Examice

Exam 1Y0-402 All QuestionsBrowse all questions from this exam

Question 46

Scenario: A Citrix Architect wants to set up double-hop access for an existing XenApp and XenDesktop Site. All communication across DMZ 1, DMZ 2, and the

Internal Network is encrypted over port 443. The architect has proposed the design shown in the Exhibit, where DMZ 1 has NetScaler Gateway 1 and DMZ 2 has

NetScaler Gateway 2 and StoreFront.

Click the Exhibit button to view the design.

Which two sets of ports should the architect request to enable on Firewall 2?

Port 443 outbound and Port 1494/2598 inbound

Port 443 outbound and Port 80 inbound

Port 443 outbound and Port 443 inbound

Port 443 outbound and Port 389/636 inbound

Correct Answer: C

In the scenario described, all communication across DMZ 1, DMZ 2, and the Internal Network is encrypted over port 443. For the architect to enable communication through Firewall 2, both inbound and outbound communications need to be secured with port 443, as per the design requirement. Since all communications are encrypted over port 443, other ports like 389/636 for LDAP or 1494/2598 for ICA are not necessary to be opened on Firewall 2 based on the given scenario. Therefore, port 443 should be enabled inbound and outbound on Firewall 2.

Discussion

Citrix123Option: D

Opening port 443 is enough when there is no authentication configured on Netscaler Gateway in the first DMZ. If you enabled authentication on NetScaler Gateway in the first DMZ, this appliance might need to connect to an authentication server in the internal network. If authentication is enabled additionel ports are needed. Example: 1812 for Radius or 389 for LDAP. https://docs.citrix.com/en-us/netscaler-gateway/12/double-hop-dmz/ng-double-dmz-install-con/ng-double-dmz-install-open-ports-tsk.html

maurizio_n91Option: C

C for me, it's enought. LDAP based on picture need to be implemented on firewall 3 instead

thedelphOption: C

Isn't the answer in the question? "All communication across DMZ 1, DMZ 2, and the Internal Network is encrypted over port 443" So it would be C?

kolan90

and firewall1?

d0bermannnOption: C

C. Port 443 outbound and Port 443 inbound 389/636 open on fw3

ayushwithuOption: D

D. https://docs.citrix.com/en-us/legacy-archive/downloads/netscaler-gateway-12-0.pdf page #388

ijhoojhisdojihoij

C and D I think two answers are required.

CitrixNickOption: D

Can someone confirm ... the need to open port 389 (LDAP) and/or 636 (LDAPS) LDAP/LDAPS verification can handles the authentication @Active Director The verification step can be delegated to Second NS GateWay, StoreFront or the Delivery Controller. https://support.citrix.com/article/CTX101810

d0bermannn

yes, 389/636, but on fw3

CitrixNickOption: D

443 = SSL 389 = LDAP 696 = LDAPS (Secure)