Which expression would match DNS requests from subnet 172.16.0.0/12 for UDP or TCP port 53?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the Citrix 1Y0-241 and 1Y0-240 Test. Discover structured flashcards and multiple choice questions, each with explanations. Prepare effectively!

Multiple Choice

Which expression would match DNS requests from subnet 172.16.0.0/12 for UDP or TCP port 53?

Explanation:
Matching DNS requests from a specific subnet means checking both the source IP falls inside that CIDR and the destination port is 53 for either UDP or TCP. Use IN_SUBNET(172.16.0.0/12) to verify the source subnet, and test both UDP and TCP ports for 53, combining the port checks with OR inside parentheses and then linking that group to the subnet check with AND. This ensures only traffic from 172.16.0.0/12 that uses DNS (port 53 via UDP or TCP) is matched. The correct approach does this: the subnet test must be true AND (UDP port 53 OR TCP port 53). Using OR between the subnet test and the port checks would let non-subnet traffic slip through if DNS port 53 is used, and writing the IP check as IP.SRC(172.16.0.0/12) can be invalid for CIDR matching. Also, missing parentheses can cause the logic to be evaluated as (subnet AND UDP 53) OR TCP 53, which would match TCP DNS traffic from any source.

Matching DNS requests from a specific subnet means checking both the source IP falls inside that CIDR and the destination port is 53 for either UDP or TCP. Use IN_SUBNET(172.16.0.0/12) to verify the source subnet, and test both UDP and TCP ports for 53, combining the port checks with OR inside parentheses and then linking that group to the subnet check with AND. This ensures only traffic from 172.16.0.0/12 that uses DNS (port 53 via UDP or TCP) is matched.

The correct approach does this: the subnet test must be true AND (UDP port 53 OR TCP port 53). Using OR between the subnet test and the port checks would let non-subnet traffic slip through if DNS port 53 is used, and writing the IP check as IP.SRC(172.16.0.0/12) can be invalid for CIDR matching. Also, missing parentheses can cause the logic to be evaluated as (subnet AND UDP 53) OR TCP 53, which would match TCP DNS traffic from any source.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy