PassLeader just published the NEWEST Citrix 1Y0-351 exam dumps! You can get both 1Y0-351 VCE dumps and 1Y0-351 PDF dumps from PassLeader, both VCE and PDF dumps contain the NEWEST 1Y0-351 exam questions, which will ensure your 1Y0-351 exam 100% passing! Welcome to download the valid PassLeader 1Y0-351 dumps VCE and PDF from PassLeader — https://www.passleader.com/1y0-351.html (293 Q&As Dumps)
And, you can preview the PassLeader 1Y0-351 dumps online — https://drive.google.com/open?id=0B-ob6L_QjGLpNDR0TEdkaG9XWGc
QUESTION 101
The network engineer would like all HTTP and HTTPS requests that travel through the NetScaler to have an HTTP header added with the source IP address for logging on the web servers. How should the network engineer accomplish this?
A. Enable Web Logging
B. Enable the client IP option
C. Configure the TCP Parameters
D. Enable the ‘Use Source IP mode’
Answer: B
QUESTION 102
Scenario:
A NetScaler appliance currently has a manually configured channel containing four interfaces; however, the engineer has been told that the NetScaler must now only use a single interface for this network. The engineer removes the channel and immediately notices a decrease in network performance. How could the engineer resolve this issue?
A. Reset the unused interfaces
B. Disable the unused interfaces
C. Enable flow control on all interfaces
D. Disable HA monitoring on the three interfaces that are no longer required
Answer: B
QUESTION 103
Scenario:
A network engineer needs to re-configure the NetScaler to utilize two new VLANs – VLAN2 and VLAN3. VLAN2 is an untagged VLAN and VLAN3 will require a .1q compliant tag. Interface 1/1 is the only interface that will be used on the NetScaler. How could the engineer configure the NetScaler so that it can communicate with both networks?
A. Change the NSVLAN to 3
Add VLAN 2 and bind interface 1/1 as untagged
B. Enable the Tag all VLANs option on interface 1/1
C. Add VLAN2 and bind interface 1/1 as untagged
Add VLAN3 and bind interface 1/1 as tagged
D. Add a SNIP for each VLAN
Enable management access on the SNIP for VLAN3
Answer: C
QUESTION 104
Scenario:
A call center has deployed Access Gateway Enterprise to provide its employees with access to work resources from home. Due to the number of available licenses, only selected employees should access the environment remotely based on their user account information. How could the engineer configure access to meet the needs of this scenario?
A. Configure a Pre-authentication Policy.
B. Configure an Authentication Server using a search filter.
C. Configure an Authentication Policy using Client based expressions.
D. Add the selected employee accounts to the Local Authentication policy.
Answer: B
QUESTION 105
A network engineer needs to configure load balancing for secured web traffic that does NOT terminate at the NetScaler device. Which type of session persistence method can the engineer select for this scenario?
A. Source IP
B. Cookie Insert
C. URL Passive
D. SRCIPDESTIP
Answer: A
QUESTION 106
A company has two sites that host six cache web servers that are used to promote sales information. Which feature on the NetScaler should an engineer enable to provide faster application performance and also provide additional capacity if the demand increases for one site?
A. Load balancing
B. Integrated Cache
C. Responder Policy
D. Content switching
Answer: A
QUESTION 107
Scenario:
A network engineer has configured a load balancing virtual server for an HTTP application. Due to the application architecture, it is imperative that a user’s session remains on a single server during the session. The session has an idle timeout of 60 minutes. Some devices are getting inconsistent application access while most are working fine. The problematic devices all have tighter security controls in place. Which step should the engineer take to resolve this issue?
A. Set the cookie timeout to 60 minutes.
B. Configure a backup persistence of SourceIP.
C. Change the HTTP parameters to Cookie Version 1.
D. Utilize SSL offload to enable the application to use SSL.
Answer: B
QUESTION 108
Scenario:
The network engineer has created a monitor and bound it to a service group containing four web servers to verify that the web application responds. During routine maintenance one of the web servers is shut down; however, the server state remains UP and user requests are still attempting to communicate with the server. What could be causing this problem?
A. The server has been disabled.
B. The monitor is not bound at the correct bind point.
C. Health monitoring is disabled for the service group.
D. The NetScaler configuration has not been saved since before the monitor was bound.
Answer: C
QUESTION 109
Scenario:
An engineer is configuring services to allow load balancing of backend web servers on the internal network. The engineer bound multiple monitors to the first service, but notices that the service is reporting as DOWN. The monitor threshold default has NOT been changed. What could be causing this issue?
A. The service type is HTTP.
B. One of the monitors’ tests is failing.
C. Some of the monitors have a higher weight.
D. The monitors are both reporting an UP status.
Answer: B
QUESTION 110
What should a network engineer configure to set high availability for a load balanced virtual server?
A. Session persistence
B. A backup virtual server
C. Load balancing policies
D. Load balancing services
Answer: B
QUESTION 111
Scenario:
A NetScaler engineer is adding a new SSL certificate to a NetScaler device. During the process the engineer receives an error message:
“Certificate with key size greater than RSA512 or DSA512 bits not supported.”
The same process has been followed previously on the same model of NetScaler successfully. What is the likely cause of this error?
A. The certificate hostname is invalid.
B. RSA authentication has been added to the VIP.
C. The NetScaler has not been licensed correctly.
D. The CSR has not been submitted to the certificate authority.
Answer: C
QUESTION 112
Scenario:
A network engineer needs to generate a certificate on the NetScaler appliance. The environment requires a private key with 4096-bit encryption. To generate a new SSL certificate from a NetScaler Appliance, the engineer must first create ____. (Choose the correct option to complete the sentence.)
A. CSR
B. DSA key
C. RSA key
D. Diffie-Hellman key
Answer: C
QUESTION 113
Scenario:
An engineer has configured an SSL virtual server and has bound a service group of type HTTP containing several servers. The service group is UP but the virtual server is in a DOWN state. The engineer has verified that the SSL feature is enabled. What should the engineer do to ensure that the virtual server shows as UP?
A. Add a monitor that checks for HTTP.
B. Change the service group to type SSL.
C. Bind an SSL certificate to the virtual server.
D. Configure the service group to use port 443.
E. Change the monitor for a larger time out period.
Answer: C
QUESTION 114
A company wants to implement a policy where all passwords should be encrypted while transiting the network. Where in the GUI would the network engineer prevent access to unsecured management protocols?
A. Network -> IPs
B. System -> Auditing
C. AppExpert -> Pattern Sets
D. Protection Features -> Filter
Answer: A
QUESTION 115
Scenario:
The NetScaler is configured with a NSIP of 10.20.30.40. Management access is NOT enabled on any other IP address. Which command should an engineer execute to prevent access to the NetScaler using HTTP and only allow HTTPS access?
A. set ns ip 10.20.30.40 -gui disabled -telnet disabled
B. set ip 10.20.30.40 -gui secureonly -mgmtaccess enabled
C. set ip 10.20.30.40 -mgmtaccess disabled -gui secureonly
D. set ns ip 10.20.30.40 -gui enabled -restrictAccess enabled
Answer: B
QUESTION 116
Company policy states that SNMP management should only be allowed from specific hosts. What should the network engineer do to prevent unauthorized access to SNMP?
A. Add an SNMP manager.
B. Add an SNMP trap destination.
C. Check secure access only on the NSIP.
D. Add an SNMP community name that is difficult to guess.
Answer: A
QUESTION 117
Scenario:
The IT department in an organization manages servers and network devices from an internal management subnet. A NetScaler device has recently been installed into the DMZ network. The intranet firewall allows TCP 443 from the management subnet to the NetScaler device. How could the engineer ensure that only workstations in the management network are permitted to manage the NetScaler?
A. Create an Extended ACL based on the source IP address.
B. Create a restricted route from the internal network to the DMZ.
C. Enable the management access control option on the NSIP address.
D. Enable the management access control on the internal SNIP address.
Answer: A
QUESTION 118
Scenario:
An engineer has three subnets configured on a NetScaler appliance. The engineer must only allow a certain group of users to access a virtual server on the appliance. The IT Manager requires that all rules are flexible and can be easily modified for ease of administration. How could the engineer allow certain groups to access the virtual server while still being able to modify the setting in the future?
A. Add a Simple ACL.
B. Disable USNIP Mode.
C. Create an Extended ACL.
D. Add a Host Route to the virtual server.
Answer: C
QUESTION 119
Scenario:
An engineer created a new test Web Interface site for the new XenDesktop farm that the IT Department is developing. Several weeks later the engineer finds out that several people across the company have been accessing the new test site. The engineer needs to ensure that only the IT Department subnets can access the test site. How could the engineer restrict access to the site so that only certain subnets can access this resource?
A. Add an Extended ACL to only allow specific subnets to the Web Interface Site.
B. Modify an existing simple ACL to allow specific subnets to the Web Interface Site.
C. Enable USNIP Mode on the appliance to allow specific subnets to the Web Interface Site.
D. Change the Access Method on the Web Interface Site to allow specific subnets to the Web Interface Site.
Answer: A
QUESTION 120
A network engineer needs to configure load balancing for an FTP site. Which type of session persistence method can the engineer select for this scenario?
A. Rule
B. Source IP
C. Cookie Insert
D. Custom Server ID
Answer: B
QUESTION 121
Scenario:
A network engineer deployed a new NetScaler MPX appliance on the network and all interfaces are connected to the core switch. The network engineer notices the CPU utilization has become very high on the switch since the NetScaler deployment. Which two actions could the engineer perform on the NetScaler to resolve this issue? (Choose two.)
A. Configure VMAC
B. Utilize static routing
C. Configure a channel
D. Connect a single interface only
Answer: CD
QUESTION 122
Scenario:
A network engineer has created an SSL offload virtual server. The virtual server shows as a DOWN state. Which two scenarios could cause the virtual server showing as DOWN? (Choose two.)
A. Persistence is set to NONE.
B. The protocol should be SSL_TCP.
C. A responder policy has been bound.
D. The service is not bound to the virtual server.
E. No SSL certificate is bound to the virtual server.
Answer: DE
QUESTION 123
Scenario:
Company Inc. wants to modify the HTTP Server header so that unauthorized users and malicious code CANNOT use the header to identify the software that the HTTP server uses. Which two actions can the engineer take to meet the needs of the scenario? (Choose two.)
A. Add an HTTP Server Type on the Client Request.
B. Mask the HTTP Server Type on the Server Response.
C. Replace the HTTP Server Type on the Client Request.
D. Delete the HTTP Server Type on the Server Response.
Answer: BD
QUESTION 124
Scenario:
A network engineer adds a secondary node for high availability (HA) purposes. To confirm the implementation is working, the engineer initiates a fail over; however when this is complete, some virtual servers are un-reachable. What is a possible cause of this issue?
A. SSL has not been enabled as a feature.
B. The network configuration is mismatched on the nodes.
C. HA sync does not propagate network settings by default.
D. The nsroot password has been changed on the new node.
Answer: B
QUESTION 125
What are two valid ways of checking that a back-end web server is reachable from the NetScaler SNIP address using port 80? (Choose two.)
A. Run traceroute.
B. Run telnet using the -srcip option.
C. Bind a DNS monitor to a service group containing the web server.
D. Bind a HTTP monitor to a service group containing the web server.
E. Run the ping command between the NetScaler and the web server.
Answer: BD
Now, try the PassLeader 1Y0-351 dumps for 100% passing your 1Y0-351 exam — https://www.passleader.com/1y0-351.html (293 Q&As VCE Dumps and PDF Dumps)
And, preview the PassLeader 1Y0-351 dumps online — https://drive.google.com/open?id=0B-ob6L_QjGLpNDR0TEdkaG9XWGc
Good Luck!