Exam 1Y0-403 topic 1 question 14 discussion

A is correct https://support.citrix.com/article/CTX220062 said Enable-VdaSSL {-Enable | -Disable} [–SSLPort <port>] [-SSLMinVersion “<min-ssl-version>”] [-SSLCipherSuite“<suite>”] [-CertificateThumbPrint “<thumbprint>”] and -SSLMinVersion “<min-ssl-version>” Minimum SSL protocol version, enclosed in quotation marks. Valid values: "SSL_3.0", "TLS_1.0", "TLS_1.1", and "TLS_1.2". Default: "TLS_1.0"

Keyword: "default settings of the script"

Link is correct but answer is wrong. Magic keyword is "default" and the table shows: Minimum TLS protocol version, enclosed in quotation marks. Valid values: “SSL_3.0”, “TLS_1.0” (default), “TLS_1.1”, and “TLS_1.2”.

https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/secure/tls.htm According to this link above and in the table, it has (Default) right after TLS 1.0 Based on that I vote A Minimum TLS protocol version, enclosed in quotation marks. Valid values: “SSL_3.0”, “TLS_1.0” (default), “TLS_1.1”, and “TLS_1.2”. Important: Citrix recommends that customers review their usage of SSLv3 and take steps to reconfigure their deployments to remove support for SSLv3 where appropriate. See CTX200238.

The minimum ssl protocol version is ssl_v3 and will be enabled if nothing else is submitted

I read over "default". A is correct! Sorry!

B is correct!

Which versions of the SSL protocol to allow. The supported SSL protocol versions follow a hierarchy (lowest to highest): SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2. You specify the minimum allowed version; all protocol connections using that version or a higher version are allowed. For example, if you specify TLS 1.1 as the minimum version, then TLS 1.1 and TLS 1.2 protocol connections are allowed. If you specify SSL 3.0 as the minimum version, then connections for all the supported versions are allowed. If you specify TLS 1.2 as the minimum version, only TLS 1.2 connections are allowed. B should be the answer.

A is right

https://support.citrix.com/article/CTX220062 Minimum SSL protocol version, enclosed in quotation marks. Valid values: "SSL_3.0", "TLS_1.0", "TLS_1.1", and "TLS_1.2". Default: "TLS_1.0"

Agreed with @bonepin Enable-VDASSL --SSLMinVersion “<min-ssl-version>” From https://support.citrix.com/article/CTX220062 Minimum SSL protocol version, enclosed in quotation marks. Valid values: "SSL_3.0", "TLS_1.0", "TLS_1.1", and "TLS_1.2". Default: "TLS_1.0"

I think that the key here is "when using the default settings of the script", so I go with TLS 1.0, so A.

A is correct. Defaults setting is TLS 1.0 (Script -> .PARAMETER SSLMinVersion Specifies the minimum SSL version (allowed values are SSL_3.0, TLS_1.0, TLS_1.1 and TLS_1.2). Default is TLS_1.0. )

Yes, B. B1lly's referenced article states: "If you specify SSL 3.0 as the minimum version, then connections for all the supported versions are allowed."

The answer is B is correct: https://support.citrix.com/article/CTX220062 Which versions of the SSL protocol to allow. The supported SSL protocol versions follow a hierarchy (lowest to highest): SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2. You specify the minimum allowed version; all protocol connections using that version or a higher version are allowed. If you want to change the default settings (optional), use the following in the same registry path: SSLPort DWORD – SSL port number. Default: 443. SSLMinVersion DWORD – 1 = SSL 3.0, 2 = TLS 1.0, 3 = TLS 1.1, 4 = TLS 1.2. Default: 2 (TLS 1.0). SSLCipherSuite DWORD – 1 = GOV, 2 = COM, 3 = ALL. Default: 3 (ALL).

correct answer should be A . default setting is TLS 1.0