Scenario: A customer would like to configure a single NetScaler Gateway that facilitates access to XenMobile and XenApp/XenDesktop resources from iOS and Android mobile devices. The customer also plans for users to access XenApp and XenDesktop resources by using a web browser from other endpoints. The following Session Policies and expressions have been configured on NetScaler: – Policy 1: REQ.HTTP.HEADER User-Agent NOTCONTAINS CitrixReceiver && REQ.HTTP.HEADER Referer EXISTS – Policy 2: REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver && REQ.HTTP.HEADER X-Citrix-Gateway EXISTS A Citrix Engineer is asked to create a new Session Profile for users accessing resources through web browsers on their endpoint devices. The profile should be bound to __________ and direct users to __________. (Choose the correct set of options to complete the sentence.)
A. Policy 1; the XenMobile Server
B. Policy 1; StoreFront
C. Policy 2; the XenMobile Server
D. Policy 2; StoreFront
Scenario: A Citrix Engineer needs to implement SSL Offload in which traffic is encrypted all the way from the client device to the XenMobile Server. The vServer and service configurations are listed below. Load balancing vServers: – Protocol: SSL, Port: 443 – Protocol: SSL, Port: 8443 Services: – Protocol: SSL, Port: 443 (Bound to 443 vServer) – Protocol: SSL, Port: 8443 (Bound to 8443 vServer) The current configuration is NOT working properly. What should the engineer adjust to implement SSL Offload successfully?
A. Bind Port 80 services to both the 443 and 8443 load-balancing vServers but make no other changes.
B. Bind the port 8443 service to the port 443 vServer; the port 443 service is NOT needed.
C. Bind the port 443 service to the port 8443 vServer; the port 8443 service is NOT needed.
D. Bind Port 80 services to both the 443 and 8443 load-balancing vServers and open port 80 on the XenMobile Server IP Tables firewall.
Which two types of certificates will require a restart when uploaded to a XenMobile Server using the XenMobile Console? (Choose two.)
A. SSL Listener
C. Apple Push Notification service (APNs)
E. Device Certificate Authority (CA)
Which two components are required in order for a Citrix Engineer to use the MDX Toolkit to wrap Android applications for production use? (Choose two.)
A. Command-line tools
B. Enterprise certificate from Symantec
C. Android Developer Tools and Android SDK
D. Android Just-in-Time Compiler
E. A keystore certificate
A Citrix Engineer needs to allow junior administrators to perform selective wipe requests from a single console for users who are members of the IT and HR departments. What should the engineer do to accomplish this objective?
A. Use two XenMobile instances, one for IT and HR users, and another instance for all other users.
B. Use XenMobile Role-based Access Control (RBAC) to delegate the selective wipe permission to the junior administrative team, only targeting users in the IT and HR departments.
C. Use XenMobile deployment rules to assign the selective wipe task to the junior administrative team and only target the IT and HR users.
D. Create XenMobile Delivery Groups to assign the selective wipe option to the junior administrative team for the IT and HR users.
A Citrix Engineer must delegate enrollment invitation management to Level 1 administrators. What should the engineer do to accomplish this objective?
A. Configure AAA groups on the NetScaler Gateway; allow only this group to access the console over port 4443.
B. Create a local group on the XenMobile Server; allow only Level 1 administrators access to it.
C. Configure a Delivery Group within the XenMobile Server; deploy the security policies only to the dedicated group of Level 1 administrators.
D. Configure Role-based Access Control (RBAC); assign only the desired permissions to the Active Directory group where the Level 1 administrators reside.
Scenario: A Citrix Engineer wants to provide access from WorxWeb to internal corporate websites that require client certificate authentication. The engineer has configured the NetScaler with Clientless Access to “On”, and Plug-in type to Windows / Mac OSX. Which two settings should the engineer configure within the WorxWeb MDX policies to ensure that users could access these sites successfully without errors? (Choose two.)
A. Set Network access to “Tunneled to internal network”.
B. Set VPN to “Full VPN tunnel”.
C. Set VPN to “Secure browse”.
D. Set an Allowed or blocked websites policy.
A Citrix Engineer needs to design a multi-node, scalable XenMobile solution. Which database type should the engineer choose to meet the needs of this deployment?
A. Microsoft SQL
In which way does implementing Worx PIN improve the user experience while maintaining Enterprise security?
A. It streamlines the user experience when the Active Directory password is changed.
B. It allows the user to use a unique, synchronized PIN for device and application access without modifying corporate password policy.
C. It reduces the number of times the user has to authenticate to launch managed applications.
D. It reduces the complexity of daily password entry without modifying corporate password policy.
Scenario: A Citrix Engineer is designing a XenMobile Enterprise solution to support approximately 30,000 device connections. The environment must be able to sustain the failure of one node in a cluster at any given time for redundancy and maintenance purposes. Each server’s specifications include four vCPUs and 16 GB of RAM. What is the minimum number of XenMobile Servers that the engineer should recommend as part of this cluster?
Scenario: A Citrix Engineer is configuring the NetScaler appliance for SSL offloading. The XenMobile Server is named xms.domain.com. The following is a list of the certificates installed on the NetScaler: – *.domain.com – wildcard server certificate – cacerts.pem – devices certificate – xms.domain.com – server certificate for the XenMobile Server – dc-1-CA.cer – Root certificate for *.domain.com The engineer needs to configure an SSL Load Balancing virtual server for HTTPS 443 bound with __________ and the XenMobile Server service to use __________. (Choose the correct set of options to complete the sentence.)
A. *.domain.com and dc-1-CA.cer; HTTP 80
B. *.domain.com and cacerts.pem; HTTPS 443 bound with xms.domain.com
C. *.domain.com and cacerts.pem; HTTP 80
D. *.domain.com and dc-1-CA.cer; HTTPS 443 bound with xms.domain.com
A Citrix Engineer is testing enrollment and notices that while Mobile Device Management (MDM) enrollment succeeds, Mobile Application Management (MAM) enrollment fails. A possible cause of this issue is that ports __________ from the __________ are NOT open. (Choose the correct set of options to complete the sentence.)
A. 636 or 389; NetScaler
B. 443 or 4443; NetScaler
C. 636 or 389; XenMobile Server
D. 443 or 4443; XenMobile Server
Scenario: A Citrix Engineer needs to deploy a XenMobile solution for a large organization. The organization will use XenMobile to manage Android and iOS devices. To provide resilience, NetScaler appliances will communicate with XenMobile Servers. The engineer has deployed all necessary infrastructure and opened the required firewall ports. To load balance mobile device management traffic, the engineer has configured NetScaler to use SSL_Bridge to communicate with a XenMobile Server cluster. Which persistence method should the engineer configure to facilitate consistent communication between the NetScaler and the XenMobile Servers?
A Citrix Engineer must deploy a scheduling policy to __________ and __________ devices in order to allow these devices to check in automatically without further intervention by the engineer. (Choose the two correct options to complete the sentence.)
C. Windows Phone 8.1
What are two valid reasons for deploying a XenMobile Server in the Demilitarized Zone (DMZ)? (Choose two.)
A. A XenMobile Server is a hardened, FIPS-capable Linux appliance.
B. A XenMobile Server deployed in the DMZ reduces the number of external firewall rules that need to be implemented.
C. A XenMobile Server deployed in the DMZ reduces the risk of connectivity issues between the NetScaler and the XenMobile Server.
D. A XenMobile Server deployed in the DMZ can serve as a Secure Ticket Authority (STA) for WorxMail.