Citrix 1Y0-340 Free Practice Questions

NEW QUESTION 1
A Citrix Engineer needs to ensure that all traffic to the virtual server is blocked if NONE of the bound Application Firewall policies are matched.
Which setting can the engineer configure to meet this requirement?

• A. set appfw settings –undefAction APPFW_BLOCK
• B. set ns httpProfile nshttp_default_profile-dropInvalReqs DISABLED
• C. set ns httpProfie nshttp_default_profile –dropInvalReqs ENABLED
• D. set appfw settings –defaultProfile APPFW_BLOCK

Answer: D

NEW QUESTION 2
A Citrix Engineer has received the following message after setting up Application Firewall in Learning mode. August 28 6 03:14:27 <local0.info>XXX.0.0.2.08/28/2021:03:14:27 GMT VPXExtProd01 0-PPE-0: default
GUI CMD_EXECUTED 1670370 0: User CitrixAdmin- Remote_ip XXX.19.XXX.XXX-Command “show
appfw learningdata WebPub_vs_af_1 startURL”- Status “ERROR: Communication error with aslearn”
What can the engineer perform to resolve the issue?

• A. Reinstall the Application Firewall license.
• B. Reboot the NetScaler appliance.
• C. Disable the Application Firewall feature.
• D. Delete the Profile database and restart the aslearn process.

Answer: B

NEW QUESTION 3
Which TCP flag will the NetScaler Application Firewall module send in response to a malformed/non-RFC complaint request from a client?

• A. FIN+ACK packet with a window size set to 9845
• B. RST packet with a window size set to 9845
• C. RST +ACK packet with a window size set to 0
• D. FIN packet with a window size set to 0

Answer: B

NEW QUESTION 4
Which reason can cause fail over in a NetScaler Management and Analytics System (NMAS) High Availability pair?

• A. A secondary server loses connectivity in the LAN.
• B. The engineer manually forces the secondary server to shut down.
• C. A primary server encounters a critical software issue.
• D. A primary server does NOT receive the SNMP traps from the instances connected.

Answer: C

NEW QUESTION 5
Which method is used by NetScaler Management and Analytics System (NMAS) to gather licensing information from NetScaler?

• A. CFLOW
• B. APPFLOW
• C. NITRO
• D. IPFLOW

Answer: C

NEW QUESTION 6
Scenario: A Citrix Engineer has a project to enable Integrated Caching on a NetScaler for a Financial Consulting company whose clients monitor their stocks in real time. Clients are reporting a delay in the displaying of the stock values.
What can the engineer configure on the NetScaler to enable data to be presented to the clients in real time?

• A. Dynamic Content Groups
• B. Basic Content Group
• C. Add another NetScaler
• D. Static Content Group

Answer: A

NEW QUESTION 7
Scenario: A Citrix Engineer has configured a Denial-of-Service (DoS) protection on the NetScaler and found that client TCP connections are failing. After taking a packet trace, the engineer notices that the first packet was dropped and that the NetScaler terminated the connection due to DoS protection being enabled.
What step can the engineer take to resolve the client connection failure?

• A. Enable the SYN COOKIE mechanism.
• B. Enable Denial-of-Service TCP connections.
• C. Disable the SYN COOKIE mechanism.
• D. Change the services from TCP to HTTP.

Answer: A

NEW QUESTION 8
Which two actions can a Citrix Engineer use to provide Denial of Service (DoS) protection with the AppQoE feature? (Choose two.)

• A. Simple Response
• B. HICResponse
• C. Denial Response
• D. Complex Response

Answer: AB

NEW QUESTION 9
Scenario: A Citrix Engineer has enabled learning on Application Firewall for all the Security checks on a basic profile that is configured in a production environment. However, after a few hours, the Application Firewall has stopped learning new data.
What is causing the issue?

• A. The learning database is limited to 20 MB in size and needs a reset.
• B. Application Firewall learning can only be enabled for an advanced profile.
• C. Application Firewall learning should only be enabled on Start URL.
• D. All the Security checks CANNOT be enabled simultaneously.

Answer: A

NEW QUESTION 10
Which three protocols in a NetScaler Management and Analytics System (NMAS) can be used to back up the current state of the managed NetScaler instances? (Choose three.)

• A. Telnet
• B. Secure Shell (SSH)
• C. NITRO calls
• D. HTTP
• E. Secure Copy (SCP)

Answer: BCE

Explanation: ou can manually backup and restore NetScaler configurations using the GUI, CLI, or you can use NetScaler MAS to perform automatic backups and manual restores. NetScaler MAS backs up the current state of your managed NetScaler instances by using NITRO calls and the Secure Shell (SSH) and Secure Copy (SCP) protocols.

NEW QUESTION 11
Scenario: A Citrix Engineer needs to configure an Application Firewall policy for an online shopping website called “mycompany.com”. As a security measure, the shopping cart application is hosted on a separate directory “/mycart” on the backend server. The engineer configured a profile to secure the connections to this shopping cart and now needs to ensure that this profile is allied to all incoming connections to the shopping cart.
Which policy expression will accomplish this requirement?

• A. http.req.ur
• B. contains(“/mycart”) & http:req.url.hostname.eq(“mycompany.com”)
• C. http.req.ur
• D. contains(“/mycart”) || http:req.url.hostname.eq(“mycompany.com”)
• E. http.req.header (“url”).contains (“/mycart”) || http.req.url.contains (“mycompany.com”)
• F. http.req.header (“url”).contains (“/mycart”) && http:req.url.contains (“mycompy.com”)

Answer: A

NEW QUESTION 12
A Citrix Engineer needs to prevent an attack against insecure operating-system or web-server software. The attack can cause the system to crash or behave unpredictably when it receives a data string that is larger than it can handle.
Which security check on the Application Firewall can the engineer enable to prevent such attacks?

• A. Start URL
• B. Deny URL
• C. Buffer Overflow
• D. Field Format

Answer: C

NEW QUESTION 13
Scenario: A Citrix Engineer has configured an IP Reputation policy and Profile in Application Firewall.
However, the engineer is NOT able to see any hits on the policy during testing.
Which logs can the engineer check to ensure that IP Reputation is configured correctly?

• A. websocketd.log
• B. snmpd.log
• C. iprep.log
• D. httpaccess.log

Answer: C

NEW QUESTION 14
The NetScaler processes HTTP/2 web client connections to the backend web servers by . (Choose the correct option to complete the sentence.)

• A. Converting the HTTP/2 headers to HTTP/1.1 headers and forwarding them to the web servers.
• B. Dropping HTTP/2 requests as it is NOT supported by web servers.
• C. Passing- through all HTTP/2 traffic to the web servers.
• D. Converting HTTP/2 to HTTP 0.9 and forwarding the packets to the web servers.

Answer: A

NEW QUESTION 15
Scenario: A Citrix Engineer has configured Application Firewall and enabled it in learning mode. However, the Application Firewall database is reaching full capacity due to excessive requests.
What can the engineer configure to mitigate this issue?

• A. Enable learning only on XML based profiles.
• B. Increase NetScaler hard drive capacity.
• C. Configure caching policies.
• D. Configure Trusted Learning Clients.

Answer: D

NEW QUESTION 16
Which aspect of NetScaler Management and Analytics System (NMAS) can be used to monitor end-to-end ICA traffic flowing through a NetScaler ADC?

• A. Gateway Insight
• B. HDX Insight
• C. Security Insight
• D. Web Insight

Answer: B

NEW QUESTION 17
A Citrix Engineer has found issues in the websites after enabling Application Firewall.
Which logs on the NetScaler can the engineer check to verify that the issues are NOT caused by Application Firewall?

• A. newnslog
• B. ns.log
• C. nslog
• D. aaad.debug

Answer: B