Which final two commands implement a DNS-based bad URL filter using a responder policy?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Citrix ADC 1Y0-241 exam. Study with multiple choice questions, hints, and detailed explanations to enhance your traffic management skills. Boost your readiness for the certification!

Multiple Choice

Which final two commands implement a DNS-based bad URL filter using a responder policy?

Explanation:
Filtering DNS requests with a responder policy works by inspecting the domain name in the DNS question and taking an action that stops or alters the resolution for matching queries. To block a bad URL at DNS time, you want a policy that detects the offending domain and then overrides the normal DNS reply with a termination action. The best approach uses a policy that checks if the DNS question’s domain contains the bad URL substring, and then resets the DNS transaction by overriding the DNS response. Using a contains_any expression keeps the pattern flexible for multiple bad-URL strings in the future, and it behaves the same as contains when there is only one string, but it’s a safer, scalable choice. The reset action immediately terminates the DNS flow for the matching query, rather than letting the normal resolution complete, which is the desired effect for a bad URL filter. Binding this as a DNS_REQ_OVERRIDE ensures the policy applies specifically to DNS requests and that the override is enforced for the matched queries. So the final two commands create the policy, set the match condition to a substring check on the DNS question domain, specify a reset action, and attach the policy globally with the DNS request override type, which is the correct combination to implement a DNS-based bad URL filter.

Filtering DNS requests with a responder policy works by inspecting the domain name in the DNS question and taking an action that stops or alters the resolution for matching queries. To block a bad URL at DNS time, you want a policy that detects the offending domain and then overrides the normal DNS reply with a termination action.

The best approach uses a policy that checks if the DNS question’s domain contains the bad URL substring, and then resets the DNS transaction by overriding the DNS response. Using a contains_any expression keeps the pattern flexible for multiple bad-URL strings in the future, and it behaves the same as contains when there is only one string, but it’s a safer, scalable choice. The reset action immediately terminates the DNS flow for the matching query, rather than letting the normal resolution complete, which is the desired effect for a bad URL filter. Binding this as a DNS_REQ_OVERRIDE ensures the policy applies specifically to DNS requests and that the override is enforced for the matched queries.

So the final two commands create the policy, set the match condition to a substring check on the DNS question domain, specify a reset action, and attach the policy globally with the DNS request override type, which is the correct combination to implement a DNS-based bad URL filter.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy