Citrix 1Y0-340 Dumps 2021

NEW QUESTION 1
An attacker inserting a malicious code that compromises the trust relationship between users and a web application is an example of a (n) attack. (Choose the correct option to complete the sentence.)

• A. Cookie Tampering
• B. SQL Injection
• C. Form Field Consistency
• D. Cross-site Scripting

Answer: D

NEW QUESTION 2
A Citrix Engineer needs to set the rate at which connections are proxied from the NetScaler to the server. Which values should the engineer configure for Surge Protection?

• A. UDP Threshold and Start Port
• B. Grant Quota and Buffer Size
• C. TCP Threshold and Reset Threshold
• D. Base Threshold and Throttle

Answer: D

NEW QUESTION 3
Which content type takes the maximum advantage of web caching mechanisms to boost performance?

• A. Pseudo-Dynamic Content
• B. Pseudo-Static Content
• C. Static Content
• D. Dynamic Content

Answer: D

NEW QUESTION 4
Scenario: A Citrix Engineer needs to configure an Application Firewall policy for an online shopping website called “mycompany.com”. As a security measure, the shopping cart application is hosted on a separate directory “/mycart” on the backend server. The engineer configured a profile to secure the connections to this shopping cart and now needs to ensure that this profile is allied to all incoming connections to the shopping cart.
Which policy expression will accomplish this requirement?

• A. http.req.ur
• B. contains(“/mycart”) & http:req.url.hostname.eq(“mycompany.com”)
• C. http.req.ur
• D. contains(“/mycart”) || http:req.url.hostname.eq(“mycompany.com”)
• E. http.req.header (“url”).contains (“/mycart”) || http.req.url.contains (“mycompany.com”)
• F. http.req.header (“url”).contains (“/mycart”) && http:req.url.contains (“mycompy.com”)

Answer: A

NEW QUESTION 5
A Citrix Engineer has determined that users are able to access random URLs on a web site through bookmarks and by manually typing in the URLs to skip the pages required to reach that part of the website.
Which two checks can the engineer enable to prevent this attack? (Choose two.)

• A. Form Field Consistency
• B. Deny URL
• C. Start URL
• D. Buffer overflow
• E. HTML Cross-site scripting

Answer: CD

NEW QUESTION 6
What criteria must be met in order to create a certificate bundle by linking multiple certificates in NetScaler Management and Analytics System (NMAS)?

• A. The issuer of the first certificate must match the domain of the second certificate.
• B. The issuer if the first certificate must NOT have issued the second certificate.
• C. The certificates must be created on the NetScaler.
• D. The certificates must be issued by an external Certificate Authority.

Answer: A

NEW QUESTION 7
A Citrix Engineer needs to ensure that clients always receive a fresh answer from the integrated cache for positive responses (response of 200).
Which two settings can the engineer configure to make sure that clients receive a fresh response when it is needed? (Choose two.)

• A. –flashCache NO
• B. - pollEveryTime YES
• C. –prefetch YES
• D. –quickAbortSize

Answer: AB

NEW QUESTION 8
The NetScaler Management and Analytics System (NMAS) collects inventory from the instance by sending a(n) request. (Choose the correct option to complete the sentence.)

• A. AppFlow
• B. NITRO
• C. SNMP
• D. HTTP

Answer: B

NEW QUESTION 9
Scenario: A Citrix Engineer has a project to enable Integrated Caching on a NetScaler for a Financial Consulting company whose clients monitor their stocks in real time. Clients are reporting a delay in the displaying of the stock values.
What can the engineer configure on the NetScaler to enable data to be presented to the clients in real time?

• A. Dynamic Content Groups
• B. Basic Content Group
• C. Add another NetScaler
• D. Static Content Group

Answer: A

NEW QUESTION 10
A Citrix Engineer needs to implement Application Firewall to prevent the following tampering and vulnerabilities:
-If web server does NOT send a field to the user, the check should NOT allow the user to add that field and return data in the field.
-If a field is a read-only or hidden field, the check verifies that data has NOT changed.
-If a field is a list box or radio button field, the check verifies that data in the response corresponds to one of the values in that field.
Which security check can the engineer enable to meet this requirement?

• A. Field Formats
• B. Form Field Consistency
• C. HTML Cross-Site Scripting
• D. CSRF Form Tagging

Answer: B

NEW QUESTION 11
A Citrix Engineer needs generate and present a NetScaler PCI-DSS report to management. The report should include a PCI-DSS summary of the required security measures for PCI-DSS compliance.
Where can the engineer generate the report from?

• A. Documentation > Nitro API
• B. Reporting> System
• C. Dashboard>System Overview
• D. Configuration>System>Reports

Answer: D

NEW QUESTION 12
Scenario: A Citrix Engineer needs to configure Application Firewall to handle SQL injection issues. However, after enabling SQL injection check, the backend server started dropping user requests.
The Application Firewall configuration is as follows:
add appfw profile Test123 –startURLAction none- denyURLAction none-crossSiteScriptingAction none
–SQLInjectionAction log stats- SQLInjection TransformSpecialChars ON
–SQLInjectionCheckSQLWildChars ON- fieldFormatAction none- bufferOverflowAction none- responseContentType “application/octet-stream” –XMLSQLInjectionAction none- XMLXSSAction none-XMLWSIAction none- XMLValidationAction none
What does the engineer need to change in the Application Firewall configuration?

• A. Enable-XMLSQLInjectionAction none
• B. Enable-XMLValidationAction none
• C. Disable- SQLInjectionCheckSQLWildChars ON
• D. Disable- SQLInjectionTransformSpecialChars ON

Answer: C

NEW QUESTION 13
Scenario: A Citrix Engineer discovers a security vulnerability in one of its websites. The engineer takes a header trace and checks the Application Firewall logs.
The following was found in part of the logs:
method=GET
request = http://my.companysite.net/FFC/sc11.html msg=URL length (39) is greater than maximum allowed (20).cn1=707 cn2=402 cs1=owa_profile cs2=PPE0 cs3=kW49GcKbnwKByByi3+jeNzfgWa80000 cs4=ALERT cs5=2015
Which type of Application Firewall security check can the engineer configure to block this type of attack?

• A. Buffer Overflow
• B. Start URL
• C. Cross-site Scripting
• D. Cookie Consistency

Answer: C

NEW QUESTION 14
Scenario: A Citrix Engineer configures the Application Firewall for protecting a sensitive website. The security team captures traffic between a client and the website and notes the following cookie:
citrix_ns_id
The security team is concerned that the cookie name is a risk, as it can be easily determined that the NetScaler is protecting the website.
Where can the engineer change the cookie name?

• A. Application Firewall Policy
• B. Application Firewall Engine Settings
• C. Application Firewall Default Signatures
• D. Application Firewall Profile

Answer: D

NEW QUESTION 15
Which NetScaler Management and Analytics System (NMAS) feature will assist the Citrix Engineer in gathering the required data for issues with Endpoint Analysis?

• A. Security Insight
• B. Web Insight
• C. HDX Insight
• D. Gateway Insight

Answer: A

NEW QUESTION 16
Which action can be used to place the rule on the relaxation list without being deployed and ensuring that the rule is NOT learned again?

• A. Skip
• B. Deploy
• C. Delete
• D. Edit& Deploy

Answer: A

NEW QUESTION 17
A Citrix Engineer observes that after enabling the security checks in Learning mode only in an Application Firewall profile, the NetScaler is blocking the non-RFC compliant HTTP packets.
What can the engineer modify in the configuration to resolve this issue?

• A. Disable Drop Invalid Requests in the HTTP Profile settings.
• B. Set Default profile in application firewall settings as APPFW_BYPASS.
• C. Set Undefined Action in application firewall settings as APPFW_BYPASS.
• D. Enable Drop Invalid Requests in the HTTP Profile settings.

Answer: B

NEW QUESTION 18
Scenario: A Citrix Engineer must enable a cookie consistency security check and ensure that all the session cookies get encrypted during the transaction. The engineer needs to ensure that none of the persistent coolies are encrypted and decrypted and decrypt any encrypted cookies during the transaction.
Which cookie consistency security feature will the engineer configure in the following configuration to achieve the desired results?
add appfw profile Test123 –startURLAction none- denyURLAction none- cookieConsistencyAction log
–cookieTransforms ON –cookieEncryption ecryptSessionOnly –addCookieFlags httpOnly
–crossSiteScriptingAction none- SQLInjectionAction log stats –SQLInjectionTransfrormSpecialChars ON- SQLInjectionCheckSQLWildChars ON –fieldFormatAction none –bufferOverflowAction none
–responseContentType “application/octet-stream”- XMLSQLInjectionAction none –XMLXSSAction none-XMLWSIAction none- XMLValidationAction none

• A. Configure Encrypt Server cookies to “Encrypt All”
• B. Configure Encrypt Server cookies to “None”
• C. Configure Encrypt Server cookies to “Encrypt Session Only”
• D. Configure Encrypt Server cookies to “Encrypt only”

Answer: B