CCP A

Citrix 1Y0-351
Citrix NetScaler 10.5 Essentials and Networking

Version: 4.0
Citrix 1Y0-351 Exam
QUESTION NO: 1
A NetScaler Engineer has created a new custom user monitor script and needs to place it in the
NetScaler filesystem for use.
Where must the engineer place the custom script so that it is available for use?
A. /nsconfig/monitors
B. /netscaler/monitors
C. /var/nstemp/monitors
D. /netscaler/monitors/perl_mod
Answer: A
Explanation:
QUESTION NO: 2
What are the supported protocols for management authentication?
A. LOCAL, LDAP, and SAML

B. RADIUS, LDAP and TACACS+
C. CERTIFICATE, LDAP and SAML
D. RADIUS, TACACS+ and CERTIFICATE
Answer: B
Explanation:
QUESTION NO: 3
Scenario: A NetScaler Engineer has discovered that the object home.php is NOT found in the
cache on the system.
Below is the relevant configuration:
add cache contentGroup cache_content_group_1 -relExpiry 0
add cache policy cache_pol_1 -rule "http.REQ.URL.CONTAINS(\"home.php\")" -action

MAY_CACHE -storeInGroup cache_content_group_1
add cache policy cache_pol_2 -rule "http.REQ.METHOD.EQ(\"GET\")" -action NOCACHE
"Pass Any Exam. Any Time." - www.actualtests.com 2

Citrix 1Y0-351 Exam
add cache policy cache_pol_3 -rule "HTTP.RES.HEADER(\"Set-Cookie\").EXISTS" -action
NOCACHE
bind cache global cache_pol_1 -priority 90 -gotoPriorityExpression END -type REQ_OVERRIDE
bind cache global cache_pol_3 -priority 100 -gotoPriorityExpression END -type RES_OVERRIDE
The data from the client and the server are as following:
GET /home.php HTTP/1.1
Host: www.website.com
User-Agent: Mozilla Firefox/3.0.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Date: Thu, 09 Oct 2014 18:25:00 GMT
Cookie: sessionid=100xyz
HTTP/1.1 200 OK
Date: Thu, 09 Oct 2014 18:25:00 GMT
Server: Apache/2.2.3 (Fedora)
Last-Modified: Wed, 09 Jul 2014 21:55:36 GMT
ETag: "27db3c-12ce-5e52a600"
Accept-Ranges: bytes
Cache-Control: private, max-age=0
Set-Cookie: sessionid=100xyz; expires=Thu, 09-Oct-2014 18:30:00 GMT; path=/
Content-Length: 119

Citrix 1Y0-351 Exam
Connection: close
Content-Type: text/html; charset=UTF-8
Why does the object NOT persist in the cache?
A. The request is a GET request.

B. The response has Set-Cookie.
C. The content group is missing a cache selector.
D. The content group has been configured with relExpiry 0.
Answer: B
Explanation:
QUESTION NO: 4
Which two authentication types on the NetScaler support password changes? (Choose two.)
A. TACACS+
B. LDAP (TLS)
C. LDAP (SSL)
D. RADIUS (PAP)
E. LDAP (PLAINTEXT)
F. RADIUS (MSCHAPv2)
Answer: B,C
Explanation:
QUESTION NO: 5
Scenario: A NetScaler Engineer is viewing Authentication, Authorization and Access (AAA) events
on the NetScaler appliance to determine why a user is unable to log on. The events below have
been logged during this timeframe:
Fri Oct 17 18:17:16 2014
/usr/home/build/rs_80_48/usr.src/usr.bin/nsaaad/../../netscaler/aaad/ldap_drv.c[40\]:
start_ldap_auth attempting to
auth scottli @ 10.12.33.216

Citrix 1Y0-351 Exam
Fri Oct 17 18:17:18 2014
recieve_ldap_bind_event receive ldap bind event
Fri Oct 17 18:17:18 2014
recieve_ldap_bind_event ldap_bind with binddn bindpw failed:Invalid credentials Fri Oct 17

18:17:18 2014
/usr/home/build/rs_80_48/usr.src/usr.bin/nsaaad/../../netscaler/aaad/naaad.c[1198\]: send_reject
sending reject to kernel for : scottli
What is the root cause of this issue?
A. The LDAP Base DN is incorrect.

B. The Bind DN credentials are invalid.
C. The LDAP server is NOT responding.
D. The user has entered an invalid password.
Answer: B
Explanation:
QUESTION NO: 6
A company has an external-facing web application that requires end-to-end encryption and Layer-
7 functionality.
Which protocol type would an engineer choose for the virtual server and service?
A. SSL
B. SSL_TCP
C. SSL_PUSH
D. SSL_BRIDGE
Answer: B
Explanation:
QUESTION NO: 7
Scenario: A NetScaler Engineer has enabled the HTTP Compression feature on an existing

Citrix 1Y0-351 Exam
production NetScaler. The engineer is using the built-in policies. The engineer reviews the HTTP
Compression statistics but does NOT see any compression statistic data.
What is the likely reason?
A. SSL protocol is being used for encryption.

B. The Compression Policy engine is set to default.
C. "Allow Server side compression" is checked on the NetScaler.
D. Responses with the Content-Length or Chunked header are being sent from the server.
Answer: C
Explanation:
QUESTION NO: 8
Which two of the listed statements are true about Access Control Lists (ACLs) on the NetScaler?
(Choose two.)
A. Extended ACLs may BRIDGE traffic.

B. Simple ACLs are bound on ALL interfaces.
C. Extended ACLs are evaluated after creation.
D. Simple ACLs are processed after Extended ACLs.
Answer: A,B
Explanation:
QUESTION NO: 9
What is the purpose of the SSL Certificate Authority (CA) root certificate during an SSL
connection?
A. SSL Cipher Exchange

B. Session Key Exchange
C. Pre Shared Master Secret Generation
D. Server Certificate Signature Verification
Answer: A
Explanation:

Citrix 1Y0-351 Exam
QUESTION NO: 10
In order to create a three-node NetScaler cluster, all nodes must __________ and __________.
(Choose the two correct options to complete the sentence.)
A. be physical appliances
B. have Platinum licensing
C. be using the same build
D. be the same platform model
Answer: C,D
Explanation:
QUESTION NO: 11
Scenario: A NetScaler Engineer has been tasked with reconfiguring an existing NetScaler
deployment. The engineer is currently running a high-availability (HA) pair of NetScaler 10.5
appliances, but the Vice President of IT has requested a more efficient way of preserving and
balancing network resources and throughput while having a single point of management for the
NetScaler appliances.
What should the engineer configure to satisfy the requirements outlined by the Vice President of
IT?
A. Switch from traditional HA to -INC mode HA.

B. Break the HA pair and configure clustering instead.
C. Break the HA pair and configure three standalone NetScaler nodes.
D. Leave HA enabled and increase bandwidth to both NetScaler nodes.
Answer: B
Explanation:
QUESTION NO: 12
A NetScaler Engineer plans to deploy a third-party application that will perform scheduled
configuration auditing by using NITRO API with a REST interface.
Which management protocol should the engineer enable to allow NITRO API access?
A. SSH

Citrix 1Y0-351 Exam
B. HTTP
C. Telnet
D. SNMP
Answer: B
Explanation:
QUESTION NO: 13
Traffic to which destination is sourced from the NetScaler IP (NSIP) by default?
A. NTP servers
B. Clients on the Internet
C. Load-balanced web services
D. Load-balanced authentication services
Answer: A
Explanation:
QUESTION NO: 14
Scenario: A NetScaler Engineer configures COOKIEINSERT persistence method for an HTTP

VServer named 'myApp'. Many clients do NOT allow the persistence cookie to be set and
application sessions fail as a result. All clients are behind a network address translation (NAT)
gateway, which will insert the client IP address into an HTTP header called X-Forwarded-For.
Which command could the engineer execute to provide persistence for clients while still
distributing the requests across the bound services?
A. set lb vserver myApp -persistenceType SOURCEIP

B. set lb vserver myApp -persistenceType NONE -lbmethod SRCIPDESTIPHASH
C. set lb vserver myApp -persistenceType COOKIEINSERT -timeout 0 -cookieName X-
Forwarded-For
D. set lb vserver myApp -persistenceType NONE -lb method TOKEN -rule
"HTTP.REQ.HEADER(\"X-Forwarded-For\").VALUE(0)
Answer: D
Explanation:

Citrix 1Y0-351 Exam
QUESTION NO: 15
Scenario: A NetScaler Engineer has created an SSL virtual server that utilizes SSL services. The
engineer needs to configure certificate authentication from the NetScaler to the backend web
services.
What should the engineer do to meet the requirements outlined in the scenario?
A. Bind a CA Certificate to the SSL Services.

B. Bind a Client Certificate to the SSL Services.
C. Create an SSL policy to present the Client Certificate to the web services.
D. Enable Client Authentication and set Client Certificate to mandatory on the virtual server.
Answer: B
Explanation:
QUESTION NO: 16
Which service setting would a NetScaler Engineer use in the command-line interface to limit
connections to server resources?
A. -maxReq
B. -maxClient
C. -monThreshold
D. -maxBandwidth
Answer: B
Explanation:
QUESTION NO: 17
Which statement is true about interface link-state on the NetScaler?
A. Interface link-state is controlled by ifconfig in BSD.

B. Interface link-state is dependent on the HAMON setting.
C. Interface link-state CANNOT be brought down from the NetScaler.
D. Interface link-state on both appliances is unaffected by the force failover command.
Answer: C
Explanation:

Citrix 1Y0-351 Exam
QUESTION NO: 18
In order to configure integrated cache, a NetScaler Engineer would need to reboot the NetScaler
when the integrated caching feature is __________ and cache memory limit is set to __________.
(Choose the correct set of options to complete the sentence.)
A. enabled; zero
B. disabled; zero
C. enabled; non-zero
D. disabled; non-zero
Answer: A
Explanation:
QUESTION NO: 19
Which two certificate formats are supported when creating a certificate key pair on the NetScaler?
(Choose two.)
A. PEM
B. DER
C. PKCS7
D. PKCS12
Answer: A,B
Explanation:
QUESTION NO: 20
As a result of connecting two NetScaler interfaces in the same L2 broadcast domain/VLAN (unless
link aggregation is configured), the NetScaler will __________. (Choose the correct option to
complete the sentence.)
A. restart
B. disable one interface
C. cause a network loop
D. disable both interfaces

Citrix 1Y0-351 Exam
Answer: C
Explanation:
QUESTION NO: 21
Scenario: Users in an organization need to access several web applications daily. Management
has asked a NetScaler Engineer to reduce the amount of times users have to enter credentials
when accessing web applications.
What should the engineer configure to meet this requirement?
A. A load-balancing VServer and an authorization policy

B. An authentication VServer and an authorization policy
C. An authentication VServer and an authentication policy
D. A content switching VServer and an authentication profile
Answer: C
Explanation:
QUESTION NO: 22
The upgrade script copies the updated NetScaler kernel file to the __________ NetScaler
directory. (Choose the correct option to complete the sentence.)
A. /var
B. /flash
C. /nsconfig
D. /flash/boot
Answer: B
Explanation:
QUESTION NO: 23
Which setting must an engineer ensure is configured before a Subnet IP (SNIP) could be used to
communicate with servers on the same network segment?

Citrix 1Y0-351 Exam
A. Static route is defined
B. USIP mode is enabled
C. USNIP mode is enabled
D. Default gateway is defined
Answer: C
Explanation:
QUESTION NO: 24
Which tool could a NetScaler Engineer use to monitor client-side rendering times for a Web
application that is load-balanced by NetScaler?
A. Tcpdump
B. Insight Center
C. Command Center
D. NetScaler Dashboard
Answer: A
Explanation:
QUESTION NO: 25
What should a NetScaler Engineer configure to create load-balancing virtual servers and services
on the same VLAN with overlapping IP addresses?
A. Listen policies
B. Traffic domains
C. Dynamic routing
D. Policy-based routing
Answer: B
Explanation:
QUESTION NO: 26
Scenario: NetScaler is configured with a Subnet IP (SNIP) 192.168.1.10/24 on VLAN 1 and a

SNIP 172.168.1.50/24 on VLAN 100.

Citrix 1Y0-351 Exam
VLAN 100 has been properly associated with interface 1/1 and SNIP 172.168.1.50.
A user on VLAN 100 is attempting to access a virtual server on 192.168.1.25 and NOT getting a
response.
After troubleshooting the network, an engineer identifies that asymmetric packet flows are NOT
using the right interfaces on the return path to the client.
Which NetScaler setting must be enabled to avoid this behavior?
A. Layer 3 Mode
B. Layer 2 Mode
C. Direct Route Advertisement
D. MAC-based forwarding (MBF)
Answer: D
Explanation:
QUESTION NO: 27
Which outcome does the minify JavaScript option of the Front End Optimization (FEO) feature
provide?
A. It will replace characters with shorter names.

B. It will change all uppercase letters to lowercase.
C. It will remove all comments from the JavaScript.
D. It will compress JavaScript with the GZIP algorithm.
Answer: C
Explanation:
QUESTION NO: 28
Which feature could a Network Engineer configure in order to restrict client connections to a
specific bandwidth limit?
A. Spillover
B. Rate Limiting
C. SureConnect

Citrix 1Y0-351 Exam
D. Filter Policies
Answer: B
Explanation:
QUESTION NO: 29
Scenario: A web server needs to be load-balanced but the content for the web page is retrieved
from different server pools. There is a server pool for images, another for text files, and another for
documents.
Which NetScaler feature would allow a user to retrieve content from all pools through a single IP
address by leveraging the ability of NetScaler to forward traffic based on the incoming request?
A. Load Balancing
B. Content Filtering
C. Content Switching
D. Global Server Load Balancing
Answer: A
Explanation:
QUESTION NO: 30
Server Name Indication (SNI) is required when __________. (Choose the correct option to
complete the sentence.)
A. TLS 1.1/1.2 is enabled exclusively

B. a SAN extension certificate is used
C. multiple certificates are used on multiple domains on the same VServer
D. configuring a content switching SSL VServer with a single domain certificate
Answer: C
Explanation:
QUESTION NO: 31
What should an engineer configure in an environment where two NetScaler appliances are

Citrix 1Y0-351 Exam
configured in high availability (HA) mode to prevent both nodes from reporting a state of NOT_UP
at the same time?
A. Fail-Safe Mode
B. Route Monitors
C. Command Propagation
D. Configuration Synchronization
Answer: A
Explanation:
QUESTION NO: 32
When creating a link aggregation channel on the NetScaler, the "-throughput" option sets the
__________. (Choose the correct option to complete the sentence.)
A. max interface speed of the channel

B. interface threshold for channel failover
C. interface bandwidth limit for the channel
D. interface speed of each member of the channel
Answer: B
Explanation:
QUESTION NO: 33
Scenario: A NetScaler Engineer is asked to interpret the following configuration:
add audit syslogAction syslog_srv_1 192.168.0.1 -logLevel ERROR
add audit syslogAction syslog_srv_2 192.168.0.2 -logLevel WARNING
add audit syslogAction syslog_srv_3 192.168.0.3 -logLevel CRITICAL
add audit syslogAction syslog_srv_4 192.168.0.4 -logLevel ALERT
add audit syslogPolicy audit_pol_1 ns_true syslog_srv_1

Citrix 1Y0-351 Exam
bind system global audit_pol_1 -priority 100
add audit messageaction log-act1 CRITICAL '"Client:"+CLIENT.IP.SRC+" accessed

"+HTTP.REQ.URL' -bypassSafetyCheck YES
add responder policy RP_pol http.REQ.IS_VALID NOOP -logAction log-act1
bind responder global RP_pol 100 END -type REQ_OVERRIDE
Which syslog server will receive log information?
A. syslog_srv_3
B. syslog_srv_4
C. syslog_srv_1
D. syslog_srv_2
Answer: A
Explanation:
QUESTION NO: 34
Scenario: A NetScaler Engineer is working with a NetScaler appliance that has two network
interface cards (NICs). The first NIC is placed on the DMZ network and the second NIC is on the
internal network. The default route is configured to the gateway on the internal network. A virtual
server is configured on the DMZ-network and the firewall on the DMZ is using network address
translation (NAT) to allow external traffic to the virtual server.
When a user from the Internet attempts to connect to the NAT'd external address, the session
never establishes. The engineer performs an nstrace and sees that the user's traffic hits the
NetScaler. The engineer then discovers that the problem is an asymmetrical packet flow.
Which two settings could the engineer configure to resolve the issue? (Choose two.)

Citrix 1Y0-351 Exam
A. Link load balancing (LLB)
B. Policy-based routing (PBR)
C. Extended access list (ACL)
D. MAC-based forwarding (MBF)
E. Reverse network address translation (RNAT)
Answer: B,D
Explanation:
QUESTION NO: 35
Scenario: A NetScaler Engineer connected a new NetScaler MPX appliance to the network.
However, some of the interfaces were blocked on the uplink switch. The engineer needs to
perform a network packet trace on the NetScaler appliance. For troubleshooting purposes, the
engineer needs to separate trace files for each interface. The engineer executed the following
command from the NetScaler CLI:
start nstrace -perNIC ENABLED
However, NetScaler created a single trace file.
What should the engineer do to produce separate trace files for each interface?
A. Specify the nodes parameter.

B. Use the nsconmsg command.
C. Specify the tcpdump parameter.
D. Use the nstracemerge.sh command.
Answer: C
Explanation:
QUESTION NO: 36
On a load-balancing virtual server with multiple bound services, Redirect URL will be invoked
when __________. (Choose the correct phrase to complete the sentence.)
A. a backup virtual server has been configured

B. Health Based Spillover has been configured
C. one of the bound services is marked as DOWN

Citrix 1Y0-351 Exam
D. the load-balancing virtual server is marked as DOWN
Answer: D
Explanation:
QUESTION NO: 37
Which two encryption algorithms are supported on the NetScaler to store the encrypted SSL
private key with a password? (Choose two.)
A. AES
B. RC4
C. DES
D. DES3
Answer: C,D
Explanation:
QUESTION NO: 38
Scenario: A website that provides hotel bookings lists each hotel through their membership
number on the site URL. For example, the Martello Tower member ID is 6754 and its web
presence is at http://www.hoteltestwebsite.com/hotels/6754/index.html.
There are 20,000 hotels in the database of the website. The website business owner no longer
wants to display the hotel sites for hotel numbers 1-10000, inclusive. A NetScaler Engineer must
configure an appropriate responder page to indicate that these sites are unavailable.
Which expression will meet the requirements of the business owner?
A. HTTP.REQ.URL.PATH.GET(2).TYPECAST_NUM_T(DECIMAL).BETWEEN(0, 10000)
B. HTTP.REQ.URL.AFTER_STR("hotels").TYPECAST_NUM_T(DECIMAL).BETWEEN(0, 10000)
C. HTTP.REQ.URL.BEFORE_STR("index.html").TYPECAST_NUM_T(DECIMAL).BETWEEN(0,
10000)
D. HTTP.REQ.URL.PATH.GET(1).TYPECAST_NUM_T(DECIMAL).GT(0) &&
HTTP.REQ.URL.PATH.GET(1).TYPECAST_NUM_T(DECIMAL).LT(10000)
Answer: A
Explanation:

Citrix 1Y0-351 Exam
QUESTION NO: 39
In which two places could a NetScaler Engineer enable TCP Buffering? (Choose two.)
A. Service
B. Globally
C. HTTP profile
D. Virtual server
Answer: A,B
Explanation:
QUESTION NO: 40
Which two content types are, by default, compressible content on the NetScaler? (Choose two.)
A. zip
B. png
C. css
D. jpeg
E. html
Answer: C,E
Explanation:
QUESTION NO: 41
On a NetScaler system, the __________ timeout value will mark any session that has reached the
idle timeout for cleanup. (Choose the correct option to complete the sentence.)
A. Client
B. Server
C. Zombie
D. NATPCB
Answer: C
Explanation:

Citrix 1Y0-351 Exam
QUESTION NO: 42
Scenario: A NetScaler Engineer has configured COOKIEINSERT persistence with a timeout value
of two minutes on an SSL LBvServer. The idle time requirement for the application itself CANNOT
be determined. Users report connections are intermittent. Once a session is disconnected, a user
must re-authenticate in order to regain access.
In order to correct this issue, the engineer should set persistence to __________ with a timeout of
__________ minutes. (Choose the correct set of options to complete the sentence.)
A. SOURCEIP; two
B. SSLSESSION; ten
C. SRCIPDESTIP; two
D. COOKIEINSERT; zero
Answer: D
Explanation:
QUESTION NO: 43
What does the TCP Buffering feature on the NetScaler accomplish?
A. It enables the TCP options field syn-cookie.

B. It optimizes the client and server TCP window size.
C. It buffers incoming client connections on the NetScaler.
D. It offloads the server response to the NetScaler before delivering it to the client.
Answer: D
Explanation:
QUESTION NO: 44
Which setting would a NetScaler Engineer disable in order to stop the NetScaler from acting as a
router for non-NetScaler owned IP addresses or entities?
A. Layer 2 mode
B. Layer 3 mode
C. MAC-based forwarding

Citrix 1Y0-351 Exam
D. Use Subnet IP (USNIP)
Answer: C
Explanation:
QUESTION NO: 45
What is the purpose of binding Certificate Authority (CA) certificates to a virtual server?
A. For SSL Offload

B. To validate the server certificate
C. For client certificate authentication
D. To provide intermediate certificates to the client
Answer: C
Explanation:
QUESTION NO: 46
Which option needs to be set on the service in order to maintain the original client-IP to the
backend service?
A. -cka yes
B. -usip yes
C. -cip disabled
D. -useproxyport yes
Answer: B
Explanation:
QUESTION NO: 47
A NetScaler Engineer is required to use SNMP v3 on a NetScaler instance and needs to use
authentication and encryption for all SNMP v3 communication.
What are two places where the engineer could set mandatory authentication and encryption?
(Choose two.)

Citrix 1Y0-351 Exam
A. SNMP trap properties
B. SNMP user properties
C. SNMP group properties
D. SNMP manager properties
Answer: B,C
Explanation:
QUESTION NO: 48
Scenario: Users complain that they are NOT able to connect to a web site using the IP address.
The relevant portion of the configuration is shown below:
add ssl profile srv-web -sessReuse ENABLED -sessTimeout 120 -tls11 DISABLED -tls12
DISABLED -strictCAChecks YES
add service svc-web 192.168.1.3 HTTP 80
add lb vserver srv-web SSL 192.168.1.22 443 -persistenceType NONE -cltTimeout 180
bind lb vserver srv-web svc-web
set ssl vserver srv-web -eRSA DISABLED -clientAuth ENABLED -clientCert Optional -tls11
DISABLED -tls12 DISABLED -SNIEnable ENABLED
add ssl policy svc-web -rule true -action NOOP
bind ssl vserver srv-web -certkeyName WebCert -SNICert
bind ssl vserver srv-web -policyName svc-web -priority 100
What is the likely cause of the connectivity issue?
A. SSL policy is incorrect.

B. Client Authentication is enabled.
C. Server Name Indication is enabled.
D. Load Balancing persistence is set to NONE.
Answer: C
Explanation:
QUESTION NO: 49

Citrix 1Y0-351 Exam
A NetScaler Engineer needs to gather information from a NetScaler VPX before allocating the
platform license.
Which shell command could the engineer use to gather the needed information?
A. lmutil lmhostid -user

B. lmutil lmhostid -ether
C. lmutil lmhostid -internet
D. lmutil lmhostid -hostname
Answer: B
Explanation:
QUESTION NO: 50
Scenario: A NetScaler Engineer has received complaints from some users stating that their
business applications are running slow. The engineer analyzes the application servers and sees
the following CPU utilization:
ServerA is utilizing 20% CPU
ServerB is utilizing 20% CPU
ServerC is utilizing 100% CPU
The engineer had set the load-balancing method to round robin but decided to change the load-
balancing configuration for the business applications.
Which load-balancing method could the engineer use to address this issue?
A. Custom Load
B. Least Packets
C. Least Connections
D. Least Response time
Answer: A
Explanation:
QUESTION NO: 51

Citrix 1Y0-351 Exam
In a high-availability (HA) configuration, a NetScaler Engineer notices that the HA Synchronization
status shows as failed.
What could be causing the HA Synchronization to fail?
A. Port 3003 is being blocked

B. Port 3009 is being blocked
C. The RPC passwords are incorrect
D. The nsroot passwords are incorrect
Answer: C
Explanation:
QUESTION NO: 52
When using static proximity load-balancing method for a Global Server Load Balancing (GSLB)
virtual server, there must be a match between the IP addresses in the custom/static database to
the IP address of the _________ so that it is associated with a given location. (Choose the correct
option to complete the sentence.)
A. GSLB service
B. ADNS service
C. Load-balancing server
D. Client local DNS (LDNS)
Answer: A
Explanation:
QUESTION NO: 53
Scenario: A NetScaler Engineer must implement load-balancing on a web server farm that serves
video clips to end users. Video clip files vary in size. The engineer needs to send traffic to the
server with the least amount of network utilization.
Which load-balancing method should the engineer use?
A. Least Request
B. Least Bandwidth
C. Least Connection

Citrix 1Y0-351 Exam
D. Least Response Time
Answer: B
Explanation:
QUESTION NO: 54
Which protocol is responsible for exchanging site metric, network metric, and persistence
information between sites using Global Server Load Balancing (GSLB)?
A. SSH
B. MEP
C. RPC
D. NITRO
Answer: B
Explanation:
QUESTION NO: 55
Scenario: The marketing department would like a short URL to use for a product launch that will
redirect users to the product information page on the companys website.
The marketing URL they require is http://www.turboappliances.com/prima. It should redirect the

user to http://www.turboappliances.com/products/solutions/primaversion1234.html.
Which NetScaler command should a NetScaler Engineer run in order to meet the requirements of
the scenario?
A. add responder action MarketingURL redirect

"\"http://www.turboappliances.com/products/solutions/primaversion1234.html\""
B. add rewrite action MarketingURL4 replace_http_res
C. add rewrite action MarketingURL1 insert_http_header Location
D. add transform action MarketingURL2 -priority 100 -reqUrlFrom www.turboappliances.com/ -
reqUrlInto "http://www.turboappliances.com/products/solutions/primaversion1234.html"
Answer: A
Explanation:

Citrix 1Y0-351 Exam
QUESTION NO: 56
Which command must an engineer use to run a cluster with less than (n/2+1) number nodes
online?
A. add cluster <node> -quorumType Majority

B. add cluster instance <name> -quorum None
C. add cluster instance <clid> -quorumType None
D. add cluster instance <clid> -quorumType Majority
Answer: C
Explanation:
QUESTION NO: 57
Which of the listed options is a simple Access Control List (ACL) attribute?
A. VLAN ID
B. Source IP address
C. NetScaler interface
D. Destination IP address
Answer: A
Explanation:
QUESTION NO: 58
While binding a certificate key pair where the key is a 2048-bit, a NetScaler Engineer receives the
following error message:
"Certificate with key size greater than RSA512 or DSA512 bits not supported"
What could be causing this error?
A. The certificate being used is invalid.

B. The license file is saved in UTF-8 format.

Citrix 1Y0-351 Exam
C. The NetScaler does NOT have an SSL offloading card.
D. The NetScaler appliance does NOT have an appropriate license.
Answer: D
Explanation:
QUESTION NO: 59
A NetScaler Engineer has been given the task of protecting an internal web site by requiring users
to enter their credentials.
Which feature should the engineer configure?
A. AAA
B. SSL Offloading
C. Content Filtering
D. Application Firewall
Answer: D
Explanation:
QUESTION NO: 60
Multiple Subnet IPs (SNIPs) are defined in the same network.
A NetScaler Engineer could specify the SNIP to use to communicate with servers on that network
by configuring a __________. (Choose the correct option to complete the sentence.)
A. net profile
B. listen policy
C. traffic domain
D. policy-based route
Answer: A
Explanation:
QUESTION NO: 61

Citrix 1Y0-351 Exam
Scenario: A NetScaler Engineer has created a local account for a user according to the below
configuration:
add system user NSUser userpassword -timeout 900
add system group "NetScaler users" -timeout 900
add system cmdPolicy netscaler-users ALLOW

"(^man.*)|(^show\\s+(?!system)(?!configstatus)(?!ns ns\\.conf)(?!ns savedconfig)(?!ns
runningConfig)(?!gslb runningConfig)(?!audit messages)(?!techsupport).*)|(^stat.*)"
bind system group "NetScaler users" -userName NSUser
bind system group "NetScaler users" -policyName netscaler-users 100
The user is able to log on but is NOT able to execute certain commands. The engineer goes back
and looks at the logs, and the following is displayed:
Oct 6 13:34:15 <local0.info> 192.168.10.50 10/06/2014:13:34:15 GMT ns1 0-PPE-0 : CLI

CMD_EXECUTED 4303 0 : User NSUser - Remote_ip 192.168.10.10 - Command "show ns
runningConfig" - Status "ERROR: Not authorized to execute this command"
Why is the command NOT working for the user?
A. cmdPolicy is NOT configured to allow the command

B. cmdPolicy should be set to DENY, instead of ALLOW
C. The user should be bound to the cmdPolicy netscaler-users
D. The priority of the cmdPolicy bound to the group "NetScaler users" should be higher
Answer: A
Explanation:
QUESTION NO: 62
Scenario: A NetScaler Engineer is using the following policy to forward traffic when performing
content switching:
add cs action cs1_act -targetVserverExpr HTTP.REQ.HOSTNAME
add cs policy cs1_switch_policy -rule true -action cs1_act
bind cs vserver CS1-VIP -policyName cs1_switch_policy -priority 10

Citrix 1Y0-351 Exam
In order to make sure the policy works correctly, the engineer must name the __________ to
match the hostname. (Choose the correct option to complete the sentence.)
A. load-balancing servers
B. load-balancing services
C. load-balancing virtual servers
D. content-switching virtual server
Answer: C
Explanation:
QUESTION NO: 63
What are two benefits of using Link Aggregation Control Protocol (LACP)? (Choose two.)
A. Redundancy
B. Compression
C. Reduce TCP latency
D. Increased throughput
E. Automatic configuration of TCP windows
Answer: A,D
Explanation:
QUESTION NO: 64
Scenario: A NetScaler Engineer has a high-availability (HA) pair of NetScaler MPX devices (NS1
and NS2) connected on interfaces 0/1, 1/1 and 1/2. NS1 is currently the primary unit. Fail-safe
mode is NOT enabled. High-availability monitor is enabled on all the connected interfaces. The
engineer sees the following line in the output of his "show node" command from the command-line
interface:
Interfaces on which heartbeats are not seen: 1/1 1/2
Interfaces causing Partial Failure: None
What will happen if the 0/1 interface fails?
A. NS1 and NS2 will both become primary.

B. NS2 will fail and NS1 will remain primary.

Citrix 1Y0-351 Exam
C. NS1 will fail and NS2 will become primary.
D. NS1 and NS2 will both fail and become secondary.
Answer: A
Explanation:
QUESTION NO: 65
A NetScaler Engineer created an HTTP service and did NOT bind any monitors to the service.
Which monitor will the NetScaler automatically bind to the HTTP service?
A. tcp
B. http
C. tcp-ecv
D. http-ecv
E. tcp-default
F. ping-default
Answer: E
Explanation:
QUESTION NO: 66
Which troubleshooting tool will show policy hits and verify that a policy expression is being
invoked?
A. nspepi
B. nsapimgr
C. nstrace.sh
D. nsconmsg
Answer: D
Explanation:
QUESTION NO: 67
Which NetScaler caching type requires proxy configuration on all client devices?

Citrix 1Y0-351 Exam
A. SOCKS
B. REVERSE
C. FORWARD
D. TRANSPARENT
Answer: C
Explanation:
QUESTION NO: 68
Scenario: A client connecting to an SSL virtual server receives the following error:
"Invalid Server Certificate The server certificate is invalid. Do you wish to accept this certificate
and connect to the server anyway?"
What is a possible cause of this error message?
A. The private key is NOT password-protected.

B. The certificate key pair is password-protected.
C. The intermediate CA certificate is NOT linked to the server certificate.
D. Certificate Revocation Lists (CRLs) have NOT been defined on the NetScaler.
Answer: C
Explanation:
QUESTION NO: 69
Which two NetScaler command-line interface commands could an engineer execute to change
TCP Window Scaling settings on the NetScaler? (Choose two.)
A. set netProfile
B. add ns tcpProfile
C. unset ns tcpParam
D. set ns tcpbufParam
E. add autoscale profile
Answer: B,C
Explanation:

Citrix 1Y0-351 Exam
QUESTION NO: 70
On which two objects could a NetScaler Engineer bind cipher groups? (Choose two.)
A. Server
B. Service
C. SSL policy
D. SSL profile
E. Virtual server
Answer: B,E
Explanation:
QUESTION NO: 71
Which protocol can be monitored by Insight Center?
A. FTP
B. HTTP
C. RTSP
D. RADIUS
Answer: B
Explanation:
QUESTION NO: 72
Scenario: A NetScaler Engineer is configuring a new system with connected interfaces 10/1 - 10/4
and runs the following commands:
add ip 10.10.10.1 255.255.255.0 -type snip
add vlan 10
bind vlan 10 -ifnum 10/1
On which interface(s) will subnet 10.10.10.1 respond to requests?
A. Only interface 10/1

B. Interfaces on VLAN 10

Citrix 1Y0-351 Exam
C. Only interfaces on VLAN 1
D. Interfaces 10/1 through 10/4
Answer: D
Explanation:
QUESTION NO: 73
Which connection state is included in the Current Server Connections parameter, but not affected
by Max Clients?
A. Open
B. Listen
C. Closing
D. Open Established
Answer: C
Explanation:
QUESTION NO: 74
Which command must a NetScaler Engineer run at the command-line interface to enable a Link
Aggregation Control Protocol (LACP) channel?
A. Use "set lacp" with sysPriority parameter.

B. Use "set lacp" with ownerNode parameter.
C. Use "set interface" with lacpKey parameter.
D. Use "set interface" with lacpPriority parameter.
Answer: C
Explanation:
QUESTION NO: 75
A NetScaler Engineer created an SSL virtual server but the status is showing as state DOWN.
What could be causing the virtual server to show as state DOWN?

Citrix 1Y0-351 Exam
A. The virtual server is configured for port 444.
B. HTTP services are used instead of HTTPS services.
C. The SSL certificate is NOT bound to the virtual server.
D. The certificate bound to the virtual server has a private key of 512-bits.
Answer: C
Explanation:
QUESTION NO: 76
Which client header indicates support for the type of compression the NetScaler may use?
A. Accept
B. User-Agent
C. Content-Type
D. Accept-Encoding
Answer: D
Explanation:
QUESTION NO: 77
Scenario: A NetScaler Engineer has discovered that the object home.php is NOT found in the
cache on the system.
Below is the relevant configuration:
add cache contentGroup cache_content_group_1 -relExpiry 0
add cache policy cache_pol_1 -rule "http.REQ.URL.CONTAINS(\"home.php\")" -action

MAY_CACHE -storeInGroup cache_content_group_1
add cache policy cache_pol_2 -rule "http.REQ.METHOD.EQ(\"GET\")" -action NOCACHE
add cache policy cache_pol_3 -rule "HTTP.RES.HEADER(\"Set-Cookie\").EXISTS" -action

CACHE

Citrix 1Y0-351 Exam
bind cache global cache_pol_3 -priority 100 -gotoPriorityExpression END -type RES_OVERRIDE
The data from the client and the server are as following:
GET /home.php HTTP/1.1
Host: www.website.com
User-Agent: Mozilla Firefox/3.0.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Date: Thu, 09 Oct 2014 18:25:00 GMT
Cookie: sessionid=100xyz
HTTP/1.1 200 OK
Date: Thu, 09 Oct 2014 18:25:00 GMT
Server: Apache/2.2.3 (Fedora)
Last-Modified: Wed, 09 Jul 2014 21:55:36 GMT
ETag: "27db3c-12ce-5e52a600"
Accept-Ranges: bytes
Cache-Control: private, max-age=0
Set-Cookie: sessionid=100xyz; expires=Thu, 09-Oct-2014 18:30:00 GMT; path=/
Content-Length: 119
Connection: close
Content-Type: text/html; charset=UTF-8
Why does the object NOT persist in the cache?

Citrix 1Y0-351 Exam
A. The request is a GET request.
B. The response has Set-Cookie.
C. The content group is missing a cache selector.
D. The content group has been configured with relExpiry 0.
Answer: D
Explanation:
QUESTION NO: 78
Which IP address type should be bound to a VLAN in order to isolate traffic to backend services?
A. Virtual IP (VIP)
B. Cluster IP (CLIP)
C. Subnet IP (SNIP)
D. NetScaler IP (NSIP)
Answer: C
Explanation:
QUESTION NO: 79
Scenario: NetScaler features are NOT licensed. A NetScaler Engineer has checked that the
proper platform license file has been uploaded.
Why are the NetScaler features NOT licensed?
A. The features are NOT enabled.

B. The NetScaler needs to be restarted.
C. The NetScaler initial setup is NOT completed.
D. There is no universal license on the NetScaler.
Answer: B
Explanation:
QUESTION NO: 80
Which SSL parameter should an engineer configure to bind multiple certificate key pairs to a

Citrix 1Y0-351 Exam
virtual server?
A. SNI enable
B. Session reuse
C. Send close-notify
D. Client authentication
Answer: A
Explanation:
QUESTION NO: 81
What is the key benefit to enabling Session Reuse on an SSL offload VServer?
A. The number of HTTP requests to the backend services are decreased.

B. Resumed SSL sessions are more secure than sessions that require renegotiation.
C. Reusing existing sessions decreases the number of TCP connections made to backend
services.
D. A partial SSL handshake is sent over the existing SSL connection, reducing CPU and
bandwidth usage.
Answer: D
Explanation:
QUESTION NO: 82
Which two are HTTP response codes from a successful cache hit by default? (Choose two.)
A. 304
B. 500
C. 200
D. 401
Answer: A,C
Explanation:
QUESTION NO: 83

Citrix 1Y0-351 Exam
Which persistence method is only applicable to load-balancing SIP?
A. CALLID
B. RTSPID
C. SOURCEIP
D. COOKIEINSERT
Answer: A
Explanation:
QUESTION NO: 84
Scenario: A NetScaler Engineer wants to make it easier for the help desk group to access the
active node in a high-availability pair. Members of the help desk group must be able to access the
NetScaler in a secure way without being notified of warnings in their web browsers.
Which two of the listed steps must the engineer take to meet the requirements of the scenario?
(Choose two.)
A. Enable management access to the VIP.

B. Enable management access to the SNIP.
C. Bind a trusted certificate to the internal service.
D. Bind the ns-server-certificate to the SNIP to the internal service.
E. Create a self-signed certificate on the NetScaler and assign it to the internal service.
Answer: B,C
Explanation:
QUESTION NO: 85
What would a NetScaler Engineer configure to allow internal IPv4 servers on a private subnet
access to the external Internet through the NetScaler?
A. Link Load Balancing (LLB)

B. Network Address Translation 64 (NAT64)
C. Inbound Network Address Translation (INAT)
D. Reverse network address translation (RNAT)
Answer: D
Explanation:

Citrix 1Y0-351 Exam
QUESTION NO: 86
A recent security audit has identified that NetScaler management is available on all Subnet IP
(SNIP) adresses.
Which step could an engineer take to ensure that these services are only available through the
NetScaler IP (NSIP)?
A. Unbind all SNIPs from the NSVLAN.

B. Disable the 'GUI' option on all SNIPs.
C. Enable the 'Restrict Access' option on all SNIPs.
D. Disable the 'Management Access' option on all SNIPs.
Answer: D
Explanation:
QUESTION NO: 87
Scenario: A NetScaler Engineer creates a new HTTP VServer using the following command:
add lb vserver lb_test HTTP 172.20.10.85 80 -lbMethod LEASTCONNECTION -persistencetype

COOKIEINSERT -timeout 0 -authentication ON -cacheable YES
During testing, the engineer notices a cookie named NSC_iuuq2 with a value of:
ffffffff020a1d1545525d5f4f58455e445a4a423660
What is the purpose of this cookie?
A. It indicates that the client has been authenticated.

B. It indicates that the client has NOT been authenticated.
C. It is used for persistence, describing only the VServer ID and Service IP.
D. It is used for persistence, describing the VServer ID, Service IP and Service Port.
Answer: D
Explanation:

Citrix 1Y0-351 Exam
QUESTION NO: 88
How could a NetScaler Engineer ensure that a content-switching virtual server is marked as
DOWN if all target load-balancing servers show as DOWN?
A. Specify a monitor
B. Enable State Update
C. Specify a route monitor
D. Configure a backup virtual server
Answer: B
Explanation:
QUESTION NO: 89
Scenario: A NetScaler Engineer needs to enable access to a load-balancing virtual server from
two customers that belong to different VLANs, VLAN500 and VLAN600. Each customer must
access the services and servers specific to their VLAN and should never be able to reach another
customer service or servers.
Traffic Domain (TD) 1 has been created for VLAN500 and Traffic Domain (TD) 2 for VLAN600.
Load-balancing services have also been created for each server on TD1 and TD2. The TD for the
virtual server is TD 3 and IP address 172.10.0.30.
In order to complete this setup, the engineer should create a load-balancing virtual server with IP
172.10.0.30 on TD 3 and use __________. (Choose the correct option to complete the sentence.)
A. TD2 services as a backup virtual server

B. TD1 and TD2 services on one virtual server
C. TD1 and TD2 services on two virtual servers
D. TD1 on one virtual server and TD2 on second
Answer: D
Explanation:
QUESTION NO: 90
Which item needs to be configured to enable content prefetch in Integrated Caching on the
NetScaler appliance?

Citrix 1Y0-351 Exam
A. Cache Policy
B. Cache Object
C. Cache Selector
D. Cache Content Group
Answer: D
Explanation:
QUESTION NO: 91
A NetScaler Engineer would like to direct identical requests for the same service to specific cache
servers.
Which load-balancing method should the engineer use?
A. URL Hash
B. Domain Hash
C. Source IP Hash
D. Source IP Destination IP Hash
Answer: A
Explanation:
QUESTION NO: 92
Scenario: A Network Engineer needs to provide a solution for mobile users who use devices that
do NOT support basic access authentication.
Which three steps should be included as part of the engineer's plan to implement this requirement
using NetScaler? (Choose three.)
A. Configure an OCSP responder.

B. Create an authentication VServer.
C. Configure a Pre-Authentication policy.
D. Create an LDAP authentication policy and bind it to the authentication server.
E. Enable and configure the authentication option on a VServer to use 401-based authentication.
F. Enable and configure the Authentication option on a load balancing VServer to use form-based
authentication.
Answer: B,D,F

Citrix 1Y0-351 Exam
Explanation:
QUESTION NO: 93
Scenario: A NetScaler Engineer recently enabled the HTTP Compression feature. In reviewing the
HTTP compression statistics, the engineer notices that content from all HTTP virtual servers
created prior to enabling the compression feature is NOT being compressed.
What should the engineer do to allow compression for any pre-existing HTTP virtual servers?
A. Recreate the HTTP virtual servers.

B. Recreate any existing compression policies.
C. Enable compression on the associated bound services.
D. Ensure 'Allow Server side compression' is unchecked on the NetScaler.
Answer: C
Explanation:
QUESTION NO: 94
Scenario: A NetScaler Engineer has configured a virtual server as follows:
set lb vserver web_vserver -redirectURL http://www.external.hosting.com -backupVServer

maint_vserver
The virtual server web_vserver is marked as DOWN; maint_vserver is marked as UP.
The following request is sent to the web_vserver:
GET /path/query HTTP/1.1
What would happen to this request?
A. Redirected to http://www.external.hosting.com
B. Forwarded to the backup server, ignoring the query
C. Forwarded to the backup server, preserving the query
D. Redirected to http://www.external.hosting.com/path/query

Citrix 1Y0-351 Exam
Answer: C
Explanation:
QUESTION NO: 95
When would it be necessary to configure Failover Interface Set (FIS) in an environment that has
two NetScaler appliances in high availability (HA) mode?
A. Link redundancy is required.

B. Route monitors are required.
C. HA monitor is disabled in some interfaces.
D. The NetScaler appliances are configured on different networks.
Answer: A
Explanation:
QUESTION NO: 96
Scenario: A company is hosting an external, Internet-facing website that is load balanced by a

NetScaler. The backend servers are on a 1 Gbps network and clients connect over 3G
connections. The Server Administrator reviewed the performance metrics on the backend servers
and noticed a lot of overall network retirements and retransmissions.
Which NetScaler feature would help improve the network performance of the backend servers in
this scenario?
A. SureConnect
B. Compression
C. TCP Buffering
D. Surge Protection
Answer: C
Explanation:
QUESTION NO: 97
When a content-switching virtual server is used and idle client connections must stay established
longer than the default NetScaler value, in which two locations could an engineer adjust the client

Citrix 1Y0-351 Exam
timeout setting? (Choose two.)
A. Global Timeout Settings

B. Load-balancing services
C. Load-balancing virtual server
D. Content-switching virtual server
Answer: A,D
Explanation:
QUESTION NO: 98
Scenario: A NetScaler Engineer is troubleshooting an issue and using /var/log/ns.log to view the
errors.
The logs are being filled with messages like the ones below:
Oct 6 14:03:23 <local0.info> 192.168.10.50 10/06/2014:14:03:23 GMT ns1 0-PPE-0 : TCP

CONN_DELINK 4471 0 : Source 192.168.10.10:52187 - Vserver 192.168.10.50:80 - NatIP
192.168.10.10:52187 - Destination 192.168.10.50:80 - Delink Time 10/06/2014:14:03:23 GMT -
Total_bytes_send 1075 - Total_bytes_recv 352

CONN_TERMINATE 4472 0 : Source 192.168.10.35:80 - Destination 192.168.10.51:35341 - Start
Time 10/06/2014:14:02:43 GMT - End Time 10/06/2014:14:03:30 GMT - Total_bytes_send 1 -
Total_bytes_recv 1

CONN_TERMINATE 4473 0 : Source 127.0.0.1:7776 - Destination 127.0.0.2:55623 - Start Time
10/06/2014:14:02:45 GMT - End Time 10/06/2014:14:03:30 GMT - Total_bytes_send 1 -
Total_bytes_recv 1

CONN_TERMINATE 4474 0 : Source 127.0.0.1:80 - Destination 127.0.0.2:39771 - Start Time
10/06/2014:14:02:46 GMT - End Time 10/06/2014:14:03:30 GMT - Total_bytes_send 1 -
Total_bytes_recv 1
Which option should the engineer modify to stop these types of messages from getting logged in
/var/log/ns.log?
A. ACL logging in the nslog parameters

B. ACL logging in the syslog parameters
C. TCP logging in the nslog parameters

Citrix 1Y0-351 Exam
D. TCP logging in the syslog parameters
Answer: D
Explanation:
QUESTION NO: 99
Scenario: A NetScaler Engineer is troubleshooting a high-availability issue. The engineer needs to

determine if the port being used by the high-availability heartbeats is blocked.
Which port is used by high-availability heartbeats?
A. 3003
B. 3008
C. 3010
D. 3011
Answer: A
Explanation:
QUESTION NO: 100
What is the default load-balancing method?
A. Round Robin
B. Source IP Hash
C. Least Connection
D. Least Response Time
Answer: C
Explanation:
QUESTION NO: 101
Scenario: A NetScaler Engineer retrieves the following configuration from support and enters it
into the command-line interface:
add rewrite action remove_server_header delete_http_header Server

Citrix 1Y0-351 Exam
add rewrite policy RP_remove_srv_header "HTTP.REQ.IS_VALID &&
!CLIENT.IP.SRC.IN_SUBNET(172.16.0.0/16)" remove_server_header
bind lb vserver lb_vsrv -policyName RP_remove_srv_header -priority 100 -gotoPriorityExpression

END -type REQUEST
The immediate effect of this configuration is that it will __________ the server header in the
__________ if the request is coming from a network other than 172.16.0.0/16. (Choose the correct
set of options to complete the sentence.)
A. keep; request
B. keep; response
C. remove; request
D. remove; response
Answer: D
Explanation:
QUESTION NO: 102
What is the only input format supported by the NetScaler when using the NetScaler Certificate
Import wizard within the configuration utility?
A. JKS
B. PEM
C. DER
D. PKCS#12
Answer: D
Explanation:
QUESTION NO: 103
An end user is receiving authentication errors when accessing a load-balancing virtual server that
uses Authentication, Authorization and Access (AAA)-TM.
Which shell command should a NetScaler Engineer execute to show AAA events in real time to
help diagnose this issue?
A. tail /tmp/aaad.debug

Citrix 1Y0-351 Exam
B. cat /tmp/aaad.debug
C. grep aaa /tmp/nskrb.debug
D. egrep aaa /tmp/pitboss.debug
Answer: B
Explanation:
QUESTION NO: 104
A NetScaler Engineer would like to encrypt the LDAP authentication traffic from a NetScaler to the
internal LDAP servers.
Which type of load-balancing service should the engineer create?
A. SSL
B. TCP
C. RADIUS
D. SSL_TCP
Answer: D
Explanation:
QUESTION NO: 105
A NetScaler Engineer is reviewing the performance of a NetScaler appliance and notices that TCP
multiplexing (TCP connection reuse) appears to NOT be working for a virtual server.
What could be the cause of this issue?
A. Compression is enabled on the services

B. Persistence is enabled on the virtual server
C. HTTP services are bound to the virtual server
D. The virtual server was created as type SSL_BRIDGE
Answer: D
Explanation:

Citrix 1Y0-351 Exam
QUESTION NO: 106
Scenario: A NetScaler Engineer has the following set in the Global Server Load Balancing (GSLB)
configuration:
set gslb site SiteB -triggerMonitor MEPDOWN
How does this influence the default service monitoring behavior on the remote site?
A. The service monitor will take precedence over MEP.

B. The state of the GSLB service will always be controlled by MEP.
C. The service monitor is invoked only when MEP has marked the service as down for any reason.
D. The service monitor is invoked only when MEP connectivity has been lost between SiteA and
SiteB.
Answer: C
Explanation:
QUESTION NO: 107
Scenario: A NetScaler Engineer is using the DataStream feature. The NetScaler appliance is
located in front of a MySQL Database server in the network topology.
The engineer would like to block requests that would drop a database. The engineer comes up
with the expression MYSQL.REQ.QUERY.TEXT.CONTAINS("drop database").
The engineer should configure the expression with the ___________ feature to block these
requests. (Choose the correct option to complete the sentence.)
A. Responder
B. Rate Limiting
C. Content Filtering
D. Access Control List
Answer: A
Explanation:
QUESTION NO: 108

Citrix 1Y0-351 Exam
Which command would an engineer run to deny access to destination port 103 from a host with an
IP address of 10.0.1.1?
A. add ns acl rule1 DENY -srcIP 10.0.1.1 -srcPort 103 -TTL 600
B. add ns acl rule1 DENY -srcIP 10.0.1.1 -srcPort 103 -protocol TCP
C. add ns acl rule1 DENY -srcport 103 -destIP 10.0.1.1 -protocol TCP
D. add ns simpleacl rule1 DENY -srcIP 10.0.1.1 -destport 103 -protocol TCP
Answer: D
Explanation:
QUESTION NO: 109
Scenario: A NetScaler Engineer needs to perform a network packet trace on a NetScaler

appliance. For troubleshooting purposes the engineer needs to capture traffic only from interfaces
1/3 and 1/4; traffic from other interfaces should NOT be captured. The resulting file should be
saved in NetScaler format.
What should the engineer do to accomplish this task?
A. Run the nstcpdump.sh command from the NetScaler shell and specify the interface
B. Run the nstcpdump.sh command from the NetScaler shell and specify the filter parameter
C. Run the start nstrace command from the NetScaler command-line interface and specify the
filter parameter
D. Run the start nstrace command from the NetScaler command-line interface and specify the
PerNIC parameter
Answer: C
Explanation:
QUESTION NO: 110
A NetScaler Engineer has installed Command Center, Insight Center, Web Logging and an
Integration Pack for System Center.
Which tool would be appropriate to see client-side rendering times?
A. Web Logging
B. Insight Center

Citrix 1Y0-351 Exam
C. Command Center
D. Integration Pack for System Center
Answer: B
Explanation:
QUESTION NO: 111
A NetScaler Engineer needs to audit extended Access Control List (ACL) hits.
Which two areas would the engineer enable logging so that the ACL hits could be stored in the
/var/log/ns.log? (Choose two.)
A. The ACL
B. The syslogAction
C. The nslog parameters
D. The syslog parameters
Answer: A,D
Explanation:
QUESTION NO: 112
A NetScaler Engineer needs an SNMP alert to be sent when CPU utilization is 90% or higher on a
NetScaler instance.
Which two steps must the engineer take to configure the SNMP alert? (Choose two.)
A. Enable SNMP trap logging.

B. Add an SNMP trap destination.
C. Set an SNMP community string.
D. Set the CPU-USAGE alarm thresholds.
E. Add an SNMP manger to poll the instance.
Answer: B,D
Explanation:

Citrix 1Y0-351 Exam
QUESTION NO: 113
Which command will allow an engineer to change the NetScaler IP (NSIP) from the command-line
interface?
A. add ns ip 10.100.10.100 255.255.255.0 -type SNIP

B. add ns ip 10.100.10.100 255.255.255.0 -type NSIP
C. set ns config -ipaddress 10.100.10.100 -netmask 255.255.255.0
D. set ns ip 10.100.10.100 -netmask 255.255.255.0 -mgmtaccess enabled
Answer: C
Explanation:
QUESTION NO: 114
A NetScaler Engineer has created a new monitor using the following command:
add lb monitor mon_inline HTTP-INLINE -respCode 200 302 401 -httpRequest "HEAD /" -interval
10 -reverse YES -secure YES
This monitor adds an HTTP-INLINE monitor __________. (Choose the correct phrase to complete
the sentence.)
A. whose success criteria is an HTTP response code of 200,302,401

B. whose success criteria is any HTTP response code OTHER than 200,302,401
C. that will probe the Service every 10 seconds over an SSL connection whose success criteria is
an HTTP response code of 200,302,401
D. that will probe the Service every 10 seconds over an SSL connection whose success criteria is
any HTTP response code OTHER than 200,302,401
Answer: B
Explanation:
QUESTION NO: 115
Scenario: An organization has a fair usage policy that limits each customer to a maximum of five
active connections in any given second. A NetScaler Engineer is given the task of implementing
the requirements to enforce a policy using the Rate Limiting feature on NetScaler.
Which commands should the network engineer execute to create a proper selector and limit

Citrix 1Y0-351 Exam
identifier that fulfills the policy requirement?
A. add stream selector API_selector CLIENT.IP.SRC

add ns limitIdentifier API_limitidf -threshold 5 -mode CONNECTION -timeslice 1000 -
selectorName API_selector
B. add stream selector API_selector HTTP.REQ.URL
add ns limitIdentifier API_limitidf -threshold 5 -mode CONNECTION -timeslice 1000 -
C. add stream selector API_selector HTTP.REQ.URL
add ns limitidentifier limit_req -mode request_rate -limitType smooth -timeslice 1000 -Threshold 5 -
D. add stream selector API_selector CLIENT.IP.SRC
add ns limitidentifier limit_req -mode request_rate -limitType smooth -timeslice 1000 -Threshold 5 -
Answer: A
Explanation:
QUESTION NO: 116
The Lazy Load action of Front End Optimization (FEO) improves the end-user experience by
allowing images to __________. (Choose the correct phrase to complete the sentence.)
A. load faster due to compression

B. load images from the bottom of the page and then upward to the top
C. NOT load until a user scrolls the page to the location where they are displayed
D. load from the local browser cache so it does NOT have to fetch them from the origin server
Answer: C
Explanation:
QUESTION NO: 117
Scenario: A NetScaler Engineer is addressing an issue discovered during a vulnerability scan. The
security team is requiring that the engineer disable specific SSL ciphers on the SSL VServer.
Which two methods could the engineer use to meet this requirement? (Choose two.)
A. Modify the list of ciphers in the Default cipher group.

B. Change the list of bound ciphers on the VServer directly.

Citrix 1Y0-351 Exam
C. Enable Cipher Redirect on the VServer and configure OCSP.
D. Disable SSLv2 Redirect on the VServer and update the CRLs.
E. Un-assign the default group, create a custom cipher group and assign it to the VServer.
Answer: B,E
Explanation:
QUESTION NO: 118
Scenario: A NetScaler Engineer is configuring LACP (Link Aggregation Configuration Protocol) on

the NetScaler. The engineer adds interface 10/3 and 10/4 to LA/1 (which already contains
interfaces 10/1 and 10/2) and is configured for VLAN 500.
VLAN 100 is bound to interface 10/3 and VLAN 200 is bound to interface 10/4.
VLAN 500 is bound to channel LA/1.
Which VLAN is shown with a "show interface" command for interface 10/3?
A. 1
B. 100
C. 200
D. 500
Answer: D
Explanation:
QUESTION NO: 119
Scenario: An engineer is upgrading the NetScaler firmware from version 10.1 to 10.5 and has a
high-availability (HA) setup of two NetScaler MPX appliances.
What is the best practice process to upgrade this HA pair?
A. Upgrade the primary unit, test on the new build, and then upgrade the secondary unit.
B. Disable the secondary unit, upgrade the primary, test the new build and then upgrade the other
unit.
C. Upgrade the secondary unit, do the failover, test on the new build, and then upgrade the
primary unit.

Citrix 1Y0-351 Exam
D. Upgrade and restart both units at the same time and test on the new build after they both are
running.
Answer: C
Explanation:
QUESTION NO: 120
Which two options could a NetScaler Engineer configure to ensure that a revoked client certificate
CANNOT be used for a client certificate authentication? (Choose two.)
A. Server Name Indication (SNI)

B. Certificate Revocation List (CRL)
C. Certificate Signing Request (CSR)
D. Online Certification Status Protocol (OCSP)
Answer: B,D
Explanation:
QUESTION NO: 121
Scenario: A NetScaler Engineer is configuring a NetScaler that has three interfaces. The first
interface is connected to the internal network, the second interface is connected to the DMZ1-
network, and the third interface is connected to the DMZ2-network.
DMZ1 and DMZ2 networks are behind different firewalls, and both firewalls are sending traffic
through network address translation (NAT) to the DMZ networks.
The default route is to the gateway on the DMZ1-network.
DMZ1: 10.10.10.0/24 (Gateway: 10.10.10.1)
DMZ2: 10.20.20.0/24 (Gateway: 10.20.20.1)
Internal: 192.168.0.0/24 (Gateway: 192.168.0.1)
Internet traffic reaches the virtual servers located in DMZ1 but NOT the virtual servers located in
DMZ2.

Citrix 1Y0-351 Exam
Which policy-based route (PBR) would resolve the issue?
A. add ns pbr PBR1 ALLOW -srcIP = 10.20.20.0-10.20.20.255 -destIP != 10.20.20.0-10.20.20.255

-nextHop 10.10.10.1 -priority 10
B. add ns pbr PBR1 ALLOW -srcIP != 10.20.20.0-10.20.20.255 -destIP = 10.20.20.0-10.20.20.255
C. add ns pbr PBR1 ALLOW -srcIP = 10.20.20.0-10.20.20.255 -destIP != 10.20.20.0-10.20.20.255
D. add ns pbr PBR1 ALLOW -srcIP != 10.20.20.0-10.20.20.255 -destIP != 10.20.20.0-
10.20.20.255 -nextHop 10.10.10.1 -priority 10
Answer: C
Explanation:
QUESTION NO: 122
Scenario: An engineer has been given the task of selecting the TCP profile for a NetScaler
appliance. The appliance has a 1.5Mbit WAN interface that has considerable and intermittent
packet loss.
Which TCP profile should the engineer choose to optimize traffic for the WAN interface?
A. nstcp_default_profile
B. nstcp_default_tcp_lfp
C. nstcp_default_tcp_lnp
D. nstcp_default_tcp_lan
Answer: C
Explanation:

CCP A

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

CCP A

Încărcat de

Drepturi de autor:

Formate disponibile

Citrix 1Y0-351

Citrix NetScaler 10.5 Essentials and Networking

What are the supported protocols for management authentication?

A. LOCAL, LDAP, and SAML

Below is the relevant configuration:

add cache contentGroup cache_content_group_1 -relExpiry 0

add cache policy cache_pol_1 -rule "http.REQ.URL.CONTAINS(\"home.php\")" -action

add cache policy cache_pol_2 -rule "http.REQ.METHOD.EQ(\"GET\")" -action NOCACHE

"Pass Any Exam. Any Time." - www.actualtests.com 2

bind cache global cache_pol_1 -priority 90 -gotoPriorityExpression END -type REQ_OVERRIDE

GET /home.php HTTP/1.1

User-Agent: Mozilla Firefox/3.0.3

Date: Thu, 09 Oct 2014 18:25:00 GMT

Date: Thu, 09 Oct 2014 18:25:00 GMT

Server: Apache/2.2.3 (Fedora)

Last-Modified: Wed, 09 Jul 2014 21:55:36 GMT

Cache-Control: private, max-age=0

Set-Cookie: sessionid=100xyz; expires=Thu, 09-Oct-2014 18:30:00 GMT; path=/

"Pass Any Exam. Any Time." - www.actualtests.com 3

Content-Type: text/html; charset=UTF-8

Why does the object NOT persist in the cache?

A. The request is a GET request.

Fri Oct 17 18:17:16 2014

auth scottli @ 10.12.33.216

"Pass Any Exam. Any Time." - www.actualtests.com 4

Fri Oct 17 18:17:18 2014

recieve_ldap_bind_event ldap_bind with binddn bindpw failed:Invalid credentials Fri Oct 17

What is the root cause of this issue?

A. The LDAP Base DN is incorrect.

"Pass Any Exam. Any Time." - www.actualtests.com 5

What is the likely reason?

A. SSL protocol is being used for encryption.

A. Extended ACLs may BRIDGE traffic.

A. SSL Cipher Exchange

"Pass Any Exam. Any Time." - www.actualtests.com 6

A. Switch from traditional HA to -INC mode HA.

"Pass Any Exam. Any Time." - www.actualtests.com 7

Traffic to which destination is sourced from the NetScaler IP (NSIP) by default?

Scenario: A NetScaler Engineer configures COOKIEINSERT persistence method for an HTTP

A. set lb vserver myApp -persistenceType SOURCEIP

"Pass Any Exam. Any Time." - www.actualtests.com 8

A. Bind a CA Certificate to the SSL Services.

Which statement is true about interface link-state on the NetScaler?

A. Interface link-state is controlled by ifconfig in BSD.

"Pass Any Exam. Any Time." - www.actualtests.com 9

"Pass Any Exam. Any Time." - www.actualtests.com 10

What should the engineer configure to meet this requirement?

A. A load-balancing VServer and an authorization policy

"Pass Any Exam. Any Time." - www.actualtests.com 11

Scenario: NetScaler is configured with a Subnet IP (SNIP) 192.168.1.10/24 on VLAN 1 and a

"Pass Any Exam. Any Time." - www.actualtests.com 12

Which NetScaler setting must be enabled to avoid this behavior?

A. It will replace characters with shorter names.

"Pass Any Exam. Any Time." - www.actualtests.com 13

A. TLS 1.1/1.2 is enabled exclusively

"Pass Any Exam. Any Time." - www.actualtests.com 14

A. max interface speed of the channel

Scenario: A NetScaler Engineer is asked to interpret the following configuration:

add audit syslogAction syslog_srv_1 192.168.0.1 -logLevel ERROR

add audit syslogAction syslog_srv_2 192.168.0.2 -logLevel WARNING

add audit syslogAction syslog_srv_3 192.168.0.3 -logLevel CRITICAL

add audit syslogAction syslog_srv_4 192.168.0.4 -logLevel ALERT

add audit syslogPolicy audit_pol_1 ns_true syslog_srv_1