Examice

Exam 1Y0-403 All QuestionsBrowse all questions from this exam

Question 71

Scenario: A Citrix Architect is designing a new Citrix Virtual Apps and Desktops environment. Two Control Layer security requirements have been identified:

✑ For security reasons, it is unacceptable to use default ports for FlexCast Management Architecture (FMA) services.

✑ Management access to PowerShell and Citrix Studio should be restricted to management workstations by granular firewall rules.

Which combination of ports can the architect assign to the listed Citrix services to meet the Control Layer security requirements?

VDA Registration Port: 80 XML SSL Port: 80 SDK Port: 8083

VDA Registration Port: 8081 XML SSL Port: 443 SDK Port: 80

VDA Registration Port: 8081 XML SSL Port: 8082 SDK Port: 8083

VDA Registration Port: 8081 XML SSL Port: 8083 SDK Port: 8083

Correct Answer: C

To meet the Control Layer security requirements, it is essential to avoid using default ports for FlexCast Management Architecture (FMA) services and to strictly manage access through firewall rules. The combination of VDA Registration Port 8081, XML SSL Port 8082, and SDK Port 8083 is appropriate because none of these are default ports. Additionally, using different ports for each service enables the creation of granular firewall rules, restricting access to management workstations effectively.

Discussion

ctxvadOption: C

I would say answer C. BrokerService.exe –VdaPort 8081 –WiSSLPort 8082 –SDKPort 8083 –ConfigureFirewall • In this example, instead of simply changing the port for all services, we are splitting the port (instead of using single port, we will use different ports for different services). After doing this, we can configure the firewalls to block access to specific ports – so for example port 8083 (SDK, required by PowerShell\Citrix Studio for management) is not available for virtual desktops, but only from management workstations. Page 528 of the 415-course book.

Benk118Option: B

B is correct Not A = Default Port for VDA Register is Port 80 (however it is supposed to be changed) Not C and D 8082 and 8083 is for Lic Server - is not good B = Change VDA to 8081 and Firewall rule for 80,443 Default Port for Citrix Studio console or the SDK to directly access Delivery Controller https://docs.citrix.com/en-us/tech-zone/build/tech-papers/citrix-communication-ports.html

neogeo_604er

"✑ For security reasons, it is unacceptable to use default ports for FlexCast Management Architecture (FMA) services." thus not B

rete1234Option: B

Though all those question are wrong ;-) this is one of the few which has a right answer. See this: https://support.citrix.com/article/CTX232520 "4. Make sure port 80 is still allowed or added to firewall exceptions between all the delivery controllers for inter service communication and PVS servers. For example, Host service uses SDK port 80 to call HCL(Hypervisor Connection Library) to establish successful communication between PVS servers -> Delivery Controllers and hypervisor. This is required to create new hosting connection and to retain power state of virtual machines." You can't change SDK Port, therefore it's B.

flo_praOption: C

ctxvad is correct, it's the textual example for the course book.

citrixmucOption: C

requirement: use no default port and use three different ports for granular firewall rules => only C is a valid answer

dan1111Option: C

I think C is correct. It´s not a problem, using 8082 and 8083 on citrix controller, if you do not install licensing server on it.