Citrix DaaS Administration — Question 12

A Citrix Engineer needs to ensure that all traffic to the virtual server is blocked if NONE of the bound Application Firewall policies are matched.
Which setting can the engineer configure to meet this requirement?

Answer options

• A. set appfw settings –undefAction APPFW_BLOCK
• B. set ns httpProfile nshttp_default_profile-dropInvalReqs DISABLED
• C. set ns httpProfie nshttp_default_profile –dropInvalReqs ENABLED
• D. set appfw settings –defaultProfile APPFW_BLOCK

Correct answer: D

Explanation

The correct answer is D because setting the default profile to APPFW_BLOCK ensures that any traffic not matched by existing policies is blocked. Options A, B, and C do not fulfill the requirement of blocking unmatched traffic at the virtual server level.