Which type of authentication server could an engineer configure in order to provide the use of RSA token authentication as a permitted authentication method to access a AAA Virtual Server?
A company wants to implement a policy where all passwords should be encrypted while transiting the network. Where in the GUI would the network engineer prevent access to unsecured management protocols?
A. Network -> IPs
B. System -> Auditing
C. AppExpert -> Pattern Sets
D. Protection Features -> Filter
Scenario: The NetScaler is configured with a NSIP of 10.20.30.40. Management access is NOT enabled on any other IP address. Which command should an engineer execute to prevent access to the NetScaler using HTTP and only allow HTTPS access?
A. set ns ip 10.20.30.40 -gui disabled -telnet disabled
B. set ip 10.20.30.40 -gui secureonly -mgmtaccess enabled
C. set ip 10.20.30.40 -mgmtaccess disabled -gui secureonly
D. set ns ip 10.20.30.40 -gui enabled -restrictAccess enabled
Company policy states that all passwords should travel the network in encrypted packets except SNMP. Which command should the network engineer execute to comply with this policy?
A. set ns ip 10.20.30.40 -ssh disabled -telnet disabled -gui enabled
B. set ns ip 10.20.30.40 -telnet disabled -gui secureonly -ftp disabled
C. set ns ip 10.20.30.40 -mgmtaccess disabled -restrictaccess enabled
D. set ns ip 10.20.30.40 -gui secureonly -ssh enabled -restrictaccess enabled
Scenario: The IT department in an organization manages servers and network devices from an internal management subnet. A Netscaler device has recently been installed into the DMZ network. The intranet firewall allows TCP 443 from the management subnet to the Netscaler device. How could the engineer ensure that only workstations in the management network are permitted to manage the Netscaler?
A. Create an Extended ACL based on the source IP address.
B. Create a restricted route from the internal network to the DMZ.
C. Enable the management access control option on the NSIP address.
D. Enable the management access control on the internal SNIP address.
Scenario: An engineer has three subnets configured on a NetScaler appliance. The engineer must only allow a certain group of users to access a virtual server on the appliance. The IT Manager requires that all rules are flexible and can be easily modified for ease of administration. How could the engineer allow certain groups to access the virtual server while still being able to modify the setting in the future?
A. Add a Simple ACL.
B. Disable USNIP Mode.
C. Create an Extended ACL.
D. Add a Host Route to the virtual server.
A network engineer needs to configure load balancing for an FTP site. Which type of session persistence method can the engineer select for this scenario?
B. Source IP
C. Cookie Insert
D. Custom Server ID
Scenario: Example.com runs a dating service site that provides a service with videos of candidates. They want to use RTSP load balancing to stream the videos more effectively. Which load balancing method should the engineer select?
A. Least packet
B. Round Robin
C. Least bandwidth
D. Least connection
A network engineer wants to configure a NetScaler for load balancing Voice over IP traffic (VoIP).
Which hash method is the best fit for VoIP traffic?
A. Call ID
B. Source IP
C. Destination IP
D. Domain name
Scenario: A company has three HTTP servers that are load balanced using NetScaler. When users connect to the HTTP application they often receive inconsistent data or are advised that they need to log on again. Which step should the engineer take to correct this?
A. Remove Down State Flush.
B. Change the idle timeout value for the service.
C. Configure persistence with appropriate timeouts.
D. Change the global TCP Client Idle Time-Out value.
Scenario: A network engineer has configured a load balancing virtual server for an HTTP application. Due to the application architecture, it is imperative that a user’s session remains on a single server during the session. The session has an idle timeout of 60 minutes. Some devices are getting inconsistent application access while most are working fine. The problematic devices all have tighter security controls in place. Which step should the engineer take to resolve this issue?
A. Set the cookie timeout to 60 minutes.
B. Configure a backup persistence of SourceIP.
C. Change the HTTP parameters to Cookie Version 1.
D. Utilize SSL offload to enable the application to use SSL.
Scenario: An application that uses HTTP for connections and other protocols for different types of content has been deployed. Load balancing virtual servers have been created for each protocol and the engineer now needs to ensure that once a load balancing decision has occurred, further requests for different content are served from the same server. How could the engineer achieve this?
A. Create a persistency group.
B. Set the Spillover method to DYNAMICCONNECTION.
C. Add a new virtual server for each protocol that is not directly addressable.
D. Set each virtual server to use Source IP Hash as the load balancing method.
Passing your Citrix 1Y0-A28 Exam by using the latest 1Y0-A28 Exam Demo Full Version: http://www.braindump2go.com/1y0-a28.html