Exam 1Y0-231 topic 1 question 67 discussion

Actual exam question from Citrix's 1Y0-231

Question #: 67
Topic #: 1

Scenario: A Citrix Administrator suspects an attack on a load-balancing virtual server (IP address 192.168.100.25). The administrator needs to restrict access to this virtual server for 10 minutes.
Which access control list (ACL) will accomplish this?

A. add ns acl rule1 DENY -destIP 192.168.100.25 -TTL 600000
B. add simpleacl rule1 DENY -srcIP 192.168.100.25 -TTL 600000
C. add ns acl rule1 DENY -destIP 192.168.100.25 -TTL 600
D. add simpleacl rule1 DENY -srcIP 192.168.100.25 -TTL 600

Show Suggested Answer

Suggested Answer: C 🗳️

by sailorsoul at Nov. 20, 2022, 7:04 p.m.

Comments

Submit Cancel

RDIO

11 months, 3 weeks ago

Selected Answer: C

C. 600sec=10min simple acl cannot deny based on IP destination. https://docs.citrix.com/en-us/citrix-adc/current-release/networking/access-control-lists-acls/simple-acls-and-simple-acl6s.html Extended ACL can filter based on the destination IP. https://docs.citrix.com/en-us/citrix-adc/current-release/networking/access-control-lists-acls/extended-acls-and-extended-acl6s.html

upvoted 4 times

...

jdellacasa

1 year, 1 month ago

Selected Answer: C

d parameter is source IP, not what we want to achieve with the deny.C with destip is valid :https://developer-docs.citrix.com/projects/netscaler-command-reference/en/12.0/ns/ns-acl/ns-acl/

upvoted 2 times

...

Vik84

1 year, 2 months ago

Selected Answer: D

It is totally D, there is no such param like dstIP, check below command. Usage: add ns simpleacl <aclname> <aclaction> [-td <positive_integer>] -srcIP <ip_addr> [-destPort <port> -protocol ( TCP | UDP )] [-TTL <positive_integer>]

upvoted 1 times

sailorsoul

1 year, 2 months ago

simple ACL does not have dst IP, true. The question asks the admin to filter based on the destination IP address. So the only valid answer is using an extended ACL.

upvoted 1 times

...