Which expression would block DNS requests from subnet 10.107.149.0/24 by matching both UDP and TCP port 53 traffic?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Master Citrix ADC13 with Citrix Gateway 1Y0-231 Test. Use flashcards and multiple choice questions with hints. Prepare thoroughly for your exam!

Multiple Choice

Which expression would block DNS requests from subnet 10.107.149.0/24 by matching both UDP and TCP port 53 traffic?

Explanation:
Focus on how to scope and filter the traffic. To block requests from a whole subnet you must express the source as the subnet itself, not a single host address. Using the subnet qualifier 10.107.149.0/24 with IN_SUBNET ensures every device within that /24 is covered, rather than just a single IP that would only match one potential origin. DNS typically uses port 53, and in many policies you filter by the destination port. By specifying UDP DSTPORT 53, you target the common DNS method over UDP. The combination of IN_SUBNET(10.107.149.0/24) and UDP DSTPORT 53 matches DNS queries originating from any host in that subnet, making it the appropriate expression for this blocking rule in this context. If you needed to cover DNS traffic over TCP as well, you would include TCP DSTPORT 53 in the same expression. In the given options, the one that uses the correct subnet scope and the UDP DNS port is the expected approach for blocking DNS requests from that subnet.

Focus on how to scope and filter the traffic. To block requests from a whole subnet you must express the source as the subnet itself, not a single host address. Using the subnet qualifier 10.107.149.0/24 with IN_SUBNET ensures every device within that /24 is covered, rather than just a single IP that would only match one potential origin.

DNS typically uses port 53, and in many policies you filter by the destination port. By specifying UDP DSTPORT 53, you target the common DNS method over UDP. The combination of IN_SUBNET(10.107.149.0/24) and UDP DSTPORT 53 matches DNS queries originating from any host in that subnet, making it the appropriate expression for this blocking rule in this context.

If you needed to cover DNS traffic over TCP as well, you would include TCP DSTPORT 53 in the same expression. In the given options, the one that uses the correct subnet scope and the UDP DNS port is the expected approach for blocking DNS requests from that subnet.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy