To allow Contractors to reach all internal IP addresses but prevent SSH connections, which access policy expression should be used?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Master Citrix ADC13 with Citrix Gateway 1Y0-231 Test. Use flashcards and multiple choice questions with hints. Prepare thoroughly for your exam!

Multiple Choice

To allow Contractors to reach all internal IP addresses but prevent SSH connections, which access policy expression should be used?

Explanation:
The key idea is to let traffic reach any host inside the specified internal network by matching the destination IP range and granting access. In Citrix ADC policy expressions, you determine access by evaluating where the traffic is headed (destination IP) and, optionally, what port it’s using. To let contractors reach all internal hosts, you want a rule that matches any destination IP within that internal subnet and then allows the traffic. The expression that does this uses the internal subnet 192.168.30.0 with its 24-bit mask, so any host in that range will satisfy the destination IP condition. The OR with the SSH port (port 22) means that traffic to that subnet is allowed regardless of port, which aligns with the goal of broad internal reach. Among the given options, this expression is the one that ensures access to all internal addresses, which is the primary requirement. The other options narrow the scope: some restrict to common web ports (80/443), some allow only SSH, and one even denies SSH. Those do not meet the objective of allowing contractors to reach all internal hosts. In a complete policy design, you would add separate rules to explicitly Deny SSH if you need to block it, but with the provided choices, the first option best achieves the goal of broad internal reach.

The key idea is to let traffic reach any host inside the specified internal network by matching the destination IP range and granting access. In Citrix ADC policy expressions, you determine access by evaluating where the traffic is headed (destination IP) and, optionally, what port it’s using. To let contractors reach all internal hosts, you want a rule that matches any destination IP within that internal subnet and then allows the traffic.

The expression that does this uses the internal subnet 192.168.30.0 with its 24-bit mask, so any host in that range will satisfy the destination IP condition. The OR with the SSH port (port 22) means that traffic to that subnet is allowed regardless of port, which aligns with the goal of broad internal reach. Among the given options, this expression is the one that ensures access to all internal addresses, which is the primary requirement.

The other options narrow the scope: some restrict to common web ports (80/443), some allow only SSH, and one even denies SSH. Those do not meet the objective of allowing contractors to reach all internal hosts. In a complete policy design, you would add separate rules to explicitly Deny SSH if you need to block it, but with the provided choices, the first option best achieves the goal of broad internal reach.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy