Networking with Windows Server 2016 — Question 23

You manage a Windows Server 2016 software-defined network.
Network Controller is installed on a three-node domain-joined cluster of virtual machines.
You need to add a new access control list (ACL) for the network controller to the network interface on a tenant virtual machine. The ACL will have only one rule that prevents only outbound traffic from the 10.10.10.0/24 subnet.
You plan to run the following Windows PowerShell commands.
$ruleproperties = new-object Microsoft.Windows.NetworkController.AclRuleProperties
$ruleproperties.SourcePortRange = "0-65535"
$ruleproperties.DestinationPortRange = "0-65535"
$ruleproperties.Action = "Deny"
$ruleproperties.Priority = "100"
$ruleproperties.Type = "Outbound"
$ruleproperties.Logging = "Enabled"
Which three remaining properties should you add to the rule? Each correct answer presents part of the solution. (Choose three.)
NOTE: Each correct selection is worth one point.

Answer options

• A. $ruleproperties.SourceAddressPrefix = "10.10.10.0/24"
• B. $ruleproperties.DestinationAddressPrefix = "10.10.10.0/24"
• C. $ruleproperties.Protocol = "ALL"
• D. $ruleproperties.Protocol = "TCP"
• E. $ruleproperties.SourceAddressPrefix = "*"
• F. $ruleproperties.DestinationAddressPrefix = "*"

Correct answer: A, C, F

Explanation

The correct options are A, C, and F because A specifies the source address range that the rule applies to, C allows all protocols, and F sets a wildcard for destination addresses, enabling the rule to apply to all destinations. Options B and D are incorrect as they either restrict the destination address to the same subnet or limit the protocol to TCP, which does not fulfill the requirement for an all-encompassing rule.