Scenario: A Citrix Administrator entered the command-line interface commands below to prevent IP address 10.10.100 from accessing the NetScaler on port 80. add simpleacl rule1 DENY- srcIP 10.10.10.100 TTL 600 add simpleacl rule2 DENY- srcIP 10.10.10.100 destPort 80 add ns acl rule1 DENY- srcIP 10.10.10.100-priority 10 add ns acl rule2 DENY- srcIP 10.10.10.100-priority 100 apply ns acls
Which Access Control List (ACL) will the NetScaler use to deny the IP address?
The correct answer is based on identifying which ACL the NetScaler will use to deny the IP address 10.10.10.100. The NetScaler will use 'ns acl' rules before 'simpleacl' rules, and among 'ns acl' rules, it will prioritize based on the lower priority number. Since 'add ns acl rule1 DENY-srcIP 10.10.10.100-priority 10' has a lower priority number than 'add ns acl rule2 DENY- srcIP 10.10.10.100-priority 100', it will be used to deny the IP address.
answer should be C
B It will apply simple acls first, then you cannot specify a port unless you specify a protocol
do u take the exam !
add simpleacl rule1 DENY- srcIP 10.10.10.100 –TTL 600
Answer C: https://developer-docs.citrix.com/projects/netscaler-command-reference/en/12.0/ns/ns-simpleacl/ns-simpleacl/