Scenario: A Citrix Administrator suspects an attack on a load-balancing virtual server (IP address 192.168.100.25). The administrator needs to restrict access to this virtual server for 10 minutes.
Which access control list (ACL) will accomplish this?
To restrict access to the load-balancing virtual server at the IP address 192.168.100.25, an access control list (ACL) that denies access based on this destination IP is required. The command needs to set the time-to-live (TTL) in seconds, with 600 seconds being equivalent to 10 minutes. The correct option is 'add ns acl rule1 DENY -destIP 192.168.100.25 -TTL 600'. Simple ACLs typically cannot filter based on the destination IP, hence an extended ACL should be used.
C. 600sec=10min simple acl cannot deny based on IP destination. https://docs.citrix.com/en-us/citrix-adc/current-release/networking/access-control-lists-acls/simple-acls-and-simple-acl6s.html Extended ACL can filter based on the destination IP. https://docs.citrix.com/en-us/citrix-adc/current-release/networking/access-control-lists-acls/extended-acls-and-extended-acl6s.html
d parameter is source IP, not what we want to achieve with the deny.C with destip is valid :https://developer-docs.citrix.com/projects/netscaler-command-reference/en/12.0/ns/ns-acl/ns-acl/
resubmit . D is wrong because the need to filter the destination IP.
It is totally D, there is no such param like dstIP, check below command. Usage: add ns simpleacl <aclname> <aclaction> [-td <positive_integer>] -srcIP <ip_addr> [-destPort <port> -protocol ( TCP | UDP )] [-TTL <positive_integer>]
simple ACL does not have dst IP, true. The question asks the admin to filter based on the destination IP address. So the only valid answer is using an extended ACL.
When creating a simple ACL or simple ACL6, you can specify a time to live (TTL), in seconds
Actually it is C, simple ACL cannot filter based on destination IP.