QUESTION 51
Scenario: A network engineer needs to implement high availability (HA) for a pair of NetScaler appliances. The existing appliance was recently restarted and the new appliance has been rack mounted and turned on for several weeks waiting to be configured. The engineer needs to create an HA pair, but is concerned that his original appliance will get erased when the HA pair is created. Which two tasks could the engineer do before the creation of the HA pair to ensure that the exiting unit stays the main appliance? (Choose two.)
A. Set StayPrimary on the existing node.
B. Configure StaySecondary on the new node.
C. Enable HA Sync before adding the second node.
D. Create a Route Monitor to ensure proper synchronization.
E. Ensure that INC mode is enabled during creation of HA Pair.
Answer: AB
QUESTION 52
Scenario: A network engineer configured a new NetScaler MPX appliance without any VLANs and with a single interface connected to the network. The engineer has not completed any other configurations. The interface is then accidentally disabled and contact is lost with the appliance. Which two actions can the network engineer take to restore communications to the appliance? (Choose two.)
A. Connect to the SNIP instead of the NSIP.
B. Connect another of the unused interfaces.
C. Use the serial port to connect and then bring the disabled interface online.
D. Connect a crossover cable to port that has been disabled and connect to the NSIP.
Answer: BC
QUESTION 53
Scenario: A pair of NetScaler devices have recently been installed into the corporate DMZ. The Netscalers have been installed in two-arm mode, with two interfaces in a Internet-facing VLAN and two interfaces in the internal VLAN. A private management subnet also exists. The NetScaler engineer would like to secure and restrict communication between the management subnet and the SNIP address on that subnet. Which two actions could the engineer take to help with these goals? (Choose two.)
A. Apply an ACL on the specified SNIP.
B. Remove the ACL list to the internal VLAN.
C. Remove the NSIP address from the Netscaler.
D. Configure the SNIP with the -gui SECUREONLY option.
Answer: AD
QUESTION 54
Which two of the following settings could be configured using a TCP profile that is bound to a service? (Choose two.)
A. TCP buffer size
B. Window scaling
C. TCP Server time-out values
D. Source IP for specific subnet
E. Allowed bandwidth throughput
F. Number of max concurrent TCP connections
Answer: AB
QUESTION 55
Scenario: The NetScaler has been connected to two external networks provided by different Internet service providers(ISPs). Dynamic routing is not enabled. Traffic is expected to use the first ISP (through the 10.50.1.1 router) if possible and the second, slower ISP (through the 10.51.1.1 router) only if the Primary ISP fails. Which two commands could the network engineer execute to configure the routes? (Choose two.)
A. add route 0.0.0.0 0.0.0.0 10.51.1.1 -cost 10 -monitor arp
B. add route 0.0.0.0 0.0.0.0 10.50.1.1 -cost 5 -monitor PING
C. add route 0.0.0.0 0.0.0.0 10.50.1.1 -cost 15 -msr ENABLED
D. add route 0.0.0.0 0.0.0.0 10.51.1.1 -cost 3 -monitor PING-DEFAULT
Answer: AB
QUESTION 56
When binding a certificate to a virtual server, which two certificate formats are supported by NetScaler? (Choose two.)
A. P7B
B. PFX
C. PEM
D. DER
Answer: CD
QUESTION 57
Scenario: A network engineer plans to configure an Active Directory Server as the default authentication for a NetScaler deployment and provide users with the option to change their password if it is expired. Which two actions should the engineer take to configure this authentication requirement on the NetScaler system? (Choose two.)
A. Configure a pre-authentication policy.
B. Select security type as SSL on Authentication policy.
C. Configure Authentication server with SSO name attribute.
D. Configure Authentication server with allow Password change option.
Answer: BD
QUESTION 58
When configuring NetScaler authentication to access a web site, which two things should a network engineer verify in the environment? (Choose two.)
A. AAA is enabled.
B. One DNS server exists.
C. A Keytab file is available.
D. An authentication virtual server exists.
E. A traffic management virtual server exists.
Answer: AD
QUESTION 59
During a recent security penetration test, several ports on the management address were identified as providing unsecured services. Which two methods could the network engineer use to restrict these services? (Choose two.)
A. Configure Auditing policies.
B. Create Content Filtering policies.
C. Create Access Control Lists (ACLs).
D. Configure options on the Management IP addresses.
Answer: CD
QUESTION 60
Scenario: A NetScaler engineer has received an SSL certificate and bound it to the vServer. However, users are unable to browse to the website using HTTPS. When the NetScaler engineer browses to the site using HTTPS, the engineer notices that the certificate chain is incomplete. Which two steps should the administrator take to fix the virtual server? (Choose two.)
A. Generate a new CSR.
B. Install a new Certificate Authority (CA).
C. Install the Intermediate Certificate from the CA.
D. Link the Intermediate Certificate to the virtual server.
E. Link the SSL Certificate to the Intermediate Certificate.
Answer: CE
If you want to pass the Citrix CCA 1Y0-A28 exam sucessfully, recommend to read latest Citrix CCA 1Y0-A28 Exam Dumps full version.