTION: 54
A NetScaler is configured with two-factor authentication. A user reported that
authentication failed. How can an engineer determine which factor of the
authentication method failed?

A. Check NSlog.
B. Use nsconmsg.
C. Check the dashboard.
D. Use cat aaad.debug command.

Answer: D

QUESTION: 55
Scenario: A NetScaler high availability (HA) pair has the following interfaces
connected:
1/1 - Test network
1/2 - Production network
The network engineer needs to re-cable the test network and wants to ensure that,
when the cable is removed, HA fail over does NOT occur unless the production
network also goes down.
Which step should the engineer take to meet these requirements?

A. Configure LACP for interface 1/1.

B. Disable HA monitoring on interface 1/1.
C. Set the throughput to 0 for interface 1/1.
D. Bind interfaces 1/1 and 1/2 into a channel, then disable HA monitoring.

Answer: B

QUESTION: 56
Scenario: A NetScaler engineer is on the phone with Technical Support to
troubleshoot an issue. The NetScaler engineer generated a support archive and
needs to send the file to the Technical Support Specialist to help resolve the
problem with the appliance. In which directory could the engineer retrieve the
information?

A. /nsconfig

B. /var/crash
C. /var/nstrace
D. /var/tmp/support

Answer: D

QUESTION: 57
Scenario: A network engineer has bound a service group containing four web
servers to a virtual server. The virtual server is UP but users report that they are
unable to access the virtual server. In order to troubleshoot this issue, the engineer
should use telnet from
. (Choose the correct option to complete the
sentence.)

A. a PC to the virtual IP address

B. a PC to the subnet IP address
C. a PC to the mapped IP address
D. the NetScaler shell to one of the web servers

Answer: A

QUESTION: 58
How could a network engineer gather detailed network information?

A. System node -> Diagnostics -> Call home

B. System node -> Diagnostics -> Start new trace
C. System node -> Diagnostics -> Show techsupport
D. System node -> Diagnostics -> Show running vs saved config

Answer: B

QUESTION: 59
Scenario: A security test has shown that the NetScaler is forwarding IP packets.
Company standard operating procedure is that the routers should be the only
devices forwarding packets. Which step should the network engineer take to
prevent forwarding packets?

A. Enable Layer 2 mode.

B. Disable Layer 3 mode.

C. Disable Path MTU Discovery. D.

Enable MAC based forwarding.

Answer: B

QUESTION: 60
An engineer has bound a policy to a test virtual server. How could the engineer
verify that the policy is being applied?

A. Monitor the number of hits for the policy.

B. Monitor the number of hits for the virtual server.
C. Enable the AppFlow logging option for the virtual server.
D. Ensure the policy has a greater priority value than other policies bound to the
test virtual server.

Answer: A

QUESTION: 61
Scenario: An engineer implementing a NetScaler is tasked with creating a new
VLAN, named VLAN 2, and adding it to the current interfaces. A new IP address
of 10.102.29.54 with a network mask of 255.255.255.0 must be configured for
VLAN 2. Which commands could the engineer use to achieve this configuration in
the command-line interface prior to binding VLAN 2?

A. add ns ip 10.102.29.54 255.255.255.0 add vlan 2

B. set vlan 2 -aliasName VLAN2 add ns ip 10.102.29.54 255.255.255.0
C. add ns ip 10.102.29.54 255.255.255.0 -vrID 2
D. add ns ip 10.102.29.54 255.255.255.0 -type SNIP set ns ip 10.102.29.54
255.255.255.0 -vrID 2

Answer: A

QUESTION: 62
Scenario: A network engineer has configured GSLB for a multisite environment.
All GSLB services show as UP with an UP MEP status. The engineer has observed
that DNS queries are directed to the SNIP of the NetScaler; however, no DNS
response is being received. How can the engineer resolve this issue?

A. Add an ADNS service on the SNIP.

B. Change the DNS delegation to the NSIP.
C. Create a load balancing virtual server for DNS.
D. Select the Send all active service IPs in response (MIR) option.

Answer: A

QUESTION: 63
Scenario: GSLB has been configured for use within a multisite environment. The
MEP status is reported as down on all GSLB appliances. The appliances have been
configured for unsecured MEP exchange. Which port must the network engineer
ensure is open between the NetScaler appliances?

A. TCP 3011
B. UDP 3011
C. TCP 3012
D. UDP 3012

Answer: A

QUESTION: 64
Scenario: The network engineer is unable to access a specific SSL site through the
NetScaler. While reviewing traces on the NetScaler, the network engineer noticed
"Handshake" failures from the server. These handshake failures could be the result
. (Choose the correct option to complete the
of the virtual server
sentence.)

A. only allowing TLS

B. not allowing SSLv3
C. not allowing correct ciphers
D. configured to demand client authentication

Answer: C

QUESTION: 65
Scenario: A virtual server named New_Server has been disabled to perform an
emergency upgrade; however requests from clients are NOT being redirected to the
maintenance page. The redirected URL configuration is:

>set cs vserver Website_main -lbvserver New_Server -backupVserver

Backup_Server - redirectURL http://www.mydomain.com/maintenance -soMethod
Connection -soThreshold 1000 -soPersistence enabled
Why are requests from clients NOT being redirected to the maintenance page?

A. The backup virtual server is unavailable.

B. The spillover persistence has been activated.
C. It has not been linked to content switching policies.
D. The backup virtual server takes precedence over the redirect URL.

Answer: D

QUESTION: 66
Scenario: A network engineer gets an error message when using the configuration
utility to import a PKCS#12 certificate that contains a dollar sign ($), a backquote
(`), or an escape (\) character password. In order to address this error, the network
engineer could prefix it with
. (Choose the correct option to complete
the sentence.)

A. an escape character (\)

B. a backquote character (`)
C. a dollar sign character ($)
D. a double quotation character (")

Answer: A

QUESTION: 67
Scenario: A network engineer has modified the configuration of a contentswitching virtual server, Website_main, because a second content-switching server
that is capable of handling more connections has been added to the NetScaler
implementation. Both servers will remain in operation. The engineer made the
following configuration changes:
>set cs vserver Website_main -lbvserver New_Server -backupVserver Old_Server
- redirectURL http://www.mydomain.com/maintenance -soMethod Connection soThreshold 1000 Why did the engineer enable the spillover option?

A. To handle incoming connections in case the new server is unavailable

B. To handle the extra connections using the old server without dropping them
C. To redirect the extra connections to the Maintenance website when it is needed

D. To handle incoming connections while the server reaches its limit of

connections

Answer: B

QUESTION: 68
Scenario: A company is using Citrix NetScaler VPX for publishing internal
resources using Citrix Access Gateway with Smart Access. Since the number of
users has increased the company wants to migrate from Citrix NetScaler VPX to
Citrix NetScaler MPX. The engineer is running a parallel installation of the Citrix
NetScaler MPX and now needs to transfer the Citrix Access Gateway Universal
Licenses from a Citrix NetScaler VPX to a Citrix NetScaler MPX platform. How
should the engineer transfer the Citrix Access Gateway Universal License files
from the VPX to the MPX?

A. Backup the /nsconfig directory from the Citrix NetScaler VPX using SCP,
restore the /nsconfig directory to the Citrix NetScaler MPX using SCP.
B. Download the Access Gateway Universal License file(s) from the Citrix
NetScaler VPX using SCP. Upload the Access Gateway Universal License file(s)
to the Citrix NetScaler MPX using SCP.
C. Logon to www.MyCitrix.com, return the Citrix Access Gateway Universal
License file(s), reallocate the Citrix Access Gateway Universal License file using
the hostname of the Citrix NetScaler MPX.
D. Logon to www.MyCitrix.com, return the Citrix Access Gateway Universal
License file(s), reallocate the Citrix Access Gateway Universal License file using
the MAC Address of the Citrix NetScaler MPX.

Answer: C

QUESTION: 69
Scenario: A network engineer needs to add an NTP server to a NetScaler appliance.
The NTP service is configured on 10.10.1.49. Which command should the network
engineer use within the command-line interface to add in an NTP server for time
synchronization?

A. add ntp server 10.10.1.49

B. add server NTP 10.10.1.49
C. add service NTP 10.10.1.49 TCP 123
D. add service NTP 10.10.1.49 UDP 123

Answer: A

QUESTION: 70
A network engineer has enabled USIP and USNIP and set a unique IP address as
the source IP using the proxyIP parameter on an INAT policy. Which is the correct
order of precedence for the IP addresses?

A. Unique IP-USIP-MIP-Error
B. USIP-unique IP-USNIP-MIP-Error
C. USIP-Unique IP-MIP-USNIP-Error
D. USIP-USNIP-MIP-Unique IP-Error

Answer: B

QUESTION: 71
Scenario: An engineer configures two NetScaler appliances in a high availability
(HA) pair. As part of a monthly health check, the engineer attempts to log on to the
second node of the HA pair and is unable to access the management IP Address.
The engineer logs on to the first NetScaler node and verifies that HA is working
and operational. What does the engineer need to do to resolve this problem?

A. Create an ACL to allow access to the NSIP of the second node.

B. Add a SNIP for the Management IP Address of the second node.
C. Ensure that HA Route Monitors have been configured for the second node.
D. Change the NSRoot password back to default then log on to the second node.

Answer: A

QUESTION: 72
A public SSL certificate on a virtual server is about to expire and the NetScaler
engineer needs to renew the certificate before it expires. Which step must the
engineer take to renew the SSL Certificate?

A. Generate a new CSR

B. Recreate the Private Keys
C. Execute CRL Management
D. Update the existing certificate

Answer: D

QUESTION: 73
An environment network has:
High bandwidth
Low packet loss
High Round-Trip Time (RTT)
Which TCP profile should an engineer configure for the environment described?

A. Nstcp_default_profile
B. Nstcp_default_tcp_lfp
C. Nstcp_default_tcp_lnp
D. Nstcp_default_tcp_lan

Answer: B

QUESTION: 74
Scenario: A network engineer needs to provide web server administrators with
access to monitoring and reporting after changing the default root password during
the initial setup of the NetScaler. The engineer needs to ensure that the web server
administrators can perform this task. What should the engineer do in order to
ensure that the administrators are able to log on to the NetScaler?

A. Create a group.
B. Create user accounts.
C. Create an authorization policy.
D. Create an authentication policy.

Answer: B

QUESTION: 75
Scenario: An engineer has configured a virtual server that users access using HTTP
port 80. The web application also uses TCP port 81 and 8080 for non-user access.
The engineer would like to prevent users from connecting to web servers if any of
the ports go down. How should the engineer set this configuration to ensure service
availability?

A. Increase the monitor threshold.

B. Lower the server timeout value.

C. Create additional virtual servers for ports 81 and 8080.

D. Create monitors for ports 81 and 8080, and bind to the service or service group.

Answer: B

QUESTION: 76
Which step is required to ensure that SSL traffic is passed through the NetScaler to
backend services without processing SSL on the NetScaler appliance?

A. Create a service group of type SSL. B.

Create a service group of type HTTP.
C. Bind an SSL certificate to a service group. D.
Bind an SSL certificate to the virtual server.
E. Create a service group of type SSL_BRIDGE.

Answer: E

QUESTION: 77
A NetScaler engineer would like to present different web pages to a user based on
the device and browser type from which they are connecting. Which responder
policy could assist with this requirement?

A. HTTP.RES.URL.PATH
B. HTTP.REQ.Host("Host")
C. HTTP.RES.BODY(1024)
D. HTTP.REQ.HEADER("User-Agent")

Answer: C

QUESTION: 78
Scenario: A user browses to a page and is presented with a warning that he is trying
to enter a web site with an untrusted certificate. The network engineer had added
the correct certificate to the SSL virtual server. What could be the cause of this issue?

A. TLS is disabled on the virtual server.

B. The certificate is not linked to the intermediate CA.
C. The certificate has expired and needs to be renewed.

D. The CA certificate has not been added to the SSL virtual server.

Answer: B

QUESTION: 79
A network engineer is investigating issues and suspects that a new server that has
been recently added to the environment has the same IP address as a virtual server
that is configured on the NetScaler. Which command could the engineer run to
check the logs that will contain such details?

A. nsconmsg -K newnslog -d stats

B. nsconmsg -K /var/nslog/newnslog -d consmsg
C. nsconmsg -K /var/nslog/newnslog -s ConLb=1 -d oldconmsg
D. nsconmsg -K /var/nslog/newnslog -s ConMon=x -d oldconmsg

Answer: B

QUESTION: 80
Scenario: A network engineer created an SSL virtual server and enabled smart card
on it. The engineer tried browsing to the server and noticed the back-end system
could NOT see the users certificates. What could be causing this issue?

A. The SSL virtual server cannot forward a client certificate. B.

The network engineer has not set smart card to mandatory. C.
The SSL virtual server cannot use smart card authentication.
D. The network engineer has not enabled SNI on the virtual server.
E. The network engineer forgot to enable the SSL policy allowing smart card
forwarding on the SSL virtual server.

Answer: A

QUESTION: 81
How could an engineer configure a monitor to ensure that a server is marked as
DOWN if the monitor test is successful?

A. Enable the LRTM option for the monitor

B. Enable the Reverse option for the monitor
C. Disable Down state flush for the service group

D. Disable the Health monitoring option for the service group

Answer: B

QUESTION: 82
Scenario: A network engineer suspects that there is a duplex mismatch in the
network configuration. The NSIP address is 10.10.1.206. How can the
administrator verify the configuration in this scenario?

A. Run the 'netstat -r' command.

B. Run the show IP 10.10.1.206 command.
C. Run the start nstrace -level 10 command.
D. Check for the interface configuration in the GUI.

Answer: D

QUESTION: 83
Scenario: Primary NetScaler (NS1) is licensed for 10000 Maximum ICA users and
305 Access Gateway users. Secondary NetScaler (NS2) is licensed for 10000
Maximum ICA users and five Access Gateway users. From where and which
command should a network engineer run to display diagnostics on the licenses?

A. From the shell, run 'view license'.

B. From the shell, run 'more /var/log/license.log'.
C. From the command-line interface, run 'show license'.
D. From the command-line interface, run 'cat /var/log/license.log'.

Answer: B

QUESTION: 84
NSROOT is the only account configured with super user rights. In order to initiate
the password recovery procedure, the engineer must
. (Choose the
correct option to complete the sentence.)

A. logon using SCP and modify ns.conf

B. connect to the physical NetScaler device
C. connect using SSH to the NetScaler device
D. logon using nsrecover/nsroot and reallocate licenses

Answer: B

QUESTION: 85
A network engineer should use a HTTP-ECV monitor type to control the status of a
load balanced web server resource when
. (Choose the correct option
to complete the sentence.)

A. checking for multiple HTTP response codes

B. wanting to use a customized HTTP Request
C. checking for a specific pattern in the HTTP Response body
D. checking for a specific pattern in the HTTP Response header

Answer: C

QUESTION: 86
Scenario: A network engineer has installed a NetScaler system into their corporate
DMZ and would like to provide access to a web server on the internal LAN. The
web server will be accessed by external users through the NetScaler. The firewall
administrator has opened the relevant ports required on the external and the internal
firewall. The engineer notices that the virtual server and services representing the
web server are down and the internal web server does NOT appear accessible from
the NetScaler. What could be the cause of this?

A. USIP is not enabled.

B. Client IP Insertion is not enabled.
C. A URL rewrite policy is not created.
D. A SNIP address has not been added.

Answer: C

QUESTION: 87
Scenario: A network engineer has configured an HTTP application to be load
balanced using a virtual server named Svr1. Users have reported intermittent errors
and the engineer has been given the client IP address of an affected user and asked
to determine which back end service they are connected to. Using the commandline interface, how could the engineer find this information?

A. Show lb vServer Svr1

B. Show system session
C. Show lb vServer Svr1 -Summary
D. Show lb persistentSessions Svr1

Answer: D

QUESTION: 88
A network engineer is troubleshooting a situation where ARP requests for IPs in
other subnets (for example 10.192.12.80) are appearing in the 10.192.8.0/24
subnet. Which command could the engineer run on the NetScaler to verify IP to
VLAN bindings?

A. show ip B.
netstat -r C.
show arp D.
show vlan

Answer: D

QUESTION: 89
Scenario: An engineer needs to configure a monitor to ensure that each server is
tested every 10 seconds and requires that the server pass the test four consecutive
times before marking a server as UP. If the test fails, the server should be marked
as down for 60 seconds. To configure the monitor, the engineer should configure
an interval of 10 seconds, down- time of 60 seconds;
as 4; and retries
as
. (Choose the correct set of options to complete the sentence.)

A. failure retries; 1
B. failure retries; 4
C. success retries; 1
D. success retries; 4

Answer: C

QUESTION: 90
An engineer has configured a DNS virtual server on a NetScaler appliance but the
monitors are showing DOWN and DNS resolution is failing. Which of the
following should the engineer check?

A. Port 53 between the VIP address and the DNS servers is allowed
B. That a ADNS_TCP service has been configured on the NetScaler
C. That the load balancing feature has been enabled on the NetScaler
D. Port 53 between the NSIP address and the DNS servers is allowed
E. Port 53 between the SNIP address and the DNS servers is allowed

Answer: E

QUESTION: 91
A network engineer should use the Advanced tab when configuring load balancing
to enable
. (Choose the correct option to answer the question.)

A. SSL offloading
B. Integrated caching
C. EdgeSight Monitoring
D. Direct Server Return Mode

Answer: D

QUESTION: 92
Scenario: A network engineer has created and bound an UDP-ECV monitor to
identify the status of a UDP service. However, no matter what the response is, the
service is always marked as UP. A possible cause of this behavior is that the
network engineer
. (Choose the correct option to complete the
sentence.)

A. forgot to add a receive string

B. added the string ns_true as receive string
C. added a string that is invalid and thus skipped
D. added a string that is always part of the UDP handshake

Answer: A

QUESTION: 93
A network engineer wants to collect performance statistics regarding the traffic
between different points in the connection, specifically from client-to-NetScaler

and from NetScaler to back-end server, and be able to present this to different
analysis tools. Which feature on the NetScaler could the engineer use for this?

A. Syslog
B. nstrace
C. AppFlow
D. nsconmsg

Answer: C

QUESTION: 94
A network engineer has been tasked with identifying the cause of intermittent
network connectivity issues. Which command should the engineer use to generate
the necessary network information required to diagnose the connectivity issues?

A. nslog B.
nstrace C.
nsumon
D. nsconmsg

Answer: B

QUESTION: 95
A network engineer is testing a new load balancing virtual server "test" that has the
service group "test-grp" bound to it. Which command could the engineer run to
show connection details for the new virtual server?

A. show server
B. show services
C. show servicegroups
D. show connectiontable

Answer: D

QUESTION: 96
An network engineer is asked to perform an export of the captured trace output
files as requested by Citrix Tech support. In which directory could the engineer
retrieve the captured log files in the NetScaler system?

A. /var/log
B. /var/nstrace C.
/netscaler/log D.
/nsconfig/trace

Answer: B

QUESTION: 97
A network engineer is trying to read a nstrace from the NetScaler but can only see
encrypted traffic. Which file is required to decrypt the network trace?

A. The server certificate

B. The servers root certificate
C. The private key for the server certificate
D. The private key for the server root certificate

Answer: C

QUESTION: 98
Scenario: A network engineer has bound four policies to a virtual server as follows:
PolicyA has a priority of 10
PolicyB has a priority of 20
PolicyC has a priority of 30
PolicyD has a priority of 0
Which policy will be evaluated first?

A. PolicyA
B. PolicyB
C. PolicyC
D. PolicyD

Answer: D

QUESTION: 99
A client is trying to reach a back-end server with an IP address of 10.192.31.5
given the following routing table: Which route would the NetScaler use for this
client?

A. 1
B. 5
C. 6
D. 7

Answer: C

QUESTION: 100
Scenario: An engineer has a NetScaler system with NSIP 192.168.10.1 with subnet
mask 255.255.0.0. The company changed the IP network to use subnet mask
255.255.255.0. Which two commands could the engineer run to modify the subnet
mask of the NSIP? (Choose two.)

A. ifconfig
B. configns
C. set ns ip
D. add ns ip

Answer: B, C

QUESTION: 101
Which two virtual server types could have a compression policy bound to them?
(Choose two.)

A. SSL B.
DNS C.
HTTP
D. SSL_TCP

Answer: A, C

QUESTION: 102
Which two response codes and pages can be cached on the NetScaler using
Integrated Caching? (Chosetwo.)

A. 400 Bad request

B. 302 Found pages

C. 401 Unauthorized
D. 404 Not found pages
E. 500 Internal server error

Answer: B, D

QUESTION: 103
What are two ways in which the NetScaler TCP buffering feature improves
application performance? (Choose two.)

A. Buffers the client request

B. Buffers the server response
C. Forwards the response to the client at the speed of the client network
D. Forwards the request to the server at the speed of the server network

Answer: B, C

QUESTION: 104
Scenario: A network engineer deployed a new NetScaler MPX appliance on the
network and all interfaces are connected to the core switch. The network engineer
notices the CPU utilization has become very high on the switch since the NetScaler
deployment. Which two actions could the engineer perform on the NetScaler to
resolve this issue? (Choose two.)

A. Configure VMAC
B. Utilize static routing
C. Configure a channel
D. Connect a single interface only

Answer: C, D

QUESTION: 105
Scenario: A network engineer has created an SSL offload virtual server. The virtual
server shows as a DOWN state. Which two scenarios could cause the virtual server
showing as DOWN? (Choose two.)

A. Persistence is set to NONE.

B. The protocol should be SSL_TCP.

C. A responder policy has been bound.
D. The service is not bound to the virtual server.
E. No SSL certificate is bound to the virtual server.

Answer: D, E

QUESTION: 106
Scenario: Company Inc. wants to modify the HTTP Server header so that
unauthorized users and malicious code CANNOT use the header to identify the
software that the HTTP server uses. Which two actions can the engineer take to
meet the needs of the scenario? (Choose two.)

A. Add an HTTP Server Type on the Client Request.

B. Mask the HTTP Server Type on the Server Response.
C. Replace the HTTP Server Type on the Client Request.
D. Delete the HTTP Server Type on the Server Response.

Answer: B, D

QUESTION: 107
Scenario: A network engineer adds a secondary node for high availability (HA)
purposes. To confirm the implementation is working, the engineer initiates a fail
over; however when this is complete, some virtual servers are un-reachable. What
is a possible cause of this issue?

A. SSL has not been enabled as a feature.

B. The network configuration is mismatched on the nodes.
C. HA sync does not propagate network settings by default.
D. The nsroot password has been changed on the new node.

Answer: B

QUESTION: 108
What are two valid ways of checking that a back-end web server is reachable from
the NetScaler SNIP address using port 80? (Choose two.)

A. Run traceroute.

B. Run telnet using the -srcip option.

C. Bind a DNS monitor to a service group containing the web server.
D. Bind a HTTP monitor to a service group containing the web server.
E. Run the ping command between the NetScaler and the web server.

Answer: B, D

QUESTION: 109
A network engineer wants to hide the IP address of the outgoing packets by
changing it to the IP of the VIP. Which feature should the administrator use?

A. ACL
B. PBR
C. RNAT
D. Rewrite

Answer: C

QUESTION: 110
During a recent security penetration test, several ports on the management address
were identified as providing unsecured services. Which two methods could the
network engineer use to restrict these services? (Choose two.)

A. Configure Auditing policies.

B. Create Content Filtering policies.
C. Create Access Control Lists (ACLs).
D. Configure options on the Management IP addresses.

Answer: C, D

QUESTION: 111
An engineer should use the filter (content filtering) feature to prevent
and
. (Choose the two correct options to complete the sentence.)

A. the use of unauthorized HTTP methods

B. a client from accessing a specific IP on the back-end
C. inappropriate HTTP headers from being sent to your Web server
D. inappropriate MSSQL commands from being sent to your SQL server

E. a client from a specific VLAN ID to access resources on the NetScaler

Answer: A, C

QUESTION: 112
Scenario: A network engineer needs to implement high availability (HA) for a pair
of NetScaler appliances. The existing appliance was recently restarted and the new
appliance has been rack mounted and turned on for several weeks waiting to be
configured. The engineer needs to create an HA pair, but is concerned that his
original appliance will get erased when the HA pair is created. Which two tasks
could the engineer do before the creation of the HA pair to ensure that the exiting
unit stays the main appliance? (Choose two.)

A. Set StayPrimary on the existing node.

B. Configure StaySecondary on the new node.
C. Enable HA Sync before adding the second node.
D. Create a Route Monitor to ensure proper synchronization.
E. Ensure that INC mode is enabled during creation of HA Pair.

Answer: A, B

QUESTION: 113
Scenario: A network engineer plans to configure an Active Directory Server as the
default authentication for a NetScaler deployment and provide users with the
option to change their password if it is expired. Which two actions should the
engineer take to configure this authentication requirement on the NetScaler
system? (Choose two.)

A. Configure a pre-authentication policy.

B. Select security type as SSL on Authentication policy.
C. Configure Authentication server with SSO name attribute.
D. Configure Authentication server with allow password change option.

Answer: B, D

QUESTION: 114
Which two parameters in the TCP buffering settings can be controlled by a
network engineer? (Choose two.)

A. buffering size
B. source IP range
C. destination IP range
D. memory size for buffering

Answer: A, D

QUESTION: 115
Scenario: A NetScaler engineer has received an SSL certificate and bound it to the
vServer. However, users are unable to browse to the website using HTTPS. When
the NetScaler engineer browses to the site using HTTPS, the engineer notices that
the certificate chain is incomplete. Which two steps should the administrator take
to fix the virtual server? (Choose two.)

A. Generate a new CSR.

B. Install a new Certificate Authority (CA).
C. Install the Intermediate Certificate from the CA.
D. Link the Intermediate Certificate to the virtual server.
E. Link the SSL Certificate to the Intermediate Certificate.

Answer: C, E

QUESTION: 116
The network engineer is investigating issues and suspects that one of the
administrators recently changed the NetScaler configuration. Which command
could the engineer run to check the logs that will contain such details?

A. nsconmsg -K newnslog -d stats

B. nsconmsg -K newnslog -d stats -d current
C. nsconmsg -K /var/nslog/newnslog -d event
D. nsconmsg -K /var/nslog/newnslog -d consmsg

Answer: C

QUESTION: 117
A network engineer has enabled BGP routing. Which two additional features
should the network engineer enable for BGP routing to function? (Choose two.)

A. Layer 2 mode
B. Layer 3 mode
C. Dynamic routing
D. MAC based forwarding

Answer: B, C

QUESTION: 118
Which two compression actions could a NetScaler engineer use? (Choose two.)

A. bzip2
B. deflate
C. compress
D. pack200-gzip

Answer: B, C

QUESTION: 119
Scenario: The NetScaler has been connected to two external networks provided by
different Internet Service Providers (ISPs). Dynamic routing is not enabled. Traffic
is expected to use the first ISP (through the 10.50.1.1 router) if possible and the
second, slower ISP (through the 10.51.1.1 router) only if the Primary ISP fails.
Which two commands could the network engineer execute to configure the routes?
(Choose two.)

A. add route 0.0.0.0 0.0.0.0 10.51.1.1 -cost 10 -monitor arp

B. add route 0.0.0.0 0.0.0.0 10.50.1.1 -cost 5 -monitor PING
C. add route 0.0.0.0 0.0.0.0 10.50.1.1 -cost 15 -msr ENABLED
D. add route 0.0.0.0 0.0.0.0 10.51.1.1 -cost 3 -monitor PING-DEFAULT

Answer: A, B

QUESTION: 120
When configuring an advanced HTTP callout based on attributes, what are two
valid parameters? (Choose two.)

A. SSL cipher type

B. Down state flush

C. Gateway address
D. IP address and port
E. URL stem expression

Answer: D, E

QUESTION: 121
Scenario: A network engineer configured a new NetScaler MPX appliance without
any VLANs and with a single interface connected to the network. The engineer has
not completed any other configurations. The interface is then accidentally disabled
and contact is lost with the appliance. Which two actions can the network engineer
take to restore communications to the appliance? (Choose two.)

A. Connect to the SNIP instead of the NSIP.

B. Connect another of the unused interfaces.
C. Use the serial port to connect and then bring the disabled interface online.
D. Connect a crossover cable to the port that has been disabled and connect to the
NSIP.

Answer: B, C

QUESTION: 122
A security test has been completed on an SSL offload implementation and it has
been determined that the certificate key length is too short and must be increased.
Which two steps must the network engineer complete to resolve this? (Choose
two.)

A. Bind the certificate to an SSL service group.

B. Bind the certificate to an SSL Offload virtual server.
C. Add a new SSL policy to the SSL offload virtual server.
D. Use the Client certificate wizard to generate a CSR, request a certificate and
import.
E. Use the Server certificate wizard to generate a CSR, request a certificate and
import.

Answer: B, E

QUESTION: 123

When binding a certificate to a virtual server, which two certificate formats are
supported by NetScaler? (Choose two.)

A. P7B
B. PFX
C. PEM
D. DER

Answer: C, D

QUESTION: 124
When configuring NetScaler authentication to access a web site, which two things
should a network engineer verify in the environment? (Choose two.)

A. AAA is enabled.
B. One DNS server exists.
C. A Keytab file is available.
D. An authentication virtual server exists.
E. A traffic management virtual server exists.

Answer: A, D

QUESTION: 125
A NetScaler engineer generates a techsupport archive to be sent to Technical
Support. Which three of the following pieces of information will be included in the
archive file? (Choose three.)

A. Model Number
B. SSL Private Keys
C. Old Configuration Files D.
Hardware Boot sequence E.
Webpage Customizations F.
Certificate Revocation List

Answer: A, C, D

QUESTION: 126

A network engineer needs to configure Citrix NetScaler to provide Access

Gateway services to VLAN 2 using interface 1/1 only, while also using interface
1/2 to provide load balancing services to VLAN 3. How could this result be
achieved?

A. Disable static route advertisement.

B. Disable layer 2 mode Create 2 untagged VLANs - VLAN 2 and VLAN 3 Bind
VLAN 2 to Interface 1/1 Bind VLAN 3 to Interface 1/
C. Enable Layer 3 mode Create a Channel Interface using Interface 1/1 and
Create 2 VMACs Bind a VMAC to interface 1/1 and 1/2
D. Configure policy-based routing using the Interface option as a filter.

Answer: B