Citrix ADC 13 Advanced Topics – Security, Management and Optimization — Question 106

Scenario: A Citrix Administrator entered the command line interface (CLI) commands below to prevent IP address 10.10.10.100 from accessing the NetScaler on port 80.

> add simpleacl rule1 DENY -srcIP 10.10.10.100 -TTL 600
> add simpleacl rule2 DENY -srcIP 10.10.10.100 -destPort 80
> add ns acl rule1 DENY -srcIP 10.10.10.100 -priority 10
> add ns acl rule2 DENY -srcIP 10.10.10.100 -priority 100
apply ns acls

Which access control list (ACL) will the NetScaler use to satisfy the scenario?

Answer options

• A. add ns acl rule1 DENY -srcIP 10.10.10.100 -priority 10
• B. add simpleacl rule2 DENY -srcIP 10.10.10.100 -destPort 80
• C. add simpleacl rule1 DENY -srcIP 10.10.10.100 -TTL 600
• D. add ns acl rule2 DENY -srcIP 10.10.10.100 -priority 100

Correct answer: C

Explanation

The correct answer is C because the command ‘add simpleacl rule1 DENY -srcIP 10.10.10.100 -TTL 600’ effectively denies access for the specified IP address without any conditions regarding the destination port. The other options either do not block access on port 80 specifically or have lower priority, making them less effective in this scenario.