Download Citri Networking Administration Certification Study Guide [Citri Networking] and more Exams Technology in PDF only on Docsity!
Study Guide [Citri Networking]
Question 1. Which NetScaler component handles traffic that is destined for the data plane? A) Management Interface (MGMT) B) Backplane Interface (BKP) C) Data Interface (DATA) D) CLI Interface Answer: C Explanation: The Data Interface processes user traffic, while the Management Interface is for administrative tasks and the Backplane Interface connects internal modules. Question 2. In a One‑Arm deployment, the NetScaler is placed: A) Between the client and server on a dedicated VLAN B) Inline with two NICs, each on separate networks C) In a routed mode with a single NIC acting as both inbound and outbound D) As a bridge between two switches Answer: C Explanation: One‑Arm (also called SNAT) uses a single NIC that participates in both inbound and outbound traffic, relying on routing rather than bridging. Question 3. Which NetScaler mode allows it to forward Ethernet frames without IP routing? A) Layer 3 mode B) Transparent mode C) Layer 2 mode D) NAT mode Answer: C
Study Guide [Citri Networking]
Explanation: Layer 2 mode enables the appliance to act as a bridge, forwarding frames at the data link layer without IP routing. Question 4. A VLAN ID of 100 is configured on a NetScaler interface. Which command creates the VLAN? A) add vlan 100 B) bind vlan 100 – interface 1/ C) enable vlan 100 – ifnum 1/ D) set vlan 100 – interface 1/ Answer: A Explanation: The add vlan command creates a VLAN object; subsequent binding to an interface is done with bind vlan. Question 5. What is the purpose of a Subnet IP (SNIP) on a NetScaler? A) It is the IP address used for management GUI access. B) It is the address used for client‑side virtual servers. C) It is the source IP for traffic sent to backend servers. D) It is the IP used for inter‑node communication in HA. Answer: C Explanation: SNIP is the IP address that NetScaler uses as the source when forwarding traffic to the backend servers. Question 6. Which command displays the current static routes on a NetScaler? A) show route B) show ip route static C) get routingtable
Study Guide [Citri Networking]
D) Bare‑metal Linux operation. Answer: B Explanation: SDX runs multiple isolated instances (slices) on a single hardware appliance, offering multi‑tenant capabilities. Question 10. Which NetScaler offering is container‑native and runs as a Docker image? A) MPX B) VPX C) CPX D) BLX Answer: C Explanation: CPX is a containerized NetScaler version that runs inside Docker or Kubernetes. Question 11. In HA configuration, the “heartbeat” interface is used for: A) Client traffic forwarding. B) Synchronizing configuration and state between nodes. C) Management GUI access. D) License server communication. Answer: B Explanation: The heartbeat interface exchanges health and configuration data between HA nodes to coordinate failover. Question 12. Which HA failover mode ensures that the secondary node takes over only when the primary node loses both data and management plane connectivity? A) Active‑Passive B) Active‑Active
Study Guide [Citri Networking]
C) Split‑Brain Safe D) Graceful Switchover Answer: D Explanation: Graceful Switchover requires both data and management plane failures before the secondary assumes the primary role, preventing split‑brain. Question 13. When upgrading NetScaler firmware, which command rolls back to the previous version if the new version fails? A) rollback ns firmware B) revert ns firmware C) nsupgrade - rollback D) nsupgrade - undo Answer: A Explanation: rollback ns firmware restores the previous firmware version. Question 14. A Service Group in NetScaler is used to: A) Group multiple virtual servers. B) Aggregate backend servers that provide the same service. C) Combine multiple SSL certificates. D) Create a VLAN trunk. Answer: B Explanation: Service Groups hold a pool of similar backend servers (e.g., web servers) for load balancing. Question 15. Which load‑balancing method selects the server with the fewest active connections?
Study Guide [Citri Networking]
Question 18. Which GSLB load‑balancing method distributes traffic based on the geographic proximity of the client? A) Round Robin B) Least Response Time C) DNS‑Based Proximity (Geolocation) D) Weighted Round Robin Answer: C Explanation: DNS‑Based Proximity (or Geo‑IP) directs clients to the nearest GSLB site based on their IP location. Question 19. When configuring SSL offload, which component stores the private key securely? A) SSL Certificate Store B) Key Vault C) SSL Key Repository D) Secure Key Store (SKS) Answer: A Explanation: The SSL Certificate Store holds both certificates and associated private keys; they are encrypted at rest. Question 20. Which SSL/TLS protocol version is considered insecure and should be disabled on a NetScaler? A) TLS 1. B) TLS 1. C) SSL 3. D) TLS 1. Answer: C
Study Guide [Citri Networking]
Explanation: SSL 3.0 is vulnerable to POODLE attacks and must be disabled. Question 21. In Content Switching, which expression would you use to direct traffic based on the URL path containing “/api”? A) HTTP.REQ.URL.CONTAINS("/api") B) HTTP.REQ.HOST.EQ("api") C) HTTP.REQ.URL.PATH.EQ("/api") D) HTTP.REQ.BODY.CONTAINS("/api") Answer: A Explanation: HTTP.REQ.URL.CONTAINS checks if the URL string includes the specified substring. Question 22. Which NetScaler feature allows you to modify HTTP request headers before they reach the backend server? A) Responder Policy B) Rewrite Policy C) Content Switching Policy D) GSLB Policy Answer: B Explanation: Rewrite policies can add, delete, or modify request/response headers. Question 23. A Boolean expression in the Default Policy Engine that checks for a GET method and a specific host would be: A) HTTP.REQ.METHOD.EQ("GET") && HTTP.REQ.HOST.EQ("example.com") B) HTTP.REQ.METHOD=="GET" && HTTP.REQ.HOST=="example.com" C) HTTP.REQ.METHOD.EQ("GET") & HTTP.REQ.HOST.EQ("example.com") D) HTTP.REQ.METHOD IS GET AND HTTP.REQ.HOST IS example.com
Study Guide [Citri Networking]
Answer: B Explanation: The Auditor role is designed for read‑only monitoring and log access. Question 27. Rate limiting in NetScaler is often implemented using: A) ACLs B) Traffic Management (TM) Policies C) AppExpert rate‑limit expressions D) GSLB sites Answer: C Explanation: AppExpert includes rate‑limit expressions that can throttle requests based on count or bandwidth. Question 28. Which authentication protocol is commonly used for LDAP integration on NetScaler Gateway? A) RADIUS B) SAML C) Kerberos D) NTLM Answer: C Explanation: LDAP authentication often utilizes Kerberos for secure ticket‑based validation. Question 29. Multi‑Factor Authentication (MFA) on NetScaler Gateway can be enabled via which feature? A) LDAP B) RADIUS C) nFactor
Study Guide [Citri Networking]
D) SSO
Answer: C Explanation: nFactor enables step‑wise authentication, allowing MFA combinations. Question 30. A NetScaler VPN session that does not install a client driver is called: A) Full‑Tunnel VPN B) Clientless VPN C) SSL‑Tunneling VPN D) IPSec VPN Answer: B Explanation: Clientless VPN provides access via browsers without installing a client. Question 31. Which log file contains detailed system events and errors on a NetScaler? A) ns.log B) error.log C) sys.log D) audit.log Answer: A Explanation: ns.log is the primary log file for system messages, errors, and debug information. Question 32. The nstrace utility is used for: A) Capturing packet traces on the NetScaler interfaces. B) Displaying routing tables. C) Managing licenses. D) Configuring VLANs.
Study Guide [Citri Networking]
Answer: A Explanation: disable service temporarily disables the service while retaining its configuration. Question 36. When configuring a virtual IP (VIP) for a load‑balancing vServer, which address is used by clients to reach the service? A) SNIP address B) NSIP address C) VIP address D) Backend server IP Answer: C Explanation: The VIP is the front‑end address that clients resolve and connect to. Question 37. Which of the following is a valid reason to use a “Weighted Round Robin” load‑balancing method? A) All servers have identical hardware. B) To prefer servers with higher capacity. C) To ensure session persistence. D) To route traffic based on URL. Answer: B Explanation: Weighted Round Robin assigns a weight to each server, allowing more powerful servers to receive a larger share of traffic. Question 38. In a NetScaler HA pair, the term “split‑brain” refers to: A) Both nodes thinking they are primary simultaneously. B) A failure of the heartbeat interface only. C) A scenario where the secondary node is offline.
Study Guide [Citri Networking]
D) An issue with VLAN tagging. Answer: A Explanation: Split‑brain occurs when both nodes believe they are primary, leading to possible IP conflicts. Question 39. Which NetScaler command backs up the current configuration to a file? A) save config – file B) backup config – file C) nsconfig - save D) dump config – file Answer: B Explanation: backup config - file creates a backup file of the running configuration. Question 40. A “monitor binding” on a service group determines: A) Which SSL certificate to use. B) How often health checks are performed. C) The VLAN ID for the service. D) The HA synchronization mode. Answer: B Explanation: Binding a monitor to a service group defines the health‑check frequency and type. Question 41. Which GSLB feature enables automatic failover to another site when the primary site becomes unavailable? A) DNS‑Based Load Balancing B) Site Persistence C) Health‑Based Failover
Study Guide [Citri Networking]
D) Configuring HA heartbeat intervals. Answer: B Explanation: Pattern sets hold regex patterns that can be referenced by rewrite, responder, or security policies. Question 45. Which command displays the current ARP table entries? A) show arp B) get arp table C) nsarp - list D) show ip arp Answer: A Explanation: show arp lists all ARP entries known to the NetScaler. Question 46. When configuring a NetScaler Gateway for StoreFront integration, which protocol is used for communication between the Gateway and StoreFront? A) RDP B) HTTPS C) ICA D) FTP Answer: B Explanation: The Gateway connects to StoreFront over HTTPS to retrieve resource catalogs securely. Question 47. Which feature allows NetScaler to offload SSL processing while still maintaining end‑to‑end encryption to the backend server? A) SSL Bridging
Study Guide [Citri Networking]
B) SSL Offload C) SSL Bump D) SSL Re‑encrypt Answer: D Explanation: SSL Re‑encrypt (or SSL Bridging) terminates SSL at the NetScaler, then re‑establishes SSL to the backend, preserving encryption end‑to‑end. Question 48. A “session persistence” (also called “stickiness”) method that uses a cookie to keep a client bound to a server is known as: A) SOURCEIP B) COOKIEINSERT C) SSLSESSIONID D) URLHASH Answer: B Explanation: COOKIEINSERT inserts a cookie into the client’s response to maintain session affinity. Question 49. Which NetScaler command is used to clear the statistics of a specific vServer? A) clear stats lb vserver B) reset vserver stats C) flush stats vserver D) erase stats lb vserver Answer: A Explanation: clear stats lb vserver resets the collected statistics for that vServer. Question 50. In NetScaler, the term “SNIP” stands for:
Study Guide [Citri Networking]
Question 53. Which NetScaler feature can be used to limit the number of concurrent connections from a single client IP? A) Connection Rate Limiting (CRL) B) Bandwidth Throttling C) Connection Queue D) Rate Limiting Policy Answer: D Explanation: Rate Limiting policies can restrict concurrent connections per client IP. Question 54. When configuring a NetScaler virtual server for TCP traffic, which parameter determines the maximum number of pending connections? A) Max Clients B) Max Connections C) Queue Depth D) Backlog Answer: D Explanation: The “Backlog” setting specifies the TCP SYN backlog size for pending connections. Question 55. In NetScaler, the “nsconmsg” utility is primarily used for: A) Capturing network packets. B) Displaying message queues and counters. C) Managing licenses. D) Configuring VLANs. Answer: B Explanation: nsconmsg reads internal message queues and performance counters.
Study Guide [Citri Networking]
Question 56. Which command would you use to import an SSL certificate and its private key into NetScaler? A) add ssl certkey - cert - key B) import ssl cert – file – key C) bind ssl certkey – cert – key D) upload ssl cert – cert – key Answer: A Explanation: add ssl certkey creates a certkey object with the certificate and key files. Question 57. Which NetScaler component enforces URL‑based access control using pattern matching? A) ACL B) Responder Policy C) Rewrite Policy D) AppExpert URL Transformation Answer: D Explanation: AppExpert’s URL transformation capabilities use pattern sets for URL‑based filtering. Question 58. The “nsconmsg - K eventlog – d” command is used to: A) Delete the event log. B) Dump the event log to the console. C) Disable event logging. D) Display the last 10 events. Answer: B
