Citrix 1Y0-440 Architecting a Citrix Networking Solution Exam Practice Test

Scenario: Based on a discussion between a Citrix Architect and a team of Workspacelab members, the MPX Logical layout for Workspacelab has been created across three (3) sites.

The requirements captured during the design discussion held for a NetScaler design project are as follows:

Two (2) pairs of Citrix ADC MPX appliances deployed in the DMZ and internal network.

High Availability will be accessible for each Citrix ADC MPX

The external Citrix ADC MPX appliance will be deployed in multi-arm mode.

The internal Citrix ADC MPX will be deployed in single-arm mode wherein it will be connected to Cisco ACI Fabric.

All three (3) Workspacelab sites: Dc, NDR and DR, will have similar Citrix ADC configurations and design.

How many Citrix ADC MPX appliances should the architect deploy at each site to meet the design requirements above?

For which two reasons should a Citrix Architect perform a capabilities assessment when designing and deploying a new Citrix ADC in an existing environment? (Choose two.)

Scenario: A Citrix Architect needs to design a hybrid Citrix Virtual App and Citrix Virtual Desktop environment which will include Citrix Cloud as well as resource locations in on-premises datacenter and Microsoft Azure.

Organizational details and requirements are as follows:

Active Citrix Virtual App and Citrix Virtual Desktop Service subscription

No existing NetScaler deployment

About 3,000 remote users are expected to regularly access the environment

Multi-factor authentication should be used for all external connections

Solution must provide load balancing for backend application servers

Load-balancing services must be in Location B

Click the Exhibit button to view the conceptual environment architecture.

The architect should use ________ in Location A, and should use _________ in Location B. (Choose the correct option to complete the sentence.)

Which two options should a Citrix Architect evaluate during a capabilities assessment? (Choose two.)

Scenario: A Citrix Architect needs to design a hybrid XenApp and XenDesktop environment which will include Citrix Cloud as well as resource locations in an on-premises datacenter and Microsoft Azure.

Organizational details and requirements are as follows:

Active XenApp and XenDesktop Service subscription

No existing NetScaler deployment

Global Server Load Balancing is used to direct connection requests to Location B, if the StoreFront server in Location B fails, connections should be directed to Location A.

Click the Exhibit button to view the conceptual environment architecture.

The architect should use _____ in Location A, and should use ________ in Location B. (Choose the correct option to complete the sentence.)

Scenario: A Citrix Architect holds a design discussion with a team of Workspacelab members, and they capture the following requirements for the NetScaler design project.

A pair of NetScaler MPX appliances will be deployed in the DMZ network and another pair in the internal network.

High availability will be accessible between the pair of NetScaler MPX appliances in the DMZ network.

Multi-factor authentication must be configured for the NetScaler Gateway virtual server.

The NetScaler Gateway virtual server is integrated with the StoreFront server.

Load balancing must be deployed for users from the workspacelab.com domain.

The workspacelab users should be authenticated using Cert Policy and LDAP.

All the client certificates must be SHA 256-signed, 2048 bits, and have UserPrincipalName as the subject.

Single Sign-on must be performed between StoreFront and NetScaler Gateway.

After deployment, the architect observes that LDAP authentication is failing.

Click the Exhibit button to review the output of aaad debug and the configuration of the authentication policy.

Exhibit 1

Exhibit 2

What is causing this issue?

Scenario: A Citrix Architect has set up NetScaler MPX devices in high availability mode with version 12.0.53.13 nc. These are placed behind a Cisco ASA 5505 Firewall. The Cisco ASA Firewall is configured to block traffic using access control lists. The network address translation (NAT) is also performed on the firewall.

The following requirements were captured by the architect during the discussion held as part of the NetScaler security implementation project with the customer's security team:

The NetScaler MPX device:

should monitor the rate of traffic either on a specific virtual entity or on the device. It should be able to mitigate the attacks from a hostile client sending a flood of requests. The NetScaler device should be able to stop the HTTP, TCP, and DNS based requests.

needs to protect backend servers from overloading.

needs to queue all the incoming requests on the virtual server level instead of the service level.

should provide protection against well-known Windows exploits, virus-infected personal computers, centrally managed automated botnets, compromised webservers, known spammers/hackers, and phishing proxies.

should provide flexibility to enforce the decided level of security check inspections for the requests originating from a specific geolocation database.

should block the traffic based on a pre-determined header length, URL length, and cookie length. The device should ensure that characters such as a single straight quote (''); backslash (\); and semicolon (;) are either blocked, transformed, or dropped while being sent to the backend server.

Which security feature should the architect configure to meet these requirements?