Citrix (1Y0-241): Deploy and Manage Citrix ADC with Traffic Management Sample Questions
Question 1 – An vServer configured to load balance using the least bandwidth method uses the least bandwidth method to balance loads. It is during production hours that a service attached to this vServer becomes effective. By default, what method of load-balancing is used during vServer startup?
- A. Least connections
- B. Least bandwidth
- C. Custom load
- D. Round-robin
Correct Answer: A
Question 2 – Citrix Administrator oversees a high availability Citrix ADC pair running on two MPX appliances and discovers that the secondary ADC state is “Unknown ”. Which of the following is likely causing this secondary state to be “Unknown”?
- A. The synchronization on the secondary appliance is disabled.
- B. TCP port 22 is disabled between the primary and secondary ADCs.
- C. The administrator made both Citrix ADCs primary.
- D. The remote procedure call (RPC) nodes are incorrectly configured.
Correct Answer: D
Question 3 – In a Citrix ADC, packets are received from MAC addresses that are owned by the Citrix ADC. The destination IP addresses of the packets do not belong to the Citrix ADC, and the Layer 3 mode is enabled by default. The Citrix ADC will __________ the packets in this scenario.
- A. route
- B. process
- C. bridge
- D. drop
Correct Answer: A
Question 4 – Which two of the following protocols would provide end-to-end data encryption besides allowing a Citrix ADC for optimizing the responses as well? (Choose two.)
- A. HTTP protocol for the services
- B. SSL bridge protocol for the vServer
- C. SSL bridge protocol for the services
- D. SSL protocol for the services
- E. HTTP protocol for the vServer
- F. SSL protocol for the vServer
Correct Answer: DF
Question 5 – When the below-mentioned command is executed, what will the Citrix ADC appliance send?
set gslb vServer vServer-GSLB-1-MIR ENABLED
- A. The Remote GSLB service is the first record in the response and adds the remaining active services as additional records
- B. The Local GSLB service is the first record in the response and adds the remaining active services as additional records
- C. Only the best GSLB service in the response
- D. The best global server load balancing (GSLB) service is the first record in the response, and the remaining active services as additional records
Correct Answer: B
Question 6 – A Citrix ADC has been configured with an Interface 1/1 and is also bound to VLAN 40. As a Citrix Administrator, you have executed the below command:
> bind vlan 20 -ifnum 1/1
What could be the possible result of executing this command on the Citrix ADC?
- A. Interface 1/1 is bound to VLAN 20, and native VLAN is 20.
- B. Interface 1/1 is bound to VLAN 20, and native VLAN is NOT changed.
- C. Interface 1/1 is bound to VLAN 20, and native VLAN is 40.
- D. Interface 1/1 is bound to VLAN 20, and native VLAN is 1.
Correct Answer: B
Reference: https://support.citrix.com/article/CTX122921
Question 7 – A Citrix Administrator needs to improve website loading speed and the end users are reporting slow GIF image rendering speeds as they scroll down a website, which affects overall page load time. Which of the following Citrix ADC feature could be enabled for improving the website performance?
- A. Domain sharding
- B. Image lazy loading
- C. Image optimization
- D. Image shrink-to attributes
Correct Answer: C
Question 8 – To ensure that client certificates presented to the Citrix authentication vServer are valid until 2023, a Citrix Administrator needs to confirm their validity. Which of the following expression can be used to meet this requirement?
- A. CLIENT.SSL.CLIENT_CERT.VALID_NOT_AFTER.EQ(GMT2023)
- B. CLIENT.SSL.CLIENT_CERT.VALID_NOT_BEFORE.EQ(GMT2023)
- C. CLIENT.SSL.ORIGIN_SERVER_CERT.VALID_NOT_AFTER.EQ(GMT2023)
- D. CLIENT.SSL.CLIENT_CERT.DAYS_TO_EXPIRE.EQ(2023)
Correct Answer: A
Question 9 – Citrix Administrators are wanting to grant a Junior Citrix Administrator access to all aspects of Citrix ADC, apart from the following three:
- Shell
- User configuration
- Partition configuration
Which of the given preexisting command policy could serve the needs of this scenario?
- A. Sysadmin
- B. Operator
- C. Network
- D. Superuser
Correct Answer: A
Question 10 – While reviewing the traps sent by SNMP to an external SNMP system, a Citrix Administrator noticed a number of entities UP and entity DOWN messages. What are these messages related to?
- A. Load-balancing vServers
- B. Network interface
- C. High availability nodes
- D. SSL profile
Correct Answer: A
Reference: https://www.reddit.com/r/Citrix/comments/bamiez/ns_study_question_help/
Question 11 – In order to block all post requests larger than 10,000 bytes from a Citrix environment, what are two configurations that a Citrix Administrator can use? (Choose two.)
- A. > add policy expression expr_hashdos_prevention ג€http.REQ.METHOD.EQ(\ג€POST\ג€)&& http.REQ.CONTENT_LENGTH.GT(10000)ג€ > add rewrite policy drop_rewrite expr_hashdos_prevention DROP > bind rewrite global drop_rewrite 100 END -type REQ_OVERRIDE
- B. > add policy expression expr_hashdos_prevention ג€http.REQ.METHOD.EQ(\ג€POST\ג€)&& http.REQ.CONTENT_LENGTH.GT(10000)ג€ > add responder policy pol_resp_hashdos_prevention expr_hashdos_prevention DROP NOOP > bind responder global pol_resp_hashdos_prevention 70 END -type REQ_OVERRIDE
- C. > add policy expression expr_hashdos_prevention ג€http.REQ.METHOD.EQ(\ג€POST\ג€) || http.REQ.CONTENT_LENGTH.GT(10000)ג€ > add responder policy pol_resp_hashdos_prevention expr_hashdos_prevention DROP NOOP > bind responder global pol_resp_hashdos_prevention 70 END -type REQ_OVERRIDE
- D. > add policy expression expr_hashdos_prevention ג€http.REQ.METHOD.EQ(\ג€POST\ג€) || http.REQ.CONTENT_LENGTH.GT(10000)ג€ > add rewrite policy drop_rewrite expr_hashdos_prevention DROP > bind rewrite global drop_rewrite 70 END -type REQ_OVERRIDE
- E. > add policy expression expr_hashdos_prevention ג€http.REQ.METHOD.EQ(\ג€POST\ג€) || http.REQ.CONTENT_LENGTH.GT(10000)ג€ > add responder policy pol_resp_hashdos_prevention expr_hashdos_prevention DROP NOOP > bind responder global pol_resp_hashdos_prevention 100 END -type REQ_OVERRIDE
- F. > add policy expression expr_hashdos_prevention ג€http.REQ.METHOD.EQ(\ג€POST\ג€) || http.REQ.CONTENT_LENGTH.GT(10000)ג€ > add rewrite policy drop_rewrite expr_hashdos_prevention DROP > bind rewrite global drop_rewrite 100 END -type REQ_OVERRIDE
Correct Answer: BE
Reference: https://support.citrix.com/article/CTX131868
Question 12 – In a Citrix environment, an administrator suspects that there is a malicious attack on a load-balancing vServer (IP address 192.168.100.25), and for a period of 10 minutes access must be restricted. Which of the following Access Control List (ACL) could help accomplish this?
- A. adding simpleacl rule1 DENY -srcIP 192.168.100.25 -TTL 600000
- B. adding simpleacl rule1 DENY -srcIP 192.168.100.25 -TTL 600
- C. adding ns acl rule1 DENY -destIP 192.168.100.25 -TTL 600000
- D. adding ns acl rule1 DENY -destIP 192.168.100.25 -TTL 600
Correct Answer: D
Question 13 – It is the responsibility of a Citrix Administrator to manage an environment that consists of three SSL websites that all serve the same content.
www.company.com, www.company.net, www.company.org Consolidating websites into a single SSL-enabled virtual server would be ideal for the administrator. Which of the following could be bound for using a single SSL vServer?
- A. A wildcard certificate to a single SSL vServer
- B. A wildcard certificate to a content-switching vServer
- C. The certificate of each website to a single SSL vServer
- D. A multiple SAN certificate to a single SSL vServer
Correct Answer: C
Question 14 – During troubleshooting, a Citrix Administrator has executed the following command to restore the primary content switching vServer:
> show csvserver CSV
CSV (10.1.100.100:443) -HTTPS Type: CONTENT
State: UP –
Last state change was at Mon Jun 29 15:20:43 2020
Time since last state change: 1 day, 06:47:58 610
Client Idle Timeout: 180 sec –
Down state flush: ENABLED –
Disable Primary vServer On Down: DISABLED
Appflow logging: ENABLED –
Port Rewrite: DISABLED –
State Update: DISABLED –
Default: Content Precedence: URL
vServer IP and Port insertion: OFF
Persistence: NONE redirect: http://www.site1.com/mysite1/maintenance
Backup: vServer-LB-2 –
Listen Policy: NONE –
IcmpResponse: PASSIVE –
RHIstate: PASSIVE –
Traffic Domain: 0 –
What will be the destination of the subsequent request based on this output?
- A. http://www.site1.com/mysite1/maintenance
- B. vServer-LB-2
- C. Backup content switching vServer
- D. 10.1.100.100:443
Correct Answer: A
Question 15 – For Citrix ADC-to-server connections, the IP address of the client needs to be used as the source address. Which of the following Citrix ADC mode could be used to meet this requirement?
- A. USNIP
- B. Layer 2
- C. Layer 3
- D. USIP
Correct Answer: D
Reference: https://support.citrix.com/article/CTX121974
Question 16 – By of the following command can a Citrix Administrator configure the rewrite policy for changing HTTP’s versionfrom 1.1 to 1.0 in every request?
- A. >add rewrite action RW_ACT replace http.res.version ג€\ג€HTTPS/1.0\ג€ג€ > add rewrite policy RW_POL true RW_ACT
- B. >add rewrite action RW_ACT replace http.req.version ג€\ג€HTTPS/1.1\ג€ג€ > add rewrite policy RW_POL true RW_ACT
- C. >add rewrite action RW_ACT replace http.res.version ג€\ג€HTTPS/1.1\ג€ג€ > add rewrite policy RW_POL true RW_ACT
- D. >add rewrite action RW_ACT replace http.req.version ג€\ג€HTTPS/1.0\ג€ג€ > add rewrite policy RW_POL true RW_ACT
Correct Answer: B
Question 17 – In order to set up a responder policy, Citrix Administrators need to use these commands so that the string “mytraining” is added to all URL paths:
>add responder action Redirect_Act redirect ג€HTTP.REQ.URL.PATH_AND_QUERY+\ג€mytraining\ג€ג€ -responseStatusCode 302
>add responder policy Redirect_Pol___________Redirect_Act
>bind lb vServer lb_vsrv_www -policyName Redirect_Pol -priority 100 -gotoPriorityExpression END -type_______
(Choose the correct option to complete the set of commands.)
- A. ג€(HTTP.REQ.URL.STARTSWITH(\ג€mytraining\ג€))ג€ REQUEST
- B. ג€(HTTP.REQ.URL.STARTSWITH(\ג€mytraining\ג€))ג€ RESPONSE
- C. ג€!(HTTP.REQ.URL.ENDSWITH(\ג€mytraining\ג€))ג€ REQUEST
- D. ג€!(HTTP.REQ.URL.ENDSWITH(\ג€mytraining\ג€))ג€ RESPONSE
Correct Answer: B
Question 18 – It is a common procedure for Citrix Administrators to configure authentication, authorization, and auditing (AAA) policies in order to enable users to access the Citrix ADC through specific vServers. Which of the following policy expression can permit all users access through the vServer?
- A. true
- B. false
- C. ns_true
- D. ns_false
Correct Answer: A
Question 19 – What are the two steps required to configure global server load balancing (GSLB) using content switching (CS)? (Choose two.)
- A. Binding the domain to the CS vServer instead of the GSLB vServer.
- B. Configuring CS policies that designate a load-balancing vServer as the target vServer.
- C. Configuring a CS vServer of target type GSLB.
- D. Binding the GSLB domain to the GSLB vServer.
Correct Answer: BC
Question 20 – Which two of the following policies could be configured by a Citrix Administrator using only the advanced policy expression? (Choose two.)
- A. DNS
- B. Integrated caching
- C. SSL
- D. System
Correct Answer: AB
