Scenario: A Citrix Engineer has enabled the IP Reputation feature. The engineer wants to protect a critical web application from a distributed denial of service attack.
Which advanced expression can the engineer write for a Responder policy?
Scenario: A Citrix Engineer has enabled the IP Reputation feature. The engineer wants to protect a critical web application from a distributed denial of service attack.
Which advanced expression can the engineer write for a Responder policy?
The most appropriate advanced expression for a Responder policy to protect against a distributed denial of service (DDoS) attack in the provided options would be 'CLIENT.IP.SRC.IPREP_THREAT_CATEGORY(BOTNETS)'. Botnets are frequently utilized to conduct DDoS attacks by overwhelming the targeted system with a massive amount of traffic originating from multiple sources. Using this expression helps in identifying and mitigating traffic from botnet sources, which is crucial in defending against DDoS attacks.
Correct answer doesn't seem to be in the list, the most appropriate here would be CLIENT.IP.SRC.IPREP_THREAT_CATEGORY(DOS) - see https://docs.citrix.com/en-us/citrix-adc/13/reputation/ip-reputation.html
I agree, but would go for B (botnets) unless DOS is not listed
The correct answer should be DOS but its not here. The closest thing is probably botnet. Another crappy question.
B. CLIENT.IP.SRC.IPREP_THREAT_CATEGORY(BOTNETS) This is because botnets are commonly used to perform DDoS attacks, and selecting this category would help in creating a policy that focuses on preventing traffic that is likely to be part of such an attack. If a more specific category related to DDoS attacks is available in the actual Citrix system, that would be the ideal choice.
Should be B