Citrix Endpoint Management Administration — Question 11

Scenario: A Citrix Engineer has enabled the IP Reputation feature. The engineer wants to protect a critical web application from a distributed denial of service attack.
Which advanced expression can the engineer write for a Responder policy?

Answer options

• A. CLIENT.IP.SRC.IPREP_THREAT_CATEGORY(SPAM_SOURCES)
• B. CLIENT.IP.SRC.IPREP_THREAT_CATEGORY(BOTNETS)
• C. CLIENT.IP.SRC.IPREP_THREAT_CATEGORY(WEB_ATTACKS)
• D. CLIENT.IP.SRC.IPREP_THREAT_CATEGORY(WINDOWS_EXPLOITS)

Correct answer: B

Explanation

The correct answer is B, CLIENT.IP.SRC.IPREP_THREAT_CATEGORY(BOTNETS), because botnets are often used in DDoS attacks to overwhelm applications with traffic. The other options refer to threats that are not specifically related to DDoS attacks: SPAM_SOURCES relates to unsolicited emails, WEB_ATTACKS targets web vulnerabilities, and WINDOWS_EXPLOITS pertains to exploits targeting Windows systems.