更新済みの2022年04月 1Y0-440試験練習テスト問題 [Q45-Q70]

更新済みの2022年04月 1Y0-440試験練習テスト問題

検証済み1Y0-440問題集と解答100%一発合格保証で更新された問題集

質問 45
Scenario: A Citrix Architect and a team of Workspacelab members have met for a design discussion about the NetScaler Design Project. They captured the following requirements:
* Two pairs of NetScaler MPX appliances will be deployed in the DMZ network and the internal network.
* High availability will be accessible between the pair of NetScaler MPX appliances in the DMZ network.
* Multi-factor authentication must be configured for the NetScaler Gateway virtual server.
* The NetScaler Gateway virtual server is integrated with XenApp/XenDesktop environment.
* Load balancing must be deployed for the users from the workspacelab.com and vendorlab.com domains.
* The logon page must show the workspacelab logo.
* Certificate verification must be performed to identify and extract the username.
* The client certificate must have UserPrincipalName as a subject.
* All the managed workstations for the workspace users must have a client identifications certificate installed on it.
* The workspacelab users connecting from a managed workstation with a client certificate on it should be
* authenticated using LDAP.
* The workspacelab users connecting from a workstation without a client certificate should be authenticated using LDAP and RADIUS.
* The vendorlab users should be authenticated using Active Directory Federation Service.
* The user credentials must NOT be shared between workspacelab and vendorlab.
* Single Sign-on must be performed between StoreFront and NetScaler Gateway.
* A domain drop down list must be provided if the user connects to the NetScaler Gateway virtual server externally.
* The domain of the user connecting externally must be identified using the domain selected from the domain drop down list.
On performing the deployment, the architect observes that users are always prompted with two-factor authentication when trying to assess externally from an unmanaged workstation.
Click the exhibit button to view the configuration.

What should the architect do to correct this configuration?

• A. Update the binding LoginSchema Policy LDAP_RADIUS from the virtual server and set it as priority 1
• B. Bind the LoginSchema Policy Domaindropdown to priority 90.
• C. Bind the Default LoginSchema Policy as Domaindropdown.
• D. Bind the Portal theme as Domaindropdown.

正解: A

 

質問 46
Scenario: A Citrix Architect needs to design a new Citrix Gateway deployment for a customer. During the design discussions, the architect documents the key requirements for the Citrix Gateway.

Click the Exhibit button to view the key requirements.
The architect should configure Citrix Gateway for __________________in order to meet the stated requirements. (Choose the correct option to complete the sentence.)

• A. ROP proxy
• B. VPN access
• C. ICA proxy
• D. Client access

正解: C

 

質問 47
Scenario: A Citrix Architect needs to deploy SAML integration between NetScaler (Identity Provider) and ShareFile (Service Provider). The design requirements for SAML setup are as follows:
* NetScaler must be deployed as the Identity Provider (IDP).
* ShareFile server must be deployed as the SAML Service Provider (SP).
* The users in domain workspacelab.com must be able to perform Single Sign-on to ShareFile after authenticating at the NetScaler.
* The User ID must be UserPrincipalName.
* The User ID and Password must be evaluated by NetScaler against the Active Directory servers SFO-ADS-001 and SFO-ADS-002.
* After successful authentication, NetScaler creates a SAML Assertion and passes it back to ShareFile.
* Single Sign-on must be performed.
* SHA 1 algorithm must be utilized.
The verification environment details are as follows:
* Domain Name: workspacelab.com
* NetScaler AAA virtual server URL https://auth.workspacelab.com
* ShareFile URL https://sharefile.workspacelab.com
Which SAML IDP action will meet the design requirements?

• A. add authentication samIIdPProfile SAMI-IDP -samISPCertName Cert_1 -samIIdPCertName Cert_2
  -assertionConsimerServiceURL https://sharefile.workspacelab.com/saml/acs" -samIIssuerName auth.workspacelab.com -signatureAlg RSA-SHA1-digestMethod SHA1 -encryptAssertion ON
  -serviceProviderID sharefile.workspacelab.com
• B. add authentication samIIdPProfile SAMI-IDP -samISPCertName Cert_1 -samIIdPCertName Cert_2
  -assertionConsimerServiceURL "https://auth.workspacelab.com/samIIssueName auth.workspacelab.com -signatureAlg RSA-SHA256-digestMethod SHA256-encryptAssertion ON
  -serviceProviderUD sharefile.workspacelad.com
• C. add authentication samIIdPProfile SAMI-IDP -samISPCertName Cert_1 -samIIdPCertName Cert_2
  -assertionConsimerServiceURL https://sharefile.workspacelab.com/saml/acs" -samIIssuerName sharefile.workspacelab.com -signatureAlg RSA-SHA256 -digestMethod SHA256 -serviceProviderID sharefile.workspacelab.com
• D. add authentication samIIdPProfile SAMI-IDP -samISPCertName Cert_1 -samIIdPCertName Cert_2
  -assertionConsimerServiceURL https://sharefile.workspacelab.com/saml/acs" -samIIssuerName sharefile.workspacelab.com -signatureAlg RSA-SHA1 -digestMethod SHA1 -encryptAssertion ON
  -serviceProviderID sharefile.workspacelab.com

正解: A

 

質問 48
Scenario: A Citrix Architect needs to assess a Citrix Gateway deployment that was recently completed by a customer and is currently in pre-production testing The Citrix Gateway needs to use ICA proxy to provide access to a Citrix Virtual Apps and Citrix Virtual Desktops environment. During the assessment, the customer informs the architect that users are NOT able to launch published resources using the Gateway virtual server.
Click the Exhibit button to view the troubleshooting details collected by the customer.

Which two reasons could cause this issue? (Choose two)

• A. The two-factor authentication is NOT configured on the Citrix Gateway
• B. The StoreFront URL configured in the Citrix Gateway session profile is NOT correct.
• C. There are no backend Virtual Delivery Agent (VDA) machines available to host the selected published resource
• D. The Secure Ticket Authority (STA) servers have NOT been configured in the Citrix Gateway settings
• E. The required ports have NOT been opened on the firewall between the Citrix Gateway and the Virtual Delivery Agent machines

正解: D,E

 

質問 49
Which encoding type can a Citrix Architect use to encode the StyleBook content, when importing the StyleBook configuration under source attribute?

• A. base64
• B. URL
• C. Unicode
• D. Hex

正解: A

解説:
Explanation/Reference: https://docs.citrix.com/en-us/netscaler-mas/12/stylebooks/how-to-use-api-to-create-configuration- from-stylebooks/import-custom-stylebooks.html

 

質問 50
Scenario: Based on a discussion between a Citrix Architect and a team of Workspacelab members, the MPX Logical layout for Workspacelab has been created across three (3) sites.
They captured the following requirements during the design discussion held for a Citrix ADC design project:
* All three (3) Workspacelab sites (DC, NDR, and DR) will have similar Citrix ADC configurations and design.
* Both external and internal Citrix ADC MPX appliances will have Global Server Load Balancing (GSLB) configured and deployed in Active/Passive mode.
* GSLB should resolve both A and AAA DNS queries.
* In the GSLB deployment, the NDR site will act as backup for the DC site, whereas the DR site will act as backup for the NDR site.
* When the external Citrix ADC replies to DNS traffic coming in through Cisco Firepower IPS, the replies should be sent back through the same path.
* On the internal Citrix ADC, both the front-end VIP and backend SNIP will be part of the same subnet.
* The external Citrix ADC will act as default gateway for the backend servers.
* All three (3) sites, DC, NDR, and DR, will have two (2) links to the Internet from different service providers configured in Active/Standby mode.
Which design decision must the architect make the design requirements above?

• A. MAC-based Forwarding must be enabled on the External Citrix ADC Pair.
• B. The Internal Citrix ADC must be deployed in Transparent mode.
• C. The ADNS service must be configured with an IPv6 address.
• D. NSIP of the External Citrix ADC must be configured as the default gateway on the backend servers.

正解: A

 

質問 51
Which three tasks can a Citrix Architect select and schedule using the Citrix ADC maintenance tasks?
(Choose three.)

• A. Convert a high availability pair of Instances to Cluster.
• B. Convert cluster instances to a high availability pair.
• C. Convert Citrix Web App Firewall Policy Instances.
• D. Configure a high availability pair of Citrix ADC Instances.
• E. Upgrade Citrix ADC CPX Instances
• F. Upgrade Citrix ADC Instances.

正解: A,D,E

 

質問 52

Which IP address should be bound to VLAN 11?

• A. 40.50.60.172
• B. 192.168.30.171
• C. 40.50.60.2
• D. 192.168.20.170
• E. 192.168.20.2
• F. 40.50.60.172
• G. 192.168.30.2

正解: E

 

質問 53
Scenario: A Citrix Architect has deployed two MPX devices, 12.0.53.13 nc and MPX 11500 models, in high availability (HA) pair for the Workspace labs team. The deployment method is two-arm and the devices are installed behind a CISCO ASA 5585 Firewall. The architect enabled the following features on the NetScaler devices. Content Switching, SSL Offloading, Load Balancing, NetScaler Gateway, Application Firewall in hybrid security and Appflow. All are enabled to send monitoring information to NMAS 12.0.53.13 nc build.
The architect is preparing to configure load balancing for Microsoft Exchange 2016 server.
The following requirements were discussed during the implementation:
* All traffic needs to be segregated based on applications, and the fewest number of IP addresses should be utilized during the configuration
* All traffic should be secured and any traffic coming into HTTP should be redirected to HTTPS.
* Single Sign-on should be created for Microsoft Outlook web access (OWA).
* NetScaler should recognize Uniform Resource Identifier (URl) and close the session to NetScaler when users hit the Logoff button in Microsoft Outlook web access.
* Users should be able to authenticate using either user principal name (UPN) or sAMAccountName.
* The Layer 7 monitor should be configured to monitor the Microsoft Outlook web access servers and the monitor probes must be sent on SSL Which monitor will meet these requirements?

• A. add lb monitor mon_rpc HTTP -send "GET /rpc/healthcheck.htm" recv 200 -LRTM DISABLED
  -secure YES
• B. add lb monitor mon_rpc HTTP-ECV -send "GET/rpc/healthcheck.htm" recv 200 -LRTM DISABLED
  -secure YES
• C. add lb monitor mon_rpc HTTP-ECV -send "GET /rpc/healthcheck.htm" recv 200 -LRTM DISABLED
• D. add lb monitor mon_rpc HTTP-ECV -send "GET /rpc/healthcheck.htm" recv 200 -LRTM ENABLED

正解: C

 

質問 54
Which two settings should a Citrix Architect use on Citrix Application Delivery Management for configuring CPX using a pre-existing CPX device? (Choose two.)

• A. instance
• B. File
• C. Action
• D. PIug and Play
• E. Event Manager

正解: A,B

 

質問 55
Scenario: A Citrix Architect needs to assess an existing on-premises NetScaler deployment which includes Advanced Endpoint Analysis scans. During a previous security audit, the team discovered that certain endpoint devices were able to perform unauthorized actions despite NOT meeting pre-established criteria.
The issue was isolated to several endpoint analysis (EPA) scan settings.
Click the Exhibit button to view the endpoint security requirements and configured EPA policy settings.

Which setting is preventing the security requirements of the organization from being met?

• A. Item 3
• B. Item 2
• C. Item 6
• D. Item 7
• E. Item 5
• F. Item 4
• G. Item 1

正解: B

 

質問 56
Scenario: A Citrix Architect has deployed two MPX devices. 12.0.53.13 nc and MPX 11500 models, in a high availability (HA) pair for the Workspace labs team. The deployment method is two-arm and the devices are installed behind a CISCO ASA 5585 Firewall. The architect enabled the following features on the Citrix ADC devices. Content Switching. SSL Offloading, Load Balancing, Citrix Gateway. Application Firewall in hybrid security and Appflow. All are enabled to send monitoring information to Citrix Application Delivery Management 12.0.53.13 nc build. The architect is preparing to configure load balancing for Microsoft Exchange 2016 server.
The following requirements were discussed during the implementation:
* All traffic needs to be segregated based on applications, and the fewest number of IP addresses should be utilized during the configuration.
* All traffic should be secured and any traffic coming Into FITTP should be redirected to HTTPS.
* Single Sign-on should be created for Microsoft Outlook web access (OWA).
* Citrix ADC should recognize Uniform Resource Identifier (URI) and close the session to Citrix ADC when users hit the Logoff button In Microsoft Outlook web access.
* Users should be able to authenticate using either user principal name (UPN) or sAMAccountName.
* The Layer 7 monitor should be configured to monitor the Microsoft Outlook web access servers and the monitor probes must be sent on SSL.
Which monitor will meet these requirements?

• A. add lb monitor mon.rpc HTTP-ECV -send "GET /rpc/healthcheck.htm" recv 200 -LRTM ENABLED
• B. add lb monitor mon.rpc HTTP-ECV -send "GET /rpc/healthcheck.htm" recv 200 -LRTM DISABLED
  -secure YES
• C. add lb monitor mon.rpc HTTP-ECV -send "GET /owa/healthcheck.htm" recv 200 -LRTM ENABLED
• D. add lb monitor mon.rpc HTTP-ECV -send "GET /owa/healthcheck.htm" recv 200 -LRTM DISABLED
• E. add lb monitor mon.rpc HTTP -send "GET /rpc/healthcheck.htm" recv 200 -LRTM DISABLED -secure YES

正解: B

 

質問 57
A Citrix Architect needs to evaluate and define the architecture and operational processes required to implement and maintain the production environment. In which two phases of the Citrix Methodology will the architect define this? (Choose two.)

• A. Manage
• B. Design
• C. Assess
• D. Deploy
• E. Define

正解: A,B

 

質問 58
Scenario: The Workspacelab team has configured their NetScaler Management and Analytics (NMAS) environment. A Citrix Architect needs to log on to the NMAS to check the settings.
Which two authentication methods are supported to meet this requirement? (Choose two.)

• A. Certificate
• B. AAA
• C. RADIUS
• D. SAML
• E. Director
• F. TACACS

正解: C,F

 

質問 59
Scenario: A Citrix Architect needs to design a hybrid Citrix Virtual App and Citrix Virtual Desktop environment which will include Citrix Cloud as well as resource locations in an on-premises datacenter and Microsoft Azure.
Organizational details and requirements are as follows:
* Active Citrix Virtual App and Citrix Virtual Desktops Service subscription
* No existing NetScaler deployment
* Global Server Load Balancing is used to direct connection requests to Location B, if the StoreFront server in Location B fails, connections should be directed to Location A.
Click the Exhibit button to view the conceptual environment architecture.

The architect should use _____ in Location A, and should use ________ in Location B.
(Choose the correct option to complete the sentence.)

• A. Citrix ADC (BYO); No Citrix products
• B. Citrix ADC (BYO); Citrix ADC (BYO)
• C. Citrix Gateway appliance; Citrix ADC (BYO)
• D. Citrix ADC (BYO); Citrix gateway appliance
• E. Citrix Gateway appliance; Citrix Gateway appliance

正解: C

 

質問 60
Scenario: A Citrix Architect needs to design a new NetScaler Gateway deployment to provide secure RDP access to backend Windows machines.
Click the Exhibit button to view additional requirements collected by the architect during the design discussions.

To meet the customer requirements, the architect should deploy the RDP proxy through _______, using a
_________ solution. (Choose the correct option to complete the sentence.)

• A. CVPN; single gateway
• B. CVPN; stateless gateway
• C. ICAProxy; single gateway
• D. ICAProxy, stateless gateway

正解: A

 

質問 61
Scenario: A Citrix Architect needs to assess an existing NetScaler gateway deployment. During the assessment, the architect collects key requirements for different user groups, as well as the current session profile settings that are applied to those users.
Click the Exhibit button to view the information collected by the architect.

Which configuration should the architect make to meet these requirements?

• A. Change the remote Access settings in StoreFront.
• B. Change ICA proxy settings in an existing session profile.
• C. Change the policy expression in an existing session policy.
• D. Create a new session profile and policy.
• E. Change the Clientless Access settings in an existing session profile.

正解: C

 

質問 62
A Citrix Architect needs to make sure that maximum concurrent AAA user sessions are limited to 4000 as a security restriction.
Which authentication setting can the architect utilize to view the current configuration?

• A. Global Session Settings
• B. AAA Virtual Server
• C. Active User Session
• D. AAA Parameters

正解: A

解説:
Explanation/Reference: https://www.carlstalhood.com/category/netscaler/netscaler-11-1/netscaler-gateway-11-1/

 

質問 63
Scenario: A Citrix Architect has sent the following request to the NetScaler:

Which response would indicate the successful execution of the NITRO command?

• A. 0
• B. 1
• C. 2
• D. 3

正解: C

解説:
Explanation
https://developer-docs.citrix.com/projects/netscaler-nitro-api/en/12.0/usecases/

 

質問 64
Which request can a Citrix Architect utilize to create a NITRO API command to add a NetScaler appliance with NSIP address 10.102.29.60 to the cluster?

• A. Option B
• B. Option D
• C. Option C
• D. Option A

正解: D

 

質問 65
Which four parameters can a Citrix Architect change after the initial creation of a session profile?
(Choose four.)

• A. Expression
• B. Credential Index
• C. Name
• D. Enable Persistent Cookie
• E. ICA Proxy Migration
• F. Session Timeout
• G. Default Authorization Action

正解: B,D,F,G

 

質問 66
Scenario: A Citrix Architect has deployed Citrix Gateway integration with the StoreFront server. The Vasco server is used to perform WebAUTH to authenticate users The configuration snippet is as follows:

Which parameter is utilized to calculate the content-length insert in the request sent to the server?

• A. Expl
• B. successRule
• C. POST expresston
• D. Exp2

正解: D

 

質問 67
Scenario: A Citrix Architect needs to design a new Citrix Gateway deployment. During the design discussions, the architect documents the key requirements about when to provide VPN access for incoming connections to the Citrix Gateway virtual server. Click the Exhibit button to view the requirements.

Which policy expression will meet these requirements?

• A. Option B
• B. Option E
• C. Option D
• D. Option C
• E. Option A

正解: E

 

質問 68
Scenario: A Citrix Architect and a team of Workspacelab members met to discuss a Citrix ADC design project. They captured the following requirements from this design discussion:
* All three (3) Workspacelab sites (DC. NDR. and DR) will have similar Citrix ADC configurations and design.
* The external Citrix ADC MPX appliances will have Global Server Load Balancing (GSLB) configured and deployed in Active/Active mode
* ADNS service should be configured on the Citrix ADC to make it authoritative for domain nsg Workspacelab.com.
* In GSLB deployment, the DNS resolution should be performed to connect the user to the site with least network latency.
* On the internal Citrix ADC, load balancing for StoreFront services, Citrix XML services, and Citrix Director services must be configured
* On the external Citrix ADC. the Gateway virtual server must be configured in ICA proxy mode Click the Exhibit button to view the logical representation of the network and the firewall policy prerequisites provided by the architect. On which two firewalls should the architect configure the policies? (Choose two.)

• A. CISCO IPS
• B. CISCO IPS 1
• C. DMZ ASA Firewall
• D. Checkpoint FW1

正解: C,D

 

質問 69
Scenario: A Citrix Architect and a team of Workspacelab members met to discuss a Citrix ADC design project. They captured the following requirements from this design discussion:
* All three (3) Workspacelab sites (DC, NDR, and DR) will have similar Citrix ADC configurations and design.
* The external Citrix ADC MPX appliances will have Global Server Load Balancing (GSLB) configured and deployed in Active/Active mode.
* ADNS service should be configured on the Citrix ADC to make it authoritative for domain nsg.workspaceIab.com.
* In GSLB deployment, the DNS resolution should be performed to connect the user to the site with least network latency.
* On the internal Citrix ADC, load balancing for StoreFront services, Citrix XML services, and Citrix Director services must be configured.
* On the external Citrix ADC, the Gateway virtual server must be configured in ICA proxy mode.
Which GSLB method should the architect utilize to meet the design requirements?

• A. Dynamic RTT
• B. Least Packets
• C. Static Proximity
• D. Least Bandwidth

正解: B

 

質問 70
......

Citrix 1Y0-440 認定試験の出題範囲：

トピック	出題範囲
トピック 1	VPN Configuration Application Firewall GSLB (Global Server Load Balancing)
トピック 2	Citrix Networking Methodology and Assessment
トピック 3	Citrix ADC Security Citrix ADC Deployment
トピック 4	Advanced Traffic Management Nitro API AppExpert, (TCP HTTP SSL)
トピック 5	Citrix ADC Deployment Architecture and Topology
トピック 6	Citrix Application Delivery Management Automation and Orchestrati

 

究極の準備用無料ガイド1Y0-440試験問題と解答：https://drive.google.com/open?id=1FxqrJzQHLsKYhfUF1BtMlM3i4C6Q99IH

合格できるCCE-N 1Y0-440試験問題集には149問があります：https://www.goshiken.com/Citrix/1Y0-440-mondaishu.html