NEW QUESTION 1
Scenario: A Citrix Engineer has configured LDAP group extraction on the NetScaler Management and Analytics System (NMAS) for the administration. The engineer observes that extraction is NOT working for one of the five configured groups.
What could be the cause of the issue?

• A. The admin bind user has read-only permissions on the LDAP server.
• B. The NMAS group does NOT match the one on the external LDAP servers.
• C. The LDAP bind DN is incorrectly configured in the LDAP profile.
• D. The user group extraction is NOT supported with plaintext LDAP.

Answer: B

NEW QUESTION 2
A Citrix Engineer needs to migrate the NetScaler Insight Center virtual appliance to NetScaler Management and Analytics System (NMAS).
Which two actions should be met before migrating the NetScaler Insight Center virtual appliance to NMAS? (Choose two.)

• A. Install NetScaler Insight Center 11.1 Build 47.14 or later.
• B. Install NetScaler MAS License on the NMAS.
• C. Download the NetScaler MAS build to the /var/mps/mps_images.
• D. Remove the NetScaler instances added to the Insight Center.
• E. Migrate the NMAS virtual machine to XenServer.

Answer: AC

NEW QUESTION 3
The NetScaler logging client server can be installed and configured to store the log for . (Choose the correct option to complete the sentence.)

• A. HTTP and HTTPS active connections on the NetScaler
• B. HTTP and HTTPS requests processed by the NetScaler
• C. statistics of the HTTP and HTTPS web sites load balanced on NetScaler
• D. status of all the HTTP and HTTPS backend web servers

Answer: B

NEW QUESTION 4
A Citrix Engineer enabled Credit Card Security check in the Application Firewall Profile. Which response header will be dropped by Application Firewall after this check is enabled?

• A. Content-Encoding
• B. Content-Location
• C. Content-Type
• D. Content-Length

Answer: D

NEW QUESTION 5
A Citrix Engineer has received the following message after setting up Application Firewall in Learning mode. August 28 6 03:14:27 <local0.info>XXX.0.0.2.08/28/2021:03:14:27 GMT VPXExtProd01 0-PPE-0: default
GUI CMD_EXECUTED 1670370 0: User CitrixAdmin- Remote_ip XXX.19.XXX.XXX-Command “show
appfw learningdata WebPub_vs_af_1 startURL”- Status “ERROR: Communication error with aslearn”
What can the engineer perform to resolve the issue?

• A. Reinstall the Application Firewall license.
• B. Reboot the NetScaler appliance.
• C. Disable the Application Firewall feature.
• D. Delete the Profile database and restart the aslearn process.

Answer: B

NEW QUESTION 6
When the NetScaler marks a client connection as “non-trackable”, the default behavior of the NetScaler without making any change to the HTTP Profile is to . (Choose the correct option to complete the sentence.)

• A. proxy the connection to the target.
• B. proxy the connection to the client.
• C. track the connection.
• D. drop the connection.

Answer: D

NEW QUESTION 7
A Citrix Engineer has deployed Front-end Optimization on NetScaler. The following are the snippets of the content before and after optimization.
Before Optimization:

After Optimization:

Which optimization technique has been applied to the content?

• A. Combine CSS
• B. Minify CSS
• C. Inline CSS
• D. Linked JavaScript to inline JavaScript

Answer: A

NEW QUESTION 8
Scenario: A Citrix Engineer needs to configure Application Firewall to handle SQL injection issues. However, after enabling SQL injection check, the backend server started dropping user requests.
The Application Firewall configuration is as follows:
add appfw profile Test123 –startURLAction none- denyURLAction none-crossSiteScriptingAction none
–SQLInjectionAction log stats- SQLInjection TransformSpecialChars ON
–SQLInjectionCheckSQLWildChars ON- fieldFormatAction none- bufferOverflowAction none- responseContentType “application/octet-stream” –XMLSQLInjectionAction none- XMLXSSAction none-XMLWSIAction none- XMLValidationAction none
What does the engineer need to change in the Application Firewall configuration?

• A. Enable-XMLSQLInjectionAction none
• B. Enable-XMLValidationAction none
• C. Disable- SQLInjectionCheckSQLWildChars ON
• D. Disable- SQLInjectionTransformSpecialChars ON

Answer: C

NEW QUESTION 9
A Citrix Engineer has configured SQL Injection security check to block all special characters. Which two requests will be blocked after enabling this check? (Choose two.)

• A. Citrix; Sqltest
• B. 175// OR 1//=1//
• C. Citrix” OR “1”=”1
• D. Citrix OR 1=1
• E. 175’ OR ‘1’= ‘1’

Answer: AB

NEW QUESTION 10
A Citrix Engineer needs to prevent an attack against insecure operating-system or web-server software. The attack can cause the system to crash or behave unpredictably when it receives a data string that is larger than it can handle.
Which security check on the Application Firewall can the engineer enable to prevent such attacks?

• A. Start URL
• B. Deny URL
• C. Buffer Overflow
• D. Field Format

Answer: C

NEW QUESTION 11
Which media-character can be used as an escape character and also can qualify a Meta-Character as literal when used before any character?

• A. A backslash ()
• B. A pipe (|)
• C. A dollar sign ($)
• D. A forward slash (/)

Answer: A

NEW QUESTION 12
A Citrix Engineer needs to configure an Application Firewall policy. According to company policies, the engineer needs to ensure that all the requests made to the website are originating from North America.
Which policy expressions will help the engineer accomplish the requirement?

• A. CLIENT.IP.SRC.MATCHES_LOCATION (“North America.US.*.*.*.*”)
• B. CLIENT.IP.SRC.MATCHES_LOCATION (“North America.US.*.*.*.*”). NOT
• C. CLIENT.IP.DST.MATCHES (“North America.US.*.*.*.*”)
• D. CLIENT.IP.SRC.MATCHES (“North America.US.*.*.*.*”)

Answer: A

NEW QUESTION 13
Scenario: A Citrix Engineer needs to configure the Application Firewall to do a credit card check using the command-line interface (CLI) and configure the profile to obscure the credit card number.
Which parameter will the engineer add in the CLI to encrypt the credit card numbers in the logs?

• A. –creditCardAction BLOCK
• B. -creditCardMaxAllowed
• C. –creditCardXOut ON
• D. –doSecureCreditCardLogging ON

Answer: D

NEW QUESTION 14
Scenario: A Citrix Engineer needs to configure an Application Firewall policy for an online shopping website called “mycompany.com”. As a security measure, the shopping cart application is hosted on a separate directory “/mycart” on the backend server. The engineer configured a profile to secure the connections to this shopping cart and now needs to ensure that this profile is allied to all incoming connections to the shopping cart.
Which policy expression will accomplish this requirement?

• A. http.req.ur
• B. contains(“/mycart”) & http:req.url.hostname.eq(“mycompany.com”)
• C. http.req.ur
• D. contains(“/mycart”) || http:req.url.hostname.eq(“mycompany.com”)
• E. http.req.header (“url”).contains (“/mycart”) || http.req.url.contains (“mycompany.com”)
• F. http.req.header (“url”).contains (“/mycart”) && http:req.url.contains (“mycompy.com”)

Answer: A

NEW QUESTION 15
Scenario: A Citrix Engineer has deployed four NetScaler MPXs with the following network configuration:
-Management traffic is on VLAN 5 (NSIP).
-Application and server traffic is on VLAN 10 (SNIP).
The engineer added the NetScaler Management and Analytics System (NMAS) interface to VLAN 10 to deploy a NMAS High Availability (HA) pair to manage and monitor the applications and virtual servers. After doing so, the engineer is NOT able to see the NetScaler or applications that need to be managed.
How can the engineer resolve the issue?

• A. Configure VLAN 5 as NSVLAN 5
• B. Move the NMAS interface to VLAN 5
• C. Configure VLAN 5 as NSSYNC VLAN
• D. Bind SNIP to VLAN 5

Answer: A

NEW QUESTION 16
Which aspect of NetScaler Management and Analytics System (NMAS) can be used to monitor end-to-end ICA traffic flowing through a NetScaler ADC?

• A. Gateway Insight
• B. HDX Insight
• C. Security Insight
• D. Web Insight

Answer: B