Chat with AI
Deck 5: Citrix ADC Advanced Topics - Security, Management, and Optimization
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Scenario: A Citrix Engineer created the policies in the attached exhibit. Click the Exhibit button to view the list of policies. 
HTTP Request: GET /resetpassword.htm HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:64.0) Gecko/20100101 Firefox/64.0 Host: www.citrix.com Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: Keep-Alive Which profile will be applied to the above HTTP request?
A) Profile_C
B) Profile_D
C) Profile_A
D) Profile_B
HTTP Request: GET /resetpassword.htm HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:64.0) Gecko/20100101 Firefox/64.0 Host: www.citrix.com Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: Keep-Alive Which profile will be applied to the above HTTP request?A) Profile_C
B) Profile_D
C) Profile_A
D) Profile_B
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/40
Play
Full screen (f)
Deck 5: Citrix ADC Advanced Topics - Security, Management, and Optimization
1
Which syntax is used to write a StyleBook?
A) JSON
B) LISP
C) YAML
D) XML
A) JSON
B) LISP
C) YAML
D) XML
YAML
2
Which report can a Citrix Engineer review to ensure that the Citrix ADC meets all PCI-DSS requirements.
A) Generate Application Firewall Configuration
B) PCI-DSS Standards
C) Application Firewall Violations Summary
D) Generate PCI-DSS
A) Generate Application Firewall Configuration
B) PCI-DSS Standards
C) Application Firewall Violations Summary
D) Generate PCI-DSS
Generate PCI-DSS
3
Which feature of Learning should a Citrix Engineer configure to direct Citrix Web App Firewall to learn from specific sessions?
A) Advanced policy expression filter
B) Default policy expression filter
C) Trusted Learning Clients list
D) Manage Content Types for Safe Commerce
A) Advanced policy expression filter
B) Default policy expression filter
C) Trusted Learning Clients list
D) Manage Content Types for Safe Commerce
Trusted Learning Clients list
4
Scenario: A Citrix Engineer configures Citrix Web App Firewall to protect an application. Users report that they are NOT able to log on. The engineer enables a Start URL relaxation for the path //login.aspx. What is the effect of the Start URL relaxation on the application?
A) Access to the path /login.aspx is unblocked.
B) Access to the path /login.aspx is blocked.
C) External users are blocked from the path /login.aspx. Internal users are permitted to the path /login.aspx.
D) Non-administrative users are blocked from the path /login.aspx Administrative users are permitted to the path /login.aspx.
A) Access to the path /login.aspx is unblocked.
B) Access to the path /login.aspx is blocked.
C) External users are blocked from the path /login.aspx. Internal users are permitted to the path /login.aspx.
D) Non-administrative users are blocked from the path /login.aspx Administrative users are permitted to the path /login.aspx.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
5
Which Front End Optimization technique causes the Citrix ADC to resize images before sending them to the client?
A) Minify
B) Shrink to Attributes
C) Compression
D) Inlining
A) Minify
B) Shrink to Attributes
C) Compression
D) Inlining
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
6
Scenario: A Citrix Engineer is asked to implement multi-factor authentication for Citrix Gateway. The engineer creates the authentication policies and binds the policies to the appropriate bind points. The engineer creates a custom form using Notepad++ to format the page which will capture the user's credentials. To which folder on the Citrix ADC will the engineer need to upload this form?
A) /flash/nsconfig/loginschema/LoginSchema
B) /var/netscaler
C) /flash/nsconfig/loginschema
D) /var
A) /flash/nsconfig/loginschema/LoginSchema
B) /var/netscaler
C) /flash/nsconfig/loginschema
D) /var
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
7
Scenario: A Citrix Engineer created the policies in the attached exhibit. Click the Exhibit button to view the list of policies. HTTP Request: GET /resetpassword.htm HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:64.0) Gecko/20100101 Firefox/64.0 Host: www.citrix.com Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: Keep-Alive Which profile will be applied to the above HTTP request?
A) Profile_C
B) Profile_D
C) Profile_A
D) Profile_B
HTTP Request: GET /resetpassword.htm HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:64.0) Gecko/20100101 Firefox/64.0 Host: www.citrix.com Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: Keep-Alive Which profile will be applied to the above HTTP request?A) Profile_C
B) Profile_D
C) Profile_A
D) Profile_B
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
8
Scenario: A Citrix Engineer is asked to help improve the performance of a web application. After capturing and analyzing a typical session, the engineer notices a large number of user requests for the stock price of the company. Which action can the engineer take to improve web application performance for the stock quote?
A) Enable the Combine CSS optimization.
B) Create a static content group.
C) Create a dynamic content group.
D) Enable the Minify JavaScript optimization.
A) Enable the Combine CSS optimization.
B) Create a static content group.
C) Create a dynamic content group.
D) Enable the Minify JavaScript optimization.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
9
Scenario : A Citrix Engineer is notified that improper requests are reacting the web application. While investigating, the engineer notices that the Citrix Web App Firewall policy has zero hits. What are two possible causes for this within the Citrix Web App Firewall policy? (Choose two.)
A) The expression is incorrect.
B) It has been assigned an Advanced HTML profile.
C) It is NOT bound to the virtual server.
D) It has been assigned the built-in APPFW_RESET profile.
A) The expression is incorrect.
B) It has been assigned an Advanced HTML profile.
C) It is NOT bound to the virtual server.
D) It has been assigned the built-in APPFW_RESET profile.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
10
Scenario: A Citrix Engineer wants to configure the Citrix ADC for OAuth authentication. The engineer uploads the required certificates, configure the actions, and creates all the necessary policies. After binding the authentication policy to the application, the engineer is unable to authenticate. What is the most likely cause of this failure?
A) The log files are full.
B) The Redirect URL is incorrect.
C) The certificates have expired.
D) The policy bindings were assigned incorrect priorities.
A) The log files are full.
B) The Redirect URL is incorrect.
C) The certificates have expired.
D) The policy bindings were assigned incorrect priorities.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
11
A review of purchases made at an online retailer shows that several orders were processed for items at an unpublished price. Which protection can a Citrix Engineer implement to prevent a site visitor from modifying the unit price of a product on the shopping cart page?
A) Cross-Site Request Forgeries (CSRF)
B) Form Field Consistency
C) HTML Cross-Site Scripting (XSS)
D) HTML SQL Injection
A) Cross-Site Request Forgeries (CSRF)
B) Form Field Consistency
C) HTML Cross-Site Scripting (XSS)
D) HTML SQL Injection
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
12
What can a Citrix Engineer implement to protect against the accidental disclosure of personally identifiable information (PII)?
A) Form Field Consistency
B) HTML Cross-Site Scripting
C) Safe Object
D) Cookie Consistency
A) Form Field Consistency
B) HTML Cross-Site Scripting
C) Safe Object
D) Cookie Consistency
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
13
Which Front End Optimization technique can a Citrix Engineer enable on the Citrix ADC to remove all excess whitespace from a file?
A) Shrink to Attributes
B) Minify
C) Lazy Load
D) Inlining
A) Shrink to Attributes
B) Minify
C) Lazy Load
D) Inlining
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
14
Which data populates the Events Dashboard?
A) Syslog messages
B) SNMP trap messages
C) API calls
D) AppFlow IPFIX records
A) Syslog messages
B) SNMP trap messages
C) API calls
D) AppFlow IPFIX records
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
15
Scenario: A Citrix Engineer configures Citrix Web App Firewall to protect an application. Upon reviewing the log files, the engineer notices a pattern of forceful browsing toward the configuration page for the application. To protect against this, the engineer enforces Start URL and enables Enforce URL Closure. What is the effect of enforcing Start URL and enabling Enforce URL Closure on the application?
A) Access to the path /config.aspx is unblocked when a user clicks a referring link elsewhere on the website.
B) Non-administrative users are blocked from the path /config.aspx. Administrative users are permitted to the path /config.aspx.
C) External users are blocked from the path /config.aspx. Internal users are permitted to the path /config.aspx.
D) Access to the path /config.aspx is blocked.
A) Access to the path /config.aspx is unblocked when a user clicks a referring link elsewhere on the website.
B) Non-administrative users are blocked from the path /config.aspx. Administrative users are permitted to the path /config.aspx.
C) External users are blocked from the path /config.aspx. Internal users are permitted to the path /config.aspx.
D) Access to the path /config.aspx is blocked.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
16
Which security model should a Citrix Engineer implement to make sure that no known attack patterns pass through Citrix Web App Firewall?
A) Hybrid
B) Static
C) Positive
D) Negative
A) Hybrid
B) Static
C) Positive
D) Negative
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
17
Scenario: A Citrix Engineer notices that a web page takes a long time to display. Upon further investigation, the engineer determines that the requested page consists of a table of high-resolution pictures which are being displayed in table cells measuring 320 by 180 pixels. Which Front End Optimization technique can the engineer enable on the Citrix ADC to improve time to display?
A) Shrink to Attributes
B) Make Inline
C) Extend Page Cache
D) Minify
A) Shrink to Attributes
B) Make Inline
C) Extend Page Cache
D) Minify
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
18
Which Citrix Application Delivery Management (ADM) Analytics page allows a Citrix Engineer to monitor web application traffic?
A) Web Insight
B) WAN Insight
C) HDX Insight
D) Gateway Insight
A) Web Insight
B) WAN Insight
C) HDX Insight
D) Gateway Insight
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
19
Which two protections ensure that the correct data is returned by the client? (Choose two.)
A) Form Field Consistency.
B) Field Formats
C) HTML Cross-Site Scripting (XSS)
D) Cross-Site Request Forgeries (CSRF)
A) Form Field Consistency.
B) Field Formats
C) HTML Cross-Site Scripting (XSS)
D) Cross-Site Request Forgeries (CSRF)
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
20
Scenario: A Citrix Engineer manages Citrix Application Delivery Management (ADM) for a large holding company. Each division maintains its own ADC appliances. The engineer wants to make Citrix ADM features and benefits available to each group independently. What can the engineer create for each division to achieve this?
A) A site
B) A role
C) A tenant
D) A dashboard
E) A group
A) A site
B) A role
C) A tenant
D) A dashboard
E) A group
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
21
A Citrix Engineer wants to delegate management of Citrix Application Delivery Management (ADM) to a junior team member. Which assigned role will limit the team member to view all application-related data?
A) readonly
B) appReadonly
C) admin
D) appAdmin
A) readonly
B) appReadonly
C) admin
D) appAdmin
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
22
A Citrix Engineer has defined an HTTP Callout, hc_authorized_location, to return the value "Authorized" if client's IP address is on a list of authorized external locations. Which advanced expression should the engineer use in a policy for testing this condition?
A) SYS.HTTP_CALLOUT(hc_authorized_location).IS_TRUE
B) SYS.HTTP_CALLOUT(hc_authorized_location).EQ("Authorized")
C) SYS.HTTP_CALLOUT(hc_authorized_location).IS_VALID
D) SYS.HTTP_CALLOUT(hc_authorized_location).EQUALS_ANY("Authorized")
A) SYS.HTTP_CALLOUT(hc_authorized_location).IS_TRUE
B) SYS.HTTP_CALLOUT(hc_authorized_location).EQ("Authorized")
C) SYS.HTTP_CALLOUT(hc_authorized_location).IS_VALID
D) SYS.HTTP_CALLOUT(hc_authorized_location).EQUALS_ANY("Authorized")
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
23
A Citrix Engineer wants the Citrix Web App Firewall to respond with a page stored on the Citrix ADC when a violation is detected. Which profile setting accomplishes this?
A) Redirect URL
B) RFC Profile
C) Default Request
D) HTML Error Object
A) Redirect URL
B) RFC Profile
C) Default Request
D) HTML Error Object
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
24
Statistics for which three types of violations are presented on the App Security Dashboard? (Choose three.)
A) Web App Firewall protection
B) IP Reputation
C) SSL Enterprise Policy
D) Signature
E) AAA
A) Web App Firewall protection
B) IP Reputation
C) SSL Enterprise Policy
D) Signature
E) AAA
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
25
Scenario: A Citrix Engineer needs to forward the Citrix Web App Firewall log entries to a central management service. This central management service uses an open log file standard. Which log file format should the engineer use in the Citrix Web App Firewall engine settings to designate the open log file standard?
A) CEF
B) IIS
C) W3C
D) TLA
A) CEF
B) IIS
C) W3C
D) TLA
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
26
A manager for a hospital billing system wants to display the last four digits of a credit card number when printing invoices. Which credit card security action does this?
A) X-Out
B) Log
C) Transform
D) Block
A) X-Out
B) Log
C) Transform
D) Block
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
27
Which protection can a Citrix Engineer implement to prevent a hacker from extracting a customer list from the company website?
A) Cross-Site Request Forgeries (CSRF)
B) Form Field Consistency
C) HTML Cross-Site Scripting (XSS)
D) HTML SQL Injection
A) Cross-Site Request Forgeries (CSRF)
B) Form Field Consistency
C) HTML Cross-Site Scripting (XSS)
D) HTML SQL Injection
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
28
Scenario: A Citrix Engineer is monitoring the environment with Citrix Application Delivery Management (ADM). Management has asked for a report of high-risk traffic to protected internal websites. Which dashboard can the engineer use to generate the requested report?
A) App Security
B) Transactions
C) Users & Endpoints
D) App
A) App Security
B) Transactions
C) Users & Endpoints
D) App
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
29
Which three items does Citrix Application Delivery Management (ADM) require when adding an instances? (Choose three.)
A) Site
B) Tags
C) IP address
D) Agent
E) Profile
A) Site
B) Tags
C) IP address
D) Agent
E) Profile
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
30
Scenario: A Citrix Engineer wants to use Citrix Application Delivery Management (ADM) to monitor a single Citrix ADC VPX with eight web applications and one Citrix Gateway. It is important that the collected data be protected. Which deployment will satisfy the requirements?
A) A single Citrix ADM with database replication to a secondary storage repository.
B) A pair of Citrix ADM virtual appliances configured for High Availability.
C) A single Citrix ADM imported onto the same hypervisor as the Citrix ADC VPX.
D) A pair of Citrix ADM virtual appliances, each working independently.
A) A single Citrix ADM with database replication to a secondary storage repository.
B) A pair of Citrix ADM virtual appliances configured for High Availability.
C) A single Citrix ADM imported onto the same hypervisor as the Citrix ADC VPX.
D) A pair of Citrix ADM virtual appliances, each working independently.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
31
Which action ensures that content is retrieved from the server of origin?
A) CACHE
B) MAY_CACHE
C) NOCACHE
D) MAY_NOCACHE
A) CACHE
B) MAY_CACHE
C) NOCACHE
D) MAY_NOCACHE
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
32
Which Citrix Application Delivery Management (ADM) feature can a Citrix Engineer use to narrow a list of Citrix ADC devices based on pre-defined criteria?
A) AutoScale Groups
B) Instance Groups
C) Configuration Template
D) Tags
E) Agent
A) AutoScale Groups
B) Instance Groups
C) Configuration Template
D) Tags
E) Agent
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
33
A Citrix Engineer enabled Cookie Consistency protection on a web application and wants to verify that it is working. Which cookie name can the engineer look for in the HTTP headers sent from the client to verify the protection?
A) Citrix_ns_id
B) Citrix_waf_id
C) Citrix_adc_id
D) Citrix_sc_id
A) Citrix_ns_id
B) Citrix_waf_id
C) Citrix_adc_id
D) Citrix_sc_id
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
34
Which Citrix Web App Firewall profile setting can a Citrix Engineer configure to provide a response when a violation occurs?
A) Default Request
B) Redirect URL
C) Return URL
D) Default Response
A) Default Request
B) Redirect URL
C) Return URL
D) Default Response
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
35
Which license must be present on the Citrix ADC for the Citrix Application Delivery Management (ADM) Service to generate HDX Insight reports that present one year's worth of data?
A) Advanced
B) Premium Plus
C) Premium
D) Standard
A) Advanced
B) Premium Plus
C) Premium
D) Standard
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
36
A Citrix Engineer is reviewing the log files for a sensitive web application and notices that someone accessed the application using the engineer's credentials while the engineer was out of the office for an extended period of time. Which production can the engineer implement to protect against this vulnerability?
A) Deny URL
B) Buffer Overflow
C) Form Field Consistency
D) Cookie Consistency
A) Deny URL
B) Buffer Overflow
C) Form Field Consistency
D) Cookie Consistency
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
37
What should a Citrix Engineer do when using the Learn feature for Start URL relaxation?
A) Ensure that only valid or correct traffic is directed to the protected web application while in Learn mode.
B) Invite at least 10 test users to collect sufficient data for the Learn feature.
C) Create a Web App Firewall policy that blocks unwanted traffic.
D) Ensure that the /var file system has at least 10 MB free.
A) Ensure that only valid or correct traffic is directed to the protected web application while in Learn mode.
B) Invite at least 10 test users to collect sufficient data for the Learn feature.
C) Create a Web App Firewall policy that blocks unwanted traffic.
D) Ensure that the /var file system has at least 10 MB free.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
38
Which build-in TCP profile can a Citrix Engineer assign to a virtual server to improve performance for users who access an application from a secondary campus building over a fiber optic connection?
A) nstcp_default_tcp_lfp
B) nstcp_default_tcp_lan
C) nstcp_default_tcp_interactive_stream
D) nstcp_default_tcp_lnp
A) nstcp_default_tcp_lfp
B) nstcp_default_tcp_lan
C) nstcp_default_tcp_interactive_stream
D) nstcp_default_tcp_lnp
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
39
Scenario: A Citrix Engineer is asked to implement multi-factor authentication for Citrix Gateway. The engineer creates the authentication policies and binds the policies to the appropriate bind points. The engineer creates a custom form using Notepad++ to format the page which will capture the user's credentials. What is the first step the engineer must perform to assign this form to the authentication process?
A) Create a login schema policy and bind it to the authentication virtual server.
B) Bind the authentication policy to the primary authentication bank of the Citrix Gateway
C) Create a login schema profile and select the uploaded file.
D) Create an authentication policy label and bind it to an authentication policy.
A) Create a login schema policy and bind it to the authentication virtual server.
B) Bind the authentication policy to the primary authentication bank of the Citrix Gateway
C) Create a login schema profile and select the uploaded file.
D) Create an authentication policy label and bind it to an authentication policy.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
40
Which Front End Optimization technique overcomes the parallel download limitation of web browsers?
A) Domain Sharding
B) Minify
C) Extend Page Cache
D) Lazy Load
A) Domain Sharding
B) Minify
C) Extend Page Cache
D) Lazy Load
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
