Which option correctly lists the two policy types that can be applied to a Citrix Gateway virtual server to ensure only domain-joined corporate laptops are allowed?

Focusing on device posture and access control at the gateway, you use two policy types that work together to gate access before and during a session: Pre-Authentication and Session policies. The Pre-Authentication policy runs before the user signs in and can check endpoint posture—like whether the device is domain-joined and meets required security criteria. If the device doesn’t pass, access is blocked before credentials are even entered. After successful authentication, the Session policy enforces ongoing session rules, ensuring the connected device remains compliant for the duration of the session or applying additional restrictions. This combination specifically targets ensuring only domain-joined corporate laptops are allowed. Other policy types don’t serve this posture-based pre- and post-authentication enforcement: Responder handles HTTP responses, Authorization governs resource access after login, and Traffic deals with routing and traffic control.