Which expression can block all DNS requests from subnet 10.107.149.0/24?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Master Citrix ADC13 with Citrix Gateway 1Y0-231 Test. Use flashcards and multiple choice questions with hints. Prepare thoroughly for your exam!

Multiple Choice

Which expression can block all DNS requests from subnet 10.107.149.0/24?

Explanation:
Blocking requests from a subnet means you must match both the source IP range and the DNS port (53) on the protocols DNS can use (UDP and sometimes TCP). DNS traffic is typically sent to port 53 over UDP, but TCP is used for larger responses or certain DNS operations, so you want to cover both. The expression that uses the source as 10.107.149.0 and then checks for either UDP or TCP destination port 53 does exactly that: it targets the 10.107.149.0/24 subnet and blocks any DNS traffic regardless of whether it arrives over UDP or TCP. In this policy syntax, specifying the base address 10.107.149.0 effectively encompasses the whole /24, ensuring every host in that subnet is included. By combining UDP and TCP 53, all DNS requests from the subnet are blocked in one rule. Other options either restrict to a single protocol (only UDP) or rely on explicit subnet notation, but the chosen expression achieves broad coverage for the entire subnet with both DNS transport options.

Blocking requests from a subnet means you must match both the source IP range and the DNS port (53) on the protocols DNS can use (UDP and sometimes TCP). DNS traffic is typically sent to port 53 over UDP, but TCP is used for larger responses or certain DNS operations, so you want to cover both.

The expression that uses the source as 10.107.149.0 and then checks for either UDP or TCP destination port 53 does exactly that: it targets the 10.107.149.0/24 subnet and blocks any DNS traffic regardless of whether it arrives over UDP or TCP. In this policy syntax, specifying the base address 10.107.149.0 effectively encompasses the whole /24, ensuring every host in that subnet is included. By combining UDP and TCP 53, all DNS requests from the subnet are blocked in one rule.

Other options either restrict to a single protocol (only UDP) or rely on explicit subnet notation, but the chosen expression achieves broad coverage for the entire subnet with both DNS transport options.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy