It is impossible to pass Citrix 1Y0-351 exam without any help in the short term. Come to Ucertify soon and find the most advanced, correct and guaranteed Citrix 1Y0-351 practice questions. You will get a surprising result by our Up to the minute Citrix NetScaler 10.5 Essentials and Networking practice guides.
Q41. Which command must a NetScaler Engineer run at the command-line interface to enable a Link Aggregation Control Protocol (LACP) channel?
A. Use "set lacp" with sysPriority parameter.
B. Use "set lacp" with ownerNode parameter.
C. Use "set interface" with lacpKey parameter.
D. Use "set interface" with lacpPriority parameter.
Answer: C
Q42. Scenario: A NetScaler Engineer has discovered that the object home.php is NOT found in the cache on the system. Below is the relevant configuration: add cache contentGroup cache_content_group_1 -relExpiry 0 add cache policy cache_pol_1 -rule "http.REQ.URL.CONTAINS(\"home.php\")" -action MAY_CACHE -storeInGroup cache_content_group_1 add cache policy cache_pol_2 -rule "http.REQ.METHOD.EQ(\"GET\")" -action NOCACHE add cache policy cache_pol_3 -rule "HTTP.RES.HEADER(\"Set-Cookie\").EXISTS" -action NOCACHE bind cache global cache_pol_1 -priority 90 -gotoPriorityExpression END -type REQ_OVERRIDE bind cache global cache_pol_2 -priority 100 -gotoPriorityExpression END -type REQ_OVERRIDE bind cache global cache_pol_3 -priority 100 -gotoPriorityExpression END -type RES_OVERRIDE The data from the client and the server are as following: GET /home.php HTTP/1.1
Host: www.website.com
User-Agent: Mozilla Firefox/3.0.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Date: Thu, 09 Oct 2014 18:25:00 GMT Cookie: sessionid=100xyz HTTP/1.1 200 OK Date: Thu, 09 Oct 2014 18:25:00 GMT Server: Apache/2.2.3 (Fedora) Last-Modified: Wed, 09 Jul 2014 21:55:36 GMT ETag: "27db3c-12ce-5e52a600" Accept-Ranges: bytes Cache-Control: private, max-age=0 Set-Cookie: sessionid=100xyz; expires=Thu, 09-Oct-2014 18:30:00 GMT; path=/ Content-Length: 119 Connection: close Content-Type: text/html; charset=UTF-8 Why does the object NOT persist in the cache?
A. The request is a GET request.
B. The response has Set-Cookie.
C. The content group is missing a cache selector.
D. The content group has been configured with relExpiry 0.
Answer: B
Q43. Which two encryption algorithms are supported on the NetScaler to store the encrypted SSL private key with a password? (Choose two.)
A. AES
B. RC4
C. DES
D. DES3
Answer: C, D
Q44. On a load-balancing virtual server with multiple bound services, Redirect URL will be invoked when . (Choose the correct phrase to complete the sentence.)
A. a backup virtual server has been configured
B. Health Based Spillover has been configured
C. one of the bound services is marked as DOWN
D. the load-balancing virtual server is marked as DOWN
Answer: D
Q45. Scenario: A NetScaler Engineer needs to perform a network packet trace on a NetScaler appliance. For troubleshooting purposes the engineer needs to capture traffic only from interfaces 1/3 and 1/4; traffic from other interfaces should NOT be captured. The resulting file should be saved in NetScaler format. What should the engineer do to accomplish this task?
A. Run the nstcpdump.sh command from the NetScaler shell and specify the interface
B. Run the nstcpdump.sh command from the NetScaler shell and specify the filter parameter
C. Run the start nstrace command from the NetScaler command-line interface and specify the filter parameter
D. Run the start nstrace command from the NetScaler command-line interface and specify the PerNIC parameter
Answer: C
Q46. Scenario: A NetScaler Engineer is working with a NetScaler appliance that has two network interface cards (NICs). The first NIC is placed on the DMZ network and the second NIC is on the internal network. The default route is configured to the gateway on the internal network. A virtual server is configured on the DMZ-network and the firewall on the DMZ is using network address translation (NAT) to allow external traffic to the virtual server. When a user from the Internet attempts to connect to the NAT'd external address, the session never establishes. The engineer performs an nstrace and sees that the user's traffic hits the NetScaler. The engineer then discovers that the problem is an asymmetrical packet flow. Which two settings could the engineer configure to resolve the issue? (Choose two.)
A. Link load balancing (LLB)
B. Policy-based routing (PBR)
C. Extended access list (ACL)
D. MAC-based forwarding (MBF)
E. Reverse network address translation (RNAT)
Answer: B, D
Q47. In order to configure integrated cache, a NetScaler Engineer would need to reboot the NetScaler when the integrated caching feature is and cache memory limit is set to
. (Choose the correct set of options to complete the sentence.)
A. enabled; zero
B. disabled; zero
C. enabled; non-zero
D. disabled; non-zero
Answer: A
Q48. Scenario: A call center has deployed Access Gateway Enterprise to provide its employees with access to work resources from home. Due to the number of available licenses, only selected employees should access the environment remotely based on their user account information. How could the engineer configure access to meet the needs of this scenario?
A. Configure a Pre-authentication Policy.
B. Configure an Authentication Server using a search filter.
C. Configure an Authentication Policy using Client based expressions.
D. Add the selected employee accounts to the Local Authentication policy.
Answer: B
Explanation:
http://support.citrix.com/article/CTX111079
When you type log in credentials on the log in page of the NetScaler VPN and press Enter, the credentials are sent to the Active Directory for validation. If the user name and password are valid, then the Active Directory sends the user attributes to the NetScaler appliance. The memberOf attribute is one of the attributes that the Active Directory sends to the NetScaler appliance. This attribute contains the group name of which you are defined as a member in the Active Directory. If you are a member of more than one Active Directory group, then multiple memberOf attributes are sent to the NetScaler appliance. The NetScaler appliance then parses this information to determine if the memberOf attribute matches the Search filter parameter set on the appliance. If attribute matches, then you are allowed to log in to the network. The following are the sample attributes that the Active Directory can send to NetScaler appliance: dn: CN=johnd,CN=Users,DC=citrix,DC=com changetype: add memberOf: CN=VPNAllowed,OU=support,DC=citrix,DC=com cn: johnd givenName: john objectClass: user sAMAccountName: johnd Configuring a NetScaler Appliance to Extract the Active Directory Group To configure a NetScaler appliance to extract the Active Directory group and enable clients to access the NetScaler VPN based on the Active Directory groups by using the Lightweight Directory Access Protocol (LDAP) authentication, compete the following procedure: Determine the Active Directory Group that has access permission. To configure the NetScaler appliance for Group Extraction, you must define the group a user needs to be a member of to allow access to the network resources. Note: To determine that exact syntax, you might need to refer to the Troubleshooting Group Extraction on the NetScaler appliance section. Determine the Search Filter syntax. Enter the appropriate syntax in the Search Filter field of the Create Authentication Server dialog box, as shown in the following sample screenshot: Note: Ensure that you start the value to the Search Filter filed with memberOf= and do not have any embedded spaces in the value. To configure the LDAP authentication with Group Extractions from the command line interface of the NetScaler appliance with the values similar to the ones in the preceding screenshot, run the following command: add authentication ldapaction LDAP-Authentication -serverip 10.3.4.15 -ldapBase "CN=Users,DC=citrix,DC=com" -ldapBindDn “CN=administrator,CN=Users,DC=citrix,DC=com" -ldapBindDnPassword ..dd2604527edf70 -ldapLoginName sAMAccountName -searchFilter "memberOf=CN=VPNAllowed,OU=support,DC=citrix,DC=com" -groupAttrName memberOf -subAttributeName CN Note: Ensure that you set the subAttributeName parameter to CN. Troubleshooting Group Extraction on the NetScaler appliance To troubleshoot group extraction on the NetScaler appliance, consider the following points: If the LDAP policy fails after configuring it for Group Extraction, it is best to create a policy that does not have the group extraction configured to ensure that LDAP is configured appropriately. You might need to use the LDAP Data Interchange Format Data Exchange (LDIFDE) utility from Microsoft that extracts the attributes from the Active Directory server to determine the exact content of the memberOf group. You need to run this utility on the Active Directory server. The following is the syntax for the command to run the LDIFDE utility: ldifde -f <File_Name> -s <AD_Server_Name> -d "dc=<Domain_Name>,dc=com" -p subtree -r "(&(objectCategory=person)(objectClass=User)(givenname=*))" "cn,givenName,objectclass,samAccountName,memberOf" When you run the preceding command, a text file, with the name you specified for File_Name parameter, is created. This file contains all objects from the Active Directory. The following is an example from a text file so created: dn: CN=johnd,CN=Users,DC=citrix,DC=com changetype: add memberOf: CN=VPNAllowed,OU=support,DC=citrix,DC=com cn: johnd givenName: john objectClass: user sAMAccountName: johnd