Citrix.realExamQuestions.1Y0 A13.v2011!11!08.by.faitH 1

Citrix_RealExamQuestions.Com_1Y0-A13_v2011-11-08_44q_By-FAITH

Number: 1Y0-A13Passing Score: 800Time Limit: 120 minFile Version: 2011-11-08

Exam : Citrix_RealExamQuestions.Com_1Y0-A13

Ver :2011-11-08

Question : 44

if u wana pass the exam with good percentage dn follow this dump

good luck

By-FAITH

Exam A

QUESTION 1Scenario: A network administrator needs to configure access to published resources in a Citrix XenApp farmthrough Access Gateway. The administrator will implement Access Gateway as a replacement for the currentSecure Gateway deployment, which does NOT have SmartAccess. Which three steps must the administratortake for this scenario? (Choose three.)

A. Set ICA Proxy to ONB. Configure split tunnelingC. Set Single Sign-on DomainD. Configure the Secure Ticket Authority serverE. Set the Access Gateway home page to the Web Interface URL

Answer: ACDSection: (none)

Explanation/Reference:

QUESTION 2Scenario: An administrator wants users to be able to access resources running on file servers and applicationservers in an environment. The administrator has deployed Access Gateway 9.0, Enterprise Edition. The CitrixAccess Gateway Plugin for Windows is used to establish connections to the corporate network. There are nointranet applications configured in this environment and split tunneling is turned off. The default authorizationpolicy is set to "Deny." Users in this environment will be able to access applications on file and applicationservers as long as ______. (Choose the correct phrase to complete the sentence.)

A. Users are assigned specific intranet IP addressesB. An authorization policy is configured to grant them accessC. Internal resources are assigned specific intranet IP addressesD. Internal resources in this environment are configured as published applications

Answer: BSection: (none)


QUESTION 3Scenario: An Access Gateway virtual server is configured with the following three settings:

ICA Proxy is set to ONWeb Interface address is set to "http://10.102.32.201:80/Citrix/AccessPlatform" Clientless Access is set to ONClient Choices is enabledWhich client choice(s) will be available to a user logging in from a client device running a Windows operatingsystem?

A. Web Interface onlyB. Clientless Access onlyC. Web Interface and Clientless AccessD. Access Gateway Plugin for Windows, Web Interface and Clientless Access

Answer: CSection: (none)


QUESTION 4Scenario: A system administrator created a new virtual server, "admin.widget.com", on an Access Gatewayappliance. Only system administrators will be connecting to this virtual server. These system administratorsrequire a full SSL VPN tunnel when connecting. Other users connect to another virtual server, "users.widget.com", which runs on the same Access Gateway appliance. Any user connecting through "users.widget.com"currently connects clientlessly. Which action must the administrator take to give the system administrators fullVPN access?

A. Edit the virtual server corresponding to admin.widget.com and enable the Citrix Access Gateway Plugin forActiveX

B. Create a session policy, set Clientless Access to Off in the profile associated with the policy and apply thepolicy to users.widget.com

C. Create a session policy, set Clientless Access to Off in the profile associated with the policy and apply thepolicy to admin.widget.com

D. Create a session policy, select Citrix Access Gateway Plugin for Windows as the "Windows PluginType" inthe profile associated with the policy and apply the policy to admin.widget.com

Answer: DSection: (none)


QUESTION 5The Citrix Access Gateway Plugin for Windows needs administrative privileges _______ and ________ on aWindows XP device. (Choose the two correct phrases to complete the sentence.)

A. For installationB. For upgrading or downgrading of the systemC. For Endpoint Analysis checks that require administrative privilegesD. For those rare situations where it will be used as an antivirus application

Answer: ACSection: (none)


QUESTION 6An administrator wants to provide access to published applications hosted on XenApp servers only, withoutrequiring the use of a Citrix Access Gateway Plugin for Windows.Which feature should the administrator enablein order to meet the needs of this environment?

A. ICA proxyB. Single sign-on

C. SmartAccess with ICA proxyD. Session Reliability on Web Interface

Answer: ASection: (none)


QUESTION 7Scenario: The wireless network in an environment is NOT secure, so users connecting over it http://certvn.wordpress.comneed to log on to Access Gateway in order to access resources in the corporate intranet. The users in thisenvironment are running Windows XP on their client devices and management has instructed the IT team toensure that users are logged on automatically to Access Gateway using the Windows credentials they used tolog on to their client devices.Which Access Gateway Plugin type should the IT team implement in thisenvironment?

A. Clientless AccessB. Citrix Access Gateway Plugin for JavaC. Citrix Access Gateway Plugin for ActiveXD. Citrix Access Gateway Plugin for Windows



QUESTION 8Scenario: A network administrator created multiple personal folder files (*.pst) on a workstation while accessingOutlook over a VPN session. The administrator would like for the *.pst files to be deleted upon logout from theVPN session.The administrator should configure the client cleanup to clean up _______. (Choose the correctoption to complete the sentence.)

A. CookiesB. *.pst filesC. Address barsD. Application data



QUESTION 9Scenario: An Access Gateway virtual server is configured with the following settings:

A group named QUARGRPA session profile named QUARPROF, with Clientless Access mode set to ON A session policy namedQUARPOL, with the expression, "NS_TRUE" and the profile QUARPROF

The QUARPOL session policy is bound to the QUARGRP group The global settings with Client Security is setto "CLIENT.APP.AV == SYMANTEC EXISTS" and the quarantine group is set to QUARGRP

Which client will be provided to a user who logs on to the virtual server from a client device that is NOT runningSymantec Antivirus?

A. Web InterfaceB. Clientless AccessC. Citrix Access Gateway Plugin for JavaD. Citrix Access Gateway Plugin for Windows



QUESTION 10A network administrator is instructed to perform client-side cleanup before every session over the Citrix AccessGateway Plugin for Windows through the Access Gateway appliance.What is true about client-side cleanup?

A. Client-side cleanup clears the history of the browser.B. Client-side cleanup cleans up data regularly during the session.C. Client-side cleanup will delete all Internet Explorer temporary files.

http://certvn.wordpress.comD. Client-side cleanup will NOT clean up any data before the session starts.



QUESTION 11When creating a Web Interface XenApp Services site for use with Access Gateway 9.0, Enterprise Edition,which access method or authentication should be specified for the XenApp Services site?

A. SmartAccess ControlB. Explicit authenticationC. Advanced Access ControlD. Pass-through authentication



QUESTION 12To configure Access Gateway 9.0, Enterprise Edition as a replacement for Secure Gateway, which two actionsmust an administrator perform? (Choose two.)

A. Enable the client choices optionB. Change the ICA Proxy setting to ONC. Change the Windows Plugin Type to ICAD. Enter the URL of the Web Interface server in the Web Interface Home Page field

Answer: BDSection: (none)


QUESTION 13Scenario: A consultant of a new Access Gateway 9.0, Enterprise Edition deployment at a customer site wasgiven the following information and IP addresses to use when configuring the Access Gateway appliance:

Internal Citrix XenApp server 5.0 IP address: 192.168.100.12 Time Zone to be used: Eastern Standard Time(EST)IP addresses to be used when configuring the Access Gateway 9.0, Enterprise Edition deploymentNSIP: 10.165.30.45MIP: 10.165.30.60VIP: 12.15.30.62

Which two options should be configured on the Access Gateway appliance in order to communicate with theCitrix XenApp server? (Choose two.)

A. Subnet IP in the 192.168.100.x subnetB. Intranet IP in the 192.168.100.x subnetC. Static Route to the 192.168.100.x subnetD. Virtual Server in the 192.168.100.x subnet



QUESTION 14What is the minimum assignment of rights that users must have in order to install the Citrix Access GatewayPlugin for Windows for the first time on a client device?

http://certvn.wordpress.com

A. Power UserB. Authenticated UserC. Local AdministratorD. Domain Administrator



QUESTION 15Scenario: The following policies are configured in an environment in order to provide remote access throughAccess Gateway 9.0, Enterprise Edition:

A. All the users must have a validator file, Employee.cer, on the C drive NOT older than 7 days before they canattempt to login.

B. The keylogger.exe process must be killed before a user can log on.C. The Employee.cer validator file must be deleted after successful logon.D. An updated Employee.cer validator file must be put on the C drive for next use.

The administrator in the environment needs to use pre-authentication policies and a logon script for thisdeployment. Which two policies can the administrator implement using pre-authentication end point analysisalone? (Choose two.)

Answer: ABSection: (none)


QUESTION 16Which three entities could be used to configure SmartAccess? (Choose three.)

A. Traffic policyB. Session policyC. Session profileD. Authorization profileE. Pre-authentication policy

Answer: BCESection: (none)


QUESTION 17When integrating Web Interface into the default home page, what is the preferred portal mode for WebInterface?

A. HybridB. NormalC. CustomD. Compact



QUESTION 18Scenario: A group of students need access to an online examination for only one hour. The group must beprompted periodically about the logout time during the last three minutes of their one hour session, and thesession must time out exactly after one hour. Which setting should the http://certvn.wordpress.comadministrator enable when configuring Access Gateway to provide access to these students?

A. Kill all the sessions pertaining to the students exactly after one hourB. Specify the login and logout time so that the students' connections can time out exactly after one hourC. Configure a session profile with a forced time out warning value of three minutes and forced time out time of

one hourD. Configure a session profile with a session time out warning value of three minutes and session time out time

of one hourE. Configure a session profile with a client idle time out warning value of three minutes and client idle time out

time of one hour



QUESTION 19An administrator enabled the file type association.Which policy can the administrator use to bind this parameterto a group of users?

A. TrafficB. SessionC. AuthorizationD. Pre-authentication



QUESTION 20In which two instances must an Access Gateway 9.0, Enterprise Edition policy name match the name of a filterthat is bound to another policy? (Choose two.)

A. Access Gateway 9.0, Enterprise Edition is being configured for SmartAccess integration with XenAppB. Access Gateway 9.0, Enterprise Edition is being configured for single sign-on integration with Web InterfaceC. The other policy is being applied to a XenApp hosted application that is being accessed through the Access

Gateway applianceD. The other policy is being applied to a Web Interface server that is performing authentication on behalf of the

Access Gateway appliance



QUESTION 21The Citrix Access Gateway Plugin for Windows needs administrative privileges _______ and ________ on aWindows XP device. (Choose the two correct phrases to complete the sentence.)

A. For installationB. For upgrading or downgrading of the systemC. For Endpoint Analysis checks that require administrative privilegesD. For those rare situations where it will be used as an antivirus application



QUESTION 22What is the minimum assignment of rights that users must have in order to install the Citrix Access GatewayPlugin for Windows for the first time on a client device?


A. Power UserB. Authenticated UserC. Local AdministratorD. Domain Administrator



Exam B

QUESTION 1When configuring a Web Interface XenApp Services site for SmartAccess where the Citrix Access GatewayPlugin for Windows is present and traffic is being tunneled to Web Interface, which access method should anadministrator configure in the "Edit DMZ Settings" portion of the Access Management Console?

A. DirectB. TranslatedC. Gateway DirectD. Gateway Translated



QUESTION 2When configuring the access control properties of a published application on a XenApp server, http://certvn.wordpress.comwhich name should an administrator specify for the Access Gateway filter?

A. Session PolicyB. Session ProfileC. Access Gateway virtual serverD. IP Address of the Access Gateway virtual server



QUESTION 3While configuring Access Gateway 9.0, Enterprise Edition, an administrator wants to implement encryptionservices by using a private key type featured in the product.Which two private key types should theadministrator select from the "Choose private key type" drop-down list in the SSL Certificate Wizard to meet thisrequirement? (Choose two.)

A. DERB. DSAC. RSAD. 3DES

Answer: BCSection: (none)


QUESTION 4An administrator needs to ensure that a virtual server is available to accept VPN connections and shows an"UP" state in the Configuration Utility.Which entity must an administrator bind to the Access Gateway virtualserver to achieve this?

A. A session policyB. A Next-Hop serverC. An authentication policyD. A valid server certificate



QUESTION 5Scenario: Due to recent security breaches, an administrator must immediately change the default password forthe nsroot account to mysecret. Access to the Configuration Utility is unavailable. Which command line-interface command should the administrator use to change the default password for the nsroot account?

A. Set aaa user nsroot mysecretB. Add nsroot password mysecretC. Set system user nsroot mysecretD. Add system user nsroot mysecret



QUESTION 6A syslog server is running behind a firewall in an environment.Which port should an administrator open on thefirewall in this environment in order for logs to reach the syslog server from the Access Gateway appliance?

A. 443B. 514C. 1024

http://certvn.wordpress.comD. 1400



QUESTION 7Which policy should a senior administrator configure in order to grant a junior administrator read- only accesson an Access Gateway appliance?

A. TrafficB. SessionC. CommandD. Authorization



QUESTION 8An administrator for Access Gateway 9.0, Enterprise Edition suspects that some users in the environment aremisusing the remote access granted to them by accessing and downloadingsome restricted intranet web resources.What should the administrator check first on the Access Gatewayappliance in order to investigate these users' remote access behavior?

A. Audit logsB. Network tracesC. Statistic countersD. Client side debug trace files



QUESTION 9An IT manager instructed the network administrator to separate the Access Gateway appliance in anenvironment from the Web Interface server using a firewall that performs Network Address Translation (NAT).Which two access methods could the administrator configure for Access Gateway 9.0, Enterprise Edition basedon the requirements of this scenario? (Choose two.)

A. DirectB. TranslatedC. Gateway DirectD. Gateway AlternateE. Gateway Translated

Answer: DESection: (none)


QUESTION 10Scenario: Dual-source authentication is configured on the Access Gateway 9.0, Enterprise Edition appliance.The appropriate group extraction configuration is configured on both the primary and secondary authenticationservers, and a user named "User1" exists on both authentication servers. How will groups be extracted for

"User1"?

A. Only the groups in the secondary authentication server will be extracted and matched to the group namesconfigured on the primary authentication server.

B. Only the groups from the primary authentication server will be extracted and matched to the group namesconfigured on the secondary authentication server.

C. The applicable groups from both the primary and secondary authentication servers will be extracted andmatched to the group names configured on the appliance.

D. The groups from the primary authentication server will be extracted and matched to the group http://certvn.wordpress.comnames configured on the secondary authentication server by the administrator.



QUESTION 11An administrator has enabled split tunneling for an environment. What must the administrator do to ensure thatthe plugin on user devices intercepts intranet traffic only and routes other traffic directly to the appropriateservers?

A. Set split tunneling to OFFB. Define an intranet applicationC. Change the routing table on the client devices to tunnel intranet traffic to the intranetD. Assign intranet IP addresses to resources that users are accessing through the Access Gateway appliance



QUESTION 12Scenario: An administrator created a new Access Gateway virtual server. The administrator did NOT bind anysession policies to the virtual server. What is the default authorization action for users logging in to this virtualserver?

A. ALLOW, this is the default behavior.B. ALLOW, but place users in a quarantine group.C. DENY, the default authentication policy must be applied.D. DENY, either a session policy or a traffic policy must exist.



QUESTION 13

When using the Access Gateway configuration utility to create a new Authentication Server for RADIUSauthentication, some fields represented in the configuration utility window are required. Of the possible choiceson the left, drag the correct selections to the boxes on the right. There are three correct choices.


A.B.C.D.

Answer:Section: (none)


QUESTION 14Scenario: Connected users need to be able to access Internet-based content without being routed through theinternal LAN gateway. Split tunneling is turned off in the global settings.Where should an administrator overridethe global settings to turn split tunneling on?

A. Traffic policyB. Traffic profileC. Session policyD. Session profile



QUESTION 15A public research university needs to provide remote access to the students in its distance learning program.Which Access Gateway 9.0, Enterprise Edition plugin should the network administrator configure in order toensure that students are able to connect to the environment regardless of the operating systems on their enddevices? http://certvn.wordpress.com

A. Citrix XenApp pluginB. Citrix Access Gateway Plugin for JavaC. Citrix Access Gateway Plugin for ActiveX

D. Citrix Access Gateway Plugin for Windows



QUESTION 16A network administrator has been instructed to configure intranet applications for the Access Gateway Pluginfor Windows and the Access Gateway Plugin for Java. Which two interception modes should the administratorselect when configuring the intranet applications for the plugins in this environment? (Choose two.)

A. ProxyB. NormalC. EncryptD. OpaqueE. Transparent

Answer: AESection: (none)


QUESTION 17A network administrator wants to create different intranet applications for users running the Citrix AccessGateway Plugin for Windows.The administrator should create the intranet application by _______ . (Choose thecorrect phrase to complete the sentence.)

A. Configuring intranet IP addressesB. Configuring client application name with port rangesC. Creating a range of IP addresses with interception transparent modeD. Creating an IP address and a subnet mask with interception proxy mode



QUESTION 18Scenario: An administrator must bind a policy that changes specific configuration settings for certain users. Theadministrator enables single sign-on (SSO) within the profile of the policy.Which type of policy must theadministrator use in order to complete the task?

A. SessionB. AuthorizationC. AuthenticationD. TCP Compression



QUESTION 19Scenario: An administrator wants to ensure that whenever users connecting over the Access Gateway Pluginfor Windows try to access corporate network resources and servers by name, the name of those resources andservers resolves to the IP addresses in the corporate network. What are two ways the administrator canconfigure the settings to meet the needs of this environment? (Choose two.)

A. Set split tunneling to OFFhttp://certvn.wordpress.com

B. Configure an intranet IP addressC. Set split tunneling to ON and DNS to RemoteD. Configure an intranet application and set split tunneling to OFF



QUESTION 20Scenario: CompanyA has one 7000 series Access Gateway appliance (Node 1) that is providing access to theirinternal systems for their employees and business partners. In order to implement high availability (HA),CompanyA purchased another 7000 series Access Gateway appliance (Node 2) and needs to have Node 2configured. The network administrator has been tasked with carrying out the configuration and has beeninstructed to maintain all of the existing configurations. How should the administrator configure HA using theConfiguration Utility in this environment?

A. On Node 1, enter a node ID and a mapped IP address. On Node 2, enter a node ID and a mapped IPaddress.

B. On Node 2, enter a node ID and a mapped IP address. On Node 1, enter a node ID and a mapped IPaddress.

C. On Node 2, enter a node ID and a NetScaler IP address. On Node 1, enter a node ID and a NetScaler IPaddress.

D. On Node 1, enter the node ID and the NetScaler IP address of Node 2. On Node 2, enter the node ID andthe NetScaler IP address of Node 1.



QUESTION 21Which policy should a senior administrator configure in order to grant a junior administrator read- only accesson an Access Gateway appliance?

A. Traffic

B. SessionC. CommandD. Authorization



QUESTION 22A public research university needs to provide remote access to the students in its distance learning program.Which Access Gateway 9.0, Enterprise Edition plugin should the network administrator configure in order toensure that students are able to connect to the environment regardless of the operating systems on their enddevices? http://certvn.wordpress.com

A. Citrix XenApp pluginB. Citrix Access Gateway Plugin for JavaC. Citrix Access Gateway Plugin for ActiveXD. Citrix Access Gateway Plugin for Windows



Exam C

QUESTION 1An administrator must configure an IP address that will be used by the Access Gateway appliance as a sourceIP address to connect to internal servers on the corporate network. Which IP type must the administratorconfigure?

A. Virtual IPB. Mapped IPC. NetScaler IPD. Global Server Load Balancing site IP



QUESTION 2Which type of IP address must an administrator configure on an Access Gateway appliance to allowapplications like Exceed and Netmeeting to initiate connections successfully back to users running the AccessGateway Plugin for Windows?

A. DirectB. SubnetC. IntranetD. Mapped



QUESTION 3Scenario: An Access Gateway virtual server is configured with the following three global settings:

Client Security is set to "CLIENT.APP.AV == SYMANTEC EXISTS" http://certvn.wordpress.comClient Choices is set to ONClientless Access is set to ON

Which client choice(s) will be available to a user logging in from a device running a Windows operating systembut which is NOT running the Symantec Antivirus?

A. Clientless Access onlyB. Citrix Access Gateway Plugin for Windows onlyC. Citrix Access Gateway Plugin for Java and Clientless AccessD. Web Interface, Clientless Access and Citrix Access Gateway Plugin for Windows



QUESTION 4Arrange the steps required to configure DNS settings along with monitors for a particular user in the correctorder.

A.B.C.D.



QUESTION 5Scenario: Access Gateway 9.0, Enterprise Edition is deployed in an environment where packet loss isprevalent. The administrator in the environment has been instructed to log all the users' requests to HTTPresources in a reliable manner so that all the audit logs generated will be logged and preserved for a very longperiod of time.Which logging option will preserve audit logs for a very long period of time?

A. Use a syslog server running on the Access Gateway for loggingB. Use the auditserver running on the Access Gateway for loggingC. Use the auditserver running on a remote system with at least 10 GB of disk spaceD. Use a syslog server running on a remote system with at least 100 GB of disk space


Explanation/Reference:http://certvn.wordpress.com

QUESTION 6In a deployment where the internal servers are NOT accessible by the mapped IP address or through thedefault router, how many IP addresses are needed for the Access Gateway implementation?

A. 2B. 3C. 4D. 5



QUESTION 7An administrator just configured a client security check using the following expression:

CLIENT.OS(winxp).SP == 2 -frequency 2

The "2-frequency 2" portion of the policy expression indicates __________. (Choose the correct option tocomplete the sentence.)

A. 2 hotfixes and run every 2 hoursB. 2 hotfixes and run every 2 minutesC. Service Pack 2 and run every 2 hoursD. Service Pack 2 and run every 2 minutes



QUESTION 8How can an administrator disable the SSL warning message?

A. The SSL warning message cannot be disabled in the Configuration UtilityB. Select Access Gateway global settings > Client Experience Advanced > General, deselect SSL warning

message

C. Select Access Gateway global settings > Security Settings Advanced > Client Security, enable SSL warningmessage

D. Select Access Gateway global settings > Client Experience Advanced > Client Options, deselect SSLwarning message



QUESTION 9An administrator needs to enable single sign-on (SSO) for HTTP web pages residing on a server (ServerABC).Which rule should the administrator configure in a traffic policy to enable SSO for HTTP web pages on theserver?

A. REQ.HTTP.IP == ServerABCB. REQ.IP.DESTIP == ServerABCC. REQ.IP.DESTIP == ServerABC & REQ.TCP.DESTPORT == 80D. REQ.IP.SOURCEIP == ServerABC & REQ.TCP.DESTPORT == 80



QUESTION 10Scenario: An administrator has set the default authorization action to DENY. A specific group of http://certvn.wordpress.comusers needs access to some resources.Which two steps should the administrator take to allow these users toaccess the necessary resources? (Choose two.)

A. Bind a new authorization policy at the group levelB. Create a new session policy and set it to ALLOWC. Bind the existing authorization policy at the global levelD. Modify the default authorization action and set it to ALLOWE. Create a new authorization policy to ALLOW access to the resources

Answer: AESection: (none)


QUESTION 11Scenario: An administrator wants to ensure that users can still access internal Outlook Web Access even if theydo not pass a post authentication scan. Users who do not pass a post authentication scan must be given limitedaccess.Which option should the administrator select in the Access Gateway wizard in order to meet therequirements of this scenario?

A. Use Web Interface pass throughB. Use Access Gateway Plugin onlyC. Turn off the Citrix Access Gateway Plugin for WindowsD. Allow users to logon using a web browser and clientless access



QUESTION 12The Policy Precedence Model for Access Gateway 9.0, Enterprise Edition is the priority level in which multiple________________ are prioritized, evaluated and enforced. (Choose the correct phrase to complete thesentence.)

A. Profiles of different typesB. Profiles of the same typeC. Policies of different typesD. Policies of the same type



QUESTION 13Which session policy option must an administrator select to ensure the use of mapped IP addresses when theappliance runs out of intranet IP addresses to assign to new users?

A. ONB. OFFC. SPILLOVERD. NOSPILLOVER



QUESTION 14Once a pre-authentication policy is configured, what does an administrator need to do in order for the policy towork?

A. Identify a process to monitorB. Add an authentication serverC. Bind the policy at the global or virtual server levelD. Bind the policy to the IP address of the authentication server http://certvn.wordpress.com



QUESTION 15Which policy should an administrator configure to optimize bandwidth usage in an environment?

A. TrafficB. SessionC. AuthorizationD. TCP Compression



QUESTION 16Scenario: A system administrator has been asked to configure Access Gateway 9.0, Enterprise Edition so thatusers are NOT presented with the choices page and can only connect clientlessly. The administrator hasdecided to perform this configuration at the global level. What should be set under the Client Experience tab?

A. Clientless Access to OnB. Plugin Type to WindowsC. Clientless Access URL Encoding to ClearD. Windows Plugin Type to Access Gateway




QUESTION 17Which option in the Configuration Utility allows an administrator to limit the number of users who can log in toan Access Gateway 9.0, Enterprise Edition environment?

A. Select Access Gateway > Virtual Servers, Maximum UsersB. Select Systems > Virtual Servers > Policies, Maximum UsersC. Select Systems > Connections > Authentication settings, Maximum number of usersD. Select Access Gateway > Global > Authentication settings, Maximum number of users



QUESTION 18Scenario: A company recently acquired two other companies. Users from the two acquired companies havebeen using RADIUS and TACACS authentications. An administrator in the environment of the parent companyhas been instructed to reconfigure the Access Gateway

infrastructure such that all the users in the environment can have the opportunity to authenticate to the samevirtual server using different forms of authentication.Which Access Gateway 9.0, Enterprise Editionauthentication type would allow these users to authenticate?

A. LocalB. InheritedC. CascadingD. Double-source



QUESTION 19Scenario: In an environment, contractors use workstations in conference rooms that are outside of thecorporate intranet to log on to Access Gateway in order to access resources within the corporate intranet.These workstations are running Windows operating systems, but the contractors' accounts do NOT haveadministrative privileges. In order for the contractors to access the corporate intranet, some Access Gatewayend-point scans need to be performed.Which two operations must the administrator perform in order to give thecontractors the appropriate access? (Choose two.)

A. Set Clientless Access to "ON" in the session profile for all the contractorsB. Set the Windows Plugin Type to "Plugin" in the session profile for all the contractorsC. Pre-install the Citrix Access Gateway Plugin for Windows on the workstations in the conference roomsD. Set the Citrix Access Gateway Plugin for Windows type to "Java" in the session profile for all the contractorsE. Set the Windows Plugin Type to "Citrix Access Gateway Plugin for Windows" in the session profile for all the

contractors

Answer: CESection: (none)


QUESTION 20A network administrator needs to configure the Citrix Access Gateway Plugin for Windows in order for it touninstall from client devices during logout from a session through the Access Gateway appliance. Which clientcleanup level should the administrator configure in order to meet the stated requirement?


A. DataB. NoneC. All ItemsD. Web browser



Exam D

QUESTION 1Scenario: An Access Gateway virtual server is configured with these settings:

1.A session profile named SECUREPROF, with ICA Proxy set to ON and the Web Interface address set tohttp://10.102.32.201/Citrix/AccessPlatform 2.A session policy named SECUREPOL, with the expression"CLIENT.APP.AV == SYMANTEC EXISTS" and the profile set to SECUREPROF3.The SECUREPOL session policy is bound to the Access Gateway virtual server

Which access method will be provided to a user who selects the 'Skip Scan' option while logging into the virtualserver from a Linux machine?

A. Web InterfaceB. Denied AccessC. Clientless AccessD. Citrix Access Gateway Plugin for Java



QUESTION 2Which three Internet Explorer settings could an administrator configure to use the Access Gateway 9.0,Enterprise Edition Citrix Access Gateway Plugin for ActiveX? (Choose three.)

A. Enable "Automatic prompting for file downloads"B. Enable "Automatic prompting for Citrix Access Gateway Plugin for ActiveX controls"C. Set "Run Citrix Access Gateway Plugin for ActiveX controls and plug-ins" to Prompt or EnableD. Set "Download signed Citrix Access Gateway Plugin for ActiveX controls" to Prompt or EnableE. Set "Download unsigned Citrix Access Gateway Plugin for ActiveX controls" to Prompt or Enable

Answer: BCDSection: (none)


QUESTION 3Which two issues may prevent a user from installing the Citrix Access Gateway Plugin for Windows on aremote device? (Choose two.)

A. The user has Internet Explorer and Firefox installed on the remote client device.B. The user is running a client firewall that may be blocking the installation process.C. The user is NOT an administrator nor a member of the local administrative group.D. The user is running the Windows Vista operating system on the remote client device instead of Windows

XP.

Answer: BCSection: (none)


QUESTION 4An administrator is configuring client-side clean up for users accessing resources through an Access Gatewayvirtual server and using the Citrix Access Gateway Plugin for Windows. Which three settings must theadministrator configure in order to implement client-side cleanup for users http://certvn.wordpress.comconnecting to the virtual server in this environment? (Choose three.)

A. Clean up IE browser cookiesB. Clean up disk space on this deviceC. Clean up IE browser auto-completionD. Clean up unused desktop items on this deviceE. Clean up CIFS password when accessing Intranet file systems through CIFS connections

Answer: ACESection: (none)


QUESTION 5On which three Windows operating systems does the Citrix Access Gateway Plugin for ActiveX run? (Choosethree.)

A. XPB. VistaC. 98 SED. 2003 ServerE. 2008 ServerF. 2000 Professional

Answer: ADFSection: (none)


QUESTION 6Scenario: CompanyA has two Access Gateway virtual servers to provide employees and partners with remoteaccess to internal resources using LDAP authentication. The security team at CompanyA has mandated thatevery employee connecting to the corporate network must pass a pre-authentication check that identifies his orher client device as a corporate device. The scans will include Symantec Antivirus version 10 and some registrychecks.The administrator in this environment should bind the pre-authentication policy at the __________.(Choose the correct phrase to complete the sentence.)

A. User levelB. Global levelC. Partner access virtual server levelD. Employee corporate access virtual server level



QUESTION 7When configuring a Web Interface XenApp Services site for SmartAccess, what should the administrator typeas the address in the Advanced Access Control Service URL field in the Managed Access Method screen?

A. The IP address of the MIPB. The IP address of the Access Gateway applianceC. The fully qualified domain name of the Access Gateway applianceD. The fully qualified domain name of the Access Gateway virtual server



QUESTION 8Scenario: A major technology company wants to upgrade their current Access Gateway deployment to ensurethat it meets their growing remote access needs as they acquire new companies. Currently, the company issupporting nearly 3,000 concurrent users on their existing http://certvn.wordpress.comAccess Gateway virtual server and expects the concurrent user sessions through Access Gateway to increaseby 40% over the next year.Which Access Gateway appliance platform series handles the most concurrent usertraffic?

A. 2000B. 7000C. 10000D. 11000



QUESTION 9When adding the Secure Ticket Authority (STA) server information, which server name is used as the addressof the STA?

A. The Web Interface serverB. The Certificate Authority serverC. The Access Gateway virtual serverD. The XenApp server running the XML service

Answer: D

Section: (none)


QUESTION 10Which two policy types are sent as SmartAccess filter names when integrating Access Gateway 9.0, EnterpriseEdition with XenApp? (Choose two.)

A. TrafficB. SessionC. AuthorizationD. AuthenticationE. Pre-Authentication

Answer: BESection: (none)


QUESTION 11Scenario: A consultant is in charge of a new Access Gateway 9.0, Enterprise Edition implementation at a largecustomer site and must address the following security requirements:

1.If APP1.EXE is running on the local machine, do NOT allow access to the virtual server authentication page2.If APP2.EXE is running on the local machine, allow access to the virtual server authentication page afterCMD.EXE is closed3.If APP3.EXE is NOT found on the local machine, allow access to the virtual server authentication page

Which policy type must be used to configure these security requirements?

A. TrafficB. AuthorizationC. AuthenticationD. Pre-Authentication



QUESTION 12http://certvn.wordpress.comScenario: An administrator is responsible for replacing a Secure Gateway server with an Access Gatewayappliance. The administrator needs to make use of the existing Secure Gateway server certificates.What aretwo certificate formats that Access Gateway 9.0, Enterprise Edition supports? (Choose two.)

A. DERB. PEM

C. PKCS #7D. PKCS #11

Answer: ABSection: (none)


QUESTION 13When configuring the access control properties of a published application on a XenApp server, which entityname should an administrator specify for Access Gateway?

A. Traffic policyB. Session profileC. Secure Ticket AuthorityD. Access Gateway virtual server



QUESTION 14Scenario: An administrator creates a session policy with ns_true as the rule and a corresponding session profilewith a rule checking for Sophos Personal Firewall on the client security option page. The session policy wasbound at the global level.If a user logs in from a client that is only running the Sophos antivirus, the user will be_______. (Choose the correct phrase to complete the sentence.)

A. Denied accessB. Allowed access without restrictionsC. Allowed to log in with limited privilegesD. Denied access until the Sophos antivirus is uninstalled



QUESTION 15An administrator needs to ensure that users can launch specific applications and open specific documentsonce they click on a HTTP link pointing to the desired application or document. Which feature should theadministrator configure when publishing the applications in order to meet the stated requirements?

A. ICA Proxy modeB. Clientless AccessC. File Type AssociationD. Access Scenario Fallback



QUESTION 16Which policy or filter must be set up correctly when configuring SmartAccess integration with XenApp in orderfor the policy to be applied on a XenApp server?

A. The XenApp server policy must be applied to one of the authenticating user's groups http://certvn.wordpress.com

B. The policy name on the Access Gateway appliance must match the policy name on the XenApp serverC. The filter name that is bound to the XenApp server policy must match the name of the Access Gateway

virtual serverD. The policy name on the Access Gateway appliance must match the filter name that is bound to the policy

that is being applied to the XenApp server hosted application



QUESTION 17A senior administrator needs to grant a junior administrator access to the Access Gateway appliance but NOTto the system command or shell prompt. Which pre-configured command policy should the administratorchoose based on the stated requirement?

A. NetworkB. OperatorC. Read-onlyD. Superuser



QUESTION 18What is true about double-source authentication?

A. It uses the same user name and password for both the primary and the secondary nodes.B. It uses the same user name and two separate passwords for the primary and secondary nodes.C. It uses two separate user names and the same password for the primary and secondary nodes.D. It uses two separate user names and passwords, one for the primary node and one for the secondary node.



QUESTION 19Scenario: An administrator is configuring Access Gateway 9.0, Enterprise Edition in an environment thatconsists of a double-hop DMZ deployment. The administrator wants connections from the Citrix XenApp Pluginfor Hosted Apps on the Internet to go through the first firewall in order to connect to the Access Gatewayappliance in the first DMZ.Which port should the administrator enable on the first firewall?

A. 80B. 389C. 443D. 1494E. 1812



QUESTION 20An administrator wants to analyze the latest log file generated by the Access Gateway appliance.Which filecontains the logs required by the administrator?

A. /var/log/ns.logB. /var/log/agvpn.log

http://certvn.wordpress.comC. /var/log/nsvpnd.logD. /var/log/httpacess.log



Exam E

QUESTION 1What must an administrator do in order to obtain a certificate from an authorized Certificate Authority?

A. Create and submit a Key RequestB. Create and submit a Certificate Signing RequestC. Log on to a Certificate Authority and download a certificateD. Connect to the Certificate Authority as a client, and the Certificate Authority will issue a certificate

automatically



QUESTION 2Scenario: A company currently has Secure Gateway in its environment. The company has been undergoingmajor expansions, and the number of employees has grown by 60% over the past three years. Recently, thecompany acquired a new company and the network administrators were instructed to integrate the newcompany into the existing environment. Due to the increase in the number of employees, there is a higherdemand for more servers and rack space. The senior network administrator intends to replace Secure Gatewaywith Access Gateway 9.0, Enterprise Edition in order to avoid having to purchase more servers in order toexpand the existing Secure Gateway implementation to meet the growing needs of the environment. WhichAccess Gateway 9.0, Enterprise Edition connection type would meet the needs of this environment?

A. ICA Proxy modeB. Clientless AccessC. Access Gateway Plugin with clientless interceptionD. Access Gateway Plugin with transparent interception



QUESTION 3An environment consists of two Access Gateway appliances in one arm-mode, in a high availability setup.Which type of IP address is required to access the intranet network resources in this environment?

A. VirtualB. MappedC. NetScalerD. Default gateway



QUESTION 4An administrator must ensure that every user device runs personal firewall software before the device canestablish a secure channel in full client mode to the intranet.Which policy must the administrator configure tomeet the need of this scenario?

A. TrafficB. Session

http://certvn.wordpress.comC. AuthorizationD. Pre-Authentication



QUESTION 5Scenario: An organization wants to use Access Gateway 9.0, Enterprise Edition to provide remote users withaccess to published applications on a Web Interface server. The organization wants users to authenticate onthe Web Interface server and has requested that authentication be turned off on the Access Gateway virtualserver. Which three operations must the administrator perform for published applications to launchsuccessfully? (Choose three.)

A. Set ICA Proxy to ONB. Set single sign-on to ONC. Configure NTdomain for the XenApp serversD. Configure WIhome for the appropriate XenApp Services siteE. Bind the Secure Ticket Authority server at the Access Gateway global levelF. Bind session policies or preauthentication policies to the Access Gateway global level Page

Answer: ADESection: (none)


QUESTION 6Scenario: CompanyA is expanding its Sales operations and is bringing on more outside sales associates whowill be traveling to customer locations. The outside sales associates will need to access corporate applicationsthrough the Access Gateway appliance. All sales associates will be using company-issued laptops withWindows operating systems and will need access to corporate web-based applications such as Outlook WebAccess and the internal sales portal sites through which they will enter orders. In which two entities in theConfiguration Utility can an administrator in CompanyA's environment configure redirection to a customizedAccess Gateway Home Page? (Choose two.)

A. Traffic profileB. User settingsC. Group settingsD. Session profile

E. Global Access Gateway settings



QUESTION 7Which three authentication types can an administrator configure in an Access Gateway 9.0, Enterprise Editionenvironment? (Choose three.)

A. PAPB. LDAPC. CHAPD. RADIUSE. TACACS

Answer: BDESection: (none)


QUESTION 8Scenario: An administrator is configuring remote access to applications through the Access Gateway appliancefor specific users. All of the applications require a unique source IP address to access resources on thecorporate network.Which type of IP address should the administrator http://certvn.wordpress.comdefine in order to ensure that the applications are accessible to those users?

A. SubnetB. IntranetC. MappedD. NetScaler



QUESTION 9What are three pieces of information that are required to configure Access Gateway 9.0, Enterprise Edition toauthenticate users with LDAP servers? (Choose three.)

A. Bind DNB. Base DNC. Server DND. Bind DN passwordE. Base DN password

Answer: ABDSection: (none)


QUESTION 10Scenario: A network administrator is planning the remote access infrastructure for an Access Gateway 9.0,Enterprise Edition environment. In this environment, employees, vendors and customers will need to usedifferent methods of authentication. The administrator would like to ensure that each authentication is hostedon a separate server. Which authentication method must the administrator implement when configuring thisenvironment?

A. CascadingB. Client-BasedC. Server-BasedD. Double-source



QUESTION 11Which two options must be specified in a session profile to allow access to Web Interface through an AccessGateway 9.0, Enterprise Edition appliance? (Choose two.)

A. Authentication PolicyB. Windows Plugin TypeC. Web Interface AddressD. Single Sign-on Domain

Answer: CDSection: (none)


QUESTION 12An administrator needs to implement an authorization policy on the Access Gateway appliance that will restrictall users to use one type of browser to access internal web-based resources. A global authorization policy with_______ and an authorization policy bound to the _______, which allows access based on the browser type,will meet the needs of this environment. (Choose the two correct options to complete the sentence.)

A. "Allow All"; user-levelB. "Deny All"; group-level

http://certvn.wordpress.comC. "Allow All"; global-levelD. "Deny All"; virtual server-level

Answer: BDSection: (none)


QUESTION 13Which two parameters must be configured within the Access Gateway 9.0, Enterprise Edition GlobalAuthentication RADIUS settings or RADIUS Authentication Server settings in order to extract groups from aRADIUS server? (Choose two.)

A. Login NameB. Search FilterC. Group Attribute TypeD. RADIUS Group Vendor ID



QUESTION 14Scenario: An Access Gateway appliance was deployed and an Access Gateway virtual server site was createdfor external users. When members of the "Sales" group log in, they should see the NavUI with three bookmarksfor different sales related applications. When members of the "Shift Worker" group log in, they should get twopublished applications. The system administrator gets a call stating that everyone trying to access the virtualserver is getting the "Page could not be found" error message.What are two possible reasons for this? (Choosetwo.)

A. Web Interface is NOT available.B. The MIP is NOT properly configured.C. The Access Gateway virtual server is in a down state.D. The SSL certificate is NOT bound to the Access Gateway virtual server.E. The FQDN of the certificate added for the SSL VPN virtual server does NOT match the FQDN of the SSL

VPN site.



QUESTION 15Which policy can an administrator use to modify the default authorization setting for an environment?

A. TrafficB. SessionC. AuthorizationD. Authentication



QUESTION 16An administrator needs to use RADIUS as an authentication method for the users.Which IP address typeshould the administrator add in the client file of the RADIUS server for the authentication to work correctly?

A. SubnetB. MappedC. NetScalerD. Virtual Server




QUESTION 17For security reasons, an administrator wants to have granular timeout control over specific user sessions whenconnected through the Access Gateway appliance.Which three timeout settings can the administrator configureto control a user's session? (Choose three.)

A. Client IdleB. Client ForcedC. Appliance SessionD. Appliance BandwidthE. Appliance Connection

Answer: ABCSection: (none)


QUESTION 18Place the listed steps in the order that an administrator would follow to create and install a Certificate Authority-signed certificate for Access Gateway Enterprise Edition 9.0.

A.B.C.D.




QUESTION 19Which feature requires an administrator to define more than one Secure Ticket Authority (STA) server whenconfiguring Web Interface and Access Gateway?

A. Server affinityB. Fault toleranceC. Load balancingD. High Availability



QUESTION 20Scenario: A company has the following auditing requirements:

A. All the audit messages generated with severity CRITICAL and EMERGENCY should be logged on theserver with IP address 192.54.1.1.

B. All the HTTP resources accessed by user1 should be logged on the server with IP address 192.54.1.3.

C. All the other log messages need to be logged to an auditlog server with IP address 192.54.1.2.There are 5 auditlog policies with the following settings:auditlogpol1 :ServerIP : 192.54.1.1LogLevel : CRITICAL EMERGENCYauditlogpol2 :ServerIP : 192.54.1.2LogLevel : DEBUG CRITICAL ERROR INFORMATIONAL EMERGENCY ALERT NOTICE WARNINGauditlogpol3 :serverIP : 192.54.1.3LogLevel : INFORMATIONALauditlogpol4 :serverIP : 192.54.1.1LogLevel : DEBUG ERROR ALERT INFORMATIONAL NOTICE WARNING auditlogpol5 :ServerIP : 192.54.1.2LogLevel : DEBUG ERROR ALERT NOTICE WARNING

Which bindings will meet the requirements of this environment?D. Bind auditlogpol1 to user1 and bind auditlogpol2 to user1E. Bind auditlogpol5 at the global level and bind auditlogpol1 to user1F. Bind auditlogpol1 and auditlogpol4 at the global level and bind auditlogpol3 to user1G. Bind auditlogpol1 and auditlogpol5 at the global level and bind auditlogpol3 to user1



Exam F

QUESTION 1An administrator has been instructed to give a specific employee in the Finance group access to Engineeringresources. To which level should the administrator assign the policy when configuring access for thisemployee?

A. UserB. TeamC. GroupD. OrganizationE. Virtual server



QUESTION 2Scenario: An organization has deployed Access Gateway 9.0, Enterprise Edition, as depicted in the diagramgiven below. Office and lab workstations are in VLANs 2 and 3 respectively. The uplink router has two virtualinterfaces with VLAN 2 and VLAN 3 bound to each of the interfaces. Access Gateway is deployed in thediagram below. Office Desktop and Lab Desktop are in VLANs 2 and 3 respectively. The uplink router has twovirtual interfaces, VLAN 2 and VLAN 3 bound to each of them. Configure the member interfaces appropriatelyin the graphical user interface by dragging and dropping them in the appropriate locations in the screenshot.

A.B.

C.D.




QUESTION 3An administrator configures a traffic policy with the following expression:REQ.HTTP.URL CONTAINSsapcip06What will the traffic policy do when in use?

A. Block HTTP requests that contain sapcip06 in the URLB. Filter the HTTP requests that contain sapcip06 in the URLC. Block HTTP traffic that contains sapcip06 in the HTTP responseD. Apply traffic profile attributes to the HTTP requests that contain sapcip06 in the URL



QUESTION 4An administrator should disable split tunneling when __________. (Choose the correct phrase to complete thesentence.)

A. All traffic must go through the established VPN tunnel

B. All DNS requests must use the local domain DNS serversC. Only specified IP ranges/applications must traverse the Access GatewayD. Specific IP ranges/applications should NOT traverse the Access Gateway



QUESTION 5An administrator needs to provide users running the Citrix Access Gateway Plugin for Windows with access toa company's intranet through the Access Gateway appliance, while also providing them with access to printerson their local area network.Which option must the administrator set to 'On' in order to meet this requirement?

A. CompressionB. Split tunnelingC. Single sign-onD. Transparent Interception



QUESTION 6An administrator has been instructed to configure Access Gateway 9.0, Enterprise Edition in an environmentwhere the Access Gateway appliance is capable of resolving all intranet/Internet host names in split tunnelingoff mode.How must the administrator configure the split DNS setting to accomplish this?

A. BothB. LocalC. RemoteD. Recursive



QUESTION 7An administrator can assign intranet IP addresses per ______, ______ and _______. (Choose the threeoptions that correctly complete the sentence.)

A. AAA userB. AAA group

http://certvn.wordpress.comC. Client subnetD. Session policy

E. Local Area NetworkF. Access Gateway virtual server

Answer: ABFSection: (none)


QUESTION 8In which three entities can an administrator configure single sign-on (SSO) when implementing AccessGateway 9.0, Enterprise Edition as a replacement for Secure Gateway? (Choose three.)

A. Traffic profileB. User settingsC. Group settingsD. Session profileE. Global Access Gateway settings

Answer: ADESection: (none)


QUESTION 9The Web Interface home settings in the VPN parameter is http://10.102.18.213/Citrix/WISite. Drag and Dropthe settings below to the Configuration Utility panel in order to configure monitoring for this Web Interface site.The Web Interface home settings in the vpn parameter is http://10.102.18.213/Citrix/WISite.


A.B.C.D.



QUESTION 10An administrator runs maintenance on ServerA every Friday between 9:00 pm -11:00 pm. The http://certvn.wordpress.comadministrator has been instructed to deny access through the Access Gateway appliance to ServerA during thisperiod only. What must the administrator configure in the Access Gateway environment to meet thisrequirement?

A. An authorization policy based on the IP address of ServerAB. An authentication policy based on the IP address of ServerAC. Authorization policies based on date and time and the IP address of ServerAD. Authentication policies based on date and time and the IP address of ServerA



QUESTION 11

Which three kinds of IP addresses are required at a minimum when setting up an Access Gateway appliance inan environment? (Choose three.)

A. IntranetB. MappedC. NetScalerD. DNS ServerE. Default gateway



QUESTION 12Scenario: The following configuration is set on an Access Gateway appliance:

By default access to all the internal resources is allowed Session profile "SesProf1" has client security check forSymantec Antivirus running and is configured with quarantine group "Quar"Session policy "SesPol1" is configured to use "SesProf1" "SesPol1" is bound to Access Gateway virtual serverIntranet IP addresses in group "Quar" are bound to 10.217.2.1, 10.217.2.2 subnet An authorization policy ingroup "Quar" allows access to resource "Res1" The policy expression for "SesPol1" is ns_true

UserA is running Symantec Antivirus on a laptop and tries to log into the Access Gateway virtual server.UserB is NOT running Symantec Antivirus but still tries to log in to the Access Gateway virtual server.

What will be the expected behavior for each of these users?

A. UserA will log in successfully through the virtual server and will have full access to all the internal resources;however, UserB will fail the login.

B. UserB will log in successfully through the virtual server and will have full access to all the internal resources;however, UserA will fail the login.

C. UserA and UserB will be able to successfully log into the virtual server and will get assigned intranet IPaddresses from the "Quar" group and will only have access to "Res1".

D. UserA will be able to successfully log into the virtual server and will have access to all the internalresources. UserB will also be able to log into the virtual server successfully but will fall into the "Quar" groupand will only have access to "Res1".


Explanation/Reference:http://certvn.wordpress.com

QUESTION 13Scenario: A system administrator has been asked to change the way users connect to the Access Gatewayappliance. All users must now connect through the Access Gateway appliance clientlessly. Currently there arethree Access Gateway virtual servers configured. In which two ways can the administrator configure AccessGateway 9.0, Enterprise Edition to meet the needs of the users in this environment? (Choose two.)

A. Enable clientless mode in the global settingsB. Open each Access Gateway node and uncheck the "agent" box

C. Create a new session policy for client experience, set Clientless Access to "Off"D. Create a new session policy for client experience, set Clientless Access to "On"; bind this policy at the

global levelE. Create a new traffic policy for client experience, set Clientless Access to "On"; bind this policy to all three

virtual servers

Answer: ADSection: (none)


QUESTION 14Scenario: An organization has deployed Access Gateway 9.0, Enterprise Edition, as depicted in the diagramgiven below. Office and lab workstations are in VLANs 2 and 3 respectively. The uplink router has two virtualinterfaces with VLAN 2 and VLAN 3 bound to each of the interfaces. Access Gateway is deployed in thediagram below. Office Desktop and Lab Desktop are in VLANs 2 and 3 respectively. The uplink router has twovirtual interfaces, VLAN 2 and VLAN 3 bound to each of them. Configure the member interfaces appropriatelyin the graphical user interface by dragging and dropping them in the appropriate locations in the screenshot.

A.B.C.D.




QUESTION 15Which three kinds of IP addresses are required at a minimum when setting up an Access Gateway appliance inan environment? (Choose three.)

A. IntranetB. MappedC. NetScalerD. DNS ServerE. Default gateway



QUESTION 16An IT manager instructed the network administrator to separate the Access Gateway appliance in anenvironment from the Web Interface server using a firewall that performs Network Address Translation (NAT).Which two access methods could the administrator configure for Access Gateway 9.0, Enterprise Edition basedon the requirements of this scenario? (Choose two.)

A. DirectB. TranslatedC. Gateway DirectD. Gateway AlternateE. Gateway Translated



QUESTION 17Scenario: Connected users need to be able to access Internet-based content without being routed through theinternal LAN gateway. Split tunneling is turned off in the global settings.Where should an administrator overridethe global settings to turn split tunneling on?

A. Traffic policyB. Traffic profileC. Session policyD. Session profile



QUESTION 18Scenario: Due to recent security breaches, an administrator must immediately change the default password forthe nsroot account to mysecret. Access to the Configuration Utility is unavailable. Which command line-interface command should the administrator use to change the default password for the nsroot account?

A. Set aaa user nsroot mysecretB. Add nsroot password mysecretC. Set system user nsroot mysecretD. Add system user nsroot mysecret



QUESTION 19Scenario: An administrator wants users to be able to access resources running on file servers and applicationservers in an environment. The administrator has deployed Access Gateway 9.0, Enterprise Edition. The CitrixAccess Gateway Plugin for Windows is used to establish connections to the corporate network. There are nointranet applications configured in this environment and split tunneling is turned off. The default authorizationpolicy is set to "Deny." Users in this environment will be able to access applications on file and applicationservers as long as ______. (Choose the correct phrase to complete the sentence.)

A. Users are assigned specific intranet IP addressesB. An authorization policy is configured to grant them accessC. Internal resources are assigned specific intranet IP addressesD. Internal resources in this environment are configured as published applications



QUESTION 20When creating a Web Interface XenApp Services site for use with Access Gateway 9.0, Enterprise Edition,which access method or authentication should be specified for the XenApp Services site?

A. SmartAccess ControlB. Explicit authenticationC. Advanced Access ControlD. Pass-through authentication



Documents

Citrix.realExamQuestions.1Y0 A13.v2011!11!08.by.faitH 1