1Y0-440 Question #24: Real Exam Question with Answer & Explanation

Scenario: A Citrix Architect has set up NetScaler MPX devices in high availability mode with version 12.0.53.13 nc. These are placed behind a Cisco ASA 5505 Firewall. The Cisco ASA firewall is configured to block traffic originating from internal. The network devices administration (NAT) also performed on the firewall. The following requirements were captured by the architect during the discussion held as part of the NetScaler security implementation project with the customer's security team: The NetScaler MPX device:

• Should block any type of traffic either on a specific virtual entity or on the device. It should be able to mitigate the attacks from a hostile client sending a flood of requests. The NetScaler device should be able to stop the HTTP, TCP, and DNS based requests.
• Should block unsolicited e-mail from reaching servers.
• needs to queue all the incoming requests on the virtual server level instead of the service level.
• Should provide protection against obfuscated attack by hackers, unknown malicious characters, centrally managed automated botnets, compromised webservers, known spammers/hackers, and phishing proxies.
• Should provide protection to the internal servers and it will only check inspections for the requests originating from a specific geolocation database.
• Should block the traffic based on a pre-determined header length, URL length, and cookie length. The device should ensure that characters such as a single backslash () in a URL request, a double-byte character in the URL request, or dropped while being sent to the backend server.

Which security feature should the architect configure to meet these requirements?