Which type of authentication server could an engineer configure in order to provide the use of RSA token
authentication as a permitted authentication method to access a AAA Virtual Server?

A.
LDAP

B.
SAML

C.
RADIUS

D.
Negotiate

Explanation:
http://support.citrix.com/article/CTX127543
This document describes how to configure Access Gateway 5.0 for authentication against an RSA SecurID
Authentication server. It describes the configuration required in both the Access Gateway and the RSA server
for various deployment topologies.

Within the RSA Authentication Manager console, choose Agent Host > Generate Configuration
Files and select for One Agent Host, and choose the Agent Host created in step 1 and save the generated
sdconf.rec file.

If using RSA 7.1
Open the RSA Security Console and navigate to Access > Authentication Agents > Add New.
Enter the name and IP Address of the Access Gateway, and set Agent type to Standard Agent. Save this new
agent.

Select Access > Authentication Agents > Generate Configuration File and generate the configuration file. There
is no option to generate a configuration file for a single host in RSA 7.1. Save and extract the sdconf.rec from
the generated zip file.

Log on to the Access Gateway AdminLogonPoint and go to Authentication Profiles to create an RSA
authentication profile. Browse to the generated sdconf.rec file on your computer to upload it on the
Appliance, and save the profile.

Additional Notes for Creating the Agent Record in RSA.
The details entered into the Agent Host configuration are specific, and depend on the deployment
configuration of your Access Gateway. The following are the different deployment methods and the associated
configuration within the RSA Agent:
Access Gateway is a non-HA deployment in one-arm mode.
Network Address: IP address of Access Gateway
Access Gateway is a non-HA deployment in two-arm mode, traffic to the RSA server is through the interface
with the Internal role
Network Address: IP address of the interface with the Internal role
Access Gateway is a non-HA deployment in two-arm mode, traffic to the RSA server is through the interface
with the External role
Network Address: IP address of the interface with the Internal role
Secondary Nodes: IP address of the interface with the External role
Access Gateway is in an HA deployment in one-arm mode
Network Address: The HA Virtual IP address
Secondary Nodes: The physical IP addresses of both Access Gateways
Access Gateway is in an HA deployment in two-arm mode, traffic to the RSA server is through the interface
marked as INTERNAL
Network Address: The HA Internal virtual IP address
Secondary Nodes: The physical IP addresses of the interfaces with the Internal role on both Access Gateways
Access Gateway is in an HA deployment in two-arm mode, traffic to the RSA server is through the interface
marked as EXTERNAL
Network Address: The HA Internal virtual IP address
Secondary Nodes: The physical IP addresses of the interfaces with the External role on both Access Gateways
*In RSA 7.1 Secondary Nodes have been renamed to Alternate IP Addresses in the Authentication Agent
configuration.