Examice

Exam 1Y0-241 All QuestionsBrowse all questions from this exam

Question 58

Scenario: A Citrix Administrator manages an environment that has three SSL websites, all serving the same content. www.company.com www.company.net www.company.org

The administrator would like to consolidate the websites into a single, load-balanced SSL vServer.

What can the administrator bind to use a single SSL vServer?

A wildcard certificate to a single SSL vServer

A wildcard certificate to a content-switching vServer

The certificate of each website to a single SSL vServer

A multiple SAN certificate to a single SSL vServer

Correct Answer: D

To consolidate multiple SSL websites serving the same content into a single, load-balanced SSL vServer, the administrator should bind a multiple SAN certificate. This type of certificate (Subject Alternative Name) supports multiple domain names in a single certificate, making it ideal for this scenario where the sites have different domains (company.com, company.net, company.org) but share the same content. This setup simplifies management by using a single certificate that covers all the domains, avoiding the need to configure multiple certificates or SNI (Server Name Indication).

Discussion

XcoDeXOption: D

I would choose D. Option C requires to configure SNI since it is not possible to bind 3 certificates (with the same cryptography) to a Load Balancer. In addition, the statement mentions that the three websites are serving the same content, so the backend servers could be the same for all of them and then the SNI config stops making sense. By binding a multiple SAN certificate, we only need to adapt the DNS entries of the websites to point to the same IP (1 IP with 3 DNS) and we will be able to forward the requests to any backend server since all of them are serving the same content.

vipjasonOption: D

A wildcard is still bound to a domain, aka <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="bcddd2c5d4d3cfc8fcd8d3d1ddd5d292dfd3d1">[email protected]</a>. In this case the domains are .com, .net, etc.

caioninautOption: A

I would choose A As It says here: https://support.citrix.com/article/CTX110670/how-to-use-a-wildcard-certificate-to-host-multiple-secure-sites-on-a-single-ssl-virtual-ip-address-of-the-netscaler-appliance

foreigner78Option: C

C because the simplest one, the others you require CS, SNI,etc

ImMaaxOption: D

C and D are viable, C is quicker since admin has the certs created, D would require a brand new one