NEW QUESTION 1
Scenario: A Citrix Engineer configured an HTTP Denial-of-Service (DoS) protection policy by setting the Surge Queue depth to 300. The surge queue reaches a size of 308, triggering the NetScaler “attack” mode. The HTTP DoS window mechanism is left at the default size which, when reached, will trigger “no-attack” mode.
Which queue depth value must the Surge Queue be to trigger the “no-attack” mode?

• A. size should be less than 280.
• B. size should be 300.
• C. size should be 290.
• D. size should be between 280 and 300.

Answer: A

NEW QUESTION 2
A Citrix Engineer needs to configure Relaxation Rules using the learned data for SQL Injection. Which setting can the engineer enable in order to avoid false-positive learned rules?

• A. Increase database size for Learned data.
• B. Decrease Minthreshold value to Default in Learning settings.
• C. Increase Minthreshold value in Learning settings.
• D. Remove all unreviewed data from Learning settings.

Answer: D

NEW QUESTION 3
The NetScaler Management and Analytics System (NMAS) collects inventory from the instance by sending a(n) request. (Choose the correct option to complete the sentence.)

• A. AppFlow
• B. NITRO
• C. SNMP
• D. HTTP

Answer: B

NEW QUESTION 4
A Citrix Engineer has received the following message after setting up Application Firewall in Learning mode. August 28 6 03:14:27 <local0.info>XXX.0.0.2.08/28/2021:03:14:27 GMT VPXExtProd01 0-PPE-0: default
GUI CMD_EXECUTED 1670370 0: User CitrixAdmin- Remote_ip XXX.19.XXX.XXX-Command “show
appfw learningdata WebPub_vs_af_1 startURL”- Status “ERROR: Communication error with aslearn”
What can the engineer perform to resolve the issue?

• A. Reinstall the Application Firewall license.
• B. Reboot the NetScaler appliance.
• C. Disable the Application Firewall feature.
• D. Delete the Profile database and restart the aslearn process.

Answer: B

NEW QUESTION 5
A Citrix Engineer needs to protect a website that contains sensitive data such as employee ID numbers and customer ID numbers.
Which security check can the engineer implement to protect the sensitive data?

• A. Content-type
• B. Safe Object Check
• C. Field Formats
• D. CSRF Form tagging

Answer: B

Explanation: The Safe Object check provides user-configurable protection for sensitive business information, such as customer numbers, order numbers, and country-specific or region-specific telephone numbers or postal codes.

NEW QUESTION 6
An attacker inserting a malicious code that compromises the trust relationship between users and a web application is an example of a (n) attack. (Choose the correct option to complete the sentence.)

• A. Cookie Tampering
• B. SQL Injection
• C. Form Field Consistency
• D. Cross-site Scripting

Answer: D

NEW QUESTION 7
Which two actions can a Citrix Engineer use to provide Denial of Service (DoS) protection with the AppQoE feature? (Choose two.)

• A. Simple Response
• B. HICResponse
• C. Denial Response
• D. Complex Response

Answer: AB

NEW QUESTION 8
Scenario: A Citrix Engineer has configured LDAP group extraction on the NetScaler Management and Analytics System (NMAS) for the administration. The engineer observes that extraction is NOT working for one of the five configured groups.
What could be the cause of the issue?

• A. The admin bind user has read-only permissions on the LDAP server.
• B. The NMAS group does NOT match the one on the external LDAP servers.
• C. The LDAP bind DN is incorrectly configured in the LDAP profile.
• D. The user group extraction is NOT supported with plaintext LDAP.

Answer: B

NEW QUESTION 9
What can a Citrix Engineer do to decrease browser load times by increasing the number of parallel connections to the resource?

• A. Configure Domain Sharding.
• B. Add more web servers.
• C. Block JavaScript on client browsers.
• D. Do NOT allow HTML websites.

Answer: A

NEW QUESTION 10
What can a Citrix Engineer use in NetScaler Management and Analytics System (NMAS) to troubleshoot an issue in which users report long response times when accessing a virtual desktop?

• A. Web Insight
• B. WAN Insight
• C. HDX Insight
• D. Gateway Insight

Answer: A

NEW QUESTION 11
Which two security checks invoke sessionization? (Choose two.)

• A. CSRF Form Tagging
• B. Field Formats
• C. Form Field Consistency
• D. HTML Cross-Site Scripting

Answer: AC

NEW QUESTION 12
Scenario: A Citrix Engineer needs to configure an external SNMP server in a High Availability setup. The engineer configured the load-balancing virtual server to access the NetScaler Management and Analytics System (NMAS) HA pair.
Which IP address will be configured on the external SNMP Manager to add the NMAS devices?

• A. IP Address of the LB VIP
• B. IP Address of the Primary node
• C. IP Address of the active mode
• D. IP Address of both the NMAS nodes

Answer: D

NEW QUESTION 13
A Citrix Engineer has determined that users are able to access random URLs on a web site through bookmarks and by manually typing in the URLs to skip the pages required to reach that part of the website.
Which two checks can the engineer enable to prevent this attack? (Choose two.)

• A. Form Field Consistency
• B. Deny URL
• C. Start URL
• D. Buffer overflow
• E. HTML Cross-site scripting

Answer: CD

NEW QUESTION 14
A Citrix Engineer has correctly installed and configured the NetScaler Web Logging (NSWL) client but has noticed that logs are NOT being updated.
What could be causing this issue?

• A. The TCP port 3011 is NOT open between the NSWL client and NetScaler.
• B. The NSWL client executable is NOT running on the client.
• C. The NSWL buffer is full on the NetScaler.
• D. An NSIP is missing in the log.conf file

Answer: D

NEW QUESTION 15
Which content type takes the maximum advantage of web caching mechanisms to boost performance?

• A. Pseudo-Dynamic Content
• B. Pseudo-Static Content
• C. Static Content
• D. Dynamic Content

Answer: D

NEW QUESTION 16
A Citrix Engineer needs to deploy the NetScaler Management and Analytics System (NMAS) in their company environment to ensure that NMAS provides uninterrupted operation in all situations.
Which deployment type can meet this requirement?

• A. Active-Active High Availability Mode
• B. Single-Server Deployment Mode
• C. NMAS integrated with Director mode
• D. Active-Passive High Availability Mode

Answer: A

NEW QUESTION 17
Which two threats can be prevented by using IP Reputation? (Choose two.)

• A. Trojan horses
• B. Phishing Proxies
• C. Worm
• D. Compromised IPv6 web-server
• E. Compromised IPv4 web-server

Answer: BE