A content filter policy must block the source IP 10.100.32.211 but allow others from 10.100.32.0/24 to reach VIP 10.10.10.1. With the action RESET and bound to VIP 10.10.10.1, which policy expression satisfies this requirement?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Citrix 1Y0-241 and 1Y0-240 Exam. Use flashcards and multiple choice questions to enhance your understanding and success. Discover tips and strategies for acing your certification.

Multiple Choice

A content filter policy must block the source IP 10.100.32.211 but allow others from 10.100.32.0/24 to reach VIP 10.10.10.1. With the action RESET and bound to VIP 10.10.10.1, which policy expression satisfies this requirement?

Explanation:
The main idea here is to create a policy condition that distinguishes one specific host from the rest of the 10.100.32.0/24 so that only that host gets blocked while the others can reach the VIP. The expression that achieves this uses a direct check for the blocked IP and a netmask-based check to scope behavior to the 10.100.32.0/24 subnet. Why this works: by testing for the exact blocked address, the rule will trigger whenever the source is 10.100.32.211, causing the RESET to apply to that traffic. For other hosts within the 10.100.32.0/24, the first part (the equality to 10.100.32.211) is false, and the second part (the not-in-that-/24 test) is also false because their addresses are inside 10.100.32.0/24. With the OR structure, only the blocked IP satisfies the condition to reset, so those other hosts are allowed to reach the VIP. The other options mix equality and inequality or use these conditions with the wrong logical combination, which would either block more than intended or fail to block the specific address.

The main idea here is to create a policy condition that distinguishes one specific host from the rest of the 10.100.32.0/24 so that only that host gets blocked while the others can reach the VIP. The expression that achieves this uses a direct check for the blocked IP and a netmask-based check to scope behavior to the 10.100.32.0/24 subnet.

Why this works: by testing for the exact blocked address, the rule will trigger whenever the source is 10.100.32.211, causing the RESET to apply to that traffic. For other hosts within the 10.100.32.0/24, the first part (the equality to 10.100.32.211) is false, and the second part (the not-in-that-/24 test) is also false because their addresses are inside 10.100.32.0/24. With the OR structure, only the blocked IP satisfies the condition to reset, so those other hosts are allowed to reach the VIP.

The other options mix equality and inequality or use these conditions with the wrong logical combination, which would either block more than intended or fail to block the specific address.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy