Scenario: A Citrix Engineer has configured a Denial-of-Service (DoS) protection on the NetScaler and found that client TCP connections are failing. After taking a packet trace, the engineer notices that the first packet was dropped and that the NetScaler terminated the connection due to DoS protection being enabled.
What step can the engineer take to resolve the client connection failure?
A. Enable the SYN COOKIE mechanism.
B. Enable Denial-of-Service TCP connections.
C. Disable the SYN COOKIE mechanism.
D. Change the services from TCP to HTTP.
C
“SYN cookies are enabled by default on a NetScaler appliance to prevent SYN attacks. If your deployment requires you to disable SYN cookies, for example, for server-initiated data connections or in cases where a connection is not established because the first packet is dropped or reordered, use one of the following methods to disable SYN cookies.”
https://docs.citrix.com/en-us/netscaler/12/security/http-denial-of-service-protection/ns-syn-dos-protection-con.html
the referenced document says C