If a user device does NOT comply with a company’s security requirements, which type of policy can a Citrix Administrator apply to a Citrix Gateway virtual server to limit access to Citrix Virtual Apps and Desktops resources?
If a user’s device fails an endpoint analysis (EPA) scan or doesn’t meet corporate compliance (e.g., missing antivirus, outdated OS, etc.), you control access behavior through Session policies on the Citrix Gateway.
Session policies can:
Restrict resource access,
Enforce SmartAccess or SmartControl rules,
Limit ICA proxy connections,
Assign specific VPN or app-layer permissions based on EPA results.
Other options (why not):
B. Responder: Used for redirects or blocking requests, not for resource filtering post-authentication.
C. Authorization: Controls traffic flow after session establishment, not used for EPA enforcement.
D. Traffic: Refers to VPN traffic flow or TCP/IP routing, not app-level access.
In Citrix Gateway (NetScaler), authorization policies are specifically designed to control what resources a user can access post-authentication, based on conditions like endpoint analysis (EPA) scans for compliance (e.g., antivirus presence, OS patches, registry keys, or firewall status).
If a device fails compliance (non-compliant), the administrator can bind a DENY authorization policy to the Gateway virtual server (or user groups). This limits or blocks access to backend resources like Citrix Virtual Apps and Desktops (e.g., allow only email access via Citrix Secure Mail but deny ICA/HDX connections to VDAs).
Key features:
Evaluated after authentication and session policies.
Default is ALLOW if no policy; explicit DENY overrides.
Supports classic or advanced expressions (e.g., ns_epa_compliant == FALSE).
Meant to click C.
If a user’s device fails an endpoint analysis (EPA) scan or doesn’t meet corporate compliance (e.g., missing antivirus, outdated OS, etc.), you control access behavior through Session policies on the Citrix Gateway.
Session policies can:
Restrict resource access,
Enforce SmartAccess or SmartControl rules,
Limit ICA proxy connections,
Assign specific VPN or app-layer permissions based on EPA results.
Other options (why not):
B. Responder: Used for redirects or blocking requests, not for resource filtering post-authentication.
C. Authorization: Controls traffic flow after session establishment, not used for EPA enforcement.
D. Traffic: Refers to VPN traffic flow or TCP/IP routing, not app-level access.
Has to be C - Authorization policy. That's where you control access to resources based on user attributes, group membership, and endpoint analysis results etc... Nothing to do with session profiles.
A session profile contains the settings for user connections.
Session profiles specify the actions that are applied to a user session if the user device meets the policy expression conditions. Profiles are used with session policies. You can use the configuration utility to create session profiles separately from a session policy and then use the profile for multiple policies. You can only use one profile with a policy.
https://docs.citrix.com/en-us/citrix-gateway/current-release/vpn-user-config/session-policies.html
Session profile isn't even an option. Its asking what kind of POLICY is going to limit access to resources. The only applicable option is an Authorization policy.
upvoted 3 times
...
...
This section is not available anymore. Please use the main Exam Page.1Y0-231 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Cole41
1Â month, 1Â week agoCole41
1Â month, 1Â week agoCole41
1Â month, 1Â week agosteveleek2
1Â year agoVik84
2Â years, 6Â months agosteveleek2
1Â year ago