Examice

Exam 1Y0-240 All QuestionsBrowse all questions from this exam

Question 21

Which two configurations can a Citrix Administrator use to block all the post requests that are larger than 10,000 bytes in order to protect the environment against

HashDoS attacks? (Choose two.)

add policy expression expr_hashdos_prevention "http.REQ.METHOD.EQ(\"POST\") && http.REQ.CONTENT_LENGTH.GT(10000)" add responder policy pol_resp_hashdos_prevention expr_hashdos_prevention DROP NOOP bind responder global pol_resp_hashdos_prevention 70 END type REQ_OVERRIDE

add policy expression expr_hashdos_prevention "http.REQ.METHOD.EQ(\"POST\") && http.REQ.CONTENT_LENGTH.GT(10000)" add rewrite policy drop_rewrite expr_hashdos_prevention DROP bind rewrite global drop_rewrite 100 END type REQ_OVERRIDE

add policy expression expr_hashdos_prevention "http.REQ.METHOD.EQ(\"POST\") || http.REQ.CONTENT_LENGTH.GT(10000)" add responder policy pol_resp_hashdos_prevention expr_hashdos_prevention DROP NOOP bind responder global pol_resp_hashdos_prevention 70 END type REQ_OVERRIDE

add policy expression expr_hashdos_prevention "http.REQ.METHOD.EQ(\"POST\") || http.REQ.CONTENT_LENGTH.GT(10000)" add rewrite policy drop_rewrite expr_hashdos_prevention DROP

Correct Answer: A, B

To block all post requests that are larger than 10,000 bytes and protect against HashDoS attacks, the configurations need to use '&&' (logical AND) to ensure that both conditions are met: the request method must be 'POST' and the content length must be greater than 10,000 bytes. Options A and B correctly use the '&&' expression in their policy configurations, ensuring that only POST requests larger than 10,000 bytes are blocked. Options C and D use '||' (logical OR), which would incorrectly block requests that meet either one of the conditions, leading to over-blocking.

Discussion

RatheeshRavindranOptions: AB

AB is right

GTJOptions: AB

Should be AB. Or (||) is not to be used as NS will process ALL POST request