Act now and download your Citrix 1Y0-351 test today! Do not waste time for the worthless Citrix 1Y0-351 tutorials. Download Avant-garde Citrix Citrix NetScaler 10.5 Essentials and Networking exam with real questions and answers and begin to learn Citrix 1Y0-351 with a classic professional.
2021 Jan 1Y0-351 simulations
Q1. A NetScaler Engineer is required to use SNMP v3 on a NetScaler instance and needs to use authentication and encryption for all SNMP v3 communication. What are two places where the engineer could set mandatory authentication and encryption? (Choose two.)
A. SNMP trap properties
B. SNMP user properties
C. SNMP group properties
D. SNMP manager properties
Answer: B, C
Q2. Which troubleshooting tool will show policy hits and verify that a policy expression is being invoked?
A. nspepi
B. nsapimgr
C. nstrace.sh
D. nsconmsg
Answer: D
Q3. What should a network engineer do to prevent unauthorized users from using the root user account?
A. Reset the nsroot account.
B. Change the nsroot password.
C. Create an authorization policy.
D. Bind a policy to the root user account.
Answer: B
Explanation:
Changing the Password of the Default User Account The default user account provides complete access to all features of the Citrix SDX appliance. Therefore, to preserve security, the nsroot account should be used only when necessary, and only individuals whose duties require full access should know the password for the nsroot account. Citrix recommends changing the nsroot password frequently. If you lose the password, you can reset the password to the default by reverting the appliance settings to factory defaults.
You can change the password of the default user account in the Users pane. In the Users pane, you can view the following details:
Name Lists the user accounts configured on the SDX appliance. Permission Displays the permission level assigned to the user account.
To change the password of the default user account
On the Configuration tab, in the navigation pane, expand System, and then click Users. In the Users pane, click the default user account, and then click Modify.
In the Modify System User dialog box, in Password and Confirm Password, enter the password of your choice.
Click OK.
Q4. Scenario: A company is hosting an external, Internet-facing website that is load balanced by a NetScaler. The backend servers are on a 1 Gbps network and clients connect over 3G connections. The Server Administrator reviewed the performance metrics on the backend servers and noticed a lot of overall network retirements and retransmissions. Which NetScaler feature would help improve the network performance of the backend servers in this scenario?
A. SureConnect
B. Compression
C. TCP Buffering
D. Surge Protection
Answer: C
Q5. On which two objects could a NetScaler Engineer bind cipher groups? (Choose two.)
A. Server
B. Service
C. SSL policy
D. SSL profile
E. Virtual server
Answer: B, E
Most up-to-date 1Y0-351 testing engine:
Q6. When creating a link aggregation channel on the NetScaler, the "-throughput" option sets the . (Choose the correct option to complete the sentence.)
A. max interface speed of the channel
B. interface threshold for channel failover
C. interface bandwidth limit for the channel
D. interface speed of each member of the channel
Answer: B
Q7. Scenario: A call center has deployed Access Gateway Enterprise to provide its employees with access to work resources from home. Due to the number of available licenses, only selected employees should access the environment remotely based on their user account information. How could the engineer configure access to meet the needs of this scenario?
A. Configure a Pre-authentication Policy.
B. Configure an Authentication Server using a search filter.
C. Configure an Authentication Policy using Client based expressions.
D. Add the selected employee accounts to the Local Authentication policy.
Answer: B
Explanation:
http://support.citrix.com/article/CTX111079
When you type log in credentials on the log in page of the NetScaler VPN and press Enter, the credentials are sent to the Active Directory for validation. If the user name and password are valid, then the Active Directory sends the user attributes to the NetScaler appliance. The memberOf attribute is one of the attributes that the Active Directory sends to the NetScaler appliance. This attribute contains the group name of which you are defined as a member in the Active Directory. If you are a member of more than one Active Directory group, then multiple memberOf attributes are sent to the NetScaler appliance. The NetScaler appliance then parses this information to determine if the memberOf attribute matches the Search filter parameter set on the appliance. If attribute matches, then you are allowed to log in to the network. The following are the sample attributes that the Active Directory can send to NetScaler appliance: dn: CN=johnd,CN=Users,DC=citrix,DC=com changetype: add memberOf: CN=VPNAllowed,OU=support,DC=citrix,DC=com cn: johnd givenName: john objectClass: user sAMAccountName: johnd Configuring a NetScaler Appliance to Extract the Active Directory Group To configure a NetScaler appliance to extract the Active Directory group and enable clients to access the NetScaler VPN based on the Active Directory groups by using the Lightweight Directory Access Protocol (LDAP) authentication, compete the following procedure: Determine the Active Directory Group that has access permission. To configure the NetScaler appliance for Group Extraction, you must define the group a user needs to be a member of to allow access to the network resources. Note: To determine that exact syntax, you might need to refer to the Troubleshooting Group Extraction on the NetScaler appliance section. Determine the Search Filter syntax. Enter the appropriate syntax in the Search Filter field of the Create Authentication Server dialog box, as shown in the following sample screenshot: Note: Ensure that you start the value to the Search Filter filed with memberOf= and do not have any embedded spaces in the value. To configure the LDAP authentication with Group Extractions from the command line interface of the NetScaler appliance with the values similar to the ones in the preceding screenshot, run the following command: add authentication ldapaction LDAP-Authentication -serverip 10.3.4.15 -ldapBase "CN=Users,DC=citrix,DC=com" -ldapBindDn “CN=administrator,CN=Users,DC=citrix,DC=com" -ldapBindDnPassword ..dd2604527edf70 -ldapLoginName sAMAccountName -searchFilter "memberOf=CN=VPNAllowed,OU=support,DC=citrix,DC=com" -groupAttrName memberOf -subAttributeName CN Note: Ensure that you set the subAttributeName parameter to CN. Troubleshooting Group Extraction on the NetScaler appliance To troubleshoot group extraction on the NetScaler appliance, consider the following points: If the LDAP policy fails after configuring it for Group Extraction, it is best to create a policy that does not have the group extraction configured to ensure that LDAP is configured appropriately. You might need to use the LDAP Data Interchange Format Data Exchange (LDIFDE) utility from Microsoft that extracts the attributes from the Active Directory server to determine the exact content of the memberOf group. You need to run this utility on the Active Directory server. The following is the syntax for the command to run the LDIFDE utility: ldifde -f <File_Name> -s <AD_Server_Name> -d "dc=<Domain_Name>,dc=com" -p subtree -r "(&(objectCategory=person)(objectClass=User)(givenname=*))" "cn,givenName,objectclass,samAccountName,memberOf" When you run the preceding command, a text file, with the name you specified for File_Name parameter, is created. This file contains all objects from the Active Directory. The following is an example from a text file so created: dn: CN=johnd,CN=Users,DC=citrix,DC=com changetype: add memberOf: CN=VPNAllowed,OU=support,DC=citrix,DC=com cn: johnd givenName: john objectClass: user sAMAccountName: johnd
Q8. Scenario: A NetScaler Engineer is addressing an issue discovered during a vulnerability scan.
The security team is requiring that the engineer disable specific SSL ciphers on the SSL
VServer. Which two methods could the engineer use to meet this requirement? (Choose two.)
A. Modify the list of ciphers in the Default cipher group.
B. Change the list of bound ciphers on the VServer directly.
C. Enable Cipher Redirect on the VServer and configure OCSP.
D. Disable SSLv2 Redirect on the VServer and update the CRLs.
E. Un-assign the default group, create a custom cipher group and assign it to the VServer.
Answer: B, E
Q9. A network engineer wants to configure a NetScaler for load balancing Voice over IP traffic (VoIP). Which hash method is the best fit for VoIP traffic?
A. Call ID
B. Source IP
C. Destination IP
D. Domain name
Answer: A
Q10. In which two places could a NetScaler Engineer enable TCP Buffering? (Choose two.)
A. Service
B. Globally
C. HTTP profile
D. Virtual server
Answer: A, B