NEW QUESTION 1
Which NetScaler Management and Analytics System (NMAS) feature will assist the Citrix Engineer in gathering the required data for issues with Endpoint Analysis?

• A. Security Insight
• B. Web Insight
• C. HDX Insight
• D. Gateway Insight

Answer: A

NEW QUESTION 2
Scenario: A Citrix Engineer has enabled learning on Application Firewall for all the Security checks on a basic profile that is configured in a production environment. However, after a few hours, the Application Firewall has stopped learning new data.
What is causing the issue?

• A. The learning database is limited to 20 MB in size and needs a reset.
• B. Application Firewall learning can only be enabled for an advanced profile.
• C. Application Firewall learning should only be enabled on Start URL.
• D. All the Security checks CANNOT be enabled simultaneously.

Answer: A

NEW QUESTION 3
Scenario: A Citrix Engineer configures an Application Firewall HTML SQL Injection Check and sets it to BLOCK and to use SQLSplCharANDKeyword as the SQL injection type. The engineer checks the logs and finds that nothing is being blocked.
What can be the cause of the Application Firewall failing to block the attack?

• A. The request contains SQL Wildcard Characters.
• B. The request neither contains SQL Special Characters nor keywords.
• C. The request only contains SQL Special Characters.
• D. The request only contains SQL keywords.

Answer: B

NEW QUESTION 4
Which is a single-digit rating system that indicates the criticalness of attacks on the application, regardless of whether or NOT the application is protected by a NetScaler appliance?

• A. App Store
• B. Safety Index
• C. Threat Index
• D. Transactions

Answer: C

NEW QUESTION 5
Scenario: A Citrix Engineer must enable a cookie consistency security check and ensure that all the session cookies get encrypted during the transaction. The engineer needs to ensure that none of the persistent coolies are encrypted and decrypted and decrypt any encrypted cookies during the transaction.
Which cookie consistency security feature will the engineer configure in the following configuration to achieve the desired results?
add appfw profile Test123 –startURLAction none- denyURLAction none- cookieConsistencyAction log
–cookieTransforms ON –cookieEncryption ecryptSessionOnly –addCookieFlags httpOnly
–crossSiteScriptingAction none- SQLInjectionAction log stats –SQLInjectionTransfrormSpecialChars ON- SQLInjectionCheckSQLWildChars ON –fieldFormatAction none –bufferOverflowAction none
–responseContentType “application/octet-stream”- XMLSQLInjectionAction none –XMLXSSAction none-XMLWSIAction none- XMLValidationAction none

• A. Configure Encrypt Server cookies to “Encrypt All”
• B. Configure Encrypt Server cookies to “None”
• C. Configure Encrypt Server cookies to “Encrypt Session Only”
• D. Configure Encrypt Server cookies to “Encrypt only”

Answer: B

NEW QUESTION 6
A Citrix Engineer executed the below commands on the NetScaler command-line interface (CLI): add stream selector cacheStreamSelector http.req.url
add ns limitidentifier cacheRateLimitIdentifier –threshold 5 –timeSlice 2000 –selectorName cacheStreamSelector
add cache policy cacheRateLimitPolicy –rule “http.req.method.eq(get) && sys.check_limit ( “cacheRateLimitIdentifier”)” –action cache
bind cache global cacheRateLimitPolicy- priority 10 What will be the effect of executing these commands?

• A. NetScaler will cache a response if the request URL rate exceeds 5 per 2000 milliseconds.
• B. NetScaler will cache a request if the request URL rate exceeds 5 per 2000 seconds.
• C. NetScaler will NOT cache a request if the request URL rate exceeds 5 per 2000 milliseconds.
• D. NetScaler will cache a response if the request URL rate exceeds 5 per 2000 seconds.

Answer: B

NEW QUESTION 7
A Citrix Engineer has deployed Front-end Optimization on NetScaler. The following are the snippets of the content before and after optimization.
Before Optimization:

After Optimization:

Which optimization technique has been applied to the content?

• A. Combine CSS
• B. Minify CSS
• C. Inline CSS
• D. Linked JavaScript to inline JavaScript

Answer: A

NEW QUESTION 8
Which TCP flag will the NetScaler Application Firewall module send in response to a malformed/non-RFC complaint request from a client?

• A. FIN+ACK packet with a window size set to 9845
• B. RST packet with a window size set to 9845
• C. RST +ACK packet with a window size set to 0
• D. FIN packet with a window size set to 0

Answer: B

NEW QUESTION 9
Which two settings can be used when creating a Cache Content group? (Choose two.)

• A. Remove response cookies
• B. Set Lazy DNS resolution
• C. Expire cookies
• D. Use DNS Query
• E. Use browser settings

Answer: AB

NEW QUESTION 10
Scenario: A Citrix Engineer has created a default admin user with username Admin1 and password ‘nsroot’ for the tenant example-online. However, the tenant administrator is unable to log in as username Admin1 and password ‘nsroot’.
Which action resolves this problem?

• A. User should use the system administrator credentials to login.
• B. The user BIND DN should be specified.
• C. The default password must be change before login.
• D. User should enter username as example-onlineAdmin1.

Answer: B

NEW QUESTION 11
Scenario: A Citrix Engineer has migrated an application to NetScaler to secure it from application layer attacks. The engineer receives a complaint that the application is timing out while users are actively accessing the page. Those users are forced to reestablish the connection.
What can be the cause of this issue?

• A. The maximum session lifetime is NOT configured.
• B. The session time out is configured to a low value.
• C. The application is configured with a low session timeout.
• D. The maximum session lifetime is less than the session timeout.

Answer: B

NEW QUESTION 12
Which security option falls under the Negative Security Model for Citrix Application Firewall?

• A. Start URL
• B. HTML Cross-Site Scripting
• C. Content-type
• D. Signature

Answer: D

NEW QUESTION 13
Scenario: A Citrix Engineer configures the Application Firewall for protecting a sensitive website. The security team captures traffic between a client and the website and notes the following cookie:
citrix_ns_id
The security team is concerned that the cookie name is a risk, as it can be easily determined that the NetScaler is protecting the website.
Where can the engineer change the cookie name?

• A. Application Firewall Policy
• B. Application Firewall Engine Settings
• C. Application Firewall Default Signatures
• D. Application Firewall Profile

Answer: D

NEW QUESTION 14
A Citrix Engineer configures the integrated caching feature to cache both static and dynamic content, but the integrated cache feature does NOT work as expected.
Which two resources can the engineer use to troubleshoot this integrated cache issue? (Choose two.)

• A. core dump
• B. dmesg
• C. nstrace
• D. ns.conf
• E. sysctl-a

Answer: CD

Explanation: Reference
https://docs.citrix.com/en-us/netscaler/11/optimization/integrated-caching/troubleshooting-integrated-caching.ht

NEW QUESTION 15
Scenario: A Citrix Engineer needs to set up a NetScaler Web Logging (NSWL) client system for logging. The engineer attempted to start the NSWL service on the client system and found that the service is NOT starting.
What could be causing this issue?

• A. TCP 3011 is NOT open between the NetScaler SNIP and the NSWL client.
• B. log.conf file is NOT properly configured on the NSWL client.
• C. Web Logging feature is NOT installed on the NetScaler.
• D. “nswl-verify” command has NOT yet been run on the NSWL client.

Answer: D

NEW QUESTION 16
A Citrix Engineer has deployed Front-end Optimization on NetScaler. The following are the snippets of the content before and after optimization.
Before Optimization:

Which optimization technique has been applied to the content?

• A. Convert linked JavaScript to inline JavaScript
• B. Minify JavaScript
• C. Move JavaScript to End of Body Tag
• D. Inline JavaScript

Answer: B

NEW QUESTION 17
Which NetScaler owned IP address is used by NetScaler Management and Analytics System (NMAS) to communicate with NetScaler Instances?

• A. VIP (Virtual IP)
• B. NSIP (NetScaler IP)
• C. CLIP (Cluster IP)
• D. SNIP (Subnet IP)

Answer: B