Exam Prep Questions

Which of the following is not a valid Web Interface component?

Answer D is not a valid Web Interface component. Although the Web Interface communicates via the SSL Relay Service, it is not specifically an SSL Server.

Answer A is a valid component. At least one server farm is required.

Answer B is also valid. A Presentation Server Client is necessary to access the Presentation Server.

Answer C is valid as well. The Web Interface itself is, of course, a necessary component.

The entry of user credentials is secured in the Web Interface by using __________.

Answer A is correct. If the Web Interface server is configured to require SSL encryption, users must access the server via HTTPS, ensuring that user credential information is securely transmitted to the web server.

Answer B is incorrect. SSL Relay secures communications between the Web Interface and the Citrix XML Service. It does not secure the entry of user credentials.

Answer C is incorrect. SecureICA is the Citrix mechanism for securing ICA data traffic. The ICA protocol is not used when entering credentials on the web page.

Answer D is incorrect. Although the Program Neighborhood Agent is an alternative method of accessing Web Interface data, it alone does not secure the entry of user credentials.

The template.ica file contains _____________, which are updated with information specific to the application by the Web Interface.

Answer C is correct. The template.ica file contains substitution tags, which are updated by the Web Interface when users launch an application.

Answers A, B, and D are incorrect. None of these are valid answers.

User credentials are passed to the server when an application is launched as ______________.

Answer B is correct. A session ticket is generated and placed within the generated ICA file instead of the user credentials. The ticket has an expiry date and can be used only once to log on to a Presentation Server.

Answer A is incorrect. The session ticket field is a substitution tag in the template.ica file, but not in the generated file that is sent to the client.

Answer C is incorrect. User credentials are never placed into the generated ICA file as plain text.

Answer D is incorrect. An SSL certificate is not used to store user credentials in the ICA file.

SSL/TLS can be used to secure communications between what Web Interface component?

Answer D is correct. All the components can employ SSL/TLS to secure communications with their respective components.

On a Windows IIS server with the Web Interface installed, the Web Interface configuration file is called _________.

Answer D is correct. The configuration file on both Windows and UNIX is called WebInterface.conf, although it is located in a different subfolder on each platform.

Answers A, B, and C are all invalid names .

Your friend has a UNIX server configured with the Web Interface but doesn't know how to access the Web Interface Console. Where should he go to find it?

Answer D is correct. The Web Interface Console is not available when running on a UNIX web server. The console is available only on a Microsoft IIS server.

Answer A is incorrect. Although this is the valid location on an IIS server, it is incorrect on a UNIX server.

Answers B and C are both incorrect because they point to fictitious locations.

When servers are listed in the MetaFrame Settings page for the Web Interface, load balancing is enabled by default. If a server fails, the default behavior of the Web Interface is

Answer C is correct. If a server is determined not to be available, it is dropped from the list for 60 minutes before the Web Interface will again try to contact it.

Answers A, B, and D are all incorrect. The Web Interface will attempt to reconnect once every 10 seconds only when all listed MetaFrame Servers have failed to respond to a Web Interface request.

You want to create a new Program Neighborhood Agent configuration file for your accounting department. What tool would you use to make this change?

Answer C is correct. Using the PN Agent Console, you can copy an existing configuration file and then modify the properties. Unless the accounting department was already configured to use a unique configuration file, it would have to be manually updated to point to this new file.

Answer A is incorrect because the Management Console is used to perform server and server farm configuration. Although the Management Console can be used to configure how shortcuts appear on the user's desktop and Start menu, it does not provide any configuration file management capabilities.

Answer B is incorrect. Even though the PN Agent depends on the existence of the Web Interface, the Web Interface Console does not have PN Agent management features integrated in.

Answer D is incorrect. Although the PN Agent properties can be modified to point the client to an alternative configuration file, you cannot use the client to create or modify the file.

Which of the following tasks cannot be performed using the Program Neighborhood Agent Console? (Select all that apply.)

Answer C is correct. The PN Agent Console does not provide support for client deployment.

Answer D is also correct. The list of supported server farms is managed through the Web Interface Console, not the PN Agent Console.

Answer A is incorrect. The PN Agent Console does allow you to hide the property tabs for the PN Agent.

Answer B is also incorrect. The PN Agent Console does allow the selection of the desired logon methods to support.

What is the name of the default configuration file loaded by the Program Neighborhood Agent?

Answer C is correct. The default configuration file used by PN Agent is config.xml. Answers A and B do not represent valid filenames. Answer D has the .ica extension, which is the default extension used for ICA template files. An ICA template file is used to establish the connection with the published resource.

What Program Neighborhood Agent Console setting is modified to hide the Property tabs in the Program Neighborhood Agent client?

Answer D is correct. The Client Tab Control configuration setting is the place where the various property tabs for the PN Agent can be shown or hidden.

Answers A and B are incorrect. They do not represent valid configuration setting names.

Answer C is incorrect because the Session Options configuration setting is the place where settings such as window size , color depth, and audio quality are configured.

The Secure Gateway secures a MetaFrame Server farm by _________. (Choose all that apply.)

Answers A and B are correct. Both of these statements are true. By forcing all connections through one carefully guarded access point, you greatly reduce the attack surface available to would-be intruders. The combined authentication and encryption support provided to MetaFrame connections through SSL ensures that not only is the information secure against eavesdropping, but it is also protected from modification by a third-party attempting to perform a man-in-the-middle attack.

Answer C is incorrect. The Secure Gateway does not directly modify the ICA security in any way.

Answer D is incorrect. There is no such thing as the Secure Gateway client. One of the benefits of the Secure Gateway is that it employs standards for Web security that require no special client software like a VPN connection might.

In a Secure Gateway deployment, the Secure Ticket Authority is responsible for _________. (Choose all that apply.)

Answers A, B, and C are correct. When the Web Interface receives a request to access a published application, the server that will execute the program is passed to the STA by the web server. A corresponding session ticket is received and is then used to verify that the user should be logging on to that server. If the ticket is invalid or has expired, the STA denies the application launch request.

Answer D is incorrect. The STA is not responsible for passing user authentication information to a MetaFrame server for processing.