Scenario: A Citrix Engineer wants to protect a web application using Citrix Web App Firewall. The engineer enables the Learn action for the Start URL, HTML, Cross-Site Scripting, and HTML SQL Injection protections. The engineer assigns this profile to a policy, which is then bound to the virtual server.
Which two items can the engineer check to determine that the Learn action is NOT capturing any rules? (Choose two.)
To determine that the Learn action is not capturing any rules, the engineer should check the status of the aslearn process on the Citrix ADC appliance because this process is responsible for the learning functionality of the Citrix Web App Firewall; if it is not running, learning will not occur. Additionally, it is crucial to verify that the Learn database is less than 20 MB because if the Learn database exceeds this size limit, it will stop capturing new rules. Ensuring these two conditions helps confirm that the learning process is functioning correctly.
Should be C & D - see https://support.citrix.com/article/CTX223403/how-to-troubleshoot-netscaler-appfirewall-aslearn-issues
C. The aslearn process is running on the Citrix ADC appliance. The aslearn process is responsible for the learning functionality of the Citrix Web App Firewall. If this process is not running, learning will not occur. The engineer can verify the process status using the command line on the ADC appliance. D. The Learn database is less than 20 MB. The Learn database has a size limit, and if it exceeds 20 MB, it will stop capturing new rules. The engineer should check the size of this database to ensure it has not reached its limit and that there is enough space to capture additional rules. If the database size is at the limit, no new learning data will be captured until the database is managed to bring it below the threshold.
C and D only make sence here.
I agree, C&D according to Guntrrr's article