Exam : 1Y0-256 Title : MetaFrame Presentation Server 4.0 Administration Ver : 11-13-2008 1Y0-256 QUESTION 1: What is the purpose of the local host cache? A It handles queries regarding server load values locally from application B It ensures that pertinent data is accessible locally even of the data store database is unavailable C It provides data about the local server to the Presentation Server Console over a TCP connection D It stores server load, active session and disconnected session information locally for Presentation Server Answer: B Explanation: B: The Local Host Cache is the name of the Microsoft Access database that is created locally on every MPS server and that stores portions of the Data Store to keep the server functioning in the event of an outage If the Data Store goes offline, the server continues to function normally using the Local Host Cache database for up to 48 hours Incorrect options: A: The Local Host Cache does not handle queries It carries enough information to keep the server running in the event that the main Data Store should become unavailable for any reason C: This is not the purpose of the local host cache D: The Local Host Cache stores portions of the Data Store to keep the server functioning in case of an outage Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter QUESTION 2: Which three types of persistent data are contained in the Presentation Server farm data store? (Choose three) A License files B User profiles C Printer drivers and mappings D Published application configurations E Presentation Server administrator accounts Answer: C, D, E Explanation: C, D, E: The information stored in the Data Store includes: Published Application, Server Actualtests.com - The Power of Knowing 1Y0-256 Configuration, User Configuration, and the Print Environment That makes printer drivers and mappings, published application configurations and Presentation Server administration accounts all persistent data Incorrect options: A: The Data Store holds persistent data and license files are not included License files are kept on the MetaFrame Access Suite License Server B: User Profiles not resort under persistent data User profiles are kept locally on the MetaFrame Server - the default location is on the system drive of the MetaFrame Server under "Documents and Settings" User profile configurations can also be kept centrally on a file share as roaming profiles Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter QUESTION 3: What is contained in the data store database? A User profiles for all servers in a given zone B Dynamic data for all servers in a given zone C License files for all servers in a given server farm D Persistent data for all servers in a given server farm Answer: D Explanation: D: The Data Store is a database that stores all the configuration information needed by the Citrix farm Any time you make configuration changes to a MetaFrame server, the changes are recorded in the Data Store In this respect, if you are adding a new MetaFrame server to spread the user load of an application, this new server can get all its information by tapping into the Data Store The information stored in the Data Store includes: Published Application, Server Configuration, User Configuration, and the Print Environment This thus means all persistent data for all servers in a particular farm Incorrect options: A: User profiles are not stored the data stored in the Data Store database as it is not persistent data B: Dynamic data is not stored in this database C: The Data Store database does not hold the License files; it holds all persistent data for that particular server farm Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter QUESTION 4: Which component manages the servers running Presentation by integrating with Actualtests.com - The Power of Knowing 1Y0-256 third-party management consoles such as HP OpenView? A Load Manager B Network Manager C Resource Manager D Installation Manager Answer: B Explanation: B: Simple Network Management Protocol (SNMP) is known and widely used by various organizations for the purposes of monitoring their systems Companies can use third-party tools such Microsoft Operations Management (MOM), HP OpenView, or various other tools to monitor and manage their servers In addition, if you are using the Enterprise Edition of MetaFrame, you can use Citrix Network Manager as an SNMP agent to gather farmwide performance monitoring and management information Incorrect options: A: This is not the purpose of the Load Manager C: The Resource Manager does not perform that function D: This is not the purpose of the Installation Manager Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter QUESTION 5: Scenario: While planning a Presentation Server deployment on multiple servers, an organization wants to ensure that there is no single point of failure Which three database options eliminate the single point of failure? (Choose three) A Oracle B IBM DB2 C Microsoft Access D Microsoft SQL Server E Microsoft SQL Desktop Engine (MSDE) Answer: A, B, D Explanation: A, B & D: These options not have to be installed on the first Metaframe server in a farm thus they all eliminate the possibility of a single point of failure Incorrect options: C & E: When you use Microsoft Access or Microsoft MSDE as the Data Store database, they should be installed on the first MetaFrame server in the farm This results in them not eliminating the possibility of a single point of failure Reference: Actualtests.com - The Power of Knowing 1Y0-256 Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter QUESTION 6: What are two technical considerations for deciding to create more than one farm in a Presentation Server environment? (Choose two) A The band of network hardware B The types of published applications C The geographic location of the servers D The type of network connection between the servers Answer: C, D Explanation: Organizations usually consider creating a second farm when servers are located in geographically dispersed areas and separation of communication is critical For example, an organization that has a presence in the United States and also in Europe with servers in every continent should consider having separate farms for each region, which would improve performance and reliance on each other Incorrect options: A: The network brand is irrelevant when making decisions of whether to have multiple farms B: The types of published applications would be irrelevant Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter QUESTION 7: An administrator must consider which three factors when deciding which type of database to use in a farm? (Choose three.) A Number of users B Number of applications C Number of License servers D Number of Web interface servers E Number of servers running Presentation Server Answer: A, B, E Explanation: The IMA Data Store supports the following database software: Microsoft Access - intended for use by organizations that have up to 50 MetaFrame servers in their farms It is provided to you free with the MPS operating system and is Actualtests.com - The Power of Knowing 1Y0-256 installed automatically if you choose to deploy the Data Store as an Access database It is also ideal in organizations in which experienced database administrators are not available Microsoft SQL Server Desktop Engine (MSDE) MSDE, database software based on Microsoft SQL server, is a lightweight database installed on the first MPS server prior to installing MetaFrame MSDE is geared toward small to medium-size businesses and is much more robust than Microsoft Access It can be administered using standard Microsoft SQL Server tools Microsoft SQL Server - recommended for any size organization It can be costly in terms of price, so if cost is a major factor and the company is small to medium sized, other options such as Access or MSDE would be more appropriate SQL is very robust and scalable Oracle Similar to Microsoft SQL Server, Oracle - recommended for any size organization, but because of price considerations and the expertise needed for installation and administration, it is recommended for medium to large organizations It is a very robust and scalable database system IBM DB/2 Another enterprise class database software similar to Oracle and Microsoft SQL, IBM DB/2 is suited for medium to large organizations It is very scalable and robust It also requires extensive expertise to install and maintain Thus it stands to reason that the number of users, applications and servers will all influence the choice of database Information is required from the data store continually about the servers, applications and named users within the Farm As such, it is these factors that need to be taken into account when designing the Farm data store Incorrect options: C: The number of License servers is not influenced by the choice of database Connection licenses are handled by the MetaFrame Access Suite in MetaFrame Presentation Server - the data store now has no license information stored within it D: Web interface service quantities are not influenced by the choice of database Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter QUESTION 8: What are two technical considerations for deciding to create more than one farm in a Presentation Server environment? (Choose two.) A The brand of network hardware B The types of published application C The geographic location of the servers D The types of network connection between the servers Answer: C, D Explanation: Actualtests.com - The Power of Knowing 1Y0-256 Organizations usually consider creating a second farm when servers are located in geographically dispersed areas and separation of communication is critical For example, an organization that has a presence in the United States and also in Europe with servers in every continent should consider having separate farms for each region, which would improve performance and reliance on each other Incorrect options: A: The network brand is irrelevant when making decisions of whether to have multiple farms B: The types of published applications would be irrelevant Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter QUESTION 9: During the setup of Presentation Server, which two options must an administrator select if company policy dictates that shadowing can only be performed with user permission? (Choose two) A Prohibit remote control B Log all shadow requests C Force a shadow acceptance popup D Allow shadowing of user sessions on this server E Prohibit shadowing of user sessions on this server Answer: C, D Explanation: C: Force a Shadow Acceptance Popup, means that the administrator or any user with shadow capabilities cannot shadow another user's session without that user's consent D: The "Allow shadowing of user sessions on this server" setting is necessary since shadowing must be allowed Incorrect options: A: The Prohibit Remote Control option allows the administrator or user to shadow another session, but this user cannot control the mouse or use the keyboard to input data B: The Log All Shadow Connections setting keeps a record of all sessions shadowed in the event that you need to refer back to them This is not what is required here E: This setting is permanent and will not help in this case as shadowing is supposed to be allowed Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter QUESTION 10: What happens to the user session when the session reliability timeout expires? Actualtests.com - The Power of Knowing 1Y0-256 A The session resets B The session is logged off C The session remains active D The session is disconnected Answer: D Explanation: D: Session Reliability allows you to maintain a session even after you lose connectivity to the server in the event of a signal loss or an IP failure Sometimes when you're working, all of a sudden your PC or mobile device may lose its signal or IP connectivity With session reliability enabled, the session freezes for a period of time that you can preconfigure; the default is 180 seconds After 180 seconds, or the interval you have specified, if the signal or IP connectivity is not restored, the session is dropped Incorrect options: A: The session does not reset, it is disconnected B: The session is not logged off, it is disconnected C: The session cannot remain active when a session reliability timeout expires Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter QUESTION 11: What is the default port for session reliability in Presentation Server? A 80 B 2598 C 1604 D 1494 Answer: B Explanation: B: Port 2598 is used to support the session reliability feature Incorrect options: A: Port 80 is the default listening port for the Citrix XML Service C: Port 1604 is a UDP port used for client broadcast D: Port 1494 is used to establish and maintain an ICA session Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter QUESTION 12: Actualtests.com - The Power of Knowing 1Y0-256 Scenario: John, a Citrix administrator, needs to enable the synchronization of PDA devices for both local and remote users Users will connect from the LAN to the Web Interface Which two options allow John to accomplish this? (Choose two) A In the Microsoft Management Console, John can add the Device Manager snap-in B The Presentation Server Console, John can enable the automatic sharing of PDA devices in server properties C In the Presentation Server Console, John can create a policy under properties and enable the policy rule "Turn on automatic virtual COM port mapping" D In the Access Suite Console, John can create a MetaFrame Presentation Server site, select Manage Client Connection settings and enable the PDA settings Answer: C, D Explanation: C & D: Client-based PDA Synchronization MPS now supports USB-tethered PDA synchronization with Microsoft Windows-powered PDAs and Microsoft ActiveSync synchronization agent PDA synchronization is controlled through MPS policies and is dependent on the ability to map client COM ports To enable PDA synchronization, you need to configure a policy The PDA Devices policy rule is disabled by default Answer C alone is incorrect because PDA devices not connect if the COM port redirection has een turned off Incorrect options: Options A and B are incorrect on their own because enabling or disabling the COM port option does not enable PDA redirection unless the PDA Devices rule is also enabled properly Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter 16 QUESTION 13: Through which three management tools or utilities can shadowing be enabled for users of Presentation Server? (Choose three) A Access Suite Console B Presentation Server Console C Presentation Server Installation D Citrix Connection Configuration Utility E Web Interface Administration Console Answer: B, C, D Explanation: Actualtests.com - The Power of Knowing 1Y0-256 B: The administrative tools provided by the Core MetaFrame Presentation Server Software include a Shadow taskbar This Shadow Taskbar enables an administrator to centrally manage multiple simultaneous concurrent shadow sessions by establishing a new MetaFrame session specifically for shadowing C: Installing Presentation Server will allow shadowing D: The settings in the Citrix Connection Configuration tool allow you to manipulate shadowing only if it was enabled during installation Incorrect options: A: The MetaFrame Access Suite Console is intended to become the central location where you manage your MetaFrame Access Suite deployment Itself is not meant to enable shadowing E: The Program Neighborhood Agent is enables through the Web Interface Console and not shadowing Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapters 1, QUESTION 14: Which Installation Manager property can an administrator configure from the Presentation Server Console? A Restarting any server B Change the default file share C Change the root build location D Create Installation Manager reports Answer: B Explanation: B: Custom privileges can be assigned to different nodes in the Management Console, or the generic Full authority or View-only authority privileges can be assigned The different nodes within the Management Console (i.e the Presentation Server Console) that provide access to server farm management and configuration features The available nodes are: Applications, MetaFrame Administrators, Installation Manager, Isolation Environments (MPS 4.0 only), Load Evaluators, Policies, Printer Management, Resource Manager, and Servers Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter QUESTION 15: During the installation of the Program Neighborhood Agent Client, which information must be specified for the Client to function properly? Actualtests.com - The Power of Knowing 1Y0-256 A Setup port address translation on the firewall B Assign numbers in the Presentation Server Console C Run ALTADDR and assign the same external IP to all the servers D Configure the Alternate Address Section for the MetaFrame Presentation Server site in the Access Suite Console E Configure the Address Translation Section for the MetaFrame Presentation Server site in the Access Suite Console Answer: A, E Explanation: Network address translation (NAT) allows a local area network to use a set of IP addresses internally, while a separate set of addresses is used for external, usually Internet, traffic Typically, a hardware- or software-based firewall exists between the two networks and is responsible for managing the translation of addresses from the external to the internal, and vice versa The Web Interface consults the server address translation map (at the bottom of the page) to determine the translated address to return to the client When creating a translation entry, you specify the internal address and port for the server You then specify the equivalent translated (external) address with the associated translated port number This translation map is a convenient alternative to defining alternate addresses directly on each server The MetaFrame Access Suite Console is intended to become the central location where you manage your MetaFrame Access Suite deployment Thus to allow external access to these servers under the circumstances, you will need to setup port address translation on the firewall and then configure the address translation section for the Presentation server site in the Access Suite Console Incorrect options: B: One does not assign numbers in the Presentation server console This is too vague C: Running ALTADDR and assigning the same external IP to all servers is not the solution D: You should configure the Address Translation section and not the Alternate Address section since it is an address translation issue and not a alternate address issue Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter 14 QUESTION 100: In which two instances is it appropriate to allow anonymous access to published resource? (Choose two) A When the application is not licensed B When user tracking is a requirement C When user tracking is not a requirement D When installing Presentation Server on a domain controller E When demonstrating a test application publicly on your web site Actualtests.com - The Power of Knowing 1Y0-256 Answer: C, E Explanation: C: The "Allow Anonymous Connections" will result in all users having access to this application without needing to authenticate; in other words, they will not need to provide a username, password, or domain Thus it would be appropriate to use when user tracking is not a requirement E: The "Allow Anonymous Connections" will result in all users having access to this application without needing to authenticate; in other words, they will not need to provide a username, password, or domain This is ideal in cases there the application is to be tested publicly on a web site Incorrect options: A: Licensing is irrelevant in this question B: When user tracking is a requirement, making use of anonymous access is highly inappropriate D: Allowing anonymous access to a published resource is not the appropriate instance when installing Presentation Server on a domain controller Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter 10 QUESTION 101: Scenario: A finance company has a proprietary financial database published in their server farm The database is only available to users in the "Broker" user group As this database contains highly sensitive data, company policy dictates that for this resource a higher encryption level is required to ensure the integrity of the session The brokers must have access to other applications that not require a high level of encryption Which action will meet the requirements for this scenario? A Configure a policy in the console and apply it to the database B Configure Client connections using the Citrix Connection Configuration Utility C Configure a policy in the console and apply it to the users of the Broker group D Configure the Client options for the published applications from the Presentation Server Console Answer: D Explanation: D: Configuring client options from the Management Console for the published application will enable you to grant Brokers access to other applications that does not require a higher encryption level while still requiring the desired higher encryption for the exclusive database Incorrect options: A & C: When a minimum encryption requirement has been defined (either in the Actualtests.com - The Power of Knowing 1Y0-256 connection settings, a policy, or a published application's properties), only the clients with their encryption level configured to meet or exceed this requirement can log on to the MetaFrame server Anyone with lower encryption settings receives an error message stating "You not have the proper encryption level to access this session." When encryption settings have been defined in multiple locations, the most restrictive encryption requirement always takes precedence This will then restrict the Broker user group B: This option is not viable in the circumstances Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter QUESTION 102: What are the three categories of Presentation Server administrator privileges? (Choose three) A Special B Custom C View Only D Complete E Temporary F Full Administration Answer: B, C, F Explanation: The three categories of privilege types available are: View Only - This category provides read-only access to all areas of the system This privilege may be assigned to those administrators responsible for end-user or operations support who would need to be able to view aspects of the farm but are not authorized to make any changes Full Administration - The second category grants complete access to view and modify all areas of the farm configuration A very limited number of users should ever have this full access Custom - When this selection is chosen, you can define specific privileges for the different nodes in the Management Console Incorrect options: A, D & E: These are not categories in administrator privileges Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter QUESTION 103: Actualtests.com - The Power of Knowing 1Y0-256 Which Manage Server setting in the Program Neighborhood Agent site determines if communication between the client and the server running Web Interface will be secured? A Force server authentication B Schedule automatic refresh C Use SSL/TTLS for communication D Allow user to customize the server URL Answer: C Explanation: C: The Citrix SSL Relay component allows you to secure communications between MPS clients and/or the Web Interface to MetaFrame servers using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) Because the communications are secured using SSL/TLS, not only is the information encrypted, but message integrity checks exist that verify the data transmitted to ensure it has not been tampered with Incorrect options: A, B & D: the question asks for which settings in the PN Agent site determines the security status of communication between the client and the server running Web Interface Neither of these options is the proper setting Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter QUESTION 104: Scenario: Company policy requires encryption at RC5 level for all Clients to access an application you are publishing Which setting should be enabled to ensure that the required encryption level is met by all Clients that attempt to launch the published resource? A Use server certificate for encryption B Set minimum requirement for encryption C Enable SSL on the Web Interface server D Apply a policy to the application to limit to the RC5 encryption level Answer: B Explanation: B: When a minimum encryption requirement has been defined (either in the connection settings, a policy, or a published application's properties), only the clients with their encryption level configured to meet or exceed this requirement can log on to the MetaFrame server Anyone with lower encryption settings receives an error message stating "You not have the proper encryption level to access this session." This should ensure that all Clients that attempt to launch the published resource must have the Actualtests.com - The Power of Knowing 1Y0-256 minimum encryption level Incorrect options: A: Making use of certificates is meant for authentication purposes and will not ensure that encryption is being used as is required in this case C: The Citrix SSL Relay component allows you to secure communications between MPS clients and/or the Web Interface to MetaFrame servers using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) Securing communication is not encrypting communications and ensuring that clients all conform to encryption standards D: Limiting the application to the RC5 encryption level via policy is not the solution Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter QUESTION 105: To enable PKI (public Key infrastructure)-based security and enable Citrix SSL Relay Service, which three steps must you take? (Choose three.) A Configure Web interface for secure connections B Install corresponding root certificates on the client systems C Configure SSL Relay Service on the Presentation Server and enable it D Install server certificates on all the servers running Presentation Server Answer: B, C, D Explanation: The Citrix SSL Relay component allows you to secure communications between MPS clients and/or the Web Interface to MetaFrame servers using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) One of the general client requirements for implementing SSL Relay is that the client device needs to have the appropriate root certificate installed so that it can verify the certificate authority that issued the certificate for the server To be able to properly validate and secure the communications, all MetaFrame servers running the SSL Relay service must have a valid server certificate installed When a client connects, it must be able to verify the authenticity of the certificate Having the necessary root certificate available ensures this is the case To utilize SSL Relay, you must configure the service on at least one MetaFrame server within your server farm Thus options B, C and D would enable PKI-based security and enable Citrix SSL Relay Service Incorrect options: A: This is incorrect since the question requires PKI-based security with SSL Relay Service enabled Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter Actualtests.com - The Power of Knowing 1Y0-256 QUESTION 106: What can be used to secure communication between Web Interface and the server running Presentation Server? A RC5 B SSL Relay C ICA Protocol D Secure Gateway Answer: B Explanation: B: The Citrix SSL Relay component allows you to secure communications between MPS clients and/or the Web Interface to MetaFrame servers using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) Incorrect options: A: RC5 is an encryption algorithm, but in this case it must be used with SSL Relay C: ICA is Citrix's Presentation Services protocol that allows a client to establish a session with a MetaFrame server and access server-based applications and content as if they were available locally on the client D: The Secure Gateway is used to secure access to server farms and access centers Access is not communication Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter QUESTION 107: In a double-hop DMZ configuration, where should the Secure Gateway server be located? A Behind the internal firewall B Between the internal and the secondary firewalls C Between the secondary and the external firewalls D Behind either the internal, secondary or external firewalls Answer: C Explanation: C: Double-hop DMZ is a setup that provides additional security by requiring traffic from the Internet to pass through two DMZs before accessing systems on the internal network Servers placed in the first stage have no direct access into the internal network but are configured to have limited access to specific machines within the second DMZ Only systems in the second DMZ are configured with access to servers on the internal network The Secure Gateway component employed in a double-hop DMZ acts as a Actualtests.com - The Power of Knowing 1Y0-256 conduit of data transmissions between the Secure Gateway and the secure internal network Thus the Secure Gateway server should be between the secondary and the external firewalls Incorrect options: A: This would not be double-hop DMZ configuration B: Between the internal and secondary firewalls would make the DMZ ineffective D: This location would make the Secure Gateway server ineffective Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter 14 QUESTION 108: Where is the Secure Ticketing Authority Service for Secure Gateway embedded? A In the Citrix IMA Service B In the Citrix XML Service C In the Citrix Licensing Service D In the Secure Gateway Service Answer: B Explanation: C: Citrix XML Service - The Web Interface contacts the server farm via the Citrix XML Service running on a MetaFrame server Communications to the Citrix XML Service are secured using SSL Relay Incorrect options: A: IMA Service provides integrated support by listening on port 1604 and not for Secure Ticketing Authority Service The IMA protocol is UDP-based, communicating from server to server via port 2512 Connections from the Management Console for Presentation Server are serviced on port 2513 C: Licensing is not Ticketing D: The service is meant for Secure Gateway, but it is embedded in the XML Service Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapters & 14 QUESTION 109: Which three statements are correct regarding the use of digital certificates for Presentation Server running on Windows Server 2003? (Choose three) A "GOV" ciphersuite is usually used with TLS protocol B Root certificates are often embedded with client operating systems C Server certificates can be created using the Citrix Certificate Generation Tool Actualtests.com - The Power of Knowing 1Y0-256 D Digital certificates are used for both, SSL Relay Service and Secure Gateway environment Answer: A, B, D Explanation: A: During the advanced installation of the Secure Gateway, which prompts for all parameter values, you are asked to also specify the cipher suite and GOV is the one that is usually used with TLS protocol B: A CA can be a third-party organization, or it can be internal to an organization, employing certificate-generating software such as Microsoft Certificate Services Thus often the root certificates are embedded with client operating systems D: The Citrix SSL Relay Service as well as Secure Gateway makes use of digital certificates Incorrect options: C: This is incorrect Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapters & 14 QUESTION 110: Which two ciphersuites are supported with Citrix SSL Relay Service? (Choose two) A GOV B COM C Independent D Secure Cipher Answer: A, B Explanation: A & B: During the advanced installation of the Secure Gateway, which prompts for all parameter values, you are asked for amongst other pieces of information, the cipher suite This setting asks you to choose GOV, COM, or ALL COM represents commercial-strength cipher suites, and GOV represents government-strength cipher suites When ALL is selected, both suites are available, with preference given to the highest encryption strength Thus GOV and COM is supported Incorrect options: C: Only GOV and COM is supported with Citrix SSL Relay Service D: Only GOV and COM is supported with Citrix SSL Relay Service Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter 14 Actualtests.com - The Power of Knowing 1Y0-256 QUESTION 111: Scenario: A new security patch for Windows Server 2003 was released You are preparing to apply the patch to the primary server running Presentation Server overnight While most users will not likely be online, you wish to prevent users from logging on to the server while you are patching the server Which server setting is appropriate for this scenario? A At the server level, notify users of session degradation B At farm level, disable logons to the server from the MetaFrame Settings C At the farm level, enable users to view sessions during broken connections D At the server level, disable logons to the server from the MetaFrame Settings Answer: D Explanation: D: To disable logons to an MPS server, you should expand the Servers node in the Management Console, right-click the server in question, and click Properties Then select MetaFrame Settings, uncheck the box next to Enable Logons to This Server This should prevent users from logging on to the server while you are busy patching Incorrect options: A: Notifying users of session degradation is not going to prevent them logging on to the server B: You can't disable logins from the farm node C: Enabling users to view sessions during broken connections will not prevent them form logging on to the server Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter QUESTION 112: Scenario: Your manager has directed you to deploy Web Interface into the DMZ for access by external customers and has asked for your recommendations for maximizing security and minimizing support requirements Which two options should you recommend? (Choose two) A Enable workspace control B Implement Secure Gateway C Implement Citrix Secure XML D Enable and default to the Client for Java Answer: B, D Explanation: B: Secure Gateway is a component of the MetaFrame Access Suite that provides the Actualtests.com - The Power of Knowing 1Y0-256 capability to secure access to Presentation Server and Secure Access Manager Acting as single point of entry into the secured network, Secure Gateway minimizes the attack surface of the environment while ensuring that all the necessary Presentation Server functionality is available to users, regardless of where they are connecting from Secure Gateway employs SSL to ensure data integrity and security D: Client for Java allows you to choose the components included with the Java applet Selecting only the packages required minimizes the size of the data downloaded One option is the Use a Private Root Certificate setting If you are implementing Secure Gateway for MetaFrame or SSL Relay and have used certificates that require a root certificate not already available on a client, you can use this option to deliver that certificate to the client The certificate must be placed into the same folder as the Java client packages on the web server The Java client is ideal for environments where client installation files cannot be downloaded and installed Incorrect options: A: Workspace Control is a feature that enables users to quickly disconnect or log off all applications or to reconnect to all applications It facilitates moving quickly between client devices and gaining access to all their applications when they log on Not what is required in this case C: Under the circumstances implementing XML is not viable Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter 14 QUESTION 113: Scenario: Certkiller com has a strict security policy which requires that users only be allowed to change their passwords upon expiration In addition, users are restricted to two domains When configuring the MetaFrame Presentation Server site, which three steps are needed to meet these requirements? (Choose three) A Run discovery to locate the domains B Enable the hide all other domains option C Select Explicit as the authenticated method D Specify the two domains and enable enforcement E Allow users to change password only when it expires F Use Kerberos authentication to connect to the servers Answer: C, D, E Explanation: The Explicit Login authentication method is the default setting, this requires the user to provide a user ID and password to log on to the Web Interface You can choose either Windows domain or Novell NDS authentication Three general settings apply to either Windows domain or NDS settings You can allow users to change their passwords You can also configure two-factor authentication using RSA SecurID or Safeword The Time Actualtests.com - The Power of Knowing 1Y0-256 To Live value specifies how long a ticket used for explicit authentication is valid before it expires The default is 200 seconds, but you can adjust this value To restrict the users to two domains you will need to specify those domains and enable the enforcement of the authentication method Incorrect options: A: Running discovery to locate the domains is not going to restrict users to the two domains B: Hide all other domains is not going to comply with the requirements F: Kerberos authentication will not allow the users to change their own passwords Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter 14 QUESTION 114: Scenario: An administrator is configuring a Presentation Server environment for remote access The Secure Gateway server and the server running Presentation Server will be separated by a firewall that performs Network Address Translation In this scenario, Web Interface must be configured to use A Normal addressing B Alternate addressing C Secure Gateway with normal addressing D Secure Gateway with alternate addressing Answer: D Explanation: D: Network address translation (NAT) allows a local area network to use a set of IP addresses internally, while a separate set of addresses is used for external, usually Internet, traffic Typically, a hardware- or software-based firewall exists between the two networks and is responsible for managing the translation of addresses from the external to the internal, and vice versa When a user accesses the Web Interface from an external address, you need to ensure that you have properly configured network address translation to ensure the Web Interface returns the appropriate external address for a Presentation Server Under the circumstances as posed in the question you would need to have Web Interface configured to use Secure Gateway with Alternate addressing Incorrect options: A: This is the default behavior The actual address of the Presentation Server is returned to the client Under the circumstances this option is not desired B: With alternate address defined on the MetaFrame server the alternate address is returned to the client C: Secure Gateway with alternate addressing would represent the correct configuration for the Web Interface and not normal addressing under the circumstances Reference: Actualtests.com - The Power of Knowing 1Y0-256 Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter 14 QUESTION 115: Scenario: You plan to enable workspace control in your Presentation implementation Your security manager has agreed to the implementation as long as a user session cannot be transferred from one device to another without the user taking some proactive action Which solution would you suggest? A Allow users to customize workspace control B Implement workspace control for all sessions C Implement workspace control for disconnected sessions only D Do not implement workspace control as it is not a viable option for this scenario Answer: C Explanation: C: Workspace Control allows a user to quickly disconnect all running applications, log completely out of all running applications, or reconnect to all of the user's applications, whether disconnected or active at another client device To implement workspace control for disconnected sessions only would thus be the solution Incorrect options: A: This is not desired B: Implementing workspace control for all sessions is not going to solve the problem D: You need to implement workspace control for disconnected sessions only in this scenario Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter 14 QUESTION 116: Scenario: Certkiller com has acquired a new team which is located remotely The remote users will access published resources on the Presentation Server farm using the ICA Client from across the WAN Certkiller com policy dictates that all connections to mission-critical applications such as Microsoft Outlook and SAP must be encrypted with a minimum of 128-bit RC5 level encryption Which three options are available to secure remote client access to farm? (Choose three.) A Configure farm properties to require connections at the mandated encryption level B Configure the server properties to require connections at the mandated encryption levels C Configure a policy for the remote users that sets the encryption levels required as Actualtests.com - The Power of Knowing 1Y0-256 minimum requirement D Configure the ICA client connection advanced settings for the required encryption levels on all servers in the farm E Configure the client options for the published applications, Microsoft Outlook and SAP, that sets the required encryption levels as a minimum Answer: C, D, E Explanation: ICA connection encryption has configurable settings on both the client and server On the client side, the desired encryption settings for the session are defined prior to establishing the connection to the MetaFrame server When the client connects to a MetaFrame server, it attempts to negotiate the use of this encryption level for the session Three factors may prevent this encryption level from being employed, and consequently, the user being denied access to log on to the MetaFrame server: The first factor is the minimum required encryption level that has been defined for ICA connections on the server The second factor is whether a MetaFrame user policy has been defined to enforce a minimum encryption level for the user And if the client is connecting to a published application, the final factor is whether a minimum encryption level has been defined for the published application itself One of the properties within a published application is the encryption level that will be enforced Thus options C, D and E is appropriate Incorrect options: A: This option would not be available B: This option is not available in this case Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapters & 13 QUESTION 117: When implementing address translation with Secure Gateway, which two options can be designed? (Choose two.) A IP address B MAC address C TCP port number D UDP port number Answer: A, C Explanation: A & C: When the Secure Gateway Server is employed, this option must be selected along with the corresponding translation type Choosing a translation type for the Secure Gateway determines how Presentation Server addresses are translated when the Secure Actualtests.com - The Power of Knowing 1Y0-256 Gateway attempts to communicate with a server A translation option is required only if NAT is employed on a firewall between the Secure Gateway and the MetaFrame server farm If the translated address option was chosen, you not populate the address translation map on this page Instead, you need to populate similar settings on the Secure Gateway Support page Thus the IP address and TCP port number can be designed Incorrect options: B & D: Both MAC address and UDP port number is not designed when implementing address translation with Secure Gateway Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapters 14 & 16 QUESTION 118: To configure the Client to use secure proxy settings for Web Interface, which two steps are required? (Choose two.) A Configure the client device for Secure Proxy B Configure the Web Interface to use Secure Proxy C Configure Secure Proxy settings on the Presentation Server D Configure the Web Interface to use the proxy setting specified on the Client Answer: A, D Explanation: A: When a proxy server is employed on the client side of the Web Interface, you can define settings here that dictate whether the Presentation Server client must communicate through the proxy server when connecting to a MetaFrame server These options are the same as those found in the MPS 3.0 Web Interface console This then means that the Client device should be configured for Secure Proxy C: Client-Side Proxy is a settings page in the Web Interface console Settings are configured on this page when you have remote clients that have local proxy servers between themselves and your server Through these settings, you are able to define whether client connections to the Presentation Servers must go through those client-side proxy servers By defining these settings on the Web Interface, you can manipulate their ICA client settings, ensuring that they can successfully connect to the Presentation Server Thus you should configure the Web Interface to use the proxy setting specified on the Client Incorrect options: B: You need to configure the Client to use proxy settings for Web interface and not the Web Interface The Web Interface should be configured to use the proxy setting specified on the Client C: It is the Client that requires configuration Reference: Todd Mathers, Elias Khnaser, Citrix CCA MetaFrame Presentation Server 3.0 and 4.0 Actualtests.com - The Power of Knowing 1Y0-256 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 2005, Chapter 14 & 16 Actualtests.com - The Power of Knowing ... CCA MetaFrame Presentation Server 3 .0 and 4. 0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 200 5, Chapters 13 & 14 QUESTION 24: Although you plan to deploy Web Interface 4. 0, ... Citrix CCA MetaFrame Presentation Server 3 .0 and 4. 0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 200 5, Chapter Actualtests. com - The Power of Knowing 1Y0-256 QUESTION 44 : Scenario:... Khnaser, Citrix CCA MetaFrame Presentation Server 3 .0 and 4. 0 Exam Cram (Exams 223 and 256), Que Certifications, Indianapolis, 200 5, Chapter 14 Actualtests. com - The Power of Knowing 1Y0-256 QUESTION