1Y0-440 Exam Dumps - Citrix CCE-N Questions and Answers

Scenario: A junior Citrix Architect would like to use nFactor to perform authentication based on the domain. The junior architect has reached out to a supervisor for assistance and has been provided with the following step-by-step configuration guide:

• Create Authentication policy for LDAP. RADIUS.
• Create logon schema for Domain drop down. LDAP. LDAP+RADIUS, and noschema.
• Create Authentication policy label for OnlyLDAR LDAP+RADIUS, and RADIUS.
• Bind DOMAIN drop down as default logon schema policy
• Create Authentication profile to bind the AAA virtual server.
• Bind Authentication profile to Traffic management virtual server or Citrix Gateway virtual server.

What must the junior architect bind In order for the authentication to work correctly?

Scenario: A Citrix Architect has set up Citrix ADC MPX devices in high availability mode with version 12.0.53.13 nc. These are placed behind a Cisco ASA 5505 firewall. The Cisco ASA firewall is configured to block traffic using access control lists. The network address translation (NAT) is also performed on the firewall.

The following requirements were captured by the architect during the discussion held as part of the Citrix ADC security implementation project with the customers security team:

The Citrix ADC MPX device:

• should monitor the rate of traffic either on a specific virtual entity or on the device It should be able to mitigate the attacks from a hostile client sending a flood of requests. The Citrix ADC device should be able to stop the HTTP TCP. and DNS based requests
• needs to protect backend servers from overloading
• needs to queue all the incoming requests on the virtual server level instead of the service level
• should provide access to resources on the basis of priority
• should provide protection against well-known Windows exploits virus-infected personal computers, centrally managed automated botnets, compromised webservers, known spammers/hackers, and phishing proxies
• should provide flexibility to enforce the desired level of security check inspections for the requests originating from a specific geolocation database.
• should block the traffic based on a pre-determined header length. URL length and cookie length. The device should ensure that characters such as a single straight quote ('): backslash (\); and semicolon (;) are either blocked, transformed, or dropped while being sent to the backend server.

Which security feature should the architect configure to meet these requirements?

Scenario: A Citrix Architect needs to plan for a customer environment in which more than 10,000 users will need access. The networking infrastructure needs to be able to handle the expected usage.

Which business driver should be prioritized based on the customer’s requirement?

Which three methods can a Citrix Architect use to assess the capabilities of a network infrastructure? (Choose three.)

Scenario: A Citrix Architect needs to design a NetScaler deployment in Microsoft Azure. An Active-Passive NetScaler VPX pair will provide load balancing for three distinct web applications. The architect has identified the following requirements:

• Minimize deployment costs where possible.
• Provide dedicated bandwidth for each web application.
• Provide a different public IP address for each web application.

For this deployment, the architect should configure each NetScaler VPX machine to have ______ network interface(s) and configure IP address by using ________. (Choose the correct option to complete the sentence).

Which session parameter does the default authorization setting control when authentication, authorization, and auditing profiles are configured?

Scenario: A Citrix Architect captured the following requirements during a design discussion held for a Citrix ADC design project.

• There will be a pair of Citrix ADC MPX appliances deployed in the DMZ and another pair deployed in the internal network
• High availability will be accessible for each Citrix ADC MPX appliance in both the DMZ (external) and LAN (internal) networks
• DMZ Citrix ADC MPX appliances will have GSLB configured and deployed in Active/Passive mode
• Load balancing for the internal Microsoft Exchange servers will be configured on the internal Citrix ADC appliances
• Load balancing for SAP application servers in the DMZ will be configured on the DMZ Citrix ADC appliances
• For the DMZ Citrix ADC MPX pair, the data and management traffic will be sent over the same interface.
• The DMZ Citrix ADC MPX pair will have three interfaces available.

The users from the DMZ should NOT have access to servers in the internal zone

Which deployment mode should the architect use to deploy the Citrix ADC pair in the DMZ?

Scenario: A Citrix Architect has executed the following commands on the Citrix ADC:

In which scenario will the timeout work as configured?

Scenario: A Citrix Architect observes the following configurations while performing an assessment of a Citrix ADC deployment:

• Citrix Gateway virtual server nsg-dmz-001 is configured in ICA Proxy mode.
• The authentication method used is Plaintext LDAP.
• The session policies bound are configured to integrate with StoreFront in ICA proxy mode to perform Single Sign-on.
• The connection to LDAP server is performed using SNIP by Citrix ADC.
• To meet the new design requirement the architect needs to change the SNIP used for communication with LDAP servers.

Which AAA parameter must the architect verify to update the source IP address for the communication from Citrix ADC to the LDAP server?

Scenario: A Citrix Architect has set up NetScaler MPX devices in high availability mode with version 12.0.53.13 nc. These are placed behind a Cisco ASA 5505 Firewall. The Cisco ASA Firewall is configured to block traffic using access control lists. The network address translation (NAT) is also performed on the firewall.

The following requirements were captured by the architect during the discussion held as part of the NetScaler security implementation project with the customer’s security team:

The NetScaler MPX device:

• should monitor the rate of traffic either on a specific virtual entity or on the device. It should be able to mitigate the attacks from a hostile client sending a flood of requests. The NetScaler device should be able to stop the HTTP, TCP, and DNS based requests.
• needs to protect backend servers from overloading.
• needs to queue all the incoming requests on the virtual server level instead of the service level.
• should provide protection against well-known Windows exploits, virus-infected personal computers, centrally managed automated botnets, compromised webservers, known spammers/hackers, and phishing proxies.
• should provide flexibility to enforce the decided level of security check inspections for the requests originating from a specific geolocation database.
• should block the traffic based on a pre-determined header length, URL length, and cookie length. The device should ensure that characters such as a single straight quote (“); backslash (\); and semicolon (;) are either blocked, transformed, or dropped while being sent to the backend server.

Which security feature should the architect configure to meet these requirements?