Practical and effective Citrix Ccp-n 1y0-351 exam dumps free sharing and 1y0-351 pdf online download, ridesoft free sharing
exam dumps throughout the year to help more people open the door to learning, if you want to obtain Citrix Ccp-n 1y0-351 certificate,
Please select Complete 1y0-351 dumps: https://www.pass4itsure.com/1y0-351.html (PDF + VCE) dumps.
[PDF] Free Citrix CCP-N 1Y0-351 dumps download from Google Drive:
https://drive.google.com/open?id=1HwUPDU2wqBvElG5gnZp3BMImFO7B29A1
[PDF] Free Full Citrix dumps download from Google Drive:
https://drive.google.com/open?id=1twl4v7QhOC9DCV8RONDQ_TYXqm_OWvTg
Citrix Education – 351: http://training.citrix.com/mod/ctxcatalog/course.php?id=958
About the 1Y0-351 exam:
The Citrix NetScaler 10.5 Essentails and Networking exam is divided into the following sections:
1. Configuring basic NetScaler settings;
2. Configuring network-related settings of the NetScaler implementation;
3. Securing the NetScaler implementation and traffic;
4. Configuring Load Balancing on NetScaler for backend servers and traffic;
5. Configuring SSL Offloading;
6. Configuring acceleration and optimization of traffic-handling;
7. Customizing NetScaler traffic-handling;
8. Monitoring of network-related activities and performance using monitoring tools;
9. Troubleshooting issues on NetScaler
Pass4itsure offers the latest Citrix CCP-N 1Y0-351 practice test free of charge (39Q&As)
Exam B
QUESTION 1
Traffic to which destination is sourced from the NetScaler IP (NSIP) by default?
A. NTP servers
B. Clients on the Internet
C. Load-balanced web services
D. Load-balanced authentication services
Correct Answer: A
QUESTION 2
Scenario: A NetScaler Engineer configures COOKIEINSERT persistence method for an HTTP VServer
named ‘myApp’. Many clients do NOT allow the persistence cookie to be set and application sessions fail
as a result. All clients are behind a network address translation (NAT) gateway, which will insert the client
IP address into an HTTP header called X-Forwarded-For.
Which command could the engineer execute to provide persistence for clients while still distributing the
requests across the bound services?
A. set lb vserver myApp -persistenceType SOURCEIP
B. set lb vserver myApp -persistenceType NONE -lbmethod SRCIPDESTIPHASH
C. set lb vserver myApp -persistenceType COOKIEINSERT -timeout 0 -cookieName X-Forwarded- For
D. set lb vserver myApp -persistenceType NONE -lb method TOKEN -rule “HTTP.REQ.HEADER(\”X
Forwarded-For\”).VALUE(0)
Correct Answer: D
QUESTION 3
Scenario: A NetScaler Engineer has created an SSL virtual server that utilizes SSL services. The engineer
needs to configure certificate authentication from the NetScaler to the backend web services.
What should the engineer do to meet the requirements outlined in the scenario?
A. Bind a CA Certificate to the SSL Services.
B. Bind a Client Certificate to the SSL Services.
C. Create an SSL policy to present the Client Certificate to the web services.
D. Enable Client Authentication and set Client Certificate to mandatory on the virtual server.
Correct Answer: B
QUESTION 4
Which service setting would a NetScaler Engineer use in the command-line interface to limit connections
to server resources?
A. -maxReq
B. -maxClient
C. -monThreshold
D. -maxBandwidth
Correct Answer: B
QUESTION 5
Which statement is true about interface link-state on the NetScaler?
A. Interface link-state is controlled by ifconfig in BSD.
B. Interface link-state is dependent on the HAMON setting.C. Interface link-state CANNOT be brought down from the NetScaler.
D. Interface link-state on both appliances is unaffected by the force failover command.
Correct Answer: C
QUESTION 6
In order to configure integrated cache, a NetScaler Engineer would need to reboot the NetScaler when the
integrated caching feature is __________ and cache memory limit is set to __________. (Choose the
correct set of options to complete the sentence.)
A. enabled; zero
B. disabled; zero
C. enabled; non-zero
D. disabled; non-zero
Correct Answer: A
QUESTION 7
Which two certificate formats are supported when creating a certificate key pair on the NetScaler?
(Choose two.)
A. PEM
B. DER
C. PKCS7
D. PKCS12
Correct Answer: AB
QUESTION 8
As a result of connecting two NetScaler interfaces in the same L2 broadcast domain/VLAN (unless link
aggregation is configured), the NetScaler will __________. (Choose the correct option to complete the
sentence.)
A. restart
B. disable one interface
C. cause a network loop
D. disable both interfaces
Correct Answer: C
QUESTION 9
Scenario: Users in an organization need to access several web applications daily. Management has asked
a NetScaler Engineer to reduce the amount of times users have to enter credentials when accessing web
applications.
What should the engineer configure to meet this requirement?
A. A load-balancing VServer and an authorization policy
B. An authentication VServer and an authorization policy
C. An authentication VServer and an authentication policy
D. A content switching VServer and an authentication profile
Correct Answer: C
QUESTION 10
The upgrade script copies the updated NetScaler kernel file to the __________ NetScaler directory.
(Choose the correct option to complete the sentence.)A. /var
B. /flash
C. /nsconfig
D. /flash/boot
Correct Answer: B
QUESTION 11
Which setting must an engineer ensure is configured before a Subnet IP (SNIP) could be used to
communicate with servers on the same network segment?
A. Static route is defined
B. USIP mode is enabled
C. USNIP mode is enabled
D. Default gateway is defined
Correct Answer: C
QUESTION 12
Which tool could a NetScaler Engineer use to monitor client-side rendering times for a Web application
that is load-balanced by NetScaler?
A. Tcpdump
B. Insight Center
C. Command Center
D. NetScaler Dashboard
Correct Answer: A
QUESTION 13
Which step could a network engineer take to prevent brute force logon attacks?
A. Enable the Rate Limiting feature.
B. Enable the AAA Application feature.
C. Configure the Access Gateway policies.
D. Configure the Cache redirection policies.
Correct Answer: A
QUESTION 14
A network engineer should enable the Rate Limiting feature of a NetScaler system to mitigate the threat of
__________ attack. (Choose the correct option to complete the sentence.)
A. reverse proxying
B. Java decompilation
C. source code disclosure
D. brute force logon attacks
Correct Answer: D
QUESTION 15
Which NetScaler feature could be used to stall policy processing to retrieve information from an external
server?
A. Responder
B. HTTP callout
C. AppExpert templateD. EdgeSight monitoring
Correct Answer: B
QUESTION 16
An engineer has bound three monitors to a service group and configured each of the monitors with a
weight of 10.
How should the engineer ensure that the members of the service group are marked as DOWN when at
least two monitors fail?
A. Re-configure the weight of each monitor to 0.
B. Configure the service group with a threshold of 21.
C. Configure the service group with a threshold of 20.
D. Re-configure the weight of each monitor to 5, and configure the service group threshold to 15.
Correct Answer: C
QUESTION 17
A network engineer has noted that the primary node in an HA pair has been alternating as many as three
times a day due to intermittent issues.
What should the engineer configure to ensure that HA failures are alerted?
A. LACP
B. SNMP
C. Route monitors
D. Failover Interface Set
Correct Answer: B
QUESTION 18
The disk is full on a NetScaler appliance but NO alerts were generated by the SNMP traps.
What is the likely cause of this failed alert?
A. Auditing is not enabled.
B. EdgeSight monitoring is not configured.
C. The threshold was not set for the alarm.
D. Health monitoring has not been enabled.
Correct Answer: C
QUESTION 19
What type of protocol does AppFlow use for reporting?
A. TCP
B. UDP
C. HTTP
D. SSL_TCP
Correct Answer: B
QUESTION 20
Scenario: A network engineer monitoring an HTTP service-related issue needs to view only the relevant
data pertaining to the service being monitored. The IP address of the back-end service being monitored is
10.10.1.99. The NSIP address is 10.10.1.230.
Which command should the engineer execute to monitor data relevant to this issue only in real time?A. telnet
B. traceroute
C. nsconmsg
D. nstcpdump
Correct Answer: D
QUESTION 21
Scenario: A NetScaler environment uses two-factor authentication and the second authentication
method is AD. A user logs in to the environment but does NOT receive access to the resources that the
user should have access to.
How can an engineer determine the AD authentication issue on the NetScaler?
A. Check NSlogs
B. Use nsconmsg
C. Use the cat aaad.debug command
D. Check the authorization configuration
Correct Answer: C
QUESTION 22
A NetScaler is configured with two-factor authentication. A user reported that authentication failed.
How can an engineer determine which factor of the authentication method failed?
A. Check NSlog
B. Use nsconmsg
C. Check the dashboard
D. Use cat aaad.debug command
Correct Answer: D
QUESTION 23
A public SSL certificate on a virtual server is about to expire and the NetScaler engineer needs to renew
the certificate before it expires.
Which step must the engineer take to renew the SSL Certificate?
A. Generate a new CSR
B. Recreate the Private Keys
C. Execute CRL Management
D. Update the existing certificate
Correct Answer: D
QUESTION 24
An environment network has:
– High bandwidth
– Low packet loss
– High Round-Trip Time (RTT)
Which TCP profile should an engineer configure for the environment described?A. Nstcp_default_profile
B. Nstcp_default_tcp_lfp
C. Nstcp_default_tcp_lnp
D. Nstcp_default_tcp_lan
Correct Answer: B
QUESTION 25
Scenario: A network engineer needs to provide web server administrators with access to monitoring and
reporting after changing the default root password during the initial setup of the NetScaler. The engineer
needs to ensure that the web server administrators can perform this task.
What should the engineer do in order to ensure that the administrators are able to log on to the NetScaler?
A. Create a group.
B. Create user accounts.
C. Create an authorization policy.
D. Create an authentication policy.
Correct Answer: B
QUESTION 26
Scenario: An engineer has configured a virtual server that users access using HTTP port 80. The web
application also uses TCP port 81 and 8080 for non-user access. The engineer would like to prevent users
from connecting to web servers if any of the ports go down.
How should the engineer set this configuration to ensure service availability?
A. Increase the monitor threshold.
B. Lower the server timeout value.
C. Create additional virtual servers for ports 81 and 8080.
D. Create monitors for ports 81 and 8080, and bind to the service or service group.
Correct Answer: D
QUESTION 27
Which step is required to ensure that SSL traffic is passed through the NetScaler to backend services
without processing SSL on the NetScaler appliance?
A. Create a service group of type SSL.
B. Create a service group of type HTTP.
C. Bind an SSL certificate to a service group.
D. Bind an SSL certificate to the virtual server
E. Create a service group of type SSL_BRIDGE.
Correct Answer: E
QUESTION 28
A NetScaler engineer would like to present different web pages to a user based on the device and browser
type from which they are connecting.
Which responder policy could assist with this requirement?
A. HTTP.RES.URL.PATH
B. HTTP.REQ.Host(“Host”)
C. HTTP.RES.BODY(1024)
D. HTTP.REQ.HEADER(“User-Agent”)
Correct Answer: D
QUESTION 29
Scenario: A user browses to a page and is presented with a warning that he is trying to enter a web site
with an untrusted certificate. The network engineer had added the correct certificate to the SSL virtual
server.
What could be the cause of this issue?
A. TLS is disabled on the virtual server.
B. The certificate is not linked to the intermediate CA.
C. The certificate has expired and needs to be renewed.
D. The CA certificate has not been added to the SSL virtual server.
Correct Answer: B
QUESTION 30
A network engineer is investigating issues and suspects that a new server that has been recently added to
the environment has the same IP address as a virtual server that is configured on the NetScaler.
Which command could the engineer run to check the logs that will contain such details?
A. nsconmsg -K newnslog -d stats
B. nsconmsg -K /var/nslog/newnslog -d consmsg
C. nsconmsg -K /var/nslog/newnslog -s ConLb=1 -d oldconmsg
D. nsconmsg -K /var/nslog/newnslog -s ConMon=x -d oldconmsg
Correct Answer: B
QUESTION 31
Scenario: A network engineer created an SSL virtual server and enabled smart card on it. The engineer
tried browsing to the server and noticed the back-end system could NOT see the users certificates.
What could be causing this issue?
A. The SSL virtual server cannot forward a client certificate.
B. The network engineer has not set smart card to mandatory.
C. The SSL virtual server cannot use smart card authentication.
D. The network engineer has not enabled SNI on the virtual server.
E. The network engineer forgot to enable the SSL policy allowing smart card forwarding on the SSL virtual
server.
Correct Answer: A
QUESTION 32
How could an engineer configure a monitor to ensure that a server is marked as DOWN if the monitor test
is successful?
A. Enable the LRTM option for the monitor
B. Enable the Reverse option for the monitor
C. Disable Down state flush for the service group
D. Disable the Health monitoring option for the service group
Correct Answer: B
QUESTION 33
A network engineer wants to hide the IP address of the outgoing packets by changing it to the IP of the
VIP.
Which feature should the administrator use?A. ACL
B. PBR
C. RNAT
D. Rewrite
Correct Answer: C
QUESTION 34
During a recent security penetration test, several ports on the management address were
identified as providing unsecured services.
Which two methods could the network engineer use to restrict these services? (Choose two.)
A. Configure Auditing policies.
B. Create Content Filtering policies.
C. Create Access Control Lists (ACLs).
D. Configure options on the Management IP addresses.
Correct Answer: CD
QUESTION 35
An engineer should use the filter (content filtering) feature to prevent __________ and __________.
(Choose the two correct options to complete the sentence.)
A. the use of unauthorized HTTP methods
B. a client from accessing a specific IP on the back-end
C. inappropriate HTTP headers from being sent to your Web server
D. inappropriate MSSQL commands from being sent to your SQL server
E. a client from a specific VLAN ID to access resources on the NetScaler
Correct Answer: AC
QUESTION 36
Scenario: A network engineer needs to implement high availability (HA) for a pair of NetScaler appliances.
The existing appliance was recently restarted and the new appliance has been rack mounted and turned
on for several weeks waiting to be configured. The engineer needs to create an HA pair, but is concerned
that his original appliance will get erased when the HA pair is created.
Which two tasks could the engineer do before the creation of the HA pair to ensure that the exiting unit
stays the main appliance? (Choose two.)
A. Set StayPrimary on the existing node.
B. Configure StaySecondary on the new node.
C. Enable HA Sync before adding the second node.
D. Create a Route Monitor to ensure proper synchronization.
E. Ensure that INC mode is enabled during creation of HA Pair.
Correct Answer: AB
QUESTION 37
Scenario: A network engineer plans to configure an Active Directory Server as the default authentication
for a NetScaler deployment and provide users with the option to change their password if it is expired.
Which two actions should the engineer take to configure this authentication requirement on the NetScaler
system? (Choose two.)A. Configure a pre-authentication policy.
B. Select security type as SSL on Authentication policy.
C. Configure Authentication server with SSO name attribute.
D. Configure Authentication server with allow password change option.
Correct Answer: BD
QUESTION 38
Which two parameters in the TCP buffering settings can be controlled by a network engineer? (Choose
two.)
A. buffering size
B. source IP range
C. destination IP range
D. memory size for buffering
Correct Answer: AD
QUESTION 39
Scenario: A NetScaler engineer has received an SSL certificate and bound it to the vServer. However,
users are unable to browse to the website using HTTPS. When the NetScaler engineer browses to the site
using HTTPS, the engineer notices that the certificate chain is incomplete.
Which two steps should the administrator take to fix the virtual server? (Choose two.)
A. Generate a new CSR.
B. Install a new Certificate Authority (CA).
C. Install the Intermediate Certificate from the CA.
D. Link the Intermediate Certificate to the virtual server.
E. Link the SSL Certificate to the Intermediate Certificate.
Correct Answer: CE
Conclusion:
Ridesoft free to share 39 Citrix Ccp-n 1y0-351 Online exam exercises and 1y0-351 PDF help more friends,
free exam dumps can help you start learning doors if you want to get Citrix Ccp-n 1Y0-351 Exam certificate,
please select full Citrix 1y0-351 dumps:https://www.pass4itsure.com/1y0-351.html (289Q&As)
[PDF] Free Citrix CCP-N 1Y0-351 dumps download from Google Drive:
https://drive.google.com/open?id=1HwUPDU2wqBvElG5gnZp3BMImFO7B29A1
[PDF] Free Full Citrix dumps download from Google Drive:
https://drive.google.com/open?id=1twl4v7QhOC9DCV8RONDQ_TYXqm_OWvTg