CNS-225: Deploy and Manage Citrix ADC 13.x with Traffic Management Quiz Questions and Answers

A Citrix Administrator needs to add 10 new web servers to an existing server farm. The new servers are configured to serve the same applications and connections and are twice the capacity of the existing servers. The administrator wants to ensure that they are being fully utilized. Currently in the environment, the default load-balancing method is being used. To ensure that only the 10 new servers are receiving twice the connections of the old servers without changing the load balancing to the rest of the environment, the administrator needs to add a weight of ______________ to the services attached to the ______________ servers. (Choose the correct option to complete the sentence.)

Answer :
  • 2; new

Explanation :

Weight is the priority defined when adding servers in load-balancing. Generally the Back-end servers are of same capacity and we do not require the change the default weight value, but in this case the new servers are of higher capacity as compared to existing servers, so administrator should add 2 as a weight for new servers so they receive double request at same time as compared to existing old back-end servers (of less capacity), so 2 is the priority assigned for new srevers to recieve more requests

A Citrix Administrator has configured an HTTP load-balancing vServer with Least Response Time as the load-balancing algorithm. The administrator notices that requests to the vServer appear to be using the Round Robin load-balancing algorithm. What could be causing the vServer to use Round Robin load-balancing algorithm?

Answer :
  • The vServer is in startup round robin mode.

Explanation :

This is a concept of Slow Start in ADC. As per design, when ADC restarts or any Vserver restarts, then for sometime ADC uses by default Round Robin load balancing method contradicting to the defined load balancing method, to prevent backend servers from getting overwhelmed by the defined least connection request, and once the Vserver status is up and stable the ADC switches to administrator defined load balancing method.

Which mode on the Citrix ADC can a Citrix Administrator utilize to avoid asymmetrical packet flows and multiple route/ARP lookups?

Answer :
  • MAC-based forwarding (MBF)

Explanation :

MAC-based forwarding improves performance of ADC by avoiding multiple ARP or route table lookup when forwarding the packet, When MBF is enabled it cache the MAC address of uplink router which forwarded the requestto ADCand when reply is received it is passed t osame router who sent client requestwithout going through any route lookup.

A Citrix Administrator has a Citrix ADC SDX appliance with several instances configured. The administrator needs one instance with two interfaces connected to forward packets that are NOT destined for its MAC address. Hence, the administrator has enabled Layer 2 mode. After enabling Layer 2 mode, the administrator found the interface status going up and down. What can the administrator perform to resolve this issue?

Answer :
  • Enable tagging on all interfaces

Explanation :

Tagging an Interface and VLAN helps to identify from which VLAN traffic is being received by an interface. For ex : If we have 2 VLANs and one Interface on ADC is a part of both VLAN, then tagging interface with VLAN ID helpto identify the incoming traffic, from which VLAN traffic is received at an interface.

A Citrix Administrator needs to utilize the client IP address as the source IP address for the NetScaler to server connections. Which mode on the NetScaler will the administrator utilize to meet this requirement?

Answer :
  • USIP

Explanation :

To utilize client IP address as source IP Address in ADC for backend server connections, administrator should choose USIP(Use Source IP) mode. USIP needs to enabled from system configuration tab in GUI. Remember enabling USIP mode disables the multiplexing and surge protection capability of Netscaler.

What is a recommended practice for managing a Citrix ADC high availability (HA) pair to ensure that management changes are always made on the Primary Citrix ADC?

Answer :
  • Enable Management Access to a SNIP.

Explanation :

When enabling management access to SNIP, and accessing ADC through SNIP, then by default, it will show only Primary ADC on top in the list of ADCs in HA, so it's easily identified to get connected to Primary ADC, without even knowing which ADC is actually Primary at the time of access.

A Citrix Administrator wants to configure independent and isolated access on a single appliance for three different departments to allow them to manage and isolate their own applications. How can the administrator isolate department-level administration?

Answer :
  • Configure admin partitions that use dedicated VLANs

Explanation :

Admin partitions option in ADC allows to divide single ADC into multiple logical isolated ADCs, with their separate networking, user accounts and management, however Hardware Isolation is not achieved by Admin Partiotions. We can create upto 512 admin partitions of single ADC.

A Citrix Administrator is troubleshooting a Citrix ADC issue. The administrator goes to the command line and from the Shell, tails the ns.log to view the log in real time to find the issue. After a few minutes, the administrator noticed that the logs stopped scrolling and the issue was missed. How can troubleshooting continue using the ns.log?

Answer :
  • The ns.log has reached its 100 KB limit. Press ‘CTRL+C’ to stop it from running and issue the command “tail-f ns.log” to resume.

Explanation :

The ns.log is a part of SYSLOG and has a limit of 100KB per file and once the limit has reached, a new ns.log file is created. For Ex : ns.log , then ns.log1, then ns.log2……upto ns.log26. Maximum of 26 files ofns.log are created for SYSLOG in /var/log/ directory.

A Citrix Administrator is configuring a NetScaler high availability (HA) pair and needs to ensure that one Net Scaler is UP and primary at all times to ensure the business websites are always available. What does the administrator need to do to ensure that the NetScalers still handle web traffic in the event that both nodes become unavailable or fail a health check?

Answer :
  • Configure HA Fail-safe mode on each NetScaler independently.

Explanation :

Configuring fail-safe mode on each netscaler independently forces Primary ADC to stay primary in the event of failure at a condition when secondary node is not ready to become Primary due to some issues (interface down) at secondary as well at same time.

A Citrix Administrator needs to block all the DNS requests from subnet 10.107.149.0/24. Which expressions can the administrator use to match the required traffic?

Answer :
  • CLIENT.IP.SRC.IN_SUBNET(10.107.149.0/24) && (client.UDP.DSTPORT.EQ(53) || client.TCP.DSTPORT.EQ(53))

Explanation :

The first part of an expression before && represents client's source IP and second part of expression i.e after && represents that client request will be blocked , and is enclosed by brackets to join client's UDP and client's TCP request to DNS @ port 53