Appendix B Citrix CCA Exam Self Test Appendix 1
2 Appendix B Self Test Appendix Chapter 1: Installing and Managing Citrix XenApp 5.0 Server 1. Within the farm model are two technologies that make the XenApp on-demand enterprise function. What are they? (Choose two correct answers.) A. Remote Desktop Protocol (RDP) B. Independent Management Architecture (IMA) C. Independent Computing Architecture (ICA) D. Common Gateway Protocol (CGP) Correct answers and explanations: B and C. The two technologies that make the XenApp on-demand enterprise function are Independent Management Architecture (IMA) and Independent Computing Architecture (ICA). Incorrect answers and explanations: A and D. The Remote Desktop Protocol (TCP Port 3389) is utilized by Windows Terminal Services and is not used by XenApp. The Common Gateway Protocol (also known as session reliability, TCP Port 2598) is a feature of the XenApp environment but is not necessary to make the on-demand enterprise function. Since IMA and ICA are requirements for the functionality of a XenApp on-demand enterprise, only B and C are correct. 2. What is the key to a successful XenApp implementation? A. An adequate number of servers B. A well thought out design C. Proper memory and storage D. Trained systems engineers Correct answer and explanation: B. A well thought out design will encompass the proper number of servers, the required hardware for memory and storage, and the proper personnel to perform the implementation. Incorrect answers and explanations: A, C, and D. An adequate number of servers, proper memory and storage, and trained systems engineers are all correct answers, but any one alone will not necessarily ensure a successful XenApp implementation. Therefore B is the best answer. 3. Your XenApp farm is utilizing an MS Access database as the farm datastore, and the XenApp Server on which the datastore resides has crashed.
Self Test Appendix Appendix B 3 When attempting to recover from your last backup, the backup image is corrupted and will not restore properly. You know that you have another backup that is off-site, but it will take one day to have the media delivered. How long does your farm have before additional problems start occurring? A. 24 hours B. 48 hours C. 96 hours D. 0 hours Correct answer and explanation: D. With Presentation Server 3.0 the datastore grace period was removed. Prior to that, if the data store was offline for over 96 hours, users could no longer connect to the farm. With Presentation Server 3.0 and later, if the datastore is offline, users can still connect to the farm. It should be noted that administrators will be unable to make any modifications to the farm until datastore connectivity is restored. Therefore D is the only correct answer. Incorrect answers and explanations: A, B, and C. Older versions of Presentation Server had a datastore grace period of 96 hours before connections were denied to the farm, but that configuration was removed in Presentation Server 3.0. 4. You are the XenApp administrator of a large XenApp farm, and you have five administrators working for you that can make configuration changes to the XenApp environment. You know that you can track configuration changes to XenApp via Configuration Logging. What are the steps required to enable Configuration Logging? A. Define the Configuration Logging database access permissions, Set up the Configuration Logging database, Configure the Configuration Logging database connection, Test the connection to the Configuration Logging database, Set the Configuration Logging properties, Delegate administrative permissions, if needed. B. Define the Configuration Logging database access permissions, Set up the Configuration Logging database, Configure the Configuration Logging database connection, Test the connection to the Configuration Logging database, Delegate administrative permissions, if needed, Set the Configuration Logging properties.
4 Appendix B Self Test Appendix C. Set up the Configuration Logging database, Define the Configuration Logging database access permissions, Configure the Configuration Logging database connection, Test the connection to the Configuration Logging database, Set the Configuration Logging properties, Delegate administrative permissions, if needed. D. Set up the Datastore database, Define the Datastore database access permissions, Configure the Datastore Logging database connection, Test the connection to the Datastore database, Set the Configuration Logging properties, Delegate administrative permissions, if needed. Correct answer and explanation: C. The correct order of steps to enable configuration logging is: Set up the Configuration Logging database, Define the Configuration Logging database access permissions, Configure the Configuration Logging database connection, Test the connection to the Configuration Logging database, Set the Configuration Logging properties, Delegate administrative permissions, if needed. Incorrect answers and explanations: A, B, and D. You cannot define configuration logging database access permissions prior to configuring the database itself, so A and B are incorrect. Since the Configuration Logging database is separate from the Datastore database, D is incorrect. 5. You have upgraded your Citrix environment of 15 Presentation Server 4.0 Servers to XenApp 5.0. At installation time, you did not select to enable IMA Encryption, which utilizes the AES encryption algorithm to protect sensitive data in the IMA datastore. Now, you would like to enable IMA encryption on just two servers that handle sensitive data. What are the steps necessary to enable IMA encryption on these two servers? A. Generate a key file, make the key file available to all servers in the farm, load the key on every server in the farm, enable IMA encryption B. IMA Encryption cannot be enabled in this fashion. IMA Encryption is a farm-wide setting C. Generate a key file, make the key file available to all servers in the farm, load the key on only the two sensitive servers, enable IMA encryption D. Generate a key file, make the key file available to the two sensitive servers, load the key on the two sensitive servers, enable IMA encryption on the two sensitive servers
Self Test Appendix Appendix B 5 Correct answer and explanation: B. IMA Encryption is a farm-wide setting and is an all or none setting; therefore B is the correct choice Incorrect answers and explanations: A, C, and D. Answer A provides the correct way to enable IMA encryption for the entire farm. Answers C and D are incorrect because IMA Encryption cannot be applied to individual servers and not others within the same farm. 6. You are the administrator of XenApp farm consisting of 45 XenApp 5.0 Servers. Your executive management has informed you that the company will be acquiring the assets of another company, which will double your user load and XenApp assets. Currently, you are utilizing MS Access as your datastore. Based on this new information, you have decided to migrate your datastore to a SQL Server 2005 cluster running on Windows Server 2008. What are the steps required to successfully migrate ALL servers in your farm to the new datastore? A. Run DSMAINT with the migrate option on the SQL 2005 Server, run DSMAINT with the config option on each XenApp server in the farm B. Run DSMAINT with the migrate option on the XenApp Server holding the datastore, run DSMAINT with the config option on each XenApp Server in the farm C. Run DSMAINT with the config option on the XenApp Server holding the datastore, run DSMAINT with the migrate option on each XenApp server in the farm D. Run DSMAINT with the upgrade option on the XenApp Server holding the datastore, run DSMAINT with the config option on each XenApp Server in the farm Correct answer and explanation: B. You must run DSMAINT with the migrate option on the XenApp Server where the datastore resides first, then you must run DSMAINT with the config option on all remaining XenApp servers in the farm. In addition, you must stop and restart the IMA service on all servers in the farm. Incorrect answers and explanations: A, C, and D. Answer A is incorrect because the DSMAINT command will not be available on the SQL 2005 server. Answer C is incorrect because you must migrate to the new datastore first using the DSMAINT with the migrate option. Answer D is incorrect because there is no upgrade parameter for the DSMAINT command.
6 Appendix B Self Test Appendix 7. You are one of a group of XenApp administrators working for an automotive parts supply company that has recently decided to utilize XenApp 5.0 for delivering applications to its employees. The company has 17 locations worldwide with a total of 3000 employees and wants to publish about 75 applications. The company already utilizes Oracle as its preferred database for other applications and has Oracle DBAs employed. Two of the XenApp administrators have said that XenApp must run on SQL Server 2005. You are the most senior of the administrators, and your management has asked you what the best solution would be. A. Recommend utilizing MS Access as the datastore because no additional cost is involved. B. Agree with the other administrators that XenApp should be installed on SQL Server 2005. C. Recommend utilizing MS SQL Express because it is free and more robust than the default MS Access datastore. D. Explain that XenApp can utilize several different databases and that, since the company already has an Oracle infrastructure in place with the DBA experience AND that the sizing requirements of the new farm dictate using a robust database, you recommend using Oracle as the datastore. Correct answer and explanation: D. The sizing requirements dictate the need for a database that only SQL Server 2005, IBM DB2, or Oracle best provides. In this case, the organization already has Oracle expertise and Oracle meets the sizing requirements, so D is the best choice. Incorrect answers and explanations: A, B, and C. Answers A and C are incorrect because of the sizing requirements. Even though the farm could be configured using MS Access or SQL Express as the datastore, as more load is placed on the farm, problems will occur. Answer B is incorrect because XenApp can utilize MS Access, MS SQL Express, MS SQL Server 2005, IBM DB2, and Oracle. MS SQL Server 2005 could be utilized but is not the best choice in this scenario. 8. You are getting ready to deploy XenApp 5.0 on five servers, with new installations of Windows Server 2008 already installed. What is the best way to quickly install XenApp to the new servers? A. Create an unattended answer text file and use that with the UNATTENDEDINSTALL.EXE.
Self Test Appendix Appendix B 7 B. Install XenApp on one server and configure it; then, using a product such as Symantec Ghost, clone the server image to the remaining servers. C. Create server provisioning software and hardware to install XenApp. D. Manually install XenApp on each of the five servers. Correct answer and explanation: A. Of all the options, answer A is the best. This scenario will require that two scripts be created one for creating a new farm and one for servers joining the farm. Unattended installs can also be initiated via the MSIEXEC command line as well. Incorrect answers and explanations: B, C, and D. Answer B is not the best choice, even though you could install XenApp on a single server and then clone it to the others, but the problem here is that since there are only five servers, the installation is probably utilizing MS Access as the datastore, and you cannot clone the datastore XenApp Server. Answer C is not the best choice because in order to leverage the savings provided by server provisioning, you should have a greater number of servers. Answer D will take more time than an unattended script simply from the manual interaction required. 9. You are researching various hardware and storage options that provide redundancy in case of hardware failure for the new XenApp 5.0 farm you have been tasked to build. What is the optimal configuration on which to install XenApp 5.0 considering costs and performance as factors? A. RAID level 0 B. RAID level 1 C. RAID level 5 D. RAID level 10 Correct answers and explanations: B. RAID 1 will provide mirror disk sets at a lower cost to implement than other options; therefore, Answer B is correct. Incorrect answers and explanations: A, C, and D. RAID 0 has no redundancy, so Answer A is incorrect. Since most XenApp servers are typically smaller 1 or 2U servers, the additional size and costs associated with RAID 5 typically fail to provide the return on the investment, so Answer C is incorrect. RAID 10 combines RAID 1 and RAID 0 and provides the best performance but is the most costly; thus Answer D is incorrect.
8 Appendix B Self Test Appendix 10. What are the minimum prerequisites for installing XenApp 5.0 on Windows Server 2003? A. Microsoft.NET Framework Version 2.0, Java Runtime Environment ( JRE) 1.5.0_09, Visual J#.NET Version 2.0 B. Microsoft.NET Framework Version 3.0, Visual C++ 2005 (Version 8.0, Service Pack 1), Visual J#.NET Version 2.0, Java Runtime Environment ( JRE) 1.5.0_11 C. Microsoft.NET Framework Version 2.0, Visual C++ 2005 (Version 8.0, Service Pack 1), Visual J#.NET Version 2.0, Java Runtime Environment ( JRE) 1.5.0_11 D. Microsoft.NET Framework Version 3.5, Visual J#.NET Version 2.0, Java Runtime Environment ( JRE) 1.5.0_09 Correct answer and explanation: A. Answer A is correct based on the prerequisites checklist for XenApp 5.0 on Windows 2003. Incorrect answers and explanations: B, C, and D. Answer B is the minimum prerequisite needed for XenApp 5.0 on Windows 2008 and is thus incorrect. Answer C has Visual C++ listed, which is not a requirement for XenApp on Windows 2003 and is therefore incorrect. Answer D has NET Framework Version 3.5 listed, which is not a requirement for XenApp on Windows 2003 and is thus incorrect. 11. You are the administrator of a Citrix Presentation Server 4.0 farm of 10 servers all running on Windows 2003. What are the steps necessary to upgrade and migrate your farm to XenApp 5.0 on Windows Server 2008? A. Upgrade all servers to Windows Server 2008; then upgrade XenApp to 5.0. B. Upgrade to XenApp 5.0 (Presentation Server 4.5 FR1) and then upgrade the OS to Windows Server 2008. C. Install XenApp 5.0 on a new Windows 2008 server, add it to your current farm, then migrate the datastore. D. This option is not available. Citrix does not support upgrading the operating system. You must create a new XenApp 5.0 farm running on Windows Server 2008 and migrate your settings to the new farm. Correct answer and explanation: D. The only correct answer is D because Citrix does not support upgrading the operating system.
Self Test Appendix Appendix B 9 Incorrect answers and explanations: A, B, and C. You must create a new XenApp 5.0 farm running on Windows Server 2008 and migrate your settings to the new farm. Answers A, B, and C are not possible as stated in Citrix documentation. 12. You are performing the initial installation of Citrix License Server. What are your options as to the kind of web server you can install Citrix License Management Console on? (Choose two correct answers.) A. Microsoft IIS B. Apache C. IBM WebSphere D. BEA WebLogic Correct answers and explanations: A and B. The Citrix License Server Management Console runs as a web service and requires that either Microsoft IIS or Apache web server be installed prior to installation. Incorrect answers and explanations: C and D. Answers C and D are incorrect because Citrix only supports IIS and Apache for the License Server Management Console. 13. You currently have a Presentation Server 4.0 farm with the License Server that came with that version, and you also have Subscription Advantage. What steps must you complete to upgrade your licensing to XenApp 5.0? A. Upgrade your Presentation Server 4.0 licenses to XenApp 5.0 on the MyCitrix web site and copy to your existing License Server. B. Install a new License Server with the same name as the old License Server and copy the old license files to the new server. C. Upgrade the License Server to the latest License Server, which is included with XenApp 5.0, fulfill your 4.0 licenses to XenApp 5.0 on the MyCitrix web site, and create a new license file to copy to your upgraded server. D. With Subscription Advantage, nothing further needs to be done to the existing licenses, and License Server is compatible with XenApp 5.0. Correct answer and explanation: C. Answer C provides the correct steps for license migration and License Server upgrade as stated by the Citrix Licensing: Migrating, Upgrading, and Renaming document.
10 Appendix B Self Test Appendix Incorrect answers and explanations: A, B, and D. Answer A is incorrect because even though you must upgrade or fulfill your existing licenses on the MyCitrix web site, the licensing server provided with 4.0 is not compatible with XenApp 5.0. Answer B is incorrect because even though you have the correct licensing version, you must still upgrade your licenses on the MyCitrix web site. Answer D is incorrect because you must manually fulfill or upgrade your licenses on the MyCitrix web site AND you must still upgrade your License Server to the latest version that is compatible with XenApp 5.0. 14. What are the steps required to publish an application (such as Notepad) in the Access Management Console? (Choose all that are correct.) A. From the Access Management Console, expand the Farm node, right-click Application s, select New Publish Application, follow the steps in the Publish Application Wizard. B. From the Access Management Console, expand the Farm node, in the middle column under Common Tasks, click New, then Publish Application, follow the steps in the Publish Application Wizard. C. From the Access Management Console, expand the Farm node, right-click Servers, select New, Select Publish Application, follow the steps in the Publish Application Wizard. D. From the Access Management Console, expand the Farm node, right-click Applications, select Publish Application, follow the steps in the Publish Application Wizard. Correct answers and explanations: A and B. Both A and B are correct. You may select to publish a new application using either method to invoke the Publish Application Wizard. Incorrect answers and explanations: C and D. Answer C is incorrect because you must select Publish Application after you select New. Answer D is incorrect because you must select New and then select Publish Application. 15. What are all of the snap-ins that can be installed in the Access Management Console? A. Report Center, Licensing, Applications, Presentation Server, Dashboard, My Knowledge, Web Interface, Hotfix Management B. Report Center, Licensing, Diagnostic Facility, Presentation Server, Dashboard, My Knowledge, Web Interface, Hotfix Management, Documentation
Self Test Appendix Appendix B 11 C. Report Center, Licensing, Diagnostic Facility, Presentation Server, Dashboard, My Knowledge, Web Interface, Hotfix Management D. Licensing, Diagnostic Facility, Presentation Server, Dashboard, My Knowledge, Web Interface, Hotfix Management Correct answer and explanation: C. Answer C is correct because it lists all available snap-ins that can be installed in the Access Management Console. Incorrect answers and explanations: A, B, and D. There is no Applications snap-in, so Answer A is incorrect. There is no Documentation snap-in, so Answer B is incorrect. Answer D does not list Report Center as a snap-in and is therefore incorrect. 16. The XenApp Advanced Configuration tool replaced what prior Citrix management tool? A. Access Management Console B. Presentation Server Console C. Citrix Management Console D. ICA Configuration Console Correct answer and explanation: B. XenApp Advanced Configuration replaced the Presentation Server Console component; thus B is correct. Incorrect answers and explanations: A, C, and D. The Advanced Configuration Tool did not replace the Access Management Console, so Answer A is incorrect. The Citrix Management Console is an older component of the Citrix MetaFrame products, so Answer B is incorrect; there is no such console as the ICA Configuration Console, so Answer D is incorrect. 17. What methods can be used to create a new policy in the Advanced Configuration Tool? (Select all that apply.) A. Expand the Farm node, right-click the Policies node, select Create Policy. B. Expand the Farm node, right-click the Policies node, select New Policy. C. Expand the Farm node, right-click the Policies node, double-click the policy to configure. D. Expand the Farm node, highlight the policies node, select Actions New Policy from the file menu.
12 Appendix B Self Test Appendix Correct answers and explanations: A and D. Answers A and D are correct and either way may be used to create a policy. It should be noted that this only creates the policy and that the policy must still be configured. Incorrect answers and explanations: B and C. There is no option called New Policy, so Answer B is incorrect. Answer C describes how to configure a policy and is thus incorrect. 18. While using the Access Management Console remotely, you receive an error message when attempting to discover a server in your farm. What is the most likely cause of this error? A. This occurs when you use an account that does not have Distributed Component Object Model (DCOM) Remote Launch permissions on the remote server. B. You are running the Access Management Console within an RDP session. C. This occurs because the NTFS permissions are set incorrectly on the Access Management Console. D. This occurs when the account you are using does not have the proper.net permissions on the remote server. Correct answers and explanations: A. Answer A is correct. You must grant DCOM Remote Launch permissions to any Citrix administrators whom you allow to access the farm. Incorrect answers and explanations: B, C, and D. It makes no difference whether or not you are running the Access Management Console via an RDP session; so Answer B is incorrect. If NTFS permissions were set incorrectly, the Access Management Console would completely fail to launch, so Answer C is incorrect. There are no.net permissions, so Answer D is incorrect. 19. What is the best starting point for troubleshooting problems with XenApp? A. MyCitrix web site B. The Citrix Technical Support: Brief Troubleshooting Guide C. Citrix Technical Support D. Citrix Support Forums
Self Test Appendix Appendix B 13 Correct answer and explanation: B. Answer B provides the most comprehensive method of troubleshooting problems with XenApp. Incorrect answers and explanations: A, C, and D. Answer A, The MyCitrix web site does provide documentation on XenApp but does not provide ready answers to troubleshooting problems and is incorrect. Even though you could have Citrix Technical Support troubleshoot and potentially solve your problem, Citrix Technical support is not free, and the support engineers will want you to go through steps already documented in the Troubleshooting guide. Thus Answer C is incorrect. The Citrix Support Forums are an excellent source of information and many problems can be solved there, but bad advice can also be received. In many cases, the people who will help you will direct you to conduct basic troubleshooting identified in the troubleshooting guide. Thus Answer D is incorrect. 20. What are two ways to help identify possible causes of problems in your XenApp environment? (Choose two correct answers.) A. Implement XenApp Configuration Logging. B. Utilize an efficient Service Desk. C. Use a Change Management Process. D. Monitor server event logs. Correct answers and explanations: A and C. By using XenApp Configuration Logging, you can generate reports that can assist you in determining what changes have been made to your environment, who made them, and when they were made, so Answer A is correct. A change management system allows administrators and engineers to log any and all changes to a specific environment, to include which server is affected, the time, date and implementer at a minimum, thus Answer C is correct. Incorrect answers and explanations: B and D. While a service desk can help identify that there is a problem with your XenApp environment, it does not necessarily offer possible reasons for the problem, so Answer B is not the best choice. In addition, if a server experiences an outage because of a problem, the event logs will be unavailable to assist you in determining the problem, so Answer D is not the best choice.
14 Appendix B Self Test Appendix Chapter 2: Configuring and Maintaining the Citrix XenApp 5.0 Farm 1. You are attempting to install SmartAuditor into your XenApp farm. You are deciding which server to use as your administration server. Your XenApp farm is a mix of various Windows server editions. Which of the following servers is not supported by SmartAuditor? A. Windows Server 2008 64-bit edition B. Windows Server 2003 64-bit edition C. Windows Server 2003 32-bit edition D. All of the above versions of Windows server are supported Correct Answer & Explanation: A. SmartAuditor is not supported by Windows Server 2008, 32-bit or 64-bit. Incorrect Answers & Explanations: B, C, and D. Answers B and C are incorrect because SmartAuditor runs in both 32-bit and 64-bit versions of Windows Server 2003. Answer D is incorrect because Windows Server 2008 is not supported. 2. You plan to use Installation Manager to pass not only applications to servers within your server farms but also tasks. You are not familiar with the process of writing XML code for the creation of tasks. What tool can you use to create tasks? A. Advanced Configuration Console B. PowerShell C. Task Scheduler D. Access Management Console Correct Answer & Explanation: C. Windows Task Scheduler can be used to create scheduled tasks, which can then be exported and delivered via Installation Manager. Incorrect Answers & Explanations: A, B, and D. Answer A is incorrect because the Advanced Configuration Console is used for specific, advanced features of XenApp. Answer B is incorrect because PowerShell is used for the creation of scripts. Answer D is incorrect because the Access Management Console is used for the day-to-day operations of XenApp servers and farm, not for scheduling tasks.
Self Test Appendix Appendix B 15 3. Your manager wants to implement session shadowing in your environment for user support. However, she has some concerns about the security of this technology. You explain to her that there are various measures that can be put into place in order to protect confidentiality. Which of the following answers is/are configurable option(s)? A. Prohibit being shadowed without notification B. Require Smartcard authentication C. Prohibit remote input when being shadowed D. Prohibit shadowing by application E. A and C F. A and B Correct Answer & Explanation: E. Session shadowing can be configured to require user notification and also prohibit remote input. Incorrect Answers & Explanations: A, B, C, D, and F. Answers A and C are incorrect because they only partially answer the question. Answer B is incorrect because Smartcards cannot be integrated with XenApp. Answer D is incorrect because shadowing is not configured by application. Answer F is incorrect because it only offers half the correct answer. 4. You have brought a brand new server into your Citrix XenApp farm. When the next data collector election occurs, you want this new server to take priority during the election. Which of the following options is NOT a possible choice for a predetermined preference? A. Required B. Most Preferred C. Preferred D. Default Preference E. Not Preferred Correct Answer & Explanation: A. There is no setting Required for predetermining data collectors. Incorrect Answers & Explanations: B, C, D, and E. Answer B is incorrect because Most Preferred is the first choice for a data collector. Only one server in a zone should have this distinction. Answer C is incorrect because Preferred is the next choice after Most Preferred. Multiple preferred servers can exist.
16 Appendix B Self Test Appendix Answer D is incorrect because Default Preference is the setting of a server which is set by default when a new server is brought online. If neither a Most Preferred or Preferred server is available, elections will take place from this pool of servers. Finally, Answer E is incorrect because servers set to Not Preferred will only become data collectors if no other server is available. 5. You are setting up administrative accounts for various members of your IT team. Certain administrators need rights to manage server workloads within the Citrix farm. Which of the following rights can be assigned to a custom administrator account? A. Assign Load Evaluators B. Edit Load Evaluators C. View Load Evaluators D. Load Manager E. All of the above Correct Answer & Explanation: E. Assign Load Evaluators allows administrators to assign load evaluators to servers and published applications. Edit Load Evaluators allows administrators to edit load evaluation settings and automatically selects and requires the View permission. View Load Evaluators allows view-only access to load evaluator settings. Load Manager toggles on/off all subtasks and allows full access to view and modify all areas of load management. 6. You are attempting to install Microsoft Office 2007 onto a new XenApp server. You receive an error message that you must first put the server into a different mode. Which of the following is the correct mode? A. User mode B. Administrative mode C. Install mode D. Execute mode Correct Answer & Explanation: C. Install mode is required to install an application on a Windows server running Terminal Services. Incorrect Answers & Explanations: A, B, and D. Answers A and B are incorrect because there are no modes with these names. Answer D is incorrect because
Self Test Appendix Appendix B 17 Execute mode is the default mode of a Terminal Server and is available for end users to run applications. 7. You are getting ready to publish a web page using your Citrix XenApp farm. Which of the following application types is the most likely choice to use in this situation? A. Server desktop B. Content C. Application D. Streamed to client Correct Answer & Explanation: B. Objects such as web pages and documents can be published to users as content as opposed to an application, giving direct access to the intended information. Incorrect Answers & Explanations: A, C, and D. Answer A is incorrect as this would present the entire server desktop. Answer C is incorrect because an application would present an executable. Answer D is incorrect because streaming is a way of publishing an application. 8. You have hired a junior engineer on your IT team. This engineer will be responsible for basic administration of the Citrix XenApp servers. You first put him to work on published applications. Choose five options he can use to manage applications that are already published. A. Export/Import B. Clone C. Rename D. Enable/Disable E. Move F. Duplicate G. Replicate Correct Answers & Explanations: A, B, D, E, and F. Administrators can import and export application settings, rename applications, enable and disable them, move them to various subfolders, and duplicate them. Incorrect Answers & Explanations: C and G are incorrect as no such options exist.
18 Appendix B Self Test Appendix 9. You are setting up SmartAuditor in your Citrix XenApp farm. You are attempting to configure the administrative settings. What must be enabled on the server prior to installation? A. Microsoft Operations Manager 2007 B. Message Queuing C. DCOM D. Bitlocker Correct Answer & Explanation: B. SmartAuditor requires that Message Queuing be enabled on the server which will host the administrative functions. Incorrect Answers & Explanations: A, C, and D. Answer A is incorrect as this is a software package used for monitoring and maintenance of servers and applications. Answer C is incorrect because DCOM is used for remote tasks on a server. Answer D is incorrect because Bitlocker is a drive encryption software package. 10. You are attempting to monitor network performance on one of your XenApp servers. You believe the issue is isolated to a particular server. Which of the following can be monitored using performance indicators? A. Bandwidth and compression for ICA sessions B. Individual virtual sessions of a client session C. Bandwidth constraints of Citrix XenApp clients D. Latency counters for ICA sessions Correct Answers & Explanations: A, B, and D. The built-in performance counters installed as part of XenApp server can monitor bandwidth compression, virtual channels, and latency of ICA sessions. Incorrect Answer & Explanation: C. Answer C is incorrect as this is not something that can be measured from the XenApp server. 11. Your manager is looking for the most cost-effective and easiest means to deploy the SmartAuditor Player to authorized users. Which of the following solutions are possible? A. Install the player on a Windows 2003 host and publish the application. B. Use an application deployment product such as Microsoft System Center Configuration Manager 2007 to deploy the application.
Self Test Appendix Appendix B 19 C. Stream the application to the desktops using XenApp application publishing. D. All of the above. Correct Answers & Explanations: A and B. You can manually install the player on a user workstation, publish it on a Windows 2003 XenApp server, or deploy it using technologies such as System Center Configuration Manager (SCCM), Group Policy, or similar technology. Incorrect Answers & Explanations: C and D. Answer C is incorrect as Citrix neither recommends nor supports streaming the player. Answer D is incorrect since C is incorrect. 12. You want to manage remote servers from a single administrative location. You have administrative tools running on a local server but are still unable to manage the remote servers. What protocol must you enable in order for remote management to work? A. RDP B. COM C. ICA D. DCOM Correct Answer & Explanation: D. DCOM is a protocol used to initiate remote procedure calls (RPC) on a server. DCOM is not enabled by default. Incorrect Answers & Explanations: A, B, and C. Answer A is incorrect because Remote Desktop Protocol (RDP) is the default Terminal Services protocol. Answer B is incorrect as it is similar to DCOM but an older version of the technology. Answer C is incorrect because ICA is the default Citrix communication protocol. 13. Your manager has asked you to create various administrative groups to handle very specific tasks within your XenApp farm. Which of the following answers are tasks groups that can be assigned to custom authority administrators? A. Administrative Folder tasks B. Super User tasks C. View-only tasks D. Printer Management Folder tasks E. Server Folder tasks F. Help Desk tasks
20 Appendix B Self Test Appendix Correct Answers & Explanations: A, D, and E. There are seven task groups from which tasks can be assigned to custom authority administrators: Administrators, Applications, Farm, Load Evaluators, Policies, Printer Management, and Servers. Incorrect Answers & Explanations: B, C, and F. Answers B, C, and F are incorrect because no such groups exist. 14. You are running both Citrix XenApp and Microsoft System Center Operations Manager 2007 in your IT enterprise environment. Your administrative team has asked to monitor the Citrix XenApp farm using SCOM. Which of the following objects can be monitored and reported on in SCOM? A. Citrix Zone B. Citrix Unsupported Server C. Citrix Unlicensed Server D. Citrix License Server E. All of the above F. None of the above Correct Answer & Explanation: E. The management pack for Systems Center Operations Manager 2007 allows you to monitor and report on 10 different objects: Citrix Deployment, Citrix Farm, Citrix Zone, Citrix Zone Data Collector, Citrix Farm Metric Server, Citrix Managed Server, Citrix Unsupported Server, Citrix Unlicensed Server, Citrix License Server, and Citrix Server. Incorrect Answers & Explanations: A, B, C, D, and F. Answers A, B, C, and D are incorrect because they only partially answer the question. Answer F is incorrect since all of the above answers are correct. SCOM will probably not be on the test but I do think Resource Manager and EdgeSight should be explored. 15. You check the Citrix support site and notice that there are several new hotfixes available to you to install on your XenApp farm. You are about to bring two new XenApp servers online shortly as well. What method of installation might you use to install these hotfixes without manually launching each one individually? A. Package the hotfixes together and stream them using a published application.
Self Test Appendix Appendix B 21 B. Use Citrix Installation Manager to deploy the hotfixes to the unconfigured servers. C. Create a custom installation that includes the hotfixes. D. You must install all hotfixes manually for security purposes. Correct Answer & Explanation: C. Before installing Citrix XenApp onto the new servers, you can create a custom installation which will include all the hotfixes you have chosen to include. Incorrect Answers & Explanations: A, B, and D. Answer A is incorrect because a hotfix is not an application and cannot therefore be streamed. Answer B is incorrect since Installation Manager will only work on servers that already have XenApp installed. Answer D is incorrect since you can automate hotfix installation. 16. Steamed applications use a specific type of file to provide information about the application that is being delivered. What is the name of this file? A. MST file B. MSI file C. Application profile D. Streaming profile Correct Answer & Explanation: C. An application profile contains critical information about the application being delivered to the end-user. Incorrect Answers & Explanations: A, B, and D. Answers A and B are incorrect because MSTs and MSIs are configuration files belonging to Microsoft applications. Answer D is incorrect because no file type of this name exists. 17. You are explaining the benefits of upgrading to Citrix XenApp to your company s CFO. You mention as one of the advantages the ability to stream applications. Which of the following is NOT an advantage of streaming an application? A. Increased application speed B. Reduced application conflicts C. Single point of management D. Reduction in cost based on desktop support maintenance
22 Appendix B Self Test Appendix Correct Answer & Explanation: A. Streaming an application does not necessarily guarantee that it will run faster than one published in the traditional Citrix fashion or installed directly on a workstation. Incorrect Answers & Explanations: B, C, and D. Answers B, C, and D are all incorrect since they are all advantages of streaming applications. 18. You have recently upgraded to XenApp from Citrix Presentation Server. New workstations that you are deploying to employees have the latest Citrix client. Employees with existing computers will have their clients updated over the next three to six months. Your manager wants you to deploy a new application to all clients and wants to take advantage of application streaming. What setting should you use when publishing the application? A. Server desktop B. Content C. Accessed from a server D. Streamed if possible, otherwise accessed from a server E. Streamed to client Correct Answer & Explanation: D. The requirement from management was that the application be made available to all clients. Since the legacy clients do not support streamed applications, you would stream if possible or otherwise access it from the server in the traditional manner. Incorrect Answers & Explanations: A, B, C, and E. Answer A is incorrect since this would present an entire desktop to the end user. Answer B is incorrect as this is used to present documents and web pages. Answer C is incorrect because it does not use streaming at all. Answer E is incorrect since the legacy clients cannot support streaming and would not be able to access the application. 19. You have recently implemented Citrix EdgeSight for the management of your Citrix farm. You are new to EdgeSight and would like to know more information about the individual features of the product as you work with the management console. Which of the following would provide this type of help? A. Help Link B. Getting Started C. Enabling pop-up help D. None of the above
Self Test Appendix Appendix B 23 Correct Answer & Explanation: B. The Getting Started tab is used to enable descriptive help messages for the other tabs and features in the EdgeServer console. When Getting Started is enabled, you can click on the other tabs to receive information on the functions of these tabs. Incorrect Answers & Explanations: A, C, and E. Answer A is incorrect since this would launch the online help feature. Answer C is incorrect since the correct name for this feature is Getting Started. 20. You are attempting to get more detailed help on a particular feature of EdgeSight. However, when you attempt to launch the Help Link, it fails with a Page Not Found error. What is the cause of this? A. You have not properly licensed EdgeSight. B. You did not choose to install the help files while installing EdgeSight. Launch the installation process again. C. You do not have access to the Internet from this server. D. You should use Getting Started instead. Correct Answer & Explanation: C. Help Link launches an online version of the help files. The server that is running EdgeSight must have Internet access. Incorrect Answers & Explanations: A, B, and D. Answer A is incorrect since licensing would not affect your access to the help files. Answer B is incorrect as there is no installation option for the help files, they are online. Answer D is incorrect because Getting Started only provides a brief overview of the features. Chapter 3: Configuring ICA Sessions 1. Darien is a user in your environment who works at a remote office. The location connects through a Metro E connection to a centralized office where the XenApp server farm exists. Darien attempts to launch Microsoft Word from the farm and is successful. As he is working, his application suddenly stops responding and an hourglass appears. Within a minute, the pointer reappears and he is able to continue working. Place the following items in order to best describe what most likely occurred in this situation. You may not use all of the available options. 1. The Session Reliability timeout on the XenApp farm was exceeded, so the session status returned to active.
24 Appendix B Self Test Appendix 2. The network connection from Darien s workstation to the XenApp farm was broken. 3. The user continued to appear connected. 4. The network connection was restored, so the application became responsive again and the user could work. 5. Session Reliability settings on the XenApp farm allowed the session to remain open on the server farm. A. 3, 2, 1 B. 2, 5, 3, 4 C. 5, 2, 3, 1 D. 2, 1, 4 Correct Answer & Explanation: B. This is the correct sequence. When the network connection between the client and server is interrupted the session remains open on the server due to Session Reliability settings. The user continues to appear connected during the interruption, and once the network connection is restored the application becomes responsive again and the user can continue working. Incorrect Answers & Explanations: A, C, D. Answer A is incorrect, because this is not the correct order of steps. Answer C is incorrect, because this is not the correct order of steps. Answer D is incorrect, because this is not the correct order of steps. 2. A user named Carlos calls you saying that he has just rebooted his workstation and he cannot launch the application he was logged on to before the reboot. When you log on to the console you see that many users are connected into your XenApp farm and are working normally on applications. What could be a possible cause of this issue? A. Carlos does not have permissions to access the server farm. B. The server to which Carlos is configured to connect is off. C. The IMA services on the server Carlos is connecting to are not responsive. D. Carlos must be granted permissions to the application he is trying to access. Correct Answer & Explanation: C. The IMA service on XenApp servers is required for new connections. Existing connections are not affected by restarting this service.
Self Test Appendix Appendix B 25 Incorrect Answers & Explanations: A, B, D. Answer A is incorrect, because Carlos would not have been able to log on if he did not have permissions to access the server farm. Answer B is incorrect, because users are not configured to connect to certain application servers. Answer D is incorrect, because the user stated that he had been using the application before the reboot, which implies he has permissions to the application already. 3. Session Reliability changes the way a client interacts with the XenApp farm in which of the following ways? Select two. A. Users can disconnect and reconnect to the sessions faster. B. If a user loses network connectivity her session does not disconnect. C. Disconnections are not permitted in order to keep sessions reliable. D. The default ICA port changes from 1494 to 2598. Correct Answers & Explanations: B, D. Answer B is correct, because brief disconnections from the network, as in wireless situations or remote office situations, do not result in automatic disconnection of an ICA session. Answer D is correct, because ICA traffic without Session Reliability enabled runs on port 1494. By enabling Session Reliability, the primary port for communication between client and server changes to 2598. Incorrect Answers & Explanations: A, C. Answer A is incorrect, because once a session enters a disconnected state Session Reliability is no longer a factor. Answer C is incorrect, because it is an invalid statement. Whether disconnections are allowed is not a feature or setting of Session Reliability. 4. A user is in the middle of crafting a PowerPoint presentation. He receives a phone call which is requesting his presence in another building. He decides to disconnect his session to PowerPoint and resume when he arrives in his new location. Which of the following best describes what the user must do to reconnect to his session once he arrives in the other building? A. Log on to the XenApp Plugin and the disconnected sessions will resume automatically. B. Log on to the XenApp Plugin and launch PowerPoint. C. Log on to the XenApp Plugin, right-click the XenApp System Tray icon, and click Reconnect Sessions. D. Log on to the XenApp Plugin, right-click the XenApp System Tray icon, and click Resume Sessions.
26 Appendix B Self Test Appendix Correct Answer & Explanation: C. From the right-click menu in the System Tray icon, Reconnect Sessions will be an available option which will reconnect a user to any disconnected sessions he may have. Incorrect Answers & Explanations: A, B, D. Answer A is incorrect, because disconnected sessions will not resume automatically with a new login. Answer B is incorrect, because launching the application will start a new session. Answer D is incorrect, because there is no Resume Sessions option. 5. Sally has successfully logged on to her XenApp Plugin client, and is now trying to launch an application but is receiving an error on each attempt. She is working from a satellite office today and this is the first time she has been in this location. As she asks around the office, she realizes that no one else in this location uses the XenApp Plugin. What is the most likely cause for Sally s failure to log on? A. Sally does not have permissions to the application she is trying to launch. B. Port 1494 is not open on the firewall from the satellite office to the main office. C. Port 2598 is not open on the firewall from the satellite office to the main office. D. Sally has locked out her user account from too many invalid logon attempts, so she has been restricted in launching applications. Correct Answer & Explanation: C. Session Reliability is enabled by default in XenApp 5.0, and the standard port used by the XenApp plug-in to launch applications is 2598. Once logon is completed, this port must be open from the client to the XenApp server farm for applications to launch successfully. Because Sally is in a satellite office, the firewall between the office and the main location where the XenApp servers reside mostly likely does not allow traffic on port 2598. Incorrect Answers & Explanations: A, B, D. Answer A is incorrect, because if Sally did not have permissions to the application the icon would not be rendered. Answer B is incorrect, because with session reliability enabled in the XenApp farm port 1494 is not the default port in use when an application is launched. Answer D is incorrect, because authentication credentials are passed when the user logs on to the XenApp Plugin client, which was successful for Sally.
Self Test Appendix Appendix B 27 6. You have decided to use an MSI file to install the XenApp Plugin on the workstations in your environment. You utilize Active Directory Group Policy to install the MSI file on the machines of a group of pilot users. The users inform you that they are being prompted with a XenApp installation screen. Which of the following commands will allow you to create an MSI file that will install silently? A. msiexec /I B. msiexec /A C. msiexec /U D. msiexec /P Correct Answer & Explanation: B. /A is the correct switch to use with msiexec to launch the Client Packager and create an unattended installer file. Incorrect Answers & Explanations: A, C, D. Answer A is incorrect, because the /I switch is utilized for unattended installations. Answer C is incorrect, because the /U switch does not exist. Answer D is incorrect, because the /P switch does not exist. 7. A user is logged on to the network through a VPN connection. She has successfully launched an internal expense report tool from her XenApp plug-in. Suddenly her home Internet connection fails and she is disconnected from the VPN. What is the current state of her session on the XenApp farm? A. Disconnected, and she may reconnect to her session and continue working B. Disconnected, and she has lost her work C. Terminated, and she may reconnect to her session and continue working D. Idle, and she may reconnect to her session and continue working Correct Answer & Explanation: A. When a user unexpectedly loses her connection to a XenApp session, her session will enter a disconnected state, and as long as she reconnects before the disconnect timeout expires, she will be able to continue working where she left off. Incorrect Answers & Explanations: B, C, D. Answer B is incorrect, because if the session is in a disconnected state, she can reconnect and resume the application where she left off. Answer C is incorrect, because terminated sessions cannot be reconnected to. If a session is terminated, any unsaved work is lost. Answer D is incorrect, because an idle connection occurs only when a user remains connected but not active in the session.
28 Appendix B Self Test Appendix 8. Many workstations in your environment are configured in a kiosk model. Users are accustomed to accessing applications through Internet Explorer and they can log on to any kiosk to gain access to all but the most sensitive of applications. You are trying to decide which XenApp client would be a good fit for your environment. Select the best choice. A. Program Neighborhood B. XenApp Web Plugin C. XenApp Plugin D. Java client Correct Answer & Explanation: B. You have a culture that is accustomed to gaining application access through a Web browser, and the XenApp Web Plugin falls in line with this model. Incorrect Answers & Explanations: A, C, D. Answer A is incorrect, because Program Neighborhood is a locally installed application, and even though it could be used it doesn t fit in line with the habits described or the kiosk model of workstations. Answer C is incorrect, because the XenApp Plugin is intended to make application access seamless by passing through credentials from the logged-on user and placing application shortcuts on the desktop. It is not the best choice for the described culture. Answer D is incorrect, because it is also not the best fit for the described environment since Internet Explorer is described as the application access method of choice and Java is not. 9. A user would like to know how he should reconnect to his application after having his network connection accidentally terminated. What tool can he use to reconnect to a disconnected session? Choose all that apply. A. Connection Center B. Start menu icon C. XenApp Plugin System Tray icon D. Desktop icon Correct Answers & Explanations: A, C. Both of these options display a reconnect option for users to reconnect to their disconnected sessions. Incorrect Answers & Explanations: B, D. Answer B is incorrect, because Start menu icons will launch new sessions of published applications or local applications. Answer D is incorrect, because desktop icons will launch new sessions of published applications or local applications.
Self Test Appendix Appendix B 29 10. A user calls the help desk because she has accidentally deleted the icon on her desktop for an accounting application. You know that the application is published from the XenApp farm. What is the easiest way to re-create the icon on the user s desktop? A. Right-click the user s desktop, click New Shortcut, and follow the wizard. B. Right-click the System Tray icon and click Application Refresh. C. Reinstall the accounting application on the XenApp farm. D. Reinstall the accounting application on the user s workstation. Correct Answer & Explanation: B. By refreshing the applications from the XenApp farm, the user s desktop shortcut icon will be refreshed. Incorrect Answers & Explanations: A, C, D. Answer A is incorrect, because the shortcut wizard will allow you to create a shortcut icon, but not to a published XenApp application. Answer C is incorrect, because reinstallation of the application on the XenApp farm will not re-create icons on a user s desktop. Answer D is incorrect, because this accounting application is a published application, so installing it on the user s workstation may create icons on the desktop, but they would not be icons that launch a published application. The application would then be running locally. 11. As the XenApp administrator, Joe publishes a new application in the XenApp farm. The application contains multiple graphical icons and a Flash animation that plays when the application launches. Some of the users are complaining that it takes a long time for the application to launch, and when it finally does the Flash animation is not being displayed. What could be causing this? A. Flash Acceleration is not enabled at the server level. B. Adobe Flash Player is not loaded on some of the client machines. C. Flash Acceleration is not enabled at the farm level. D. Adobe Flash Player is not loaded on one of the XenApp servers. Correct Answer & Explanation: D. For Flash animations to display properly, Adobe Flash Player must be loaded on all XenApp servers responsible for rendering Flash content. Incorrect Answers & Explanations: A, B, C. Answer A is incorrect, because Flash Acceleration affects the quality of the Flash animation, not whether it plays. Answer B is incorrect, because client machines do not require Flash
30 Appendix B Self Test Appendix Player when playing Flash animations from published applications. Answer C is incorrect, because Flash Acceleration affects the quality of the Flash animation, not whether it plays. 12. Which of the following SpeedScreen settings cannot be configured at the farm level? A. SpeedScreen Multimedia Acceleration B. SpeedScreen Browser Acceleration C. SpeedScreen Image Acceleration D. SpeedScreen Flash Acceleration Correct Answer & Explanation: C. Image Acceleration cannot be configured at the farm level. It is configured from within XenApp policies. Incorrect Answers & Explanations: A, B, D. Answers A, B, and C are incorrect, because they can be configured at the farm level. 13. All of the sales and marketing staff in your organization are based out of a satellite office in Atlanta. The main headquarters is located in Charlotte, NC. You need to enable SpeedScreen Latency Reduction settings for users in the satellite office which are distinct from the rest of the organization. How can you accomplish this with the least amount of administrative effort? A. Silo all of the applications that the users require access to and utilize the SpeedScreen Latency Reduction manager to configure the settings at the server level. B. Utilize the SpeedScreen Latency Reduction manager to configure each application to which the sales and marketing staff requires access. C. Import the icaclient.adm file into Active Directory, create a Group Policy, configure the Group Policy with the SpeedScreen Latency Reduction settings, and then apply the Group Policy to the appropriate locations in Active Directory. D. Create a XenApp policy, configure it with the settings for SpeedScreen Latency Reduction, and apply the policy to the subnet in the Atlanta office. Correct Answer & Explanation: C. Group Policies give you the flexibility to impact just certain groups of users with the new configuration settings without having to restructure your XenApp farm.
Self Test Appendix Appendix B 31 Incorrect Answers & Explanations: A, B, D. Answer A is incorrect, because reorganizing your XenApp farm is a large effort and is not the most efficient way to address this scenario. Answer B is incorrect, because the sales and marketing users may require access to the same applications as other users in the environment, so this method would impact more than just sales and marketing users, or require the same application to be published multiple times to meet the requirements by having different published instances for different user groups. Answer D is incorrect, because XenApp policies do not contain settings for SpeedScreen Latency Reduction. 14. You need to install the XenApp Web Plugin. Which of the following are valid install formats? A..exe B..mst C..msi D..bat Correct Answer & Explanation: A, C. The XenApp Web Plugin is available in both.exe and.msi format. They are both downloadable from the Citrix Web site. Incorrect Answers & Explanations: B, D. Answer B is incorrect, because the XenApp Web Plugin is not available for install in.mst format. Answer D is incorrect, because the XenApp Web Plugin is not available for install in.bat format. 15. A user is complaining that her keyboard isn t working properly. A technician replaces the keyboard in an effort to solve the issue. The user still complains that the keyboard isn t working properly. You sit down and begin typing and notice that everything you type takes three to five seconds to appear on the screen. How do you resolve this issue? A. Replace the motherboard on the machine. The keyboard port has gone bad. B. Replace the keyboard a second time. Something is wrong with the keyboard cable. C. Enable Local Text Echo on the user s machine. D. Enable Image Acceleration on the user s machine.
32 Appendix B Self Test Appendix Correct Answer & Explanation: C. The XenApp server renders user input before sending it back to the client to display. In this case, the delay is significant enough that it is noticeable. By enabling Local Text Echo, you will cause local fonts to be used to render the text until the server response arrives and updates in the background. Incorrect Answers & Explanations: A, C, D. Answer A is incorrect, because the issue stems from the latency between the XenApp server and client, and is not a hardware issue. Answer B is incorrect, because the issue stems from the latency between the XenApp server and client, and is not a hardware issue. Answer D is incorrect, because Image Acceleration only impacts images and not the text that is being rendered on the client machines. 16. You are using the Client Packager to produce an MSI file for client deployment. Near the end of the wizard an error is generated and the package creation is not completing successfully. The error is not very descriptive and you don t find anything in the Citrix knowledge base to point you in the direction of the problem. Which of the following could be causing the issue? A. You must uninstall the client on the local machine before running the Client Packager. B. You don t have permissions to run the Client Packager. C. You don t have permissions on the target location where you are attempting to store the resultant MSI file. D. You need to connect to the XenApp farm before running the Client Packager wizard. Correct Answer & Explanation: C. You must have permissions in the target location to create the necessary temporary files as well as the final MSI package. Incorrect Answers & Explanations: A, B, D. Answer A is incorrect, because the local client install status does not have an impact on execution of the Client Packager. Answer B is incorrect, because the permissions required to execute the Client Packager must be present to launch the wizard. In this example, the error occurred near the end of the wizard. Answer D is incorrect, because you do not connect to the XenApp farm to execute the Client Packager. 17. Justin is an assistant administrator in your environment. Many users have been complaining about the performance of some graphically intensive applications in the XenApp farm, so he has been asked to optimize the user experience.
Self Test Appendix Appendix B 33 He makes some configuration changes and the performance of all applications in the farm drastically worsens. What option has Justin configured which may degrade application performance across the farm? A. Enabling Heavyweight Compression B. Enabling Latency Reduction C. Enabling Browser Acceleration D. Enabling Session Reliability Correct Answer & Explanation: A. Heavyweight Compression is CPU-intensive, and requires additional server resources when enabled. Incorrect Answers & Explanations: B, C, D. Answer B is incorrect, because Latency Reduction impacts performance on the client machines and would not impact server performance. Answer C is incorrect, because Browser Acceleration has an impact only when users are viewing HTML pages, and does not generate large amounts of additional server overhead. Answer D is incorrect, because Session Reliability is enabled by default and does not require additional server overhead. 18. Your users have been utilizing the XenApp farm to gain access to newly published multimedia training content. They have been complaining that the videos are sometimes choppy and don t play smoothly. How can you adjust XenApp settings to improve their experience? A. Disable Multimedia Acceleration. B. Increase the Multimedia Acceleration buffer to 10 seconds. C. Increase the Browser Acceleration buffer to 10 seconds. D. Reduce the Multimedia Acceleration buffer to one second. Correct Answer & Explanation: B. By increasing the Multimedia Acceleration buffer, you achieve a smoother content playback experience. Incorrect Answers & Explanations: A, C, D. Answer A is incorrect, because Multimedia Acceleration improves the user experience; disabling it will not improve the situation. Answer C is incorrect, because there is no Browser Acceleration setting. Answer D is incorrect, because reducing the multimedia buffer relies more heavily on the network to play content. If videos are already choppy, this will most likely make the situation worse.
34 Appendix B Self Test Appendix 19. Steve would like to install the most robust and configurable client for the power users in his environment. Which XenApp plug-in is the most appropriate choice? A. Java client B. XenApp Plugin C. Program Neighborhood D. XenApp Web Plugin Correct Answer & Explanation: C. Program Neighborhood allows users to create custom ICA connections, have control over their SpeedScreen Latency Reduction settings, and so forth. It provides for the most configurable XenApp client. Incorrect Answers & Explanations: A, B, D. Answer A is incorrect, because the Java client is not the most robust and configurable client. Answer B is incorrect, because the XenApp Plugin client is not the most robust and configurable client. Answer D is incorrect, because the XenApp Web Plugin client is not the most robust and configurable client. 20. A user is having difficulty connecting to the Citrix XenApp farm. He contacts the help desk, and discovers he is the only one with logon issues. Of the following, which item is not a probable cause for the user s connection issue? A. The user s account is locked out. B. The IMA services on the XenApp servers need to be restarted. C. The user does not have permission to log on to the XenApp farm. D. The user is connecting from a remote office and he isn t able to connect to the XenApp farm servers. Correct Answer & Explanation: B. If the IMA service on the XenApp server becomes unresponsive, no new sessions can be established and multiple users would potentially be impacted. Incorrect Answers & Explanations: A, C, D. Answer A is incorrect, because if a user s account is locked out from multiple retry attempts, he will not be able to authenticate successfully against the XenApp farm. Answer C is incorrect, because users do require permissions to log on to the XenApp farm. Answer D is incorrect, because it is possible that a firewall in the remote office could be blocking the required ICA ports from communicating with the XenApp farm in the main office.
Chapter 4: Configuring XenApp 5.0 Policies and Load Balancing Self Test Appendix Appendix B 35 1. You are configuring your XenApp farm with a policy for Session Importance. You have configured the policy with the proper settings for Session Importance. You have configured the policy to filter based on Access Control. This is also configured correctly. When users log in via Access Gateway, the policy is not being applied to them. Which of the following is most likely the cause of the problem? A. In order for Session Importance to work properly, a policy for Zone preference and failover must also be configured. B. The option Trust requests sent to the XML Service is not enabled. C. The user is logging in via Access Gateway Advanced Edition and not Access Gateway Enterprise Edition. D. The user is using a MAC client, which does not support Session Importance. Correct Answer & Explanation: B. In order to use policy filters based on Access Control, the option for Trust requests sent to the XML Service must be enabled. Incorrect Answers & Explanations: A, C, D. Answer A is incorrect because the Session Importance policy does not require any other policies to be set. Answer C is incorrect because Access Gateway Advanced Edition supports the Access Control filter. Answer D is incorrect because Session Importance is a server-side policy; therefore the client does not matter. 2. You are configuring your XenApp farm to allow PDA synchronization via USB. You have enabled the policy for Turn on automatic virtual COM port mapping. You have installed the appropriate synchronization software. When users log in with a USB PDA, they are still unable to synchronize. What is most likely the cause of the problem? A. COM port mapping is disabled. COM port mapping needs to be enabled along with virtual COM port mapping. B. COM port mapping is enabled. This interferes with virtual COM port mapping.
36 Appendix B Self Test Appendix C. TWAIN redirection is disabled. TWAIN redirection needs to be enabled along with virtual COM port mapping. D. There is not enough bandwidth available for PDA synchronization to occur properly. Correct Answer & Explanation: A. In order for USB PDA synchronization to work properly in a XenApp session, COM port mapping and virtual COM port mapping both have to be enabled. Incorrect Answers & Explanations: B, C, D. Answer B is incorrect because COM port mapping must be enabled along with virtual COM port mapping, in order for USP PDA synchronization to function properly. Answer C is incorrect because TWAIN redirection will not affect PDA synchronization. Answer D is incorrect because session bandwidth will not prevent USB PDA synchronization. Lack of bandwidth can cause the synchronization to take a long time, however. 3. You have configured a XenApp policy to disable client drive mapping. You only want this policy to be applied to specific clients. You configured the policy with a filter for client name. You configured the filter with the names of the clients that should have their client drives disabled. When users log in from these clients, the policy is not being applied. What is most likely the cause of the problem? A. There is a lower priority policy overriding the policy that disables the drive mappings. B. Users are connecting to a XenApp Advanced Edition server, and not a XenApp Platinum Edition server. C. The user is logging in as an administrator, and therefore his or her client drive mappings cannot be disabled. D. Users are logging in through Web Interface, which is using randomly generated client names. Correct Answer & Explanation: D. When users log in via Web Interface, Web Interface can generate a random client name. If this is the case, then the client names given in the filter will not match the randomly generated name. Incorrect Answers & Explanations: A, B, C. Answer A is incorrect because a lower priority policy will not override a higher priority policy. Answer B is incorrect because XenApp Advanced Edition supports XenApp policies. Answer C is incorrect because even administrators can have their client drives disabled.
Self Test Appendix Appendix B 37 4. You have configured several policies in your XenApp farm. All of your policies are applied to user groups. A user is reporting that his client drive mappings have been disabled. Drive mappings should not be disabled for this user. You have lost track of all the policies that apply to the user. Therefore, you are unsure which policy may be disabling the client drives. How can you best determine which policies apply to the user? A. Use the Policy Search Engine. B. View the properties for the user in the Citrix XenApp Advanced Configuration tool. C. View the properties for all the policies you have configured. D. Remove all the filters you have configured and reconfigure them. Correct Answer & Explanation: A. The Policy Search Engine can be used to find policies that match given filter criteria. Incorrect Answers & Explanations: B, C, D. Answer B is incorrect because you cannot view user properties in the Citrix XenApp Advanced Configuration tool. Answer C is incorrect because checking the properties for a policy will show you the rules you have configured, not the filters. Answer D is incorrect because, although you could remove all and reconfigure the filters, this would not provide you with information regarding all the currently configured policies. 5. You have just configured several new policies. You would like to determine how these new policies will affect a certain user account. How can you determine how the new policies will affect the user before the user logs into the farm? A. There is no way to determine how the user will be affected without having the user log in. B. Use the Resultant Set of Policies (RSOP) tool. C. Enable Policy Logging. D. Enable Configuration Logging. Correct Answer & Explanation: B. The RSOP allows you to view what policy settings will be applied to a session before the session is established. Incorrect Answers & Explanations: A, C, D. Answer A is incorrect because there is a way to determine this information without the user having to log in. Answer C is incorrect because there is no separate policy logging feature.
38 Appendix B Self Test Appendix Answer D is incorrect because the Configuration Logging feature does not supply you with this type of information. 6. Your organization consists of a main office and a field office. Users commonly move between the offices. The two sites are on separate networks but are connected via a WAN. You want client drive mappings disabled for clients in the field office, but not the home office. How can this be accomplished? A. Create a policy disabling client drive mappings. Apply a Client IP Address filter to the policy. B. Create a policy disabling client drive mappings. Apply a Client Name filter to the policy. C. Create a policy disabling client drive mappings. Apply a User filter to the policy. D. Create a policy disabling client drive mappings. Apply a Location filter to the policy. Correct Answer & Explanation: A. Since the two sites are on separate networks, they should have different IP address ranges. Therefore, you can apply the policy only to the field office IP range. Incorrect Answers & Explanations: B, C, D. Answer B is incorrect because clients move between different sites. Therefore, a given client can be at either site on any given day. Answer C is incorrect because clients move between different sites. Therefore, a given user can be at either site on any given day. Answer D is incorrect because there is no specific Location filter. Locations are generally differentiated using IP address ranges. 7. You are using Password Manager in your XenApp environment. You need a way to configure the Password Manager Credential Store. The credential store is on a Windows file server. What is the best way to accomplish this? A. Use the default file share credential store. B. Create a registry entry on all of your XenApp servers with the location of the credential store. C. Create a XenApp policy using the Password Manager Credential Store policy rule. D. Use Installation Manager to push the Password Manager plug-in to all your XenApp servers.
Self Test Appendix Appendix B 39 Correct Answer & Explanation: C. The Password Manager Credential Store policy rule allows you to specify a UNC share for your Password Manager Credential Store. Incorrect Answers & Explanations: A, B, D. Answer A is incorrect because there is no default file share credential store in Password Manager. Answer B is incorrect because setting registry entries may work, but it s not the best method. Answer C is incorrect because simply pushing out the plug-in via Installation Manager will not configure the plug-in with a credential store. 8. Which load rules are included in the Default Load Evaluator? A. Load Throttling and Server Load B. Load Throttling and CPU Usage C. CPU Usage and Server Load D. CPU Usage and Memory Usage Correct Answer & Explanation: A. The Default Load Evaluator includes the Load Throttling and Server Load rules. Incorrect Answers & Explanations: B, C, D. Answer B is incorrect because the CPU Usage load rule is not included. Answer C is incorrect because the CPU Usage load rule is not included. Answer D is incorrect because neither the CPU Usage nor the Memory Usage rule is included. 9. You have configured multiple XenApp policies. You want to configure a Zone preference and failover (ZPF) policy to set the preferred zone for a group of users to Group 1. You want to configure a second ZPF policy to set the preferred zone for everyone else to Group 2. You configured both policies, but all users are being directed to Group 2 as their preferred zone. What can be done to fix this and still achieve the desired result? A. Remove the policy specifying Group 2 as the preferred zone. B. In addition to the ZPF rule, you should also add a Session Importance rule. C. Disable session sharing. D. Ensure that the policy setting the Group 1 preferred zone is a higher priority than the policy setting Group 2 as the preferred zone. Correct Answer & Explanation: D. The policy specifying a specific user group should have a higher priority. Then users who don t fall into that group will have the other policy applied.
40 Appendix B Self Test Appendix Incorrect Answers & Explanations: A, B, C. Answer A is incorrect because if the policy is removed, then no one will have Group 2 set as their preferred zone. Answer B is incorrect because Session Importance alone will not affect ZPF. Answer D is incorrect because although session sharing may affect ZPF, that is not the problem in this case. 10. Frequently, when users are reading documents with a document reader published on your XenApp servers, they encounter links to web sites and media files. These web sites and media files are opened using a browser also published on your XenApp servers. The high number of browser sessions and media sessions being opened is causing high resource utilization on your servers. In order to reduce the utilization on your servers, you want these links to be opened using the local client browser. Which policy setting should you enable to accomplish this? A. Server to client content redirection B. Zone preference and failover C. Session Importance D. Client to server content redirection Correct Answer & Explanation: A. Server to client content redirection will allow URL accessed on the server to be opened using a client browser. Incorrect Answers & Explanations: B, C, D. Answer B is incorrect,because Zone preference and failover controls sessions, not links within a session. Answer C is incorrect because Session Importance controls the resources provided to a session, not where links are processed. Answer D is incorrect because Client to server content redirection allows local documents to be opened using server applications. 11. Which of the following load rules are included in the Advanced Load Evaluator? A. Server Load and Load Throttling B. CPU Utilization, Load Throttling, Memory Usage, and Page Swaps C. CPU Utilization, Memory Usage, Disk Data I/O, and Page Swaps D. Memory Usage, Page Swaps, Page Faults, and Load Throttling Correct Answer & Explanation: B. CPU Utilization, Load Throttling, Memory Usage, and Page Swaps are included in the Advanced Load Evaluator.
Self Test Appendix Appendix B 41 Incorrect Answers & Explanations: A, C, D. Answer A is incorrect because Server Load and Load Throttling are included in the Default Load Evaluator, not the Advanced Load Evaluator. Answer C is incorrect because Disk Data I/O is not included in the Advanced Load Evaluator. Answer D is incorrect because Page Faults is not included in the Advanced Load Evaluator. 12. Users in the Finance Department use financial applications published on your XenApp servers. The XenApp servers themselves are secure, as are the applications. You are worried that sensitive data being transmitted over the network could be intercepted. Which policy rule should you enable to secure data communication? A. SecureICA B. SSL Relay C. Session Importance D. Zone preference and failover Correct Answer & Explanation: A. SecureICA secures communication between the client and the server. SecureICA allows you to set a level of encryption that is to be used throughout the session. Incorrect Answers & Explanations: B, C, D. Answer B is incorrect because although SSL Relay will secure communications, it is not available via policies. Answer C is incorrect because Session Importance will not secure communications. Answer D is incorrect because Zone preference and failover will not secure communications. 13. Your company has offices in New York, Los Angeles, London, Brisbane, and Tokyo. You have XenApp architecture that consists of one farm. But you have XenApp servers in New York, London, and Tokyo. You want users to use the XenApp server that is closest to their physical location. Which policy rule should you enable to accomplish this? A. Server to client content redirection B. Session Importance C. Zone preference and failover D. Configure delivery protocol Correct Answer & Explanation: C. Zone preference and failover can direct user sessions to a specific group of servers. This group of servers is known as a primary zone.
42 Appendix B Self Test Appendix Incorrect Answers & Explanations: A, B, D. Answer A is incorrect because Server to client content redirection does not designate a group of servers as the primary resource for user sessions. Answer B is incorrect because Session Importance does not designate a group of servers as the primary resource for user sessions. Session Importance will just direct a session to the least busy server. Answer D is incorrect because it is used to define a delivery mechanism for Application Streaming. 14. When Preferential Load Balancing is enabled, which of the following is used to calculate Resource Allocation? A. Session Importance and Max Application Importance B. CPU Utilization and Memory Usage C. User Importance and Session Importance D. Server Load and Application Importance Correct Answer & Explanation: A. Resource Allocation = Session Importance Max Application Importance. Incorrect Answers & Explanations: B, C, D. Answer B is incorrect because neither CPU Utilization nor Memory Usage is used in the calculation. Answer C is incorrect because User Importance is not used in the calculation. Answer D is incorrect because Server Load is not used in the calculation. 15. When using Preferential Load Balancing, which of the following formulas is used for determining CPU utilization distribution? A. CPU Distribution = (Application Importance) / (Session Importance) B. CPU Distribution = (Session Importance) (Application Importance) C. CPU Distribution = (Session Allocation) (Total Server Session Allocations) D. CPU Distribution = (Session Allocation) / (Total Server Session Allocations) Correct Answer & Explanation: D. CPU distribution = (Session Allocation) / (Total Server Session Allocations) Incorrect Answers & Explanations: A, B, C. Answer A is incorrect because Session Importance and Application Importance are not used in the calculation. Answer B is incorrect because Session Importance and Application Importance are not used in the calculation. This is actually the formula for Resource
Self Test Appendix Appendix B 43 Allocation. Answer C is incorrect because the formula is a quotient, not a product of Session Allocation and Total Server Session Allocations. 16. You have configured multiple XenApp shadowing policies. You want settings in these policies to be merged together. But you realize only the highest priority policy is being applied. What is most likely the problem? A. Policies are always applied in order of priority. B. Shadowing was disabled at server install. C. You have not enabled Merging Shadow policies. D. You are using XenApp Enterprise Edition and not XenApp Platinum Edition. Correct Answer & Explanation: C. You must explicitly enable the merging of shadow policies in order for this to occur. This setting is enabled under farm properties in the Citrix Access Management Console. Incorrect Answers & Explanations: A, B, D. Answer A is incorrect because although most policies are processed in order of priority, shadowing policies can be merged together if configured to do so. Answer B is incorrect because if shadowing had been disabled at server install, no one would be able to shadow. Answer D is incorrect because Merging Shadow policies can be enabled in XenApp Enterprise Edition. 17. You are having a problem with load balancing in your XenApp farm. Users are not being directed to one of your servers. You want to check current load activity on this server. What is the best way to do this? A. Use Load Manager Monitor. B. Use Load Manager Logging. C. View Load Evaluator Usage reports. D. Use Performance Monitor. Correct Answer & Explanation: A. Load Manager Monitor will show you real-time load data for your server. Incorrect Answers & Explanations: B, C, D. Answer B is incorrect because Load Manager Logging will not show you current load usage data. It will, however, show you connection data. Answer C is incorrect because Load Evaluator Usage Reports will only show you what Load Evaluators are being used by which servers and applications. They will not show you actual load data.
44 Appendix B Self Test Appendix Answer D is incorrect because Performance Monitor will show you server utilization but not load XenApp load data. 18. Which of the following commands can be used to view application load in your XenApp farm? A. query session B. qfarm/app C. qfarm/load D. query load Correct Answer & Explanation: B. Typing the qfarm/app command at a command prompt will allow you to see application load data for your XenApp farm. Incorrect Answers & Explanations: A, C, D. Answer B is incorrect because query session will only return a list of current sessions. It does not return load information. Answer C is incorrect because it will return server load data, not application load data. Answer D is incorrect because it is an invalid command. There is no load option available with the query command. 19. Users in your organization are complaining that sound is not working in their XenApp sessions. After some investigation, you realize that there is a policy disabling client audio mapping. You disable this policy, but users still cannot play audio within their sessions. What is most likely the issue? A. There is another policy disabling the sound. B. You did not have the proper permissions to change the policy. C. The server is low on resources, and sound has been automatically disabled. D. Users need to log out and log back in for the policy change to take effect. Correct Answer & Explanation: D. XenApp policies last for the length of a session. In order for users to receive new settings, they have to establish a new session. Incorrect Answers & Explanations: A, B, C. Answer A is incorrect because although it s a possibility, it is not the mostly like cause. Answer B is incorrect because you would have not been allowed to make the policy change if you didn t have the appropriate permissions. Answer C is incorrect because the server will not automatically disable sound.
Self Test Appendix Appendix B 45 20. You are using Application Streaming in your environment. You have an application that is set for Stream to Client. You set the Application Streaming policy rule to Force Server Access. What will be the result of using these two settings? A. The application will be streamed to the client. B. Users will not be able to connect to the application. C. The application will be streamed to the server. D. The policy setting will be ignored Correct Answer & Explanation: B. If you attempt to force the client to access the application via the server and there are no server access methods available, the connection will fail. Incorrect Answers & Explanations: A, C, D. Answer A is incorrect because the policy will override the application setting. Answer C is incorrect because there was no option configured for stream to server. Answer D is incorrect because the policy setting will not be ignored. The connection will fail. Chapter 5: Publishing Applications and Content 1. Most of the documents in your company are located on network file shares. Your client systems are all thin clients that do not have applications installed locally. Your users must therefore log into XenApp sessions and open the documents inside the XenApp session. Users have complained that this system is too cumbersome. What can you do to make these opening documents via published applications more seamless to the users? A. Institute Client-to-Server Content Redirection. B. Institute Server-to-Client Content Redirection. C. Institute application streaming. D. Institute SecureICA. Correct Answer & Explanation: A. Client-to-Server Content Redirection uses file type association to associate file extension on a client with published applications. Users can open the document as they normally would if the appropriate application were installed locally. The document will automatically be opened using a published application.
46 Appendix B Self Test Appendix Incorrect Answers & Explanations: B, C, D. Answer B is incorrect because Server-to-Client Content Redirection allows a document inside an ICA session to be opened using a client application. The problem here is that no applications are installed locally. Answer C is incorrect because application streaming alone will not provide this functionality. Application streaming can, however, be used with Client-to-Server Content Redirection. Answer D is incorrect because SecureICA is used to encrypt connections. It will not help you access documents seamlessly. 2. Users in your organization frequently access media files within XenApp sessions. Playing these media files is proving to be a resource burden on your XenApp servers. How can you alleviate this problem? A. Institute Client-to-Server Content Redirection. B. Institute Server-to-Client Content redirection. C. Institute application streaming. D. Institute SecureICA. Correct Answer & Explanation: B. Server-to-Client Content Redirection will allow users to open media files accessed within a XenApp session using a client media player on the client. Incorrect Answers & Explanations: A, C, D. Answer A is incorrect because Client-to-Server Content Redirection allows a document accessed on the client to be opened using a published application. You want the media files opened using media player on the client. Answer C is incorrect because application streaming alone will not provide this functionality. Answer D is incorrect because SecureICA is used to encrypt ICA connections. It will not help you access documents using a client player. 3. You are planning to institute Server-to-Client Content Redirection in your environment. Which of the following media types can be accessed using Server-to-Client content redirection? A. HTTP, RTSP, and MMS B. HTTP, HTTPS, and FTP C. HTTP, FILE, and RTSP D. HTTPS, FTP, and RTSP Correct Answer & Explanation: A. Server-to-Client Content Redirection supports HTTP, HTTPS, RTSP, PNM, and MMS.
Self Test Appendix Appendix B 47 Incorrect Answers & Explanations: B, C, D. Answer B is incorrect because Server-to-Client Content Redirection does not support FTP. Answer C is incorrect because Server-to-Client Content Redirection does not support the FILE media type. Answer D is incorrect because Server-to-Client Content Redirection does not support FTP. 4. One of your user s sessions appears to be hung. You want to determine if data is actually moving between the client and the XenApp server. How can this be determined? A. In the Access Management Console, use the Shadow option for the XenApp session. B. In the Access Management Console, use the Status option for the XenApp session. C. Have the user attempt to copy a remote file to the local client drive. D. Ask the user if the network card on the client shows activity. Correct Answer & Explanation: B. The Status option in the Access Management Console will show you session information, including bytes transmitted and received. Incorrect Answers & Explanations: A, C, D. Answer A is incorrect because the Shadow option itself will not show data transmission. Answer C is incorrect because if the session is hung or appears to be hung, the user will not be able to do a file copy. Answer D is incorrect because that will not tell you if the activity on the network card is because of the XenApp server session. 5. You are about to take your XenApp server offline for maintenance. There is still one user session online. You want to gracefully end the user session. Which option should you use? A. Disconnect B. Status C. Reset D. Logoff Correct Answer & Explanation: D. The logoff option will attempt to gracefully end a user session. Incorrect Answers & Explanations: A, B, C. Answer A is incorrect because Disconnect will not actually end the user session. Answer B is incorrect
48 Appendix B Self Test Appendix because Status will allow you to view session information, but it will not end a user session. Answer C is incorrect because the Reset option will end the session but not gracefully. 6. You have several applications that need to be configured in your XenApp farm. You have exported the properties of one application and plan to use this as the basis for configuring other applications. Since you will be manually configuring the application properties, you need to know which properties are required for a published application. Which of the following properties must be configured in order for a published application to be accessible? A. Name, Location, and Limits B. Name, Description, and Location C. Name, Servers, and Access Control D. Name, Location, and Servers Correct Answer & Explanation: D. Each published application must have the Name, Location, Servers, and Users properties configured correctly in order to function properly. Even though you can create an application without the Servers and Users properties configured, the application will not be accessible until these are configured. Incorrect Answers & Explanations: A, B, C. Answer A is incorrect because the Limits property is not required. Answer B is incorrect because the Description property is not required. Answer C is incorrect because the Access Control property is not required. 7. You have configured the Access Control properties on an application. According to the configuration you set, the application should only be available to users who log in via Access Gateway. But no one is able to access the application, not even users who log in through Access Gateway. What is most likely the problem? A. Your XenApp implementation is licensed for XenApp Platinum and not XenApp Enterprise. B. The Trust requests sent to the XML Service option is not set on your XenApp Server. C. Users are logging in with Access Gateway Advanced Edition and not Access Gateway.
Self Test Appendix Appendix B 49 D. There is a XenApp Access Control policy setting overriding the settings on the published application. Correct Answer & Explanation: B. The Trust requests sent to the XML Service option is required for Access Gateway filters to be properly received and processed by XenApp. Incorrect Answers & Explanations: A, C, D. Answer A is incorrect because XenApp Platinum does support the Access Control application property. Answer C is incorrect because the Access Control application property actually requires Access Gateway Advanced Edition. Answer D is incorrect because there is no XenApp Access Control policy. There is only an Access Control policy filter. 8. You are using XenApp to publish an application that connects to a backend database. The application needs to be accessed by multiple users. The problem is that if multiple instances of the application attempt to access the database at one time, the database can become corrupt. What is the best way to overcome this issue? A. Limit the application so that a given user can only open one instance of the application. B. Only publish the application for one user. The other users can rely on this person to make their changes for them. C. Buy more licenses for the application in question. D. Limit the application so that only one instance can be opened in the XenApp farm. Correct Answer & Explanation: D. You can set an application limit so that an application can only be accessed once in a XenApp farm. This will prevent multiple concurrent attempts to the backend database. Incorrect Answers & Explanations: A, B, C. Answer A is incorrect because multiple users could still open the application once. Therefore, there could still be multiple access attempts to the backend database. Answer B is incorrect because although it s possible, it s not a feasible option. There is also nothing preventing the one user from opening the application more than once. Answer C is incorrect because it does not prevent multiple accesses of the backend database.
50 Appendix B Self Test Appendix 9. You have a published application that transmits sensitive data. You want to secure communication between the client and the XenApp server that serves this application. You have configured the application to use SecureICA encryption. But when users connect to this application, the connections are not encrypted with SecureICA. What is most likely the problem? A. You cannot force SecureICA encryption. B. You are running XenApp Enterprise Edition and not XenApp Platinum Edition. C. You did not select the option for Minimum requirement. D. Application Limits are not set properly. Correct Answer & Explanation: C. When you enable SecureICA encryption, the client and the XenApp server will attempt to negotiate a secure connection. If they cannot negotiate a secure session, the connection will be made without SecureICA. If you want to require SecureICA, you have to set the option for Minimum Requirement. Incorrect Answers & Explanations: A, B, D. Answer A is incorrect because SecureICA can be forced by setting a Minimum requirement. Answer B is incorrect because SecureICA is available in XenApp Enterprise Edition. Answer D is incorrect because Application Limits will not affect whether or not a session uses SecureICA. 10. You have a published application that transmits sensitive data. You want to secure communication between the client and the XenApp server that serves this application. You have configured the application to use SSL/TLS encryption. But when users connect to this application, the connections are not encrypted with SSL or TLS. What is most likely the issue? A. You are running XenApp Enterprise Edition and not XenApp Platinum Edition. B. Users are logging in via the XenApp Plugin, and SSL/TLS encryption is only available when using Web Interface. C. You did not select the option for Minimum requirement. D. You cannot force SSL/TLS encryption. Correct Answer & Explanation: D. SSL/TLS ICA session encryption cannot be forced. Incorrect Answers & Explanations: A, B, C. Answer A is incorrect because SSL/TLS works with XenApp Enterprise Edition, not just Platinum Edition.
Self Test Appendix Appendix B 51 Answer B is incorrect because the XenApp Plugin connections support SSL/ TLS encryption. Answer C is incorrect because there is no Minimum requirement option for SSL/TLS encryption. 11. You have a user whose XenApp session is hung. You have tried to gracefully log off the session, but it didn t work. What other option can you use to end the session? A. Disconnect B. Status C. Reset D. Shadow Correct Answer & Explanation: C. The Reset option can be used to forcibly end a user s session. Incorrect Answers & Explanations: A, B, D. Answer A is incorrect because the Disconnect option will only end the connection between the client and the XenApp server. It will not actually end the XenApp session. Answer B is incorrect because the Status option will show you session statistics but won t end the session. Answer D is incorrect because the Shadow option itself will not end the session. 12. You have configured an application to be Streamed to client. It works fine when users are connected to your corporate LAN. The problem centers on what happens when users take their laptops to remote locations. The application is no longer available because the users do not have access to the corporate LAN. How can you solve this problem without manually installing the application locally on all the clients? A. Configure the application to be Accessed from a server. B. There is no way to provide this access without installing the application on the client. C. You can configure the streamed application for offline access. D. You can configure the application to be Streamed to server. Correct Answer & Explanation: C. You can configure a Streamed to client application for offline access. When you do this, the application files are saved locally on the client. This way, they are available for future access, even when the client cannot connect back to the XenApp server or file share.
52 Appendix B Self Test Appendix Incorrect Answers & Explanations: A, B, D. Answer A is incorrect because the users do not have access to the corporate LAN. Therefore, they will not be able to access the XenApp server. Answer B is incorrect because this access can be provided by using the Streamed to client offline access option. Answer D is incorrect because the users will not have access to the corporate LAN. Therefore, they will not be able to access the XenApp servers. 13. You have a large XenApp environment. All your applications are published on multiple servers for load balancing and fault tolerance purposes. Your XenApp environment is accessed by a wide variety of users; it will be accessed internally and externally by employees, customers, and vendors. You want to publish an application for customers to enter orders. The problem is that your corporate security policy will not allow you to create domain user accounts for customers. Each customer already has a user name and password to use for logging into the application itself. What is the best way to provide application access to your customers? A. Allow anonymous user access to the application. B. Create user domain user accounts for each user. C. Create local user accounts on one of your XenApp servers for each user. D. Use Secure Gateway for the user connections. Correct Answer & Explanation: A. Anonymous user access allows users to access applications without entering user credentials for the application. Incorrect Answers & Explanations: B, C, D. Answer B is incorrect because it will not alleviate the security concerns of having domain accounts for these users. Answer C is incorrect because you have the applications load balanced across multiple servers. Local user accounts will not work properly. Answer D is incorrect because Secure Gateway will help secure the connections but will not help with authentication issues. 14. Users are having a problem when they log into your XenApp farm and launch published applications. After the first application is launched, their sessions freeze. This does not happen when subsequent applications are launched. You ve noticed that if you disable printer mappings, the freezes do not happen. What can you do to potentially alleviate the problem? A. Reinstall the print drivers on the XenApp server. B. Disable load balancing. C. Configure a timeout in the login script.
Self Test Appendix Appendix B 53 D. Enable the Start this application without waiting for printers to be created option on your applications. Correct Answer & Explanation: D. The application option for Start this application without waiting for printers to be created allows the session to become available even while printer creating is still being attempted. Incorrect Answers & Explanations: A, B, C. Answer A is incorrect because there is no evidence that printers are causing printer creation to be slow. Answer B is incorrect because load balancing should not affect printer creation. Answer C is incorrect because the users would still experience a freeze. It would just be caused by something other than printer creation. 15. You are trying to configure Client-to-Server Content Redirection. When you try to select the appropriate file types, none are showing up in the Content redirection page of application properties. How can this be fixed? A. Update your XenApp license from Enterprise Edition to Platinum Edition. B. Uninstall and reinstall the corresponding application. C. Use the Update file types from registry task. D. Institute Client-to-Server Content Redirection via a XenApp policy instead. Correct Answer & Explanation: C. Client-to-Server Content Redirection relies on the file type read from the system registry. Sometimes you need to manually tell XenApp to re-read these file types. Incorrect Answers & Explanations: A, B, D. Answer A is incorrect because XenApp Enterprise Edition supports Client-to-Server Content Redirection. Answer B is incorrect because re-installing the application will not cause XenApp to re-read the file types. Answer D is incorrect because Clientto-Server Content Redirection cannot be implemented via a XenApp policy. Only Server-to-Client Content Redirection can. 16. You have configured an application to use SSL / TLS for encrypting connections. When users connect to the application, the connections are not encrypted. Upon investigation, you find that users are receiving a trust error. What is most likely the issue? A. Users are logging in via the XenApp Plugin and not Web Interface. B. Users are logging in via Web Interface and not the XenApp Plugin. C. The client systems do not have the appropriate root certificate installed. D. Users are selecting a non-ssl enabled application.
54 Appendix B Self Test Appendix Correct Answer & Explanation: C. The lack of a valid root certificate on the client will cause a trust error because the client does not trust the Certificate Authority that issued the XenApp server s certificate. Incorrect Answers & Explanations: A, B, D. Answer A is incorrect because the XenApp Plugin does support SSL / TLS connections. Answer B is incorrect because Web Interface does support SSL / TLS connections. Answer D is incorrect because from the error, you can tell that the client and server are trying to negotiate an SSL or TLS session. 17. You are planning a new XenApp implementation. You plan to use published content in order to make it easier for users to access the information they need. You have published the following: file://\\nas01\accounting\financial Report.doc. Users complain that when they attempt to launch the content, they are unable to access the document. What is most likely the problem? A. Users do not have proper OS or share permissions to the document. B. XenApp published content does not support the file:// notation. C. User are logging in via Web Interface and not the XenApp Plugin. D. Users do not have appropriate access to the published application. Correct Answer & Explanation: A. Published content is basically a shortcut to a document. You need to ensure the user has the appropriate rights to the document through the operating system. Incorrect Answers & Explanations: B, C, D. Answer B is incorrect because XenApp published content supports http:// and file:// notation, as well as UNC paths. Answer C is incorrect because Web Interface does support published content. Answer D is incorrect because if users did not have the appropriate access to the published application, they would not attempt to launch. 18. Administrators in your environment need to log into your XenApp server desktops in order to perform certain administrative tasks. They are accustomed to using Program Neighborhood to create custom connections to the desktop of the server they want to access. In the new environment, no one will have the ability to create custom connections. Everyone will log in via either Web Interface or the XenApp Plugin. How can you still provide administrators the access they need? A. Inform administrators that they now will need to go into the server room and log directly into the server console.
Self Test Appendix Appendix B 55 B. Publish the server desktops. C. Administrators will need to install any tools they need locally on their client systems. D. Use the Custom Connections feature of the XenApp Plugin. Correct Answer & Explanation: B. Published desktops allow direct connections to the XenApp server desktops. They can be accessed by the same methods used to access any published application. Incorrect Answers & Explanations: A, C, D. Answer A is incorrect because it is not feasible to expect administrators to log into the local server consoles. The server room may not be easily accessible. This also prevents two administrators from logging into the same server simultaneously, if needed. Answer C is incorrect because not all server administration can be done remotely. Answer D is incorrect because the XenApp Plugin does not support custom connections. 19. Users in your environment access your XenApp applications via many different methods and using many different clients. You have configured a particular application in your environment to place a shortcut on users Start Menus. This is working properly for some users, but others report the shortcut is not appearing. What is most likely the cause of this behavior? A. The users in question are logging in via Web Interface. B. The users in question are logging in via the XenApp Plugin. C. The client systems in question do not support the right color depth to display the shortcut. D. The users in question are attempting to log in with the wrong password. Correct Answer & Explanation: A. Web Interface does not support the shortcut placement feature of XenApp. You must use the XenApp Plugin. Incorrect Answers & Explanations: B, C, D. Answer B is incorrect because shortcut placement should work with the XenApp Plugin. Answer C is incorrect because Color depth does not affect whether or not a shortcut will be placed. Lack of sufficient Color depth can cause the icon to appear distorted, however. Answer D is incorrect because the users would receive an error message if they were attempting to log in using the incorrect password. 20. You have disabled a published application for maintenance. Now when users attempt to access the application in Web Interface, they receive a message
56 Appendix B Self Test Appendix saying the application has been disabled. This creates a bad user experience. What can be done to ensure a better experience for the users? A. You should also hide the application. B. Instruct users not to click on the disabled application. C. Uninstall the application from all your XenApp servers. D. Disable logons to the XenApp servers hosting the application. Correct Answer & Explanation: A. If you hide the application, then the application will not appear in Web Interface. Incorrect Answers & Explanations: B, C, D. Answer B is incorrect because it does not improve the user experience. The application still appears and can be clicked by users. Answer C is incorrect because uninstalling the application will prevent you from performing the maintenance on the application. Answer D is incorrect because disabling logons to the server will not prevent the users from getting an error message. Chapter 6: Streaming Applications 1. Your XenApp environment consists of a large variety of clients. You have just implemented XenApp Application Streaming. One of your users is accessing your environment with a Windows 98 client. The user reports that the Application Streaming plug-in will not install properly, although, he can install other applications without a problem. What is most likely the problem? A. The user does not have the appropriate rights to install applications. B. Your applications are configured for Streamed to Server and not Streamed to Client. C. Application Streaming does not support Windows 98 clients. D. Your applications are configured for Streamed to Client and not Streamed to Server. Correct Answer & Explanation: C. Citrix Application Streaming plugin does not support Windows 98 clients. It supports Windows 2008, Windows Vista, Windows 2003, and Windows XP. Incorrect Answers & Explanations: A, B, D. Answer A is incorrect because the user can install other applications. Answer B is incorrect because the type of streamed application does not matter. Answer D is incorrect because the type of streamed application does not matter.
Self Test Appendix Appendix B 57 2. You are adding Application Streaming to your XenApp environment. You are at the point in the process where you are profiling applications. You are having trouble with some of your application packages. You suspect that some of the applications are not supported by Application Streaming. Which of the following applications cannot be run using Application Streaming? A. Device drivers B. Legacy applications C. 64-bit applications D. 32-bit applications Correct Answer & Explanation: A. Device drivers cannot be installed using Application Streaming. Application Streaming does not operate at the appropriate level to make device drivers work. Incorrect Answers & Explanations: B, C, D. Answer B is incorrect because legacy applications can be deployed using Application Streaming. Answer C is incorrect because 64-bit applications are supported by Application Streaming. Answer D is incorrect because 32-bit applications are supported by Application Streaming. 3. You have just installed your XenApp Application Streaming environment. You need to package applications for distribution. Which of the following is used to package applications? A. Citrix XenApp Plugin B. XenApp Advanced Configuration Tool C. Citrix Access Management Console D. Citrix Streaming Profiler Correct Answer & Explanation: D. The Citrix Streaming Profiler issued to create packages to be used with Application Streaming. Incorrect Answers & Explanations: A, B, C. Answer A is incorrect because the XenApp plugin does not create packages. However, it is required to run streamed applications. Answer B is incorrect because the XenApp Advanced Configuration Tool cannot be used to package applications. However, it can be used to create a policy for Application Streaming. Answer C is incorrect because the Citrix Access Management Console cannot be used to packaged applications. However, it can be used to publish streamed applications for users.
58 Appendix B Self Test Appendix 4. You are configuring your XenApp Application Streaming environment so that applications can be Streamed to Client. You have installed the XenApp Plugin for Streamed Applications on your client systems running Windows XP. The client system still cannot run Streamed to Client applications. What is most likely the problem? A. Citrix Application Streaming does not support Windows XP clients. B. The application is 64-bit and cannot be streamed. C. You need to install the XenApp Plugin for Published Applications in addition to the XenApp Plugin for Streamed applications. D. You need to remove the XenApp Plugin for Streamed Applications and install the XenApp Plugin for Published Applications. Correct Answer & Explanation: C. In order to stream applications to a client system, the client must have the XenApp plugin for Streamed Applications and the XenApp plugin for Published Applications installed. Incorrect Answers & Explanations: A, B, D. Answer A is incorrect because Windows XP clients are supported by Application Streaming. Answer B is incorrect because 64-bit applications can be run using Application Streaming. Answer D is incorrect because both the XenApp plugin for Streamed Applications and the XenApp plugin for Published Applications are needed to stream applications to the client. 5. You are configuring your XenApp Application Streaming environment so that applications can be Streamed to Server. You have installed the XenApp plugin for Streamed Applications on your client systems running Windows XP. The client system still cannot run streamed applications. What is most likely the problem? A. Citrix Application Streaming does not support Windows XP clients. B. The application has been packaged incorrectly for the client operating system. C. You need to ensure the client has the appropriate permissions to install applications. D. You need to install the XenApp Plugin for Published Applications on the client. Correct Answer & Explanation: D. In order for a client system to access Streamed to Server applications, the client needs to have the XenApp plugin for Published Applications installed.
Self Test Appendix Appendix B 59 Incorrect Answers & Explanations: A, B, C. Answer A is incorrect because Application Streaming is supported on Windows XP systems. Answer B is incorrect because the package is run from the server, not the client. Answer C is incorrect because the client was able to install the XenApp plugin for Streamed Applications. 6. You have just installed your XenApp Application Streaming environment. You have profiled an application. How do you make this application package available for users? A. Publish the application using the Citrix Access Management Console. B. Publish the application using the XenApp Advanced Configuration Tool. C. Copy the package to each user system. D. Install the application on all client systems. Correct Answer & Explanation: A. Streamed applications have to be published using the Citrix Access Management Console in order for users to access them. Incorrect Answers & Explanations: B, C, D. Answer B is incorrect because streamed applications are published using the Access Management Console, not the XenApp Advanced Configuration Tool. Answer C is incorrect because copying the package to each user system will not make it available via Application Streaming. It must be published. Answer D is incorrect because installing the application on the systems will not make it available via Application Streaming. 7. You are profiling a new application for Application Streaming. You want the application to be Streamed to Client. Your organization consists of clients with varying operating systems. How can you ensure that your application package can be used on multiple client operating systems, with the fewest number of packages possible? A. Enable Relaxed Security on the application package. B. Choose Quick Install in the Citrix Profiler when creating the package. C. Create one package for each operating system. D. Configure multiple targets in a single package. Correct Answer & Explanation: D. The Citrix Profiler allows you to specify multiple targets within a single package. Each target defines an operating system and language requirement.
60 Appendix B Self Test Appendix Incorrect Answers & Explanations: A, B, C. Answer A is incorrect because the Relaxed Security option does allow for multiple operating systems. Answer B is incorrect because the Quick Install option does not allow for multiple operating systems. Answer C is incorrect because it does not cut down on the number of packages created. 8. You are profiling an application to be used for Application Streaming. The application requires an Internet Explorer plug-in to be installed. What must be done to ensure the application is profiled properly? A. Use the Citrix Profiler to create a CAB package for the application. B. Choose the option for Enhanced Security in the Citrix Profiler. C. Choose the option for Advanced Install in the Citrix Profiler. D. Choose the option for Quick Install in the Citrix Profiler. Correct Answer & Explanation: C. The Advanced Install option allows for the configuration of more advanced settings during packaging. It allows you to install Internet Explorer plugins, create registry entries, and run multiple installation executables. Incorrect Answers & Explanations: A, B, D. Answer A is incorrect because simply creating a CAB file will not allow the packager to install Active-X controls. Answer B is incorrect because the Enhanced Security option does not affect installation during the packaging process. Answer D is incorrect because the Quick Install option does not allow for the installation of Active-X plugins. 9. All of the settings and information for a profiled application are stored in the. A. Package manifest B. Computer registry C. Package registry D. IMA datastore Correct Answer & Explanation: A. The package manifest stores all the settings and information associated with an application package. Incorrect Answers & Explanations: B, C, D. Answer B is incorrect because the computer registry does not store package information. However, the package may contain information about computer registry entries necessary for the applications. Answer C is incorrect because there is no package registry.
Self Test Appendix Appendix B 61 Answer D is incorrect because the package information is not stored in the IMA datastore. 10. Your company distributes documents internally that require a special reader application. Most users have the reader installed locally; a few do not. The users who have the reader installed locally, simply double-click on the documents and the documents are opened using the appropriate reader application. You want to provide this same ease of use to users who do not have the reader application installed locally. How can you accomplish this using Application Streaming? A. You can t use Application Streaming; you have to use traditional installed application publishing. B. You must install the reader application locally on all clients. C. Use Server to Client Content Redirection. D. Use Client to Server Content Redirection. Correct Answer & Explanation: D. Client to Server Content Redirection allows a client to open local documents using a published application. Incorrect Answers & Explanations: A, B, C. Answer A is incorrect, because Client to Server Content Redirection can be used with Application Streaming to achieve the desired result. Answer B is incorrect because the reader application does not have to be installed on all of the clients. Answer C is incorrect because Server to Client Content Redirection allows media files accessed on the server to be opened using client applications. 11. One of your profiled applications requires the users to run ActiveX controls that were installed as part of the package. How can you ensure that users are able to use the application properly? A. Enable Enhanced Security on the application package. B. Enable Relaxed Security on the application package. C. Use Quick Install when packaging the application. D. Use Streamed to Server instead of Streamed to Client applications. Correct Answer & Explanation: B. Relaxed security allows users to run executables like EXEs, DLL, and Active-X controls. Incorrect Answers & Explanations: A, C, D. Answer A is incorrect because Enhanced Security will restrict what executables can run on the client. Answer C is incorrect because the Quick Install option is not used to control
62 Appendix B Self Test Appendix execution. Answer D is incorrect because streaming to server or streaming to client alone will not affect execution. 12. You have just installed your XenApp Application Streaming environment. You are packaging applications. Your security team is afraid that an attacker will be able to tamper with your packages and have users execute malicious code. What can you do to protect against this? A. Enable Profile Signing in the application package. B. Enable Relaxed Security on the application package. C. Enable Enhanced Security on the application package. D. Use Advanced Install when packaging the application. Correct Answer & Explanation: A. Profile Signing will allow you to control who can create and modify packages distributed to clients. Incorrect Answers & Explanations: B, C, D. Answer B is incorrect because Relaxed Security will make the implementation less secure. Answer C is incorrect because the Enhanced Security option will not prevent modification of packages. Answer D is incorrect because the Advanced Install option will not help to secure the package. 13. You are putting together a proposal to push for the implementation of XenApp Application Streaming in your organization. As part of the proposal you need to list some of the benefits. Which of the following are benefits of using XenApp Application Streaming? (Choose two) A. Applications are run in an isolated environment. B. XenApp Application Streaming helps get around application licensing constraints. C. XenApp server installation is not required. D. XenApp Application Streaming provides on-demand access to applications. E. No client plug-ins are needed. Correct Answer & Explanation: A, D. Application Streaming allows for on-demand access to applications, application isolation, and the presence of multiple versions of an application. Incorrect Answers & Explanations: B, C, E. Answer B is incorrect because Application Streaming will not allow you to circumvent application licensing. Applications must still be licensed properly. Answer C is incorrect because you
Self Test Appendix Appendix B 63 must still install XenApp servers to use Application Streaming. They provide the infrastructure for Application Streaming. Answer E is incorrect because Application Streaming requires the XenApp plugin for Published Applications, and depending on the configuration, the XenApp plugin for Streamed Applications. 14. You are setting up your XenApp Application Streaming environment. You have created the application packages that users will use to run applications. What must be done with the application packages to ensure that they are accessible by the end users? A. They must be copied to all of the users workstations. B. They must imported into the Access Management Console. C. They must be copied to a centralized file store. D. They must be imported into the IMA datastore. Correct Answer & Explanation: C. Application packages must be copied to a central file store in order for clients to be able to download them. Incorrect Answers & Explanations: A, B, D. Answer A is incorrect because the packages do not need to be copied to the client systems. Answer B is incorrect because packages are not imported in the Access Management Console. However, the Access Management Console can be used to publish streamed applications. Answer D is incorrect because application packages are not imported into the IMA datastore. 15. You have just profiled an application that requires the.net Framework to run properly. You do not want this application streamed if the framework is not installed on the client system. How can you prevent the application from streaming if.net Framework is not installed? A. Enabled the Enhanced Security option. B. Configure the option for Cache at application launch. C. Configure the option for Cache at login time. D. Configure pre-launch analysis to check for the.net Framework. Correct Answer & Explanation: D. You can use a pre-launch analysis to check for application pre-requisites. Incorrect Answers & Explanations: A, B, C. Answer A is incorrect because the Enhanced Security option does not check the client for prerequisites.
64 Appendix B Self Test Appendix Answer B is incorrect because the Cache at application launch option will not prevent an application from being streamed if the prerequisites are not met. Answer C is incorrect because the Cache at login time option will not prevent an application from being streamed if the prerequisites are not met. 16. You have salespeople in your organization who are using Application Streaming. Depending on the sales engagement, these users can be away for weeks at a time. Some of them are complaining that after three weeks they are no longer able to use the cached copies of their streamed applications. What can be done to alleviate this problem? A. Enable the Relaxed Security option. B. Increase the cached application license period. C. Enable the option for Cache at application launch. D. Enable the option for Cache at login time. Correct Answer & Explanation: B. XenApp allows you to configure how soon a user must connect back to your Application Streaming implementation before their license to use a particular application expires. The default is 21 days. Incorrect Answers & Explanations: A, C, D. Answer A is incorrect because the Relaxed Security option will not help with licensing issues. Answer C is incorrect because the problem is occurring after the application has been cached. Answer D is incorrect because the problem is occurring after the application has been cached. 17. You have profiled an application that leaves temp files on the client system when the application is closed. These temp files can take up a lot of hard drive space. You want to ensure that these temp files do not use up all the space on the users hard drives. How can you accomplish this? A. Create a login script on the client system. B. Configure a pre-launch script to delete the temp files. C. Configure a post-exit script to delete the temp files. D. Configure the option for Cache app at login time. Correct Answer & Explanation: C. Post-exit scripts can be used to perform tasks after a streamed application has been closed. Incorrect Answers & Explanations: A, B, D. Answer A is incorrect because a system login script will execute before the application is launched. Answer B
Self Test Appendix Appendix B 65 is incorrect because a pre-launch script will execute before the application is launched. Answer D is incorrect because caching the application will not clear out the temp files. 18. You want to use cached applications in your Application Streaming environment. With the current configuration, use have to launch all applications at least to be able to user them offline. Can anything be done about this? A. Configure the option for Cache app at launch time. B. Increase the cached application license period. C. Copy the application packages to the clients manually. D. Configure the option for Cache app at login time. Correct Answer & Explanation: D. If applications are cached at login time, they do not have to be launched by the user. Incorrect Answers & Explanations: A, B, C. Answer A is incorrect because it will require the users to launch each application before they will be cached. Answer B is incorrect because the application license period will not control when they are cached. It controls how long you can use a cached application with connecting back to your Application Streaming implementation. Answer C is incorrect because Application Streaming will not work properly with manually copied application packages. 19. You have configured your Application Streaming environment to make numerous applications available to your end users. Your security team is afraid that a malicious attacker could use your Application Streaming environment for privilege escalation, gaining control of the entire client system. What can you do to mitigate this risk? A. Configure the option for Cache app at launch time. B. Increase the cached application license period. C. Configure the application option for Run application as a least-privileged user account. D. Configure the option for Cache app at login time. Correct Answer & Explanation: C. When the Run application as a leastprivileged user account option is enabled, the application will be run with a user account possessing the least amount of access rights on the system. Incorrect Answers & Explanations: A, B, D. Answer A is incorrect because the Cache at launch time option does not control user access rights. Answer B is
66 Appendix B Self Test Appendix incorrect because the application license period does not control user access rights. Answer D is incorrect because the Cache at login time option does not control user access rights. 20. You have configured your Application Streaming environment to make applications available to your end users. All your applications are configured for Streamed to Server. You have configured the option for Run application as a least-privileged user account. Upon investigation, you realize this setting is not taking effect. What is most likely the cause? A. The setting only applies to applications installed on the XenApp server, not streamed applications. B. The setting applies only to Streamed to Client applications, not Streamed to Server applications. C. You need to configure a XenApp policy to enforce this option. D. The user is logged in to the client system using an administrator account. Correct Answer & Explanation: B. The Run application as a least-privileged user account option only applies to applications configured to be Streamed to Client. Incorrect Answers & Explanations: A, C, D. Answer A is incorrect because the option applies to Streamed to Client applications only. Answer C is incorrect because there is no XenApp policy to configure this option. Answer D is incorrect because the logged in user does not affect this setting. Chapter 7: Configuring Printing 1. Which of the following best describes client local printing? A. The print job spools from XenApp to the client device and then to the client local printer. B. The print job spools from XenApp to the network print server and then to the printer. C. A policy determines to where the print job spools. D. The print job spools from XenApp to the server local printer. Correct Answer & Explanation: A. In client local printing, the print job spools from XenApp to the client device and then to the client local printer. Incorrect Answers & Explanations: B, C, D. Answer B is incorrect because it describes server network printing. Answer C is incorrect because it
Self Test Appendix Appendix B 67 describes client network printing. Answer D is incorrect because it describes server local printing. 2. Several users in the company have to work on different floors of the building and on different client devices throughout the day. Of course, they must use the same logon credentials no matter which computer they are working on. When they connect to published applications, they need to be able to print from a nearby printer no matter where they are. Which policy rule should the IT department configure and how should the policy be filtered to make sure that these users always have a nearby print device to print to? A. Session printers / Users and Groups B. Session printers / Client IP Address C. Print job routing / Users and Groups D. Print job routing / Client IP Address Correct Answer & Explanation: B. The session printers policy rule allows an administrator to control the assignment of network printers. In this case, the policy should be configured by IP address. That way, the IT department can assign the IP range of the computers on each level of the building to a different policy, so when a user is on the fifth floor they will have access to the fifth floor printers, and when they have to move to the second floor, they will have access to the second floor printers. Incorrect Answers & Explanations: A, C, D. Answer A is incorrect because Users and Group membership is not a function of where the user is located. Answer C is incorrect because print job routing determines the path of the print job itself, not which printer the user prints to. Answer D is incorrect because print job routing determines the path of the print job itself, not which printer the user prints to. 3. To make sure the desired printer drivers are automatically installed on every new server that is added to the server farm, which of the following settings should be configured? A. Manual replication B. Auto-replication C. Printer driver mapping D. Universal printer driver
68 Appendix B Self Test Appendix Correct Answer & Explanation: B. An auto-replication list is created using the XenApp Advanced Configuration tool (ACT). If a server is added to the server farm that does not have the printer driver detected, the driver is installed. Incorrect Answers & Explanations: A, C, D. Answer A is incorrect because manual replication requires user intervention. Answer C is incorrect because printer driver mapping is not used to install drivers. It s used to match printer driver names with already installed drivers. Answer D is incorrect because the universal printer driver is used for printer creation, it s not used to install drivers. 4. When should printer driver replication be performed? A. During peak hours when all of the users are more likely to need them B. Just after a reboot of all the servers C. During off-peak hours when higher priority traffic is not impacted D. Just before a reboot of all the servers Correct Answer & Explanation: C. The driver replication process can take a considerable amount of time and requires a substantial amount of system resources. Because of these resource requirements, the replication should be performed during off-peak hours when higher priority traffic is not impacted. Incorrect Answers & Explanations: A, B, D. Answer A is incorrect, because the network traffic created by replication could affect other user activity. Answer B is incorrect because server reboots have no affect on manual replication. Answer D is incorrect because server reboots have no effect on manual replication. 5. Which of the following best describes client network printing? A. The print job spools from XenApp to the client device and then to the client local printer. B. The print job spools from XenApp to the network print server and then to the printer. C. A policy determines to where the print job spools. D. The print job spools from XenApp to the server local printer. Correct Answer & Explanation: C. Explanation: In client network printing, the print job spools from XenApp to the client device or network print server, or depending on the policy configuration, to the network print server and then to the network printer.
Self Test Appendix Appendix B 69 Incorrect Answers & Explanations: A, B, D. Answer A is incorrect because it describes client local printing. Answer B is incorrect because it describes server network printing. Answer D is incorrect because it describes server local printing. 6. Which of the following are required in order to import a print server? (choose three.) A. Name or IP address of the print server B. Name or IP address of the printer C. User account name D. User account password E. Network domain of the print server Correct Answer & Explanation: A, C, D. To import a print server, in the XenApp Advanced Configuration tool (ACT), right-click Printer Management and click Import Network Print Server. In the Network Print Server dialog box, type the name or IP address of the print server in the Server field, type a user account name that has access rights to the specified printer in the Connected As field, and type the password for the user account in the Password field. Click OK. Incorrect Answers & Explanations: B, E. Answer B is incorrect because no printer information is required. You only need to enter print server information. Answer E is incorrect because the print server network domain is not required to locate the print server. 7. The reporting department is complaining about applications running slowly. The applications that they are complaining about are published applications in the server farm. The department is in a remote office that connects to the server farm over a WAN, which has become quite congested with network traffic. The administrator has already optimally configured printer auto-creation and print job routing. What should the administrator do next to assist with this issue? A. Apply a session printers policy B. Apply a printer bandwidth policy C. Apply a SpeedScreen Progressive Display policy with ultra-high compression D. Apply a legacy client printers policy
70 Appendix B Self Test Appendix Correct Answer & Explanation: B. Applying a printer bandwidth policy allows the administrator to control the amount of maximum bandwidth in kilobytes per second that may be used for printing. This will free up some bandwidth for other resources, including applications, using the WAN link. Incorrect Answers & Explanations: A, C, D. Answer A is incorrect because session printers don t necessarily affect bandwidth usage. They affect what printers users connect to, but not how printing is done. Answer C is incorrect because SpeedScreen Progressive Display helps with video, not printing. Answer D is incorrect because legacy client printers will not affect network bandwidth. 8. There are still some client printer names left over in your environment from a previous implementation of XenApp. Which of the following policy rules should be configured to handle those names? A. Auto-creation B. Turn off client printer mapping C. Legacy client printers D. Print job routing E. Printer properties retention Correct Answer & Explanation: C. Legacy client printers enables the use of old-style client printer names as used by Terminal Services or XenApp 3.0 or earlier. Auto-creation enables the use of auto-creation of all, local, default, or no client printers. Printer properties retention controls whether or not printer properties are stored on the client device or the user profile on the server. Print job routing controls whether or not network print jobs flow directly from XenApp to the print server or take an extra step and are routed back through the client device. Turn off client printer mapping disables the mapping of all client printers. Incorrect Answers & Explanations: A, B, D, E. Answer A is incorrect because the printer auto-creation policy does not define how printers are named. Answer B is incorrect because the client printer mapping policy does not affect printer naming. Answer D is incorrect because the print job routing policy does not affect printer names. Answer E is incorrect because the printer properties retention policy only affects printer settings, not printer names. 9. Where does an administrator manually add printer drivers to a print server in a XenApp environment? A. XenApp Advanced Configuration tool (ACT) Printer Management Drivers
Self Test Appendix Appendix B 71 B. XenApp Advanced Configuration tool (ACT) Printer Management Printers C. Access Management Console (AMC) Citrix Resources XenApp Farm Node Printers Drivers D. Printers and Faxes File Server Properties Drivers Utility Correct Answer & Explanation: D. Before a printer can be used, a printer driver must be installed in XenApp. To add, remove, and reinstall printer drivers on a server, and administrator can use the Drivers utility on a Windows server by going to Printers and Faxes File Server Properties Drivers Utility. Incorrect Answers & Explanations: A, B, C. Answer A is incorrect because the Drivers node in the ACT only lets you manage already installed drivers. It doesn t let you install new ones. Answer B is incorrect because the Printers node in the ACT does not let you manage print drivers. Answer C is incorrect because the AMC does not let you install print drivers. 10. Which of the following are benefits of the Universal Print Driver?(choose three.) A. Prioritizes print jobs for more efficient printing B. Reduces the size of some print jobs C. Reduces delays when spooling over slow connections D. Allows jobs to print faster E. Allows you to configure the same printer properties as native printer drivers Correct Answer & Explanation: B, C, D. Benefits of the Universal Print Driver include: The enhanced metafile format which reduces the size of some print jobs; allows jobs to print faster; allows users to set printer properties and preview documents ready for printing; reduces load on the server, and bandwidth and CPU processing are saved; reduces delays when spooling over slow connections; avoids more problems in a diverse environment; limits the installation and duplication of printer drivers on servers; ensures that client printers auto-create regardless of printer driver availability on the server; minimizes help desk calls; enables users to print to almost any printer; redirects client printers only. Incorrect Answers & Explanations: A, E. Answer A is incorrect because the Universal Print Driver does not prioritize print jobs. Answer E is incorrect because the Universal Print Driver does not always expose all of the features available for a printer.
72 Appendix B Self Test Appendix 11. The reporting group uses several applications and does a lot of printing. Sometimes they require printing from an application immediately after opening it. They often complain that they have to make several attempts before they can see their printers on their client device, so they have to wait to print. Which of the following settings should be configured to fix this issue? A. Synchronous printer creation B. Asynchronous printer creation C. Print job routing D. Session printers Correct Answer & Explanation: A. Synchronous printer creation should be used when applications require all printers to be created first, or when applications require a stable printing environment. With synchronous printer creation, printers create before the users have access to interact with and use their sessions. The users must wait for all printers to create in the background before they can perform any activities. Incorrect Answers & Explanations: B, C, D. Answer B is incorrect because with asynchronous printing, the application may become available before printer creation has completed. Answer C is incorrect because print job routing affects print jobs themselves, not printer creation. Answer D is incorrect because session printers control what printers are made available, not how they are created. 12. You have configured your XenApp environment to map local client printers. One of your users is complaining that one of her printers is not being mapped. Upon investigation, you realize that the printer driver used on the client is called Color Printer 1 Driver. On your XenApp server, the corresponding driver is called Color Printer I Driver. How can you ensure that the Color Printer I Driver is used to create the printer? A. Configure printer driver mapping. B. Enable the Universal Print Driver. C. Configure print job routing. D. Configure printer driver replication. Correct Answer & Explanation: A. Printer driver mapping allows you to map a client printer driver to a server printer driver.
Self Test Appendix Appendix B 73 Incorrect Answers & Explanations: B, C, D. Answer B is incorrect because the Universal Printer Driver would actually be used to create the printer, not the Color Printer I Driver. With asynchronous printing, the application may become available before printer creation has completed. Answer C is incorrect because print job routing specifies how documents are printed, not how printers are created. Answer D is incorrect because printer driver replication can be used to copy the printer driver to another XenApp server, but it will not help in creating the printer. 13. Which of the following best describes server local printing? A. The print job spools from XenApp to the client device and then to the client local printer B. The print job spools from XenApp to the network print server and then to the printer C. A policy determines to where the print job spools D. The print job spools from XenApp to the server local printer Correct Answer & Explanation: D. In server local printing, the print job spools to the local print spooler on the XenApp server. Incorrect Answers & Explanations: A, B, C. Answer A is incorrect because it describes client local printing. Answer B is incorrect because is describes server network printing. Answer C is incorrect because it describes client network printing. 14. Which of the following best describes server network printing? A. The print job spools from XenApp to the client device and then to the client local printer B. The print job spools from XenApp to the network print server and then to the printer C. A policy determines to where the print job spools D. The print job spools from XenApp to the server local printer Correct Answer & Explanation: B. In server network printing, the print jobs moves from the XenApp server to the network print server. Incorrect Answers & Explanations: A, C, D. Answer A is incorrect because it describes client local printing. Answer C is incorrect because it describes client network printing. Answer D is incorrect because it describes server local printing.
74 Appendix B Self Test Appendix 15. You are having trouble in your XenApp printing environment. You re finding that certain printer drivers are causing problems on your servers. You want to prevent these problem drivers from being used. How can you accomplish this? A. Disable client printer mapping B. Configure asynchronous printer creation C. Configure printer driver replication D. Create a printer driver compatibility list Correct Answer & Explanation: D. A printer driver compatibility list can be used to specify a certain set of printer drivers than can be used in your XenApp environment. If a driver is not on this list, it will not be used. Incorrect Answers & Explanations: A, B, C. Answer A is incorrect because although disabling client printer mapping will solve your printer driver problems, users will not be able to print. Answer B is incorrect because configuring asynchronous printer creation will still allow the harmful printer drivers to be used. Answer C is incorrect, because printer driver replication will simply copy the offending drivers to other XenApp servers. 16. Your XenApp printing environment consists of numerous printer drivers used for printer creation. You are bringing several new XenApp servers online in your XenApp environment. You want all the printer drivers necessary for your environment to automatically be copied to the new servers. How can you accomplish this? A. Configure printer driver mapping B. Configure asynchronous printer creation C. Configure printer driver auto-replication D. Create a print driver compatibility list Correct Answer & Explanation: C. With printer driver auto-replication, printer drivers are automatically copied to new XenApp servers when they come online. Incorrect Answers & Explanations: A, B, D. Answer A is incorrect because printer driver mapping helps configure drivers that have already been installed on the XenApp server; it will not help install drivers on the server. Answer B is incorrect because configuring asynchronous printer creation will not help copy printer drivers to new servers. Answer D is incorrect because a printer
Self Test Appendix Appendix B 75 driver compatibility list will help control which printer drivers are used, but it will not help install drivers. 17. Users in your environment are reporting that changes they make to their printer properties are not being saved. They have to redo all the changes every time they log on to the XenApp environment. This is creating a very poor user experience. What can be done to alleviate this problem and improve the experience of your users? A. Configure printer driver mapping. B. Configure asynchronous printer creation. C. Configure printer driver auto-replication. D. Create a printer properties retention XenApp policy. Correct Answer & Explanation: D. The printer properties retention XenApp policy allows users to save printer property changes and specify where they will be saved. Incorrect Answers & Explanations: A, B, C. Answer A is incorrect because printer driver mapping helps configure drivers that have already been installed on the XenApp server, but it will not help with customized printer properties. Answer B is incorrect because configuring asynchronous printer creation will not help with printer properties. Answer D is incorrect because a printer driver compatibility list will help control which printer drivers are used, but not the properties of those printers. 18. Currently, in your XenApp printing environment, print jobs are routed from the XenApp server to the network print server. In order to make your printing environment more efficient, you want print jobs to be routed back to the client, then to the network print server. How can you accomplish this? A. Configure a print job routing XenApp policy. B. Configure asynchronous printer creation. C. Configure printer driver auto-replication. D. Create a printer properties retention XenApp policy. Correct Answer & Explanation: A. The print job routing XenApp policy allows you to configure how print jobs are routed to the network print server. They can be routed from the XenApp server to the network print server, or from the XenApp server down to the client, and then to the network print server. Incorrect Answers & Explanations: B, C, D. Answer B is incorrect because asynchronous print creation will not affect how print jobs are processed.
76 Appendix B Self Test Appendix Answer C is incorrect because printer driver auto-replication will copy printer drivers between XenApp servers, but it will not control print jobs. Answer D is incorrect because printer properties retention allows users to save their printer settings, not control print jobs. 19. Currently, in your XenApp environment, users are experiencing what appears to be session hangs at logon time. Their session will freeze briefly. You are mapping only network printers at log-on time, and you suspect print mapping is causing the session freezes. What can you do to alleviate the problem? A. Configure a print job routing XenApp policy. B. Configure asynchronous printer creation. C. Configure printer driver auto-replication. D. Create a printer properties retention XenApp policy. Correct Answer & Explanation: B. Asynchronous printer creation will cause sessions to become available while printer creation is being done. This way, users will not see a delay in session availability while printers are created. Incorrect Answers & Explanations: A, C, D. Answer A is incorrect because print job routing has no effect until after session initialization has completed and printers are created. Answer C is incorrect because printer driver autoreplication will copy printer drivers between XenApp servers, but it will not control how printers are created. Answer D is incorrect because printer properties retention allows users to save their printer settings but not control printer creation. 20. Currently in your XenApp environment, you have configured a policy to allow printer properties retention. However, when users log on and make changes to their printer properties, the changes are not being saved. What is most likely preventing the users changes from being saved? A. You are using mandatory user profiles. B. You are using the Universal Print Driver for printer creation. C. You are using legacy printer names. D. You are using synchronous printer creation. Correct Answer & Explanation: A. If you are using mandatory user profiles, printer property changes cannot be saved to the user s profile.
Self Test Appendix Appendix B 77 Incorrect Answers & Explanations: B, C, D. Answer B is incorrect because using the Universal Printer Driver will still allow users to save printer property changes if configured correctly. Answer C is incorrect because printer names have no affect on printer property retention. Answer D is incorrect because synchronous printer creation has no affect on printer property retention. Chapter 8: Installing and Configuring a Web Interface 1. Your network has the DMZ configuration shown in Figure 8.18. Figure 8.18 A DMZ Configuration Based on this diagram, where would you place your Secure Gateway and Web Interface components? A. Web Interface Location 1, Secure Gateway Location 2 B. Web Interface Location 1, Secure Gateway Location 1 C. Secure Gateway Location 1, Web Interface Location 2 D. Secure Gateway Location 2, Web Interface Location 2 Answer: C. It is best practice to keep Web Interface on the internal network and to have the Secure Gateway in the DMZ. Incorrect Answers & Explanations: Answer A and D are incorrect because the Secure Gateway needs to be in a DMZ, Answer B is incorrect because although it would technically work, the Web Interface would be less vulnerable the IIS hackers on the inside, secure network.
78 Appendix B Self Test Appendix 2. You have the settings shown in Figure 8.19 configured for your Access Methods. Figure 8.19 Access Methods If the IP address of your workstation is 192.168.15.65, what Access Method will your client use? A. DMZ B. Direct C. Gateway Alternate D. Gateway Translated
Self Test Appendix Appendix B 79 Answer: D. Your client is not in the 10.x.x.x range, hence the default route applies, which is Gateway Translated. Incorrect Answers & Explanations: Answer A and C are incorrect as they are not a listed options, Answer B is incorrect as it only applies the 10.x.x.x range 3. Your manager wants to enable some of your field workers to access their applications from Internet kiosks in a foreign country using Web Interface. He wants this to be achieved securely and with minimum administrative effort. What should you do? Choose two. A. Implement Secure Gateway. B. Implement SSL Relay. C. Enable the RDP client. D. Enable the Java client. Answer: A and D. The Secure Gateway is the simplest and most secure way to allow access. The Java client runs as an applet and doesn t require administrative permissions on the end point. Incorrect Answers & Explanations:Answer B is incorrect as SSL relay is less secure than Secure Gateway. Answer C is incorrect as the RDP client may require installation on the end-point. 4. Your company wants to deploy access to medical records to nurses in a hospital. The nurses should be able to move from ward to ward and access the applications, but at the same time, there are concerns about patient confidentiality. Web Interface is the access mechanism, and there are terminals in the wards. How would you best address this task? A. Enable Workspace Control B. Implement a Citrix Secure Gateway C. Set the nurses sessions to disconnect after 1 minute of idle time D. Enable Pass-through with smart card, and use a smart card system to log into the terminals. Answer A and D. Workspace Control will enable the nurses sessions to follow them from ward to ward. Disconnecting the sessions would be ineffective as the Web Interface would still be active, and the application could be reconnected to using Web Interface. Smart cards on the terminals would be the most secure mechanism. Incorrect Answers & Explanations: Answer B is incorrect as Secure Gateway is a remote access solution, Answer C is incorrect as the sessions would still be connected for a minute after the nurses have left the terminal.
80 Appendix B Self Test Appendix 5. You have created a Secure Gateway, but your manager insists on using a private certificate. You create a host certificate for your Secure Gateway using your Enterprise Root Certificate Authority, and install the certificate on the Gateway. What else should you do? A. Instruct your users to download the certificate from www.verisign.com. B. Do nothing Active Directory will automatically push out certificates from the Certificate Authority. C. Distribute the Enterprise root certificate to all your users. D. Create a client certificate for each user accessing the Secure Gateway. Answer: C. Private certificates require the root certificate be on all the recipient devices. Incorrect Answers & Explanations:Answer A is incorrect as Verisign is used for public not private certificates, Answer B is incorrect as Active Directory does not do an automatic push, moreover the client device may not be on the Domain, Answer D is incorrect as client certificates are used to verify the client, whereas we need to do verification of the Secure Gateway. 6. You took a day s leave and upon your return to work, you find that Web Interface is no longer working. Your manager says he tried to add another branch to use the Access Gateway, and the external users are all phoning in wanting to know what to do. What should you do? A. Restore the IMA Data Store using your latest SQL backup. B. Run IISRESET on the Web Interface server. C. Restore the entire Web Interface server from a recent backup. D. Import the file WebInterface.conf from a recent export into the Web Interface server. Answer: D. The simplest method to restore Web Interface site settings to a previous configuration is to import a previously exported WebInterface.conf file. Incorrect Answers & Explanations: Answer A is incorrect as the Web Interface settings are not stored in the IMA database, Answer B is incorrect as this will just restart the Web Services and not reset the settings, Answer C would work, however it would be far more complex and time consuming, and is thus not the best solution. 7. Web Interface has the capability to automatically deploy clients to users if they do not have a client installed. A user calls and says he has the Web page
Self Test Appendix Appendix B 81 but can t connect to the application, and he is prompted to save launch.ica. You ask if they have a message on the screen asking him to install the client, but they have no warning message. What is the issue? A. The XML launcher service isn t running on the Web Interface server. B. The client detection is set to Never. C. The user is using a Mozilla Firefox browser. D. You didn t install the clients from the Components CD during the install of Web Interface. Answer: B. Client detection will always display a message unless the detection is set to Never. Incorrect Answers & Explanations:Answer A is incorrect as there is no XML launcher service on Web Interface, Answer C is incorrect as Web Interface fully supports Mozilla Firefox, Answer D is incorrect as the message would still appear regardless of whether the clients have been added to Web Interface or not. 8. You are configuring external access to your Web Interface site, and you need to configure an STA. You are currently allowing users to access just one server on your network: xenapp.syngress.com. You have added a Secure Gateway called sg.syngress.com. What should you do? Select all that apply. A. Install the Secure ticket authority on sg.syngress.com. B. Specify the URL as http://xenapp.syngress.com/scripts/ctxsta.dll. C. Specify the URL as http://sg. syngress.com/scripts/ctxsta.dll. D. Install the Secure ticket authority on xenapp.syngress.com. Answer: B. The XenApp servers have an STA installed by default. Incorrect Answers & Explanations:Answer A is incorrect as it is insecure to have the STA on the Secure Gateway, Answer C is incorrect as the STA isn t installed on the Secure Gateway, Answer D is incorrect as the STA is part of the default installation. 9. You are running the XenApp Services client on your workstations. Your company recently bought a smaller company that also uses Citrix, and you have created trusts between your two domains. You want some of your executive users to see applications from your existing farm and that of the recently acquired company. You only want the executive users to see the new applications. Web Interface is being used as your access mechanism. How could you best achieve this? Choose two answers.
82 Appendix B Self Test Appendix A. Add the executive users to the published applications of the acquired company. B. Create a new Web Interface site for the new applications. C. Add the new farm to your existing Web Interface site. D. Use the APP/export utility to extract the applications from the new farm. Answer: A and C. The users first need permissions to see the applications, and then the farm must be included in your Web Interface site. Incorrect Answers & Explanations: Answer B and are incorrect as a new Web Interface site is unnecessary, rather both farms can be aggregated into one Web Interface site. 10. Web Interface downloads launch.ica to the user s device; how can this delivery be secured? A. Implement SSL Relay on the XenApp server. B. Use Citrix Secure Gateway. C. Place an SSL certificate on the Web Interface server. D. Place a root certificate on the client device. Answer: C. The Launch.ica is delivered from the Web Interface to the client. Incorrect Answers & Explanations: Answer A is incorrect as SSL Relay is used to secure the ICA stream not HTTP, Answer B is incorrect as it assumes a Secure Gateway implementation, Answer D is incorrect as a client certificate would be used to verify a client, not to secure HTTP traffic. 11. The engineering department wants to use Web Interface for the Linux-based thin client kiosk terminals, and XenApp Services for the engineering laptops. They want both hosted applications for their CRM application, and streamed applications for a word processing application. You will need to: A. Create one site in Web Interface and enable Dual Mode Streaming. B. Create two sites in Web Interface, one for XenApp Services and another for XenApp Web. The XenApp Web site must be configured for Remote applications, and the XenApp Services must be configured for Dual Mode Streaming. C. Create three sites in Web Interface. The first site will be XenApp Services with Streaming enabled. The second would be XenApp Web with Remote applications enabled. The third would be XenApp Web with streaming enabled.
Self Test Appendix Appendix B 83 D. Create three sites in Web Interface. The first site will be XenApp Services with Streaming enabled. The second would be XenApp Services with Remote applications enabled. The third would be XenApp Web with streaming enabled. Answer: B. Only two Web sites are required; however, XenApp Web and XenApp Services do need to be configured as separate sites. Incorrect Answers & Explanations: Answer A is incorrect as XenApp Services and XenApp web require separate web sites. Answers C and D are incorrect as both Streaming and remote applications can share a common web site. 12. Special Folder Redirection is an option when configuring Session Preferences. Which of the following are true? Choose two. A. It is only available for Windows 2008. B. It is only available for Windows 2003. C. It redirects your Temporary Internet files. D. It redirects your local My Documents folder. Answer: A and D. Special Folder Redirection is a new feature for Windows 2008, which allows your local My Documents to be accessible from within your Citrix XenApp Session. Incorrect Answers & Explanations: Answer B is incorrect as Special Folder Redirection is only available from Windows 2008, Answer C is incorrect as Special Folder Redirection doesn t address Temporary Internet Files. 13. You work in a factory environment where users use kiosks at various locations. The settings are shown in Figure 8.20.
84 Appendix B Self Test Appendix Figure 8.20 Managing Workspace Control A user logs on to his custom application, and then subsequently logs off Web Interface in one section of the factory and then logs on to another kiosk in another section. Assuming the user had no sessions running prior to the first session, when the user clicks on the Reconnect button: A. The user connects to all sessions. B. The user connects to disconnected sessions.
Self Test Appendix Appendix B 85 C. It depends on how the user has customized the settings. D. No sessions are reconnected. Answer: D. The users sessions are set to log off when they log off Web Interface. Incorrect Answers & Explanations: Answer A and B are incorrect as the users sessions are set to log off when they log off Web Interface, Answer C is incorrect as this option is not selected. 14. One of your end users phones you because he is perplexed. Why can t he get rid of the Internet Explorer window when his are using the application? What could be the reason for this? Choose two. A. The seamless TWI flags are set correctly on the server. B. He is using the Java client. C. He has downloaded the embedded native client. D. He has downloaded the embedded RDP client. Answer: C and D. Both the Native Embedded and the RDP Embedded Clients will display in a browser. Incorrect Answers & Explanations: Answer A is incorrect as TWI flags will not affect embedding, Answer B is incorrect as the Java client will launch in a separate window. 15. Your company practices security in depth. There are firewalls between two divisions networks although they are in the same building. The firewalls only allow certain traffic between the booking and transport divisions. HTTPS is allowed traffic (see Figure 8.21 ).
86 Appendix B Self Test Appendix Figure 8.21 Security in Depth What client access method should the booking division use? A. Direct B. Gateway Translated C. Gateway Direct D. Gateway Alternate Answer: C. The two networks need no translation, but do need to use the Secure Gateway because SSL is a requirement. Incorrect Answers & Explanations: Answer A is incorrect as HTTPS is required, Answers B and D are incorrect as subnets are routable. 16. You have obtained a certificate for Secure Gateway from VeriSign. The certificate is for sg.syngress.com, the hostname of your Secure Gateway is GATEWAY, and the domain name is syngress.local. You have configured the Secure Gateway as sg.syngress.com, but you are getting an SSL error 59, The name on the security certificate does not match the name of the server. How can you resolve this? A. Obtain a certificate from VeriSign for GATEWAY. B. Obtain a certificate for GATEWAY.syngress.local. C. Specify the name in the Secure Gateway settings as GATEWAY.syngress.local. D. Create an entry in the hosts file on the secure gateway for sg.syngress.com with the IP address for the gateway.
Self Test Appendix Appendix B 87 Answer: D. The external hostname needs to be the same as the certificate, and the Secure Gateway must be able to resolve this name. Incorrect Answers & Explanations: Answer A and B are incorrect as neither of these would be externally resolvable, Answer C is incorrect as the name will still not match the certificate. 17. Figure 8.22 is the current configuration for your XenApp farm in Web Interface. Figure 8.22 A Configuration for a XenApp Farm in Web Interface You have an application that is creating a conflict on port 80. You decided to change the XML port on your XenApp servers to 8080. What must you do next? A. Enable socket pooling. B. Run the DSMAINT command. C. Use the XMLRESET command. D. Use the CTXXMLSS command. Answer: D. The CTXXMLSS command line utility is used to change the XML service port. Incorrect Answers & Explanations: Answer A is incorrect as this will not change the port, Answer B is incorrect as this command is used to configure the IMA database, Answer C is incorrect as this command is fictitious.
88 Appendix B Self Test Appendix 18. You work for an accounting consultancy. You have various branch offices that access their applications over the WAN. The network is common, and all the traffic is routable, but because your company standard is Security in Depth, they access the applications via a Secure Gateway through internal firewalls. Figure 8.23 shows your settings. Figure 8.23 Settings for Accessing Applications via Secure Gateway through Internal Firewalls Some of the auditors log in from other external client sites via Secure Gateway and the Web Interface. You receive a call from a user who says he can access the Internet from the external site, but he cannot access the Web Interface. What should you do? A. You should create a rule for the subnet, and set the proxy to User s browser setting B. You should create a rule for the subnet, and set the proxy to None C. You should create a second Web Interface site for the external users D. You need to use an Access Gateway for users that need access via the Internet Answer: A. Only A would give the user to use the correct settings to access your network, by correctly causing the proxy to be specified Incorrect Answers & Explanations: Answer B is incorrect as the external users will need to traverse their local proxy, Answer C is incorrect as this will not address the proxy requirement, Answer D is incorrect s the Secure Gateway and Access Gateway can both be used for access via the Internet.
Self Test Appendix Appendix B 89 19. One of the branch managers has bought an Apple Macintosh laptop. He wants all the new graphic design people to access the network remotely and to access their Microsoft applications on their laptops. Which client should you configure for automatic deployment? A. The Macintosh client B. The Microsoft RDP client C. The Java client D. The Embedded Native client Answer: C. The,client for Java would be the only client that can run on the Macintosh laptop. Incorrect Answers & Explanations: Answer A is incorrect as the Macintosh client cannot be automatically deployed, Answers B and D are incorrect as these clients cannot run on a Macintosh. 20. Users have complained that access methods are not the same for all users. Management has thus decided that Workspace Control is a required functionality. In order to enforce this (choose two): A. Specify Version 8.0 or later of the clients. B. Enable Health Monitoring of the farm. C. Ensure that Workspace Control is enabled. D. Change the site to Dual Mode Streaming. Answer: A and C. Workspace Control requires version 8.0 or later of the client and it can be enable in the Access Console. Incorrect Answers & Explanations: Answer B is incorrect as Health monitoring is irrelevant, Answer D is incorrect as it doesn t address Workspace control. Chapter 9: XenApp 5.0 Security 1. What type of encryption methodology is used for session encryption with SecureICA? A. Asymmetric B. Public key C. Private key D. Proprietary Correct Answer & Explanation: C. SecureICA uses a private key methodology for encryption. A key exchange is done at session initialization, so that the proper key is passed to the client.
90 Appendix B Self Test Appendix Incorrect Answers & Explanations: A, B, and D. Answer A is incorrect because asymmetric encryption uses a public key methodology. Answer B is incorrect because a public key system is one in which a public key is used in conjunction with a private key. Answer D is incorrect because the public key methodology used is an industry standard. 2. What level of ICA encryption is generally used with ICA sessions? A. RC5 (128-bit) logon only B. Basic C. RC5 (40-bit) D. RC5 (128-bit) Correct Answer & Explanation: B. By default, ICA sessions will use Basic ICA encryption. It is more like obfuscation than an actual encryption. Incorrect Answers & Explanations: A, C, and D. Answer A is incorrect because Basic ICA encryption is used by default. Answer C is incorrect because Basic ICA encryption is used by default. Answer D is incorrect because Basic ICA encryption is used by default. 3. With SecureICA encryption, what method is used to transfer the private key between the client and the XenApp Server? A. Diffie-Hellman key exchange B. RC4 encryption C. Hashing D. 3DES Correct Answer & Explanation: A. The Diffie-Hellman key exchange is a method for securely transporting a private key from one computer to another. Incorrect Answers & Explanations: B, C, and D. Answer B is incorrect because RC4 is an encryption option for the actual ICA session. Answer C is incorrect because hashing is a method for storing data, not transporting keys. Answer D is incorrect because 3DES is an encryption option for the actual ICA session. 4. You must secure client connections to your XenApp Servers. You want to use standard SSL to encrypt these connections. What are your choices? A. Use Diffie-Hellman key exchange. B. Configure SecureICA. C. Configure SSL Relay.
Self Test Appendix Appendix B 91 D. Configure IMA encryption. Correct Answer & Explanation: C. SecureICA secures client connections to XenApp Servers using SSL. Incorrect Answers & Explanations: A, B, and D. Answer A is incorrect because Diffie-Hellman is the key exchange algorithm used with SecureICA; it does not secure the connections themselves. Answer B is incorrect because SecureICA does not use SSL. Answer D is incorrect because IMA encryption does not secure client connections. 5. You will have several remote clients connecting to your XenApp environment. Some of these connections will be to applications that transmit sensitive data. Because of the sensitive data being transmitted, you want to secure these connections with SSL. What is your best option for securing these connections? A. Use IMA encryption to secure the connections. B. Use SecureICA to secure the connections. C. Use SSL Relay to secure the connections. D. Use Citrix Secure Gateway to secure the connections. Correct Answer & Explanation: D. Citrix Secure Gateway is the preferred option for securing remote connections to XenApp. Secure Gateway uses standard SSL encryption for sessions. Incorrect Answers & Explanations: A, B, and C. Answer A is incorrect because IMA encryption is used for securing information in the IMA data store. It does not secure client connections to XenApp Servers. Answer B is incorrect because SecureICA does not use SSL encryption. Answer C is incorrect because SSL Relay is not recommended for external connections. 6. Which of the following can be used to secure connections to the Citrix XML Service? A. SecureICA B. Access Gateway C. Citrix Secure Gateway D. SSL Relay Correct Answer & Explanation: D. SSL Relay can be used to secure connections to the Citrix XML Service. It can also secure client connections to XenApp Servers.
92 Appendix B Self Test Appendix Incorrect Answers & Explanations: A, B, and C. Answer A is incorrect because SecureICA can only secure client connections to XenApp Servers. Answer B is incorrect because Access Gateway can only secure client connections to XenApp Servers. Answer C is incorrect because Citrix Secure Gateway can only secure client connections to XenApp Servers. 7. You have configured SSL Relay in your XenApp environment to secure connections to applications. In the properties for your applications, you have enabled the option for Enable SSL and TLS protocols. Upon investigation, you realize that client connections to these applications are not being secured with SSL Relay. What is the most likely cause of the issue? A. Setting the option for Enable SSL and TLS protocols does not force encryption. B. You are using XenApp Advanced Edition and not XenApp Platinum Edition. C. You need to enable SecureICA. D. SSL Relay cannot be used to secure connections to applications, only XML requests. Correct Answer & Explanation: A. Checking the option for Enable SSL and TLS protocols does not force SSL Relay to be used. A negotiation occurs at the beginning of the session to determine if SSL Relay will be used. Incorrect Answers & Explanations: B, C, and D. Answer B is incorrect because SecureICA uses a different mechanism for encryption. Answer B 8. Your network topology consists of a dual DMZ. You want to secure remote connections to your internal XenApp Servers. Which of the following will provide the most secure access for your users? A. Citrix Secure Gateway in single-hop mode B. SecureICA C. Citrix Secure Gateway in dual-hop mode D. SSL Relay Correct Answer & Explanation: C. Citrix Secure Gateway in double-hop mode allows remote connection to access internal XenApp Servers. Double-hop mode should be used because if it is not, then your connections must essentially bypass the second DMZ instead of terminating inside it.
Self Test Appendix Appendix B 93 Incorrect Answers & Explanations: A, B, and D. Answer A is incorrect because single-hop mode would allow external connections to bypass the second DMZ. Answer B is incorrect because SecureICA should not be the sole method used to secure external connections. It is not secure enough. It can be used in conjunction with a more secure method like Secure Gateway. Answer D is incorrect because SSL Relay should not be used as the sole method for securing external connections. It is not secure enough. It can be used in conjunction with Secure Gateway. 9. Your network has a dual DMZ configuration. You are currently using Citrix Secure Gateway in a double-hop configuration to secure external connections to your internal XenApp implementation. You have been directed to update the Citrix Secure Gateway environment to an Access Gateway environment. Which of the following describes the work necessary to accomplish this migration? A. Configure Access Gateway in single-hop mode. B. You need to leave the Citrix Secure Gateway in place because Citrix Access Gateway does not support double-hop mode. C. Configure Citrix Access Gateway in double-hop mode. D. Configure SSL Relay in conjunction with Citrix Access Gateway in single-hop mode. Correct Answer & Explanation: C. Citrix Access Gateway supports double-hop mode and can be used to replace Citrix Secure Gateway. Incorrect Answers & Explanations: A, B, and D Answer A is incorrect because single-hop mode should not be used in a dual DMZ configuration. Answer B is incorrect because Citrix Access Gateway does support a dual-hop configuration. Answer D is incorrect because SSL Relay is used the secure the end to end connection with Access Gateway. But it will not help traverse a DMZ. You would have to map the connections directly through the second DMZ, which would pose a security concern. 10. Digital certificates are issued by which of the following entities? A. Certificate authorities B. Domain controllers C. Citrix SSL Relay Configuration Tool D. XenApp Advanced Configuration Tool
94 Appendix B Self Test Appendix Correct Answer & Explanation: A. Certificate authorities are entities designated to create and issue digital certificates. Incorrect Answers & Explanations: B, C, and D. Answer B is incorrect because domain controllers do issue digital certificates. In many organizations, the domain controllers also act as certificate authorities. But domain controllers by themselves do not issue certificates. Answer C is incorrect because the Citrix SSL Relay Configuration Tool allows you to specify which digital certificate to use with SSL Relay. It does not issue digital certificates. Answer D is incorrect because the XenApp Advanced Configuration Tool does not issue digital certificates. 11. You are attempting to install Secure Gateway. You have installed a digital certificate on the system. On the Certificate Selection screen of the Secure Gateway Configuration Wizard, there are no digital certificates available for you to select. You are sure you have installed a certificate in the appropriate certificate store. What is most likely the problem? A. Citrix Secure Gateway is not installed correctly. B. The certificate does not contain the correct server name. C. You do not have the appropriate Trusted Root certificate installed. D. The certificate does not have the appropriate Key Usage defined. Correct Answer & Explanation: D. The Citrix Secure Gateway Configuration Wizard will search the certificate store for a certificate with the appropriate key usage defined. All of the appropriate certificates will be listed on the Certificate Selection screen. Incorrect Answers & Explanations: A, B, and C. Answer A is incorrect because if Secure Gateway were not installed correctly, the Configuration Wizard would not run. Answer B is incorrect because the certificate would be displayed even if it did not have the correct name set. Answer C is incorrect because a certificate would appear even if you did not have the appropriate Trusted Root certificate installed. 12. Which of the following are used to verify that a client trusts a certificate authority? A. Client certificate B. Server certificate C. Trusted Root certificate D. User certificate
Self Test Appendix Appendix B 95 Correct Answer & Explanation: C. Trusted Root certificates are used to identify certificate authorities Incorrect Answers & Explanations: A, B, and D. Answer A is incorrect because client certificates are used to identify client systems. Answer B is incorrect because server certificates are used to identify servers. Answer D is incorrect because user certificates are used to identify users. 13. You want incoming client connections to your Secure Gateway to be configured using the 3DES encryption algorithm. Which cipher suite should you specify during the Secure Gateway Configuration Wizard? A. RC4 B. SSL C. GOV D. COM Correct Answer & Explanation: C. The GOV cipher suites allows Secure Gateway to negotiate secure connections using the 3DES encryption algorithm. Incorrect Answers & Explanations: A, B, and D. Answer A is incorrect because RC4 is the encryption algorithm used with the COM cipher suite. It is not a cipher suite. Answer B is incorrect because SSL is the connection protocol, not the cipher suite. Answer D is incorrect because the COM cipher suite will use RC4 for encryption. 14. You have a large XenApp environment. You have five Secure Gateway Servers that are load balanced using a hardware load balancer. During a review of the Secure Gateway logs, you notice a large number of incomplete connections. Your users are not reporting any errors or problems. What can you do to try to alleviate the problem? A. Configure Logging Exclusions. B. Increase the connection timeout. C. Change the cipher suite used. D. Install the proper Trusted Root certificate on your clients. Correct Answer & Explanation: A. The keep-alives from hardware load balancers can register to Secure Gateway as incomplete connections. To prevent these keep-alives from being recorded in the logs, you should configure a logging exclusion for the IP address used by the load balancer.
96 Appendix B Self Test Appendix Incorrect Answers & Explanations: B, C, and D. Answer B is incorrect because setting a connection time-out would not prevent these incomplete connections. Answer C is incorrect because the cipher suite is not preventing the connections. Answer D is incorrect because the lack of a Trusted Root certificate is not preventing the connections. 15. Which of the following is a hardened appliance that is used to secure ICA connections to a XenApp Server? A. SecureICA B. Citrix SSL Relay C. Citrix Secure Gateway D. Citrix Access Gateway Correct Answer & Explanation: D. Citrix Access Gateway is a hardened appliance that can be used as an SSL VPN and to secure XenApp connections. Incorrect Answers & Explanations: A, B, and C. Answer A is incorrect because SecureICA is a software-based method for securing XenApp connections. Answer B is incorrect because Citrix SSL Relay is a software based method of securing XenApp connections. Answer C is incorrect because Citrix Secure Gateway is a software-based method of securing XenApp connections. 16. You are currently running Web Interface on one of your servers. Web Interface is configured to use SSL encryption on port 443. You are attempting to install Secure Gateway on the same server. For some reason, the Secure Gateway Service will not start on the server. What is most likely the problem? A. There is a port conflict between Web Interface and Secure Gateway. B. Secure Gateway and Web Interface cannot be installed on the same server. C. The name in the certificate used for Secure Gateway must match the name in the certificate used for Web Interface. D. If you want to run Web Interface and Secure Gateway on the same server, Secure Gateway must be installed first. Correct Answer & Explanation: A. Only one service can use a given port at a time. You have to change the port of either Secure Gateway or Web Interface. Incorrect Answers & Explanations: B, C, and D. Answer B is incorrect because Secure Gateway and Web Interface can be installed on the same server if you resolve the port conflict. Answer C is incorrect because the certificate names
Self Test Appendix Appendix B 97 do not matter. Answer D is incorrect because installation order does not matter. The port conflict has to be resolved. 17. Your Access Gateway environment uses a digital certificate issued by your internal certificate authority. When users attempt to connect to your environment, the client is returning a trust error. What is most likely the problem? A. There is a port conflict between Web Interface and Access Gateway. B. The server name is correct in the certificate used on Access Gateway. C. The Access Gateway is using the wrong cipher suite. D. Client systems do not have the Trusted Root certificate installed. Correct Answer & Explanation: D. A Trusted Root certificate is required to make SSL connections. When you use an internal certificate authority instead of a public certificate authority, you need to make sure the correct Trusted Root certificate is installed on the clients. Incorrect Answers & Explanations: A, B, and C. Answer A is incorrect because a port conflict would not cause a trust error on the client. You would receive an error when configuring the server. Answer B is incorrect because an incorrect server name in the certificate would not cause a trust error. Answer C is incorrect because the cipher suite would not cause a trust error. 18. Your environment currently uses a single Access Gateway Server (AG1) to secure ICA connections. You want to add a second Access Gateway Server (AG2) for redundancy. During the pilot, users are reporting errors when making connections. The clients are receiving an error message that the name of the remote system does not match the name the client is using to connection. What is most likely the cause of this issue? A. There is a port conflict between the two Access Gateway Servers. B. The server names of the two Access Gateways must have the same. C. The two Access Gateway Servers can have different names but must use the same certificate. D. Client systems do not have the Trusted Root certificate installed. Correct Answer & Explanation: C. When you use a hardware load balancer, the two Citrix Access Gateway Servers need to use the same certificate. The actual server names can be different.
98 Appendix B Self Test Appendix Incorrect Answers & Explanations: A, B, and D. Answer A is incorrect because a port conflict would not cause a naming error to be generated. Jamming attacks are those in which high-power RF waves are targeted at a wireless network installation with the hope of knocking it out of operation by overpowering it. Answer B is incorrect because the names of the Access Gateway Servers does not matter. Only the name in the certificates matters. Answer D is incorrect because lack of a Trusted Root certificate would cause a trust error, not a name mismatch error. 19. You want to implement SSL Relay in your XenApp environment. Which of the following can be secured using SSL Relay? (Choose two.) A. Any web server traffic B. Client connections to XenApp C. Secure Gateway requests to Web Interface D. XML Requests E. STA Requests Correct Answer & Explanation: B, D. The Citrix SSL Relay Service can be used to secure XML connections and client connections to XenApp Servers. Incorrect Answers & Explanations: A, C, and E. Answer A is incorrect because Citrix SSL Relay cannot be used to secure general web traffic. Answer C is incorrect because Citrix SSL Relay cannot be used to secure connections between Citrix Secure Gateway and Web Interface. Answer E is incorrect because Citrix SSL Relay cannot be used to secure connections to the STA. 20. You want to use SSL to secure connections to your applications. You have configured the SSL Relay Service properly, and it appears to be working. SSL Relay requests to the XML Service not having any problems. Client connections to XenApp are not being secured using SSL Relay. What is most likely the issue? A. SSL Relay cannot be used to secure connections to applications. B. SSL must also be configured on the applications individually. C. You also need to configure a XenApp policy to enable SSL. D. SSL Relay cannot be used to secure XML Service request and client connections simultaneously.
Self Test Appendix Appendix B 99 Correct Answer & Explanation: B. SSL Relay can secure connections to applications and the XML Service. In order to enable SSL Relay for applications, you must configure it in the properties of the applications. Incorrect Answers & Explanations: A, C, and D. Answer A is incorrect because SSL can secure connections to applications, if configured correctly. Answer C is incorrect because there is no XenApp policy for SSL. Answer D is incorrect because SSL Relay can secure both XML Service requests and client connections to XenApp. 21. You are planning to set up secure external access to your XenApp environment. You want to use Web Interface and Secure Gateway to accomplish this. All external connections coming into your server must use SSL encryption. In addition, all connections must use standard ports. Due to budgeting restrictions, you only have one server to use for the project. How can you still accomplish your goals? A. Use Secure Gateway and Web Interface in direct mode. B. Use Secure Gateway and Web Interface in indirect mode. C. You must install Secure Gateway before Web Interface. D. You must install Web Interface before Secure Gateway. Correct Answer & Explanation: B. With Secure Gateway and Web Interface in indirect mode, clients will access Secure Gateway and Secure Gateway will redirect the appropriate connections to Web Interface. Incorrect Answers & Explanations: A, C, and D. Answer A is incorrect because with Secure Gateway and Web Interface in direct mode, clients would access Web Interface directly. If you want to use SSL to Web Interface, it would cause a port conflict on port 443. Answer C is incorrect because installed order does not matter. Answer D is incorrect because installation order does not matter. Chapter 10: Microsoft Window Server 2008 Terminal Services 1. You are the enterprise administrator for YourCorp. The company has three departments: Sales, Marketing, and Development. The corporate network consists of a single Windows Server 2008 Active Directory domain. The manager of the Development Department wants a warning message to be presented to all users when they log on to one of the Development servers announcing that
100 Appendix B Self Test Appendix software on these systems is subject to change without notice and may be running beta versions. According to the security policy, all beta software must be located in the Development Department and only specific computers are allowed to run nonproduction software. Which of these actions would you select to accomplish this task? A. Configure a separate VLAN for the Development Department and install a firewall between the department and the rest of the company. B. Configure a Development OU and place the development servers in this OU. Create a Group Policy using the Computer Configuration setting to send a logon message announcing there may be beta software on this computer. C. Configure a custom screen background for the Development servers running beta software announcing that the server could be running nonproduction software. D. Configure a custom logon script to send a console message to the computer of the user attempting to log on to a Development server. Answer B. A group policy is the fastest method to accomplish the task the manager requested. By using a group policy attached to a Development OU, only the computer in the Development OU will present the message to users attempting to log on to these computers. 2. You are the enterprise administrator for YourCorp. The corporate network consists of a single Windows Server 2008 Active Directory domain. All the servers in the domain run Windows Server 2008, and all client computers run Windows Vista. The network contains three Windows Server 2008 servers configured as follows: YourCorp1 configured with Active Directory Domain Services (AD DS) YourCorp2 configured with Terminal Services YourCorp3 configured with File Services The users of the Finance Department currently run an application called FinApp installed on terminal servers. Recently, the users have begun to complain about the performance of the logon process and the fact that they sometimes don t get their desktop settings. Which of the following would you choose to resolve the problem?
Self Test Appendix Appendix B 101 A. Create a profile and configure all users of the Finance group to use a mandatory profile. B. Configure all users to use local profiles only. C. Configure quotas on the finance user s profiles to limit their size. D. Configure a GPO to enable folder redirection on all their profiles. Answer D. Configuring folder redirection replaces the profile data with pointers to the file share where it is stored. This limits the size and complexity of the user profiles. Smaller profiles load faster and are more stable. 3. You are the enterprise administrator for YourCorp. The corporate network consists of a single Windows Server 2008 Active Directory domain. All the servers in the domain run Windows Server 2008, and all client computers run Windows Vista. The network contains three Windows Server 2008 servers configured as follows: YourCorp1 configured with Active Directory Domain Services (AD DS) YourCorp2 configured with Terminal Services YourCorp3 configured with Internet Information Services (IIS) The company has certain remote users that need to connect to the corporate network over the Internet using a VPN connection. You have been assigned the task to enable remote users to run applications on YourCorp2. The corporate security policy prohibits remote users from being allowed to print to locally attached printers. Which option would you choose to prepare the environment to provide access to the applications and meet the security requirements? A. Create a GPO that is applied to the remote user group that disables the creation of local printers. B. Install the Terminal Services server role on YourCorp2 and remove all print drivers. C. Create a separate OU for the terminal server, which the remote users will access, and disable the print spooler service in Control Panel. D. Install the Terminal Services server role on YourCorp1 that has the TS License Service role service. Answer A. Creating a GPO that only applies to the remote users will allow you to turn off specific features of the RDP client without inhibiting the local users.
102 Appendix B Self Test Appendix 4. You are the enterprise administrator for YourCorp. The corporate network consists of a single Windows Server 2008 Active Directory domain. The two Organizational Units called YCUsers and YCComputers are configured in the domain and hold all the user accounts and all the computer accounts, respectively. Corporate security policy has just been approved that mandates that no user files are allowed on desktop computers. You have configured file shares for storing the user data. Which action will you choose to best migrate all the user data to the file shares and enforce this new security policy? A. Create a detailed set of instructions and e-mail them to the users explaining the new policy and provide instructions on how to connect to the new share and move their files. B. Write a script that will copy all user files to their folder on the new file share every time they log on. C. Create a GPO that removes the Documents folder from the user s desktop. D. Create a GPO that uses folder redirection to migrate all the user documents, favorites, pictures, and desktop settings to the file share. Answer D. When a user logs on for the first time, the policy is applied and all the configured folders are moved to the specific location. The path to the new folders replaces the local setting, so that when a user saves a file to the Documents folder it is actually saved to the redirected folder. 5. You are the enterprise administrator for YourCorp. The corporate network consists of a single Windows Server 2000 native Active Directory domain. All domain controllers are Windows Server 2003. The network contains four Windows Server 2003 servers configured as follows: YourCorp1 Terminal Services Licensing Server YourCorp2 Terminal Server YourCorp3 Terminal Server YourCorp4 Terminal Server You have been assigned the task to deploy a new terminal server that runs Windows Server 2008 and implement a solution that enables reporting for all TSCALs. Which of the following options will accomplish this task? A. Upgrade YourCorp1 to Windows Server 2008. B. Upgrade all domain controllers to Windows Server 2008.
Self Test Appendix Appendix B 103 C. Upgrade YourCorp2, YourCorp2, YourCorp3, and YourCorp4 to Windows Server 2008. D. Raise the functional level of the domain to Windows Server 2003. Answer A. Terminal servers running on Windows Server 2008 can only communicate with a license server running Windows Server 2008. Upgrading YourCorp1 to Windows Server 2008 will enable reporting for all TSCALs. 6. You are the enterprise administrator for YourCorp. The corporate network consists of a single Windows Server 2008 Active Directory domain. All the servers in the domain run Windows Server 2008. The network consists of three terminal servers. It has been approximately 120 days since you installed the terminal servers. Today you have received several calls from users that they cannot connect to the terminal server. This is only a problem with some users, and the problem is spread across the company randomly. Which options would you choose to resolve this issue? A. Create a GPO that allows RDP connections to the terminal servers and link it to the Remote User s OU. B. Check the DHCP server scope and make sure the TS License Server is listed with the correct IP address reservation. C. Convert the TSCALs from user to device licenses. D. Load an appropriate number of TSCALS on the TS License Server. Answer D. Users are granted access to the terminal services for up to 120 days with temporary licenses. You will be refused access after that if an appropriate TSCAL is not available. Users that received a temp license after the server was placed online will continue to work for a few more days before stopping. Loading an appropriate number of TSCALs will prevent any disruption in services. 7. You are the enterprise administrator for YourCorp. All the servers in the domain run Windows Server 2008, and all client computers run Windows Vista. You have been given the task to deploy this application to all users in the company. You have installed the server component of the application on application servers. Which of the following options would you choose to enable users to connect to the application without requiring them to install the client software on their desktops? A. Create a proxy connection to the application servers by installing RPC over HTTP proxy.
104 Appendix B Self Test Appendix B. Install a third-party SSL certificate on the application server and enable RPC filtering on the firewall. C. Install Terminal Services and install the client component of the application on the terminal server. D. Configure TS Web Access and connect to the applications server using RDP over HTTPS. Answer C. Terminal Services delivers applications and data via Remote Data Protocol (RDP), an optimized transport mechanism for low bandwidth. The terminal server makes the client component connection using the higher performance Local Area Network and presents the data back to the remote user using RDP. 8. You are the enterprise administrator for YourCorp. All the servers in the domain run Windows Server 2008, and all client computers run Windows Vista. The users use a hotel arrangement whereby they never sit at the same desk each day. The users want to maintain their desktop and file settings on any computers they log on. Which action would you choose to resolve this issue? A. Create a logon script to search the client desktops looking for the last login of each user. B. Create a custom GPO that keeps track of the previous logon and the computer name of the previous desktop. C. Configure user profiles to use a roaming profile for all users in this group. D. Create a file share for each user and ask the users to copy their data to this folder everyday. Answer C. Roaming profiles enable users to get the same setting from any computer on the domain that they log on to. This is set up in the Active Directory User and Computers tool. You must also have a file share established that can store the profiles. 9. You are the enterprise administrator for YourCorp. All the servers in the domain run Windows Server 2008, and all client computers run Windows Vista. You have been given the task to lock down all user sessions by removing access to the Control Panel and the Security settings. You will still need to
Self Test Appendix Appendix B 105 provide access to these settings to administrators. Which of the following options would you choose to perform this task? A. Create a custom Start Menu that removes the Control Panel and Security settings. Use a GPO to distribute this new Start Menu to all user computers. B. Create a custom GPO to remove the Control Panel and Security settings from all client computers. Link this GPO to the user s Organizational Unit. C. Create a GPO to remove the Security settings on the Taskbar and hide the Control Panel. Link this GPO to the user OU and check Deny for administrators. D. Set a local policy on the client computer that removes access to the Control Panel and Security settings from the Start Menu. Answer C. This will solve the problem for all the regular users. You must deny this policy to administrators, or they cannot access the Control Panel or Security settings. Policies are applied at logon, and these tools are not removed; they are merely hidden from normal users. 10. You are the enterprise administrator for YourCorp. All the servers in the domain run Windows Server 2008, and all client computers run Windows Vista or Windows XP. You have been given the task to implement folder redirection to all users in the company. You have created the necessary shares and created the GPO. When you apply the GPO to the users in the OU, you receive reports that the Windows XP users are not redirecting all the folders from their profiles. Which of the following options would you choose to resolve this issue? A. Create the required folders in the Profile share for each of the failing users. B. Delete the current profile of the Windows XP users and force them to re-create a new profile. C. Confirm that the Windows XP users are configured for a roaming profile. D. Create a custom ADM file that will redirect the Windows XP folders and apply it to the group policy. Answer D. The folder redirection policies in Windows Server 2008 are fully applied only to Windows Server 2008 and Windows Vista. If you have any legacy operating systems, you may need to create a custom ADM file to redirect the same folders.
106 Appendix B Self Test Appendix Appendix A: Platinum Edition Additional Components 1. Justin is the administrator of a Citrix XenApp environment. He is in charge of a single XenApp farm that contains five XenApp servers with all the Platinum components in use. He recently has received instructions to deploy three new applications to his server farm and is worried about the additional load the applications will introduce in his farm. What is the best method for Justin to use to determine which servers will be the best fit for his new applications? A. Utilize Task Manager to examine CPU usage. B. Run Performance Monitor with disk counters and CPU counters. C. Open the EdgeSight Console and examine CPU and Memory data. D. Deploy the applications to all the servers. Correct Answer & Explanation: C. EdgeSight will provide the most robust performance data on the Citrix farm in order for a decision to be made on whether or not the farm can support the additional applications. Incorrect Answers & Explanations: A, B, D. Answer A is incorrect, because Task Manager provides only limited performance information on the local server, and does not have the ability to attribute it to a particular usage. Answer B is incorrect, because Performance Monitor will give you only a piece of the performance picture of your server. EdgeSight will allow you to view aggregated data over time for ICA specific counters. Answer D is incorrect, because in order to determine if all the servers are able to support the new applications without a performance problem it is first recommended that you examine the existing server load. 2. Password Manager is deployed in your environment. You have chosen to use Active Directory as the central repository. Some of the smaller branch offices with domain controllers are experiencing long delays in Active Directory replication. You would like to try to determine if this is being caused by the additional Password Manager data being stored in Active Directory, so you are planning to roll back the Schema extension. Which of the following is a true statement? A. Before rolling back Schema extensions it is a good idea to back up the Active Directory first.
Self Test Appendix Appendix B 107 B. Schema extensions cannot be rolled back; this is not an appropriate action plan. C. You must first boot into Directory Services Restore Mode on a domain controller before uninstalling Schema extensions. D. Schema extensions can be rolled back only as an Enterprise Administrator. Correct Answer & Explanation: B. Schema extensions cannot be removed from the environment once they have been applied. Incorrect Answers & Explanations: A, C, D. Answers A and C are incorrect, because Schema extensions cannot be rolled back. Answer D is incorrect, because permissions are irrelevant, and Schema extensions cannot be rolled back. 3. A user has installed EasyCall software on his workstation. He call the help desk for assistance since he cannot seem to dial any numbers. What do you need to install or configure in your architecture before this user is going to be able to successfully use the EasyCall software? A. Permissions on the XenApp server that allow the user to dial out. B. Install and configure an EasyCall Gateway between the users and the PBX. C. Install a PBX and configure it to work with XenApp and EasyCall. D. Run the EasyCall configuration wizard on the user s workstation and set the connection type to PBX. Correct Answer & Explanation: B. Before any traffic can flow between a user s workstation and the PBX an EasyCall Gateway must first be installed. It will perform SIP trunking between the user workstations and the PBX device. Incorrect Answers & Explanations: A, C, D. Answer A is incorrect, because the XenApp server is not involved in the communications path and permissions will not allow workstation to PBX communications. Answer C is incorrect, because an additional PBX device will not enable EasyCall communications, and XenApp is not involved in the EasyCall communications architecture. Answer D is incorrect, because there is no configuration type called PBX. 4. Users at your remote location are experiencing slow connections back to the XenApp farm and to file shares that reside in your main office. Management has decided not to upgrade any of the WAN connections at this time. What solution would be a good fit to assist in enhancing the user experience at the remote sites? A. SmartAccess B. WANOptimizer
108 Appendix B Self Test Appendix C. WANScaler D. EdgeSight Correct Answer & Explanation: C. WANScaler uses acceleration technology to speed up the connection experience of users in remote locations. Incorrect Answers & Explanations: A, B, D. Answer A is incorrect, because SmartAccess enhances security and not connection speed. Answer B is incorrect, because this is a fictional product name. Answer D is incorrect, because EdgeSight is used for advanced monitoring, not enhancing connection speed. 5. The county hospital is being investigated due to allegations of application misuse resulting in the breach of confidential patient information. You need to determine if the alleged individual did indeed use a particular application between 4 and 6 pm on January 12. What steps would you take to determine this? A. Launch the SmartAuditor Player, utilize the username, application, and time as search criteria, and examine the results. B. Ask the user if she used the application during that time frame. C. Examine the System logs in the Event Viewer on the XenApp servers. D. Ask all the administrators at your facilities if they recall shadowing that user at that time. Correct Answer & Explanation: A. The Smart Auditor Player allows you to search for recorded Citrix sessions based on the specified criteria. Once you search you can replay the Citrix sessions that are found to investigate the allegations. Incorrect Answers & Explanations: B, C, D. Answer B is incorrect because the user may deny the allegations. By using the Smart Auditor Player, you can definitively verify whether or not the incident occurred. Answer C is incorrect because the system logs will not be able to tell you if there was a breach of patient information since they do not keep track of user actions in a session. Answer D is incorrect because this method is hit or miss. If you are lucky enough to find that someone was shadowing this user at that time, then you must rely on the administrator s memory as to whether or not the application was misused. 6. A user does not have an existing phone line at the The3Bears, Inc., corporate headquarters. You have installed EasyCall on the user s workstation, but he is unable to place any calls. What needs to be done in order to enable EasyCall for this user?
Self Test Appendix Appendix B 109 A. Reinstall EasyCall and select the Enable checkbox during install. B. Install a phone line for the user, and then configure EasyCall to utilize the correct phone information. C. Add an additional EasyCall Gateway. The calls are failing because all the lines are full. D. Purchase a headset for the user. The calls are going through, but the user just cannot hear the caller on the other end of the line. Correct Answer & Explanation: B. Since EasyCall takes advantage of the existing phone infrastructure, the user will not be able to use EasyCall until he has a phone extension available. Incorrect Answers & Explanations: A, C, D. Answer A is incorrect, because the EasyCall software is not causing the issue and until the user has a usable line EasyCall will not function. Answer C is incorrect, because EasyCall Gateway serves to connect an EasyCall client to the phone line, and without the phone line EasyCall Gateways will not be utilized. Answer D is incorrect, because a headset has no bearing on the ability to place calls. 7. Which of the following are appropriate storage locations for the Password Manager central store? Select all that apply. A. A Network Share B. The XenApp local C: drive C. Active Directory D. A Novell shared folder E. In the Active Directory sysvol share F. On the user s local machine Correct Answers & Explanation: A, C, D. Each of these locations is valid for the central store. Incorrect Answers & Explanations: B, E, F. Answer B is incorrect, because this is not a valid central store storage location. Answer E is incorrect, because this is not a valid central store storage location. Answer F is incorrect, because this is not a valid central store storage location. 8. A group of your users has access to a highly sensitive Web-based application inside your environment. They have been using Password Manager to store their credentials for some time and recently some data has been compromised from the highly sensitive Web-based application. Even though the application
110 Appendix B Self Test Appendix requires its own logon, management still is concerned that users have been creating overly simplified passwords to access this application. What can you do to address their concerns? Select the best choice. A. Create a password policy to apply to the application that specifies complex password requirements. B. Have the application owner check the password database for weak passwords and contact the offending users. C. Send out a notification to all users to please use stronger passwords. D. Create an application definition and indicate that a strong password is required. Correct Answer & Explanation: A. Password Manager allows you to create password policies with unique settings on a per application basis. Incorrect Answers & Explanations: B, C, D. Answer B is incorrect, because this is not the most efficient answer and it does not prevent users from using weak passwords. Answer C is incorrect, because this will not ensure that existing weak passwords will be strengthened. Answer D is incorrect, because application definitions do not contain settings for password strength, password policies do. 9. Your users are complaining that when they are in large meeting areas within your facility, they are not able to make phone calls easily. Although the large meeting rooms are primarily for training sessions and large conferences, there are occasions where users may need to dial out to external phone numbers or make calls to numbers in their Outlook contacts. Which of the following options will allow the users to make their required calls without requiring additional desk phones to be installed? A. Enable EasyCall on the XenApp servers and configure Outlook integration. B. Install an EasyCall gateway and deploy EasyCall software to every workstation. C. Enable Access Gateway to integrate with EasyCall. D. Install EasyCall software on every workstation and enable SIP trunking on the XenApp servers. Correct Answer & Explanation: B. An EasyCall gateway is required to provide SIP trunking to your already installed PBX in order to dial from a workstation to a phone number.
Self Test Appendix Appendix B 111 Incorrect Answers & Explanations: A, C, D. Answer A is incorrect, because XenApp servers are not involved in EasyCall communications. Answer C is incorrect, because Access Gateway is not involved with EasyCall communications. Answer D is incorrect, because SIP trunking is performed by EasyCall Gateways and not by XenApp. 10. You have deployed WANScaler to all your remote locations. A new office is coming online and you prepare the infrastructure so that they can also take advantage of the network acceleration technology. You notice that as machines in the new location come online they are connecting to the wrong WANScaler Appliance. What should you do to resolve this? A. Install the WANScaler Client on the machines in the new office. B. Configure the WANScaler Clients on the machines in the new office to use the appropriate WANScaler Appliance. C. Install a WANScaler Controller in the remote office and point the client machines to it. D. Configure the IP addresses for the new office on the WANScaler Controller so that the appropriate WANScaler Appliance will be used. Correct Answer & Explanation: D. WANScaler Controllers are the first point of contact for WANScaler clients. They will direct the WANScaler clients to the appropriate WANScaler Appliance based on IP address. Incorrect Answers & Explanations: A, B, C. Answer A is incorrect, because WANScaler clients must be installed for the clients to connect to the WANScaler Appliances at all. Answer B is incorrect, because WANScaler clients are not configured to connect directly to WANScaler appliances. Clients connect to WANScaler Controllers first, which direct them to the WANScaler Appliance based on IP address. Answer C is incorrect, because installing a WANScaler controller in the remote office will not point clients to the correct WANScaler Appliance unless the correct IP addresses are configured in the WANScaler Controller.