Simulation 1y0-340 Class 2021

NEW QUESTION 1
A Citrix Engineer needs generate and present a NetScaler PCI-DSS report to management. The report should include a PCI-DSS summary of the required security measures for PCI-DSS compliance.
Where can the engineer generate the report from?

• A. Documentation > Nitro API
• B. Reporting> System
• C. Dashboard>System Overview
• D. Configuration>System>Reports

Answer: D

NEW QUESTION 2
Scenario: A Citrix Engineer discovers a security vulnerability in one of its websites. The engineer takes a header trace and checks the Application Firewall logs.
The following was found in part of the logs:
method=GET
request = http://my.companysite.net/FFC/sc11.html msg=URL length (39) is greater than maximum allowed (20).cn1=707 cn2=402 cs1=owa_profile cs2=PPE0 cs3=kW49GcKbnwKByByi3+jeNzfgWa80000 cs4=ALERT cs5=2015
Which type of Application Firewall security check can the engineer configure to block this type of attack?

• A. Buffer Overflow
• B. Start URL
• C. Cross-site Scripting
• D. Cookie Consistency

Answer: C

NEW QUESTION 3
A Citrix Engineer needs to implement Application Firewall to prevent the following tampering and vulnerabilities:
-If web server does NOT send a field to the user, the check should NOT allow the user to add that field and return data in the field.
-If a field is a read-only or hidden field, the check verifies that data has NOT changed.
-If a field is a list box or radio button field, the check verifies that data in the response corresponds to one of the values in that field.
Which security check can the engineer enable to meet this requirement?

• A. Field Formats
• B. Form Field Consistency
• C. HTML Cross-Site Scripting
• D. CSRF Form Tagging

Answer: B

NEW QUESTION 4
A Citrix Engineer needs to set the rate at which connections are proxied from the NetScaler to the server. Which values should the engineer configure for Surge Protection?

• A. UDP Threshold and Start Port
• B. Grant Quota and Buffer Size
• C. TCP Threshold and Reset Threshold
• D. Base Threshold and Throttle

Answer: D

NEW QUESTION 5
What criteria must be met in order to create a certificate bundle by linking multiple certificates in NetScaler Management and Analytics System (NMAS)?

• A. The issuer of the first certificate must match the domain of the second certificate.
• B. The issuer if the first certificate must NOT have issued the second certificate.
• C. The certificates must be created on the NetScaler.
• D. The certificates must be issued by an external Certificate Authority.

Answer: A

NEW QUESTION 6
A Citrix Engineer has configured NetScaler Web Logging on a Linux client machine. The engineer needs to verify if the log.conf file has been configured correctly and that there are NO syntax errors.
Which command can the engineer use to accomplish this?

• A. nswl -verify –f/ns/etc/log.conf
• B. nswl -verify –f/usr/local/netscaler/etc/log.conf
• C. nswl –verify –f/usr/local/netscaler/bin/log.conf
• D. nswl –verify –f/ns/bin/log.conf

Answer: B

NEW QUESTION 7
A Citrix Engineer needs to protect a website that contains sensitive data such as employee ID numbers and customer ID numbers.
Which security check can the engineer implement to protect the sensitive data?

• A. Content-type
• B. Safe Object Check
• C. Field Formats
• D. CSRF Form tagging

Answer: B

Explanation:
The Safe Object check provides user-configurable protection for sensitive business information, such as customer numbers, order numbers, and country-specific or region-specific telephone numbers or postal codes.

NEW QUESTION 8
Scenario: A Citrix Engineer receives the following error when accessing content from a virtual server: “Page cannot be displayed.”
However, the content is accessible when connecting directly to the web server.
The engineer captured the traffic using nstrace and found that the amount of data sent from the web server exceeds the content length defined in the HTTP header.
Which action can the engineer take to resolve the issue?

• A. Disable Drop extra CRLF in the HTTP Profile.
• B. Enable Drop extra data from server in the HTTP Profile.
• C. Increase the Content length in the Application Firewall Profile.
• D. Disable Drop extra data from server in the HTTP Profile.

Answer: B

NEW QUESTION 9
A Citrix Engineer needs to configure NetScaler Management and Analytics System (NMAS) in their network to retain network reporting data, events, audit logs, and task logs for 20 days.
Which settings can the engineer configure to meet the requirement?

• A. System Prune Settings
• B. System Backup Settings
• C. Instance Backup Settings
• D. Syslog Prune Settings

Answer: A

NEW QUESTION 10
The NetScaler Management and Analytics System (NMAS) needs to communicate with NetScaler instances on the Microsoft Azure and Amazon Web Services (AWS) clouds.
Which configuration must a Citrix Engineer make to meet this requirement?

• A. Layer 2 tunnel between NetScaler MAS and the NetScaler VPX instances.
• B. Layer 3 tunnel between NetScaler MAS and the NetScaler VPX instances.
• C. Layer 2 Tunneling Protocol (L2TP) connection to the NetScaler VPX instances.
• D. NetScaler MAS in the cloud.

Answer: B

NEW QUESTION 11
A Citrix Engineer has correctly installed and configured the NetScaler Web Logging (NSWL) client but has noticed that logs are NOT being updated.
What could be causing this issue?

• A. The TCP port 3011 is NOT open between the NSWL client and NetScaler.
• B. The NSWL client executable is NOT running on the client.
• C. The NSWL buffer is full on the NetScaler.
• D. An NSIP is missing in the log.conf file

Answer: D

NEW QUESTION 12
Scenario: A Citrix Engineer configures the Application Firewall for protecting a sensitive website. The security team captures traffic between a client and the website and notes the following cookie:
citrix_ns_id
The security team is concerned that the cookie name is a risk, as it can be easily determined that the NetScaler is protecting the website.
Where can the engineer change the cookie name?

• A. Application Firewall Policy
• B. Application Firewall Engine Settings
• C. Application Firewall Default Signatures
• D. Application Firewall Profile

Answer: D

NEW QUESTION 13
Scenario: A Citrix Engineer has configured Security Insight on NetScaler Management and Analytics System (NMAS) with Firmware version 12.0.41.16 to monitor the Application Firewall.
The NetScaler ADC is running version 12.0.51.24 using Enterprise License with Application Firewall only License. However, after enabling Security insight, the engineer is NOT able to see any data under security insight.
What is causing this issue?

• A. NetScaler should have a Standard License.
• B. The NMAS version should be higher or equivalent to the NetScaler version.
• C. NetScaler should have a Platinum license.
• D. NMAS should be on Platinum license.

Answer: B

NEW QUESTION 14
A Citrix Engineer needs to optimize the Cascading Style Sheets (CSS) content sent from the backend server before being forwarded to the client.
Which option can the engineer use to accomplish CSS optimization?

• A. Move to Head Tag
• B. Shrink to Attributes
• C. Lazy Load
• D. Convert to WebP

Answer: A

NEW QUESTION 15
Scenario: A Citrix Engineer configured an HTTP Denial-of-Service (DoS) protection policy by setting the Surge Queue depth to 300. The surge queue reaches a size of 308, triggering the NetScaler “attack” mode. The HTTP DoS window mechanism is left at the default size which, when reached, will trigger “no-attack” mode.
Which queue depth value must the Surge Queue be to trigger the “no-attack” mode?

• A. size should be less than 280.
• B. size should be 300.
• C. size should be 290.
• D. size should be between 280 and 300.

Answer: A

NEW QUESTION 16
A Citrix Engineer has found issues in the websites after enabling Application Firewall.
Which logs on the NetScaler can the engineer check to verify that the issues are NOT caused by Application Firewall?

• A. newnslog
• B. ns.log
• C. nslog
• D. aaad.debug

Answer: B

NEW QUESTION 17
A Citrix Engineer needs to ensure that all traffic to the virtual server is blocked if NONE of the bound Application Firewall policies are matched.
Which setting can the engineer configure to meet this requirement?

• A. set appfw settings –undefAction APPFW_BLOCK
• B. set ns httpProfile nshttp_default_profile-dropInvalReqs DISABLED
• C. set ns httpProfie nshttp_default_profile –dropInvalReqs ENABLED
• D. set appfw settings –defaultProfile APPFW_BLOCK

Answer: D

NEW QUESTION 18
Which Markup Language is used along with NITRO API to create a StyleBook?

• A. YAML
• B. GML
• C. XML
• D. HTML

Answer: A

NEW QUESTION 19
A Citrix Engineer needs to configure the authentication feature on NetScaler Management and Analytics System (NMAS) to enable local authentication to take over if the external authentication fails.
What can the engineer configure to meet this requirement?

• A. Select LOCAL as the Server Type when configuring authentication.
• B. Select EXTERNAL as the Server Type when configuring authentication.
• C. Enable the fallback local authentication option.
• D. Configure Cascade authentication with External as primary and LOCAL as secondary.

Answer: B

NEW QUESTION 20
A Citrix Engineer executed the below commands on the NetScaler command-line interface (CLI): add stream selector cacheStreamSelector http.req.url
add ns limitidentifier cacheRateLimitIdentifier –threshold 5 –timeSlice 2000 –selectorName cacheStreamSelector
add cache policy cacheRateLimitPolicy –rule “http.req.method.eq(get) && sys.check_limit ( “cacheRateLimitIdentifier”)” –action cache
bind cache global cacheRateLimitPolicy- priority 10 What will be the effect of executing these commands?

• A. NetScaler will cache a response if the request URL rate exceeds 5 per 2000 milliseconds.
• B. NetScaler will cache a request if the request URL rate exceeds 5 per 2000 seconds.
• C. NetScaler will NOT cache a request if the request URL rate exceeds 5 per 2000 milliseconds.
• D. NetScaler will cache a response if the request URL rate exceeds 5 per 2000 seconds.

Answer: B

NEW QUESTION 21
......