Scenario: A Citrix Administrator created an SSL vServer using only the following commands:
add lb vserver sslvserver SSL 10.102.29.133 444
add service sslsvc1 192.168.0.14 SSL 443 add service sslsvc2 192.168.0.15 SSL 443 bind lb vserver sslvserver sslsvc1 bind lb vserver sslvserver sslsvc2 set ssl vserver sslvserver ‘ssl3 disabled
The SSL vServer is currently in a DOWN state.
What could be the reason the SSL vServer is in a down state?
A. SSLv3 is disabled.
B. The SSL Certificate is NOT bound to the vServer.
C. The SSL services are NOT on the 10.102.29.X network
D. The vServer SSL port is NOT set to port 443.
|
Download Printable PDF. VALID exam to help you PASS. |
 |
B is correct
C – does not make sense as NS is very often used as proxy (reverse or forward), which means that it proxies traffic from one subnet to another one, which determines that the NS LB virtual server can contain services from another subnets.
true, but how do we know that a SNIP in the 192.168.0.0/24 network exists from the info in the question?
one might think the same logic applies to B, but one cannot bind an SSL cert to a VIP until the VIP is created. since we see the VIP created in the question, and no subsequent command to bind the cert. we are presented with two facts:
1. The VIP will remain DOWN until an SSL cert is bound to it.
2. The VIP will be down if there is no route to the bound Services.
There’s no way the cert is bound, however, it’s possible that a SNIP was added for the 192.168.0.0/24 prior to when the commands in the question were issued.
There is Certainty regarding B, there is doubt regarding C.
since C is in doubt, the best answer is B.