Implementing Citrix Access Gateway 9.0, Enterprise Edition: 1Y0-A13 Exam
1Y0-A13 Questions & Answers
Exam Code: 1Y0-A13
Exam Name: Implementing Citrix Access Gateway 9.0, Enterprise Edition
Q & A: 134 Q&As
Part: A
1: Scenario: A network administrator needs to configure access to published resources in a Citrix
XenApp farm through Access Gateway. The administrator will implement Access Gateway as a
replacement for the current Secure Gateway deployment, which does NOT have SmartAccess.
Which three steps must the administrator take for this scenario? (Choose three.)
A.Set ICA Proxy to ON
B.Configure split tunneling
C.Set Single Sign-on Domain
D.Configure the Secure Ticket Authority server
E.Set the Access Gateway home page to the Web Interface URL
Correct Answers: A C D
2: A public research university needs to provide remote access to the students in its distance
learning program. Which Access Gateway 9.0, Enterprise Edition plugin should the network
administrator configure in order to ensure that students are able to connect to the environment
regardless of the operating systems on their end devices?
A.Citrix XenApp plugin
B.Citrix Access Gateway Plugin for Java
C.Citrix Access Gateway Plugin for ActiveX
D.Citrix Access Gateway Plugin for Windows
Correct Answers: B
3: In a deployment where the internal servers are NOT accessible by the mapped IP address or
through the default router, how many IP addresses are needed for the Access Gateway
implementation?
A.2
B.3
C.4
D.5
Correct Answers: C
4: Which option in the Configuration Utility allows an administrator to limit the number of users
who can log in to an Access Gateway 9.0, Enterprise Edition environment?
A.Select Access Gateway > Virtual Servers, Maximum Users
B.Select Systems > Virtual Servers > Policies, Maximum Users
C.Select Systems > Connections > Authentication settings, Maximum number of users
D.Select Access Gateway > Global > Authentication settings, Maximum number of users
Correct Answers: D
5: Scenario: A major technology company wants to upgrade their current Access Gateway
deployment to ensure that it meets their growing remote access needs as they acquire new
companies. Currently, the company is supporting nearly 3,000 concurrent users on their existing
Access Gateway virtual server and expects the concurrent user sessions through Access Gateway to increase by 40% over the next year.Which Access Gateway appliance platform series handles
the most concurrent user traffic?
A.2000
B.7000
C.10000
D.11000
Correct Answers: C
6: Scenario: An administrator is configuring Access Gateway 9.0, Enterprise Edition in an
environment that consists of a double-hop DMZ deployment. The administrator wants connections
from the Citrix XenApp Plugin for Hosted Apps on the Internet to go through the first firewall in
order to connect to the Access Gateway appliance in the first DMZ.Which port should the
administrator enable on the first firewall?
A.80
B.389
C.443
D.1494
E.1812
Correct Answers: C
7: Scenario: A network administrator is planning the remote access infrastructure for an Access
Gateway 9.0, Enterprise Edition environment. In this environment, employees, vendors and
customers will need to use different methods of authentication. The administrator would like to
ensure that each authentication is hosted on a separate server. Which authentication method must
the administrator implement when configuring this environment?
A.Cascading
B.Client-Based
C.Server-Based
D.Double-source
Correct Answers: A
8: An administrator has been instructed to give a specific employee in the Finance group access to
Engineering resources. To which level should the administrator assign the policy when
configuring access for this employee?
A.User
B.Team
C.Group
D.Organization
E.Virtual server
Correct Answers: A
9: Which three kinds of IP addresses are required at a minimum when setting up an Access
Gateway appliance in an environment? (Choose three.) A.Intranet
B.Mapped
C.NetScaler
D.DNS Server
E.Default gateway
Correct Answers: B C E
10: Scenario: An administrator wants users to be able to access resources running on file servers
and application servers in an environment. The administrator has deployed Access Gateway 9.0,
Enterprise Edition. The Citrix Access Gateway Plugin for Windows is used to establish
connections to the corporate network. There are no intranet applications configured in this
environment and split tunneling is turned off. The default authorization policy is set to “Deny.”
Users in this environment will be able to access applications on file and application servers as long
as _______. (Choose the correct phrase to complete the sentence.)
A.users are assigned specific intranet IP addresses
B.an authorization policy is configured to grant them access
C.internal resources are assigned specific intranet IP addresses
D.internal resources in this environment are configured as published applications
Correct Answers: B
11: Scenario: A consultant of a new Access Gateway 9.0, Enterprise Edition deployment at a
customer site was given the following information and IP addresses to use when configuring the
Access Gateway appliance:
Internal Citrix XenApp server 5.0 IP address: 192.168.100.12
Time Zone to be used: Eastern Standard Time (EST)
IP addresses to be used when configuring the Access Gateway 9.0, Enterprise Edition
deployment
NSIP: 10.165.30.45
MIP: 10.165.30.60
VIP: 12.15.30.62
Which two options should be configured on the Access Gateway appliance in order to
communicate with the Citrix XenApp server? (Choose two.)
A.Subnet IP in the 192.168.100.x subnet
B.Intranet IP in the 192.168.100.x subnet
C.Static Route to the 192.168.100.x subnet
D.Virtual Server in the 192.168.100.x subnet
Correct Answers: A C
12: An administrator needs to ensure that a virtual server is available to accept VPN connections
and shows an “UP” state in the Configuration Utility.Which entity must an administrator bind to
the Access Gateway virtual server to achieve this?
A.A session policy
B.A Next-Hop server
C.An authentication policy D.A valid server certificate
Correct Answers: D
13: An administrator for Access Gateway 9.0, Enterprise Edition suspects that some users in the
environment are misusing the remote access granted to them by accessing and downloading some
restricted intranet web resources.What should the administrator check first on the Access Gateway
appliance in order to investigate these users’ remote access behavior?
A.Audit logs
B.Network traces
C.Statistic counters
D.Client side debug trace files
Correct Answers: A
14: An IT manager instructed the network administrator to separate the Access Gateway appliance
in an environment from the Web Interface server using a firewall that performs Network Address
Translation (NAT).Which two access methods could the administrator configure for Access
Gateway 9.0, Enterprise Edition based on the requirements of this scenario? (Choose two.)
A.Direct
B.Translated
C.Gateway Direct
D.Gateway Alternate
E.Gateway Translated
Correct Answers: D E
15: Scenario: Dual-source authentication is configured on the Access Gateway 9.0, Enterprise
Edition appliance. The appropriate group extraction configuration is configured on both the
primary and secondary authentication servers, and a user named “User1” exists on both
authentication servers. How will groups be extracted for “User1”?
A.Only the groups in the secondary authentication server will be extracted and matched to the
group names configured on the primary authentication server.
B.Only the groups from the primary authentication server will be extracted and matched to the
group names configured on the secondary authentication server.
C.The applicable groups from both the primary and secondary authentication servers will be
extracted and matched to the group names configured on the appliance.
D.The groups from the primary authentication server will be extracted and matched to the group
names configured on the secondary authentication server by the administrator.
Correct Answers: C
16: An administrator has enabled split tunneling for an environment. What must the administrator
do to ensure that the plugin on user devices intercepts intranet traffic only and routes other traffic
directly to the appropriate servers?
A.Set split tunneling to OFF
B.Define an intranet application
C.Change the routing table on the client devices to tunnel intranet traffic to the intranet
D.Assign intranet IP addresses to resources that users are accessing through the Access Gateway
appliance
Correct Answers: B
17: Scenario: An administrator created a new Access Gateway virtual server. The administrator did
NOT bind any session policies to the virtual server. What is the default authorization action for
users logging in to this virtual server?
A.ALLOW, this is the default behavior.
B.ALLOW, but place users in a quarantine group.
C.DENY, the default authentication policy must be applied.
D.DENY, either a session policy or a traffic policy must exist.
Correct Answers: A
18: When using the Access Gateway configuration utility to create a new Authentication Server
for RADIUS authentication, some fields represented in the configuration utility window are
required. Of the possible choices on the left, drag the correct selections to the boxes on the right.
There are three correct choices.
Correct Answers: 19: Scenario: Connected users need to be able to access Internet-based content without being
routed through the internal LAN gateway. Split tunneling is turned off in the global settings.Where
should an administrator override the global settings to turn split tunneling on?
A.Traffic policy
B.Traffic profile
C.Session policy
D.Session profile
Correct Answers: D
20: A network administrator has been instructed to configure intranet applications for the Access
Gateway Plugin for Windows and the Access Gateway Plugin for Java. Which two interception
modes should the administrator select when configuring the intranet applications for the plugins in
this environment? (Choose two.)
A.Proxy
B.Normal
C.Encrypt
D.Opaque
E.Transparent
Correct Answers: A E
…go to http://www.lead2pass.com/1y0-a13.html to download the lastest full version.