To block all DNS requests from subnet 10.107.149.0/24, which expression correctly matches the traffic?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Citrix ADC 1Y0-241 exam. Study with multiple choice questions, hints, and detailed explanations to enhance your traffic management skills. Boost your readiness for the certification!

Multiple Choice

To block all DNS requests from subnet 10.107.149.0/24, which expression correctly matches the traffic?

Explanation:
Blocking DNS requests from a subnet requires two things: the source must be within that CIDR block, and the destination port must be 53 for either UDP or TCP. DNS uses UDP most of the time, but TCP is also used in certain cases, so a robust rule checks both protocols. The grouping with parentheses ensures the OR between UDP and TCP ports is evaluated only after confirming the source is in the specified subnet. The best expression uses IN_SUBNET with the /24 subnet and then ANDs that with a grouped condition that checks either UDP port 53 or TCP port 53. This precisely matches traffic coming from any host in 10.107.149.0/24 destined to port 53 on either protocol. The other options fall short because they either specify a single IP (not the whole /24) or omit the necessary parentheses, which can lead to incorrect matches such as allowing DNS traffic from anywhere on one protocol or misapplying the OR logic across unrelated traffic.

Blocking DNS requests from a subnet requires two things: the source must be within that CIDR block, and the destination port must be 53 for either UDP or TCP. DNS uses UDP most of the time, but TCP is also used in certain cases, so a robust rule checks both protocols. The grouping with parentheses ensures the OR between UDP and TCP ports is evaluated only after confirming the source is in the specified subnet.

The best expression uses IN_SUBNET with the /24 subnet and then ANDs that with a grouped condition that checks either UDP port 53 or TCP port 53. This precisely matches traffic coming from any host in 10.107.149.0/24 destined to port 53 on either protocol.

The other options fall short because they either specify a single IP (not the whole /24) or omit the necessary parentheses, which can lead to incorrect matches such as allowing DNS traffic from anywhere on one protocol or misapplying the OR logic across unrelated traffic.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy