Exam 1Y0-403 topic 1 question 71 discussion

requirement: use no default port and use three different ports for granular firewall rules => only C is a valid answer

ctxvad is correct, it's the textual example for the course book.

I would say answer C. BrokerService.exe –VdaPort 8081 –WiSSLPort 8082 –SDKPort 8083 –ConfigureFirewall • In this example, instead of simply changing the port for all services, we are splitting the port (instead of using single port, we will use different ports for different services). After doing this, we can configure the firewalls to block access to specific ports – so for example port 8083 (SDK, required by PowerShell\Citrix Studio for management) is not available for virtual desktops, but only from management workstations. Page 528 of the 415-course book.

Though all those question are wrong ;-) this is one of the few which has a right answer. See this: https://support.citrix.com/article/CTX232520 "4. Make sure port 80 is still allowed or added to firewall exceptions between all the delivery controllers for inter service communication and PVS servers. For example, Host service uses SDK port 80 to call HCL(Hypervisor Connection Library) to establish successful communication between PVS servers -> Delivery Controllers and hypervisor. This is required to create new hosting connection and to retain power state of virtual machines." You can't change SDK Port, therefore it's B.

I think C is correct. It´s not a problem, using 8082 and 8083 on citrix controller, if you do not install licensing server on it.

B is correct Not A = Default Port for VDA Register is Port 80 (however it is supposed to be changed) Not C and D 8082 and 8083 is for Lic Server - is not good B = Change VDA to 8081 and Firewall rule for 80,443 Default Port for Citrix Studio console or the SDK to directly access Delivery Controller https://docs.citrix.com/en-us/tech-zone/build/tech-papers/citrix-communication-ports.html