Examice

Exam 1Y0-241 All QuestionsBrowse all questions from this exam

Go to Exam

Question 67

Scenario: For security reasons, a Citrix Administrator needs to block access to multiple URLs.

The administrator executes the below commands:

> add policy patset BAD_URL

> bind policy patset BAD_URL badurl1.mylab.lab -index 11 -charset ASCII

> bind policy patset BAD_URL badurl2.mylab.lab -index 10 -charset ASCII

Which final two commands should the administrator execute to accomplish this?

> add responder policy BAD_URL_DNS "DNS.REQ.QUESTION.DOMAIN.CONTAINS(\"BAD_URL\")" DROP

> bind responder global BAD_URL_DNS 100 END -type DNS_REQ_OVERRIDE

> add responder policy BAD_URL_DNS "DNS.REQ.QUESTION.DOMAIN.CONTAINS_ANY(\"BAD_URL\")" RESET

> bind responder global BAD_URL_DNS 100 END -type DNS_REQ_OVERRIDE

> add responder policy BAD_URL_DNS "DNS.REQ.QUESTION.DOMAIN.CONTAINS(\"BAD_URL\" RESET

> bind responder global BAD_URL_DNS 100 END -type DNS_REQ

> add responder policy BAD_URL_DNS "DNS.REQ.QUESTION.DOMAIN.CONTAINS(\"BAD_URL\" RESET

> bind responder global BAD_URL_DNS 100 END -type DNS_REQ_OVERRIDE

Correct Answer: B

To block access to multiple URLs, the correct responder policy should use the CONTAINS_ANY operator, since it can evaluate multiple patterns specified in the patset. The appropriate syntax for the responder policy would be DNS.REQ.QUESTION.DOMAIN.CONTAINS_ANY('BAD_URL') as it directly references the pattern set BAD_URL which contains multiple URLs. Therefore, the commands should be: add responder policy BAD_URL_DNS 'DNS.REQ.QUESTION.DOMAIN.CONTAINS_ANY("BAD_URL")' RESET and bind responder global BAD_URL_DNS 100 END -type DNS_REQ_OVERRIDE.

Discussion

wideawakeOption: B

* CONTAINS ( text_t s) , CONTAINS_ANY ( text_t patset_name) PatSets are used in combination with CONTAINS_ANY . https://developer-docs.citrix.com/projects/netscaler-advanced-policy-expression-reference/en/12.0/dns_domainname_t/dns_domainname_t/