Scenario: A Citrix Engineer configures Citrix Web App Firewall to protect an application. Users report that they are NOT able to log on. The engineer enables a Start URL relaxation for the path
//login.aspx.
What is the effect of the Start URL relaxation on the application?

• A.Access to the path /login.aspx is blocked.
• B.Non-administrative users are blocked from the path /login.aspx
  Administrative users are permitted to the path /login.aspx.
• C.Access to the path /login.aspx is unblocked.
• D.External users are blocked from the path /login.aspx.
  Internal users are permitted to the path /login.aspx.

Comment: *

Name: *

Email: *

Verification: *

Scenario: A Citrix Engineer has configured LDAP group extraction on the NetScaler Management and Analytics System (NMAS) for the administration. The engineer observes that extraction is NOT working for one of the five configured groups.
What could be the cause of the issue?

• A.The admin bind user has read-only permissions on the LDAP server.
• B.The user group extraction is NOT supported with plaintext LDAP.
• C.The NMAS group does NOT match the one on the external LDAP servers.
• D.The LDAP bind DN is incorrectly configured in the LDAP profile.

Comment: *

Name: *

Email: *

Verification: *

Scenario: A Citrix Engineer observes that when going through NetScaler, user connections fail and users are unable to access Exchange server. However, users can connect directly to the Exchange server. After checking the logs, the engineer finds that the POST request is blocked through the NetScaler.
The log in/ var/log/ns.log is as follows:
Jul 20 11:00: 38 <local0.info>x.x.x. 1 07/20/2017:11:00:38 GMT ns 0-PPE-0:APPFW AF_400_RESP
29362 0: x.x.x.1 439800-PPEO- urlwdummy
https://test.abc.com/rpc/rpcproxy.dll?mail.sfmta.com:6004 Bad request headers. Content-length exceeds post body limit <blocked> Which parameter can the engineer modify to resolve the issue while maintaining security?

• A.Increase the Maximum Header Length under nshttp_default_profile.
• B.Increase the POST body limit using the HTTP profile.
• C.Add an Application Firewall policy with the expression "HTTP.REQ.METHOD.EQ(\ "POST"\)" with APPFW_BYPASS profile bound.
• D.Increase the POST body limit under common settings in Application Firewall profile settings.

Comment: *

Name: *

Email: *

Verification: *

Scenario: A Citrix Engineer reviews the log files for a business-critical web application. The engineer notices a series of attempts to directly access a file, /etc/passwd.
Which feature can the engineer implement to protect the application against this attack?

• A.Form Field Consistency
• B.Content Type
• C.Start URL
• D.Buffer Overflow

Comment: *

Name: *

Email: *

Verification: *

Scenario: A Citrix Engineer has deployed four NetScaler MPXs with the following network configuration:
- Management traffic is on VLAN 5 (NSIP).
- Application and server traffic is on VLAN 10 (SNIP).
The engineer added the NetScaler Management and Analytics System (NMAS) interface to VLAN 10 to deploy a NMAS High Availability (HA) pair to manage and monitor the applications and virtual servers.
After doing so, the engineer is NOT able to see the NetScaler or applications that need to be managed.
How can the engineer resolve the issue?

• A.Move the NMAS interface to VLAN 5
• B.Configure VLAN 5 as NSSYNC VLAN
• C.Configure VLAN 5 as NSVLAN 5
• D.Bind SNIP to VLAN 5

Comment: *

Name: *

Email: *

Verification: *