NEW QUESTION 1
Scenario: A Citrix Engineer needs to configure an external SNMP server in a High Availability setup. The engineer configured the load-balancing virtual server to access the NetScaler Management and Analytics System (NMAS) HA pair.
Which IP address will be configured on the external SNMP Manager to add the NMAS devices?

• A. IP Address of the LB VIP
• B. IP Address of the Primary node
• C. IP Address of the active mode
• D. IP Address of both the NMAS nodes

Answer: D

NEW QUESTION 2
Scenario: A Citrix Engineer configures the Application Firewall for protecting a sensitive website. The security team captures traffic between a client and the website and notes the following cookie:
citrix_ns_id
The security team is concerned that the cookie name is a risk, as it can be easily determined that the NetScaler is protecting the website.
Where can the engineer change the cookie name?

• A. Application Firewall Policy
• B. Application Firewall Engine Settings
• C. Application Firewall Default Signatures
• D. Application Firewall Profile

Answer: D

NEW QUESTION 3
Scenario: A Citrix Engineer needs to configure Application Firewall to handle SQL injection issues. However, after enabling SQL injection check, the backend server started dropping user requests.
The Application Firewall configuration is as follows:
add appfw profile Test123 –startURLAction none- denyURLAction none-crossSiteScriptingAction none
–SQLInjectionAction log stats- SQLInjection TransformSpecialChars ON
–SQLInjectionCheckSQLWildChars ON- fieldFormatAction none- bufferOverflowAction none- responseContentType “application/octet-stream” –XMLSQLInjectionAction none- XMLXSSAction none-XMLWSIAction none- XMLValidationAction none
What does the engineer need to change in the Application Firewall configuration?

• A. Enable-XMLSQLInjectionAction none
• B. Enable-XMLValidationAction none
• C. Disable- SQLInjectionCheckSQLWildChars ON
• D. Disable- SQLInjectionTransformSpecialChars ON

Answer: C

NEW QUESTION 4
A website hosts highly dynamic content that is frequently requested in bursts of high user access. Which configuration will reduce traffic to the origin server while optimizing client performance?

• A. –pollEveryTime NO
• B. –expireAtLastByte YES
• C. –flashCache YES
• D. –heurExpiryParam 0

Answer: A

NEW QUESTION 5
Scenario: A Citrix Engineer uses one StyleBook on a NetScaler Management and Analytics System (NMAS) to create multiple load-balanced virtual server configurations for NetScaler instances. The configuration is saved in a config pack.
In which two locations is the StyleBook config pack saved? (Choose two.)

• A. NetScaler Instance
• B. NetScaler SDX
• C. Syslog Server
• D. Local network
• E. NMAS

Answer: AE

NEW QUESTION 6
A Citrix Engineer needs to optimize the Cascading Style Sheets (CSS) content sent from the backend server before being forwarded to the client.
Which option can the engineer use to accomplish CSS optimization?

• A. Move to Head Tag
• B. Shrink to Attributes
• C. Lazy Load
• D. Convert to WebP

Answer: A

NEW QUESTION 7
Which reason can cause fail over in a NetScaler Management and Analytics System (NMAS) High Availability pair?

• A. A secondary server loses connectivity in the LAN.
• B. The engineer manually forces the secondary server to shut down.
• C. A primary server encounters a critical software issue.
• D. A primary server does NOT receive the SNMP traps from the instances connected.

Answer: C

NEW QUESTION 8
Which security option falls under the Negative Security Model for Citrix Application Firewall?

• A. Start URL
• B. HTML Cross-Site Scripting
• C. Content-type
• D. Signature

Answer: D

NEW QUESTION 9
Scenario: A Citrix Engineer has migrated an application to NetScaler to secure it from application layer attacks. The engineer receives a complaint that the application is timing out while users are actively accessing the page. Those users are forced to reestablish the connection.
What can be the cause of this issue?

• A. The maximum session lifetime is NOT configured.
• B. The session time out is configured to a low value.
• C. The application is configured with a low session timeout.
• D. The maximum session lifetime is less than the session timeout.

Answer: B

NEW QUESTION 10
Which protocol does NetScaler Management and Analytics System (NMAS) use when Discovery is run to locate instances?

• A. RIP
• B. TCP
• C. ICMP
• D. NITRO

Answer: C

Explanation:
The NetScaler MAS server sends an Internet Control Message Protocol (ICMP) ping to locate the instance. Then, it uses the instance profile details to log on to the instance. Using a NetScaler NITRO call, NetScaler MAS retrieves the license information of the instance. On the basis of the licensing information, it determines whether the instance is a NetScaler instance and the type of NetScaler platform (for example, NetScaler MPX, NetScaler VPX, NetScaler SDX, or NetScaler Gateway). On succesful detection of the NetScaler instance, it is added to the NetScaler MAS server’s database.

NEW QUESTION 11
The NetScaler processes HTTP/2 web client connections to the backend web servers by . (Choose the correct option to complete the sentence.)

• A. Converting the HTTP/2 headers to HTTP/1.1 headers and forwarding them to the web servers.
• B. Dropping HTTP/2 requests as it is NOT supported by web servers.
• C. Passing- through all HTTP/2 traffic to the web servers.
• D. Converting HTTP/2 to HTTP 0.9 and forwarding the packets to the web servers.

Answer: A

NEW QUESTION 12
Scenario: A Citrix Engineer configures an Application Firewall HTML SQL Injection Check and sets it to BLOCK and to use SQLSplCharANDKeyword as the SQL injection type. The engineer checks the logs and finds that nothing is being blocked.
What can be the cause of the Application Firewall failing to block the attack?

• A. The request contains SQL Wildcard Characters.
• B. The request neither contains SQL Special Characters nor keywords.
• C. The request only contains SQL Special Characters.
• D. The request only contains SQL keywords.

Answer: B

NEW QUESTION 13
Scenario: A Citrix Engineer has enabled Security insight and Web insight on NetScaler Management and Analytics System (NMAS). The engineer is NOT able to see data under the Analytics on NMAS, in spite of seeing hits on the APPFLOW policy.
Which log should the engineer check on NMAS to ensure that the information is sent from NetScaler?

• A. mps_afanalytics.log
• B. mps_perf.log
• C. mps_afdecoder.log
• D. nstriton.log

Answer: C

NEW QUESTION 14
Scenario: A Citrix Engineer discovers a security vulnerability in one of its websites. The engineer takes a header trace and checks the Application Firewall logs.
The following was found in part of the logs:
method=GET
request = http://my.companysite.net/FFC/sc11.html msg=URL length (39) is greater than maximum allowed (20).cn1=707 cn2=402 cs1=owa_profile cs2=PPE0 cs3=kW49GcKbnwKByByi3+jeNzfgWa80000 cs4=ALERT cs5=2015
Which type of Application Firewall security check can the engineer configure to block this type of attack?

• A. Buffer Overflow
• B. Start URL
• C. Cross-site Scripting
• D. Cookie Consistency

Answer: C

NEW QUESTION 15
In PCRE, the only characters assumed to be literals are (Choose the correct option to complete the sentence.)

• A. A-Z
• B. a-z, A-Z
• C. a-z, A-Z, 0-9
• D. 0-9

Answer: B

NEW QUESTION 16
Scenario: A Citrix Engineer needs to configure an Application Firewall policy for an online shopping website called “mycompany.com”. As a security measure, the shopping cart application is hosted on a separate directory “/mycart” on the backend server. The engineer configured a profile to secure the connections to this shopping cart and now needs to ensure that this profile is allied to all incoming connections to the shopping cart.
Which policy expression will accomplish this requirement?

• A. http.req.ur
• B. contains(“/mycart”) & http:req.url.hostname.eq(“mycompany.com”)
• C. http.req.ur
• D. contains(“/mycart”) || http:req.url.hostname.eq(“mycompany.com”)
• E. http.req.header (“url”).contains (“/mycart”) || http.req.url.contains (“mycompany.com”)
• F. http.req.header (“url”).contains (“/mycart”) && http:req.url.contains (“mycompy.com”)

Answer: A

NEW QUESTION 17
Scenario: A Citrix Engineer has configured LDAP group extraction on the NetScaler Management and Analytics System (NMAS) for the administration. The engineer observes that extraction is NOT working for one of the five configured groups.
What could be the cause of the issue?

• A. The admin bind user has read-only permissions on the LDAP server.
• B. The NMAS group does NOT match the one on the external LDAP servers.
• C. The LDAP bind DN is incorrectly configured in the LDAP profile.
• D. The user group extraction is NOT supported with plaintext LDAP.

Answer: B