Examice

Exam 1Y0-402 All QuestionsBrowse all questions from this exam

Question 11

Scenario: A Citrix Architect needs to design a new XenApp and XenDesktop environment.

The architect has identified the User Layer requirements, as shown in the Exhibit.

Click the Exhibit button to view the requirements.

Additionally, management at the organization has identified the following general Access Layer requirements:

✑ A multi-factor authentication method is required for any connections to the XenApp and XenDesktop environment originating from outside the corporate network.

✑ External connections must be authenticated by a NetScaler Gateway virtual server located in a DMZ network.

✑ Internal connection traffic should NOT leave the internal corporate network.

Which two authentication methods should the architect use for the Contractors group? (Choose two.)

RADIUS authentication

Smart Cards

SAML authentication

Domain pass-through

Federated Authentication Service

Username and password

Correct Answer: A, C

For the Contractors group, external connections require multi-factor authentication and must not involve Workspace Services credentials. RADIUS authentication provides a robust method for multi-factor authentication, meeting the need for enhanced security for external connections. SAML authentication allows users to use their own authentication provider, addressing the need for contractors not to know Workspace Services credentials and use their own credentials. Combining these two methods meets the security requirements detailed in the scenario.

Discussion

hckOptions: AC

Should be A and C. SAML IdP is required for users to be able to use their own credentials (not Workspace credentials). RADIUS for multi-factor auth as per requirement.

keplerOptions: CE

why not C and E? SAML allows them to use their own idP, and FAS being the intermediary for single sign on with Workspace/AD. This way, they will not be prompted for username/pw from AD.

d0bermannn

do FAS can handle not domain joined devices?

thedelphOptions: AC

I think this is A and C. A because it says MFA is required, so a RADIUS pin would meet this requirement. C because it says users must supply their own authentication provider. https://docs.citrix.com/en-us/netscaler/12/aaa-tm/saml-authentication.html It is not D because it's BYOD therefore domain pass-through wouldn't work. It's not F because the question states that users should not have knowledge of workspace services credentials.

d0bermannnOptions: AC

A&C is correct

PFerOptions: CD

C & D. The answer is correct, using SAML from the IDP certificate assertion, making client certificate has a MFA. https://docs.citrix.com/en-us/netscaler/12/aaa-tm/saml-authentication.html

tripatpdOptions: AE

I think A and E is correct answer

d0bermannn

do FAS can handle not domain joined devices?

GuenneOptions: AE

Should be A and E

d0bermannn

do FAS can handle not domain joined devices?

CitrixNick

Citrix reference Design methodology access layer https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/citrix-vdi-best-practices/design/design-userlayer2.html