A content filter policy must block the source IP 10.100.32.211 but allow others from 10.100.32.0/24 to reach VIP 10.10.10.1. With the action RESET and bound to VIP 10.10.10.1, which policy expression satisfies this requirement?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Citrix 1Y0-241 andamp; 1Y0-240 exams with our focused quiz. Use flashcards and detailed multiple choice questions, complete with hints and explanations, to boost your readiness. Ensure success on your exam day!

Multiple Choice

A content filter policy must block the source IP 10.100.32.211 but allow others from 10.100.32.0/24 to reach VIP 10.10.10.1. With the action RESET and bound to VIP 10.10.10.1, which policy expression satisfies this requirement?

Explanation:
The main idea here is to create a policy condition that distinguishes one specific host from the rest of the 10.100.32.0/24 so that only that host gets blocked while the others can reach the VIP. The expression that achieves this uses a direct check for the blocked IP and a netmask-based check to scope behavior to the 10.100.32.0/24 subnet. Why this works: by testing for the exact blocked address, the rule will trigger whenever the source is 10.100.32.211, causing the RESET to apply to that traffic. For other hosts within the 10.100.32.0/24, the first part (the equality to 10.100.32.211) is false, and the second part (the not-in-that-/24 test) is also false because their addresses are inside 10.100.32.0/24. With the OR structure, only the blocked IP satisfies the condition to reset, so those other hosts are allowed to reach the VIP. The other options mix equality and inequality or use these conditions with the wrong logical combination, which would either block more than intended or fail to block the specific address.

The main idea here is to create a policy condition that distinguishes one specific host from the rest of the 10.100.32.0/24 so that only that host gets blocked while the others can reach the VIP. The expression that achieves this uses a direct check for the blocked IP and a netmask-based check to scope behavior to the 10.100.32.0/24 subnet.

Why this works: by testing for the exact blocked address, the rule will trigger whenever the source is 10.100.32.211, causing the RESET to apply to that traffic. For other hosts within the 10.100.32.0/24, the first part (the equality to 10.100.32.211) is false, and the second part (the not-in-that-/24 test) is also false because their addresses are inside 10.100.32.0/24. With the OR structure, only the blocked IP satisfies the condition to reset, so those other hosts are allowed to reach the VIP.

The other options mix equality and inequality or use these conditions with the wrong logical combination, which would either block more than intended or fail to block the specific address.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy