Scenario: A Citrix Architect needs to deploy a Citrix ADC appliance for Workspacelab, which will provide application load balancing services to Partnerlab and Vendorlab.

The setup requirements are as follows:

A pair of Citrix ADC MPX appliances will be deployed in the DMZ network.

High availability will be accessible on the Citrix ADC MPX in the DMZ Network.

Load balancing should be performed for the mail servers for Partnerlab and Vendorlab.

The traffic for both of the organizations must be isolated.

Separate Management accounts must be available for each client.

The load-balancing IP addresses must be identical.

A separate VLAN must be utilized for communication for each client.

Which solution can the architect utilize to meet the requirements?

Which session parameter does the default authorization setting control when authentication, authorization, and auditing profiles are configured?

A Citrix Architect needs to make sure that maximum concurrent AAA user sessions are limited to 4000 as a security restriction.

Which authentication setting can the architect utilize to view the current configuration?

Scenario: A Citrix Architect has deployed two MPX devices, 12.0.53.13 nc and MPX 11500 models, in high availability (HA) pair for the Workspace labs team. The deployment method is two-arm and the devices are installed behind a CISCO ASA 5585 Firewall. The architect enabled the following features on the NetScaler devices. Content Switching, SSL Offloading, Load Balancing, NetScaler Gateway, Application Firewall in hybrid security and Appflow. All are enabled to send monitoring information to NMAS 12.0.53.13 nc build. The architect is preparing to configure load balancing for Microsoft Exchange 2016 server.

The following requirements were discussed during the implementation:

All traffic needs to be segregated based on applications, and the fewest number of IP addresses should be utilized during the configuration

All traffic should be secured and any traffic coming into HTTP should be redirected to HTTPS.

Single Sign-on should be created for Microsoft Outlook web access (OWA).

NetScaler should recognize Uniform Resource Identifier (URl) and close the session to NetScaler when users hit the Logoff button in Microsoft Outlook web access.

Users should be able to authenticate using either user principal name (UPN) or sAMAccountName.

The Layer 7 monitor should be configured to monitor the Microsoft Outlook web access servers and the monitor probes must be sent on SSL

Which monitor will meet these requirements?

Scenario: A Citrix Architect holds a design discussion with a team of Workspacelab members, and they capture the following requirements for the NetScaler design project.

A pair of NetScaler MPX appliances will be deployed in the DMZ network and another pair in the internal network.

High availability will be accessible between the pair of NetScaler MPX appliances in the DMZ network.

Multi-factor authentication must be configured for the NetScaler Gateway virtual server.

The NetScaler Gateway virtual server is integrated with the StoreFront server.

Load balancing must be deployed for users from the workspacelab.com domain.

The workspacelab users should be authenticated using Cert Policy and LDAP.

All the client certificates must be SHA 256-signed, 2048 bits, and have UserPrincipalName as the subject.

Single Sign-on must be performed between StoreFront and NetScaler Gateway.

After deployment, the architect observes that LDAP authentication is failing.

Click the Exhibit button to review the output of aaad debug and the configuration of the authentication policy.

Exhibit 1

Exhibit 2

What is causing this issue?

For which two reasons should a Citrix Architect perform a capabilities assessment when designing and deploying a new Citrix ADC in an existing environment? (Choose two.)

Which two parameters are required to ensure that after authentication, the cookies can be transferred from browser to non-browser applications? (Choose two.)

Scenario: A Citrix Architect needs to assess an existing on-premises NetScaler deployment which includes Advanced Endpoint Analysis scans. During a previous security audit, the team discovered that certain endpoint devices were able to perform unauthorized actions despite NOT meeting pre-established criteria.

The issue was isolated to several endpoint analysis (EPA) scan settings.

Click the Exhibit button to view the endpoint security requirements and configured EPA policy settings.

Which setting is preventing the security requirements of the organization from being met?

Scenario: A Citrix Architect has deployed an authentication setup with a ShareFile load-balancing virtual server. The NetScaler is configured as the Service Provider and Portalguard server is utilized as the SAML Identity Provider. While performing the functional testing, the architect finds that after the users enter their credentials on the logon page provided by Portalguard, they get redirected back to the Netscaler Gateway page at uri /cgi/samlauth/ and receive the following error.

The events in the /var/log/ns.log at the time of this issue are as follows:

What should the architect change in the SAML action to resolve this issue?

Scenario: A Citrix Architect has met with a team of Workspacelab members for a design discussion They have captured the following requirements for the Citrix ADC design project:

The authentication must be deployed for the users from the workspacelab com and vendorlab com domains.

The workspacelab users connecting from the internal (workspacelab) network should be authenticated using LDAP

The workspacelab users connecting from the external network should be authenticated using LDAP and RADIUS.

The vendorlab users should be authenticated using Active Directory Federation Service

The user credentials must NOT be shared between workspacelab and vendorlab

Single Sign-on must be performed between StoreFront and Citrix Gateway

A domain drop down list must be provided if the user connects to the Citrix Gateway virtual server externally

Which method must the architect utilize for user management between the two domains?