Question 10
Scenario: A Citrix Engineer must enable a cookie consistency security check and ensure that all the session cookies get encrypted during the transaction. The engineer needs to ensure that none of the persistent coolies are encrypted and decrypted and decrypt any encrypted cookies during the transaction.
Which cookie consistency security feature will the engineer configure in the following configuration to achieve the desired results?
add appfw profile Test123 –startURLAction none- denyURLAction none- cookieConsistencyAction log –cookieTransforms ON –cookieEncryption ecryptSessionOnly –addCookieFlags httpOnly –crossSiteScriptingAction none- SQLInjectionAction log stats –SQLInjectionTransfrormSpecialChars ON- SQLInjectionCheckSQLWildChars ON –fieldFormatAction none –bufferOverflowAction none –responseContentType “application/octet-stream”- XMLSQLInjectionAction none –XMLXSSAction none-XMLWSIAction none- XMLValidationAction none
Configure Encrypt Server cookies to “Encrypt All”
Configure Encrypt Server cookies to “None”
Configure Encrypt Server cookies to “Encrypt Session Only”
Configure Encrypt Server cookies to “Encrypt only”
Correct answer: B
Explanation:
Reference: https://docs.citrix.com/en-us/netscaler/12/application-firewall/top-level-protections/cookie-consistency-check.html
Reference: https://docs.citrix.com/en-us/netscaler/12/application-firewall/top-level-protections/cookie-consistency-check.html