Special Summer Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Cisco 300-620 Implementing Cisco Application Centric Infrastructure (300-620 DCACI) Exam Practice Test

Page: 1 / 25
Total 247 questions

Implementing Cisco Application Centric Infrastructure (300-620 DCACI) Questions and Answers

Question 1

Question # 1

Refer to the exhibit. A tenant is configured with a single L30ut and a single-homed link to the core router called Core-1. An engineer must add a second link to the L30ut that connects to Core-2 router. Which action allows the traffic from Core-2 to BL-1002 to have the same connectivity as the traffic from Core-1 to BL-1001?

Options:

A.

Add a second path to the logical interface profile of the existing L30ut

B.

Add a second subnet to the external EPG to the existing L30ut.

C.

Add a second OSPF interface profile to the logical interface profile.

D.

Add a second interface to the external domain to the existing L30ut.

Question 2

An engineer configures a one-armed policy-based redirect service Insertion for an unmanaged firewall. The engineer configures these Cisco ACI objects:

a contract named All_Traffic_Allowed

a Layer 4 to Layer 7 device named FW-Device

a policy-based redirect policy named FW-1Arm-Policy-Based RedirectPolicy

Which configuration set redirects the traffic to the firewall?

Options:

A.

Configure a policy-based redirect subject.

Associate the policy-based redirect subject with All_Traffic_Allowed.

B.

Configure a firewall bridge domain.

Associate the bridge domain with FW-Device.

C.

Configure a device interface policy.

Associate the device interface policy with FW-Device.

D.

Configure a service graph.

Associate the service graph with All_Traffic_Allowed.

Question 3

As part of a migration, legacy non-ACI switches must be connected to the Cisco ACI fabric. All non-ACI switches run per-VLAN RSTP. After the non-ACI switches are connected to Cisco ACI, the STP convergence caused a microloop and significant CPU spike on all switches. Which configuration on the interfaces of the external switches that face the Cisco ACI fabric resolves the problem?

Options:

A.

BPDU guard

B.

aggressive STP timers

C.

BPDU filtering

D.

STP type link shared

Question 4

An engineer configures a Cisco ACI Multi-Pod for disaster recovery. Which action should be taken for the new nodes to be discoverable by the existing Cisco APICs?

Options:

A.

Configure IGMPv3 on the interfaces of IPN routers that face the Cisco ACI spine.

B.

Enable subinterfaces with dot1q tagging on all links between the IPN routers.

C.

Enable DHCP relay on all links that are connected to Cisco ACI spines on IPN devices.

D.

Configure BGP as the underlay protocol in IPN.

Question 5

An engineer must configure a service graph for the policy-based redirect to redirect traffic to a transparent firewall. The policy must be vendor-agnostic to support any firewall appliance, Which two actions accomplish these goals? (Choose two.)

Options:

A.

Set the Service Type to Other.

B.

Set Promiscuous Mode to True.

C.

Set Function Type to L2.

D.

Set Managed to True.

E.

Set Context Aware to Single.

Question 6

Question # 6

Refer to the exhibit. An engineer must allow IP mobility between Site1 and Site2 in a Cisco ACI Multi-Site orchestrator. The design must meet these requirements:

A disaster recovery (DR) solution must exist between the sites that do not require vMotion support.

The application must be started at a DR site without having to re-IP the application servers.

The solution must avoid any broadcast storms between the sites.

Which two actions meet these criteria? (Choose two.)

Options:

A.

Define a unique bridge domain subnet per site.

B.

Configure STP between Cisco ACI fabrics.

C.

Deploy a local EPG for Site1 and Site2.

D.

Disable Inter-site BUM Traffic.

E.

Apply the L2 Stretch feature.

Question 7

Refer to the exhibit.

Question # 7

An engineer must configure an L3Out peering with the backbone network. The L3Out must forward unicast and multicast traffic over the link. Which two methods should be used to configure L3Out to meet these requirements? (Choose two.)

Options:

A.

Layer 3 routed port

B.

VPC with SVI

C.

port channel with SVI

D.

Layer 3 routed subinterface

E.

Layer 3 floating SVI

Question 8

Which attribute should be configured for each user to enable RADIUS for external authentication in Cisco ACI?

Options:

A.

cisco-security domain

B.

cisco-auth-features

C.

cisco-aci-role

D.

cisco-av-pair

Question 9

An engineer must configure VMM domain integration on a Cisco UCS B-Series server that is connected to a Cisco ACI fabric. Drag and drop the products used to create VMM domain from the bottom into the sequence in which they should be implemented at the top. Products are used more than once.

Question # 9

Options:

Question 10

Engineer resolves an underlying condition of a fault but notices that the fault was not deleted from the Faults view. Which two actions must be taken to remove the fault? (Choose two.)

Options:

A.

The fault is deleted after the retention interval.

B.

Acknowledge the fault as an administrator.

C.

The raised condition ceases.

D.

The soaking timer expires.

Question 11

An engineer is implementing Cisco ACI at a large platform-as-a-service provider using APIC controllers, 9396PX leaf switches, and 9336PQ spine switches. The leaf switch ports are configured as IEEE 802.1p ports. Where does the traffic exit from the EPG in IEEE 802.1p mode in this configuration?

Options:

A.

from leaf ports tagged as VLAN 0

B.

from leaf ports untagged

C.

from leaf ports tagged as VLAN 4094

D.

from leaf ports tagged as VLAN 1

Question 12

What are two descriptions of ACI multi-site? (Choose two.)

Options:

A.

The Inter-Site network routers should run OSPF to establish peering with the spines.

B.

The Multi-Site orchestrator must be directly attached to one ACI leaf.

C.

Routers in the inter-Site network must run OSPF. DHCP relay, and MP-BGP

D.

ACI Multi-Site is a solution that allows one APIC cluster to manage multiple ACI sites

E.

ACI Multi-Site is a solution that supports a dedicated APIC cluster per site

Question 13

Question # 13

Refer to the exhibit. An engineer must divert the traffic between VM-1 and VM-2 by using a Multi-Node service graph. The solution should prevent an insufficient number of available Layer 4 to Layer 7 devices in the first cluster. Which configuration set accomplishes this goal?

Options:

A.

PBR node tracking

tracking threshold with action bypass

symmetric PBR

resilient hashing

B.

PBR node tracking

tracking threshold with action permit

unidirectional PBR

resilient hashing

C.

PBR node tracking

tracking threshold with action permit

symmetric PBR

resilient hashing

D.

PBR node tracking

tracking threshold with action deny

symmetric PBR

unidirectional PBR

Question 14

An engineer must securely export Cisco APIC configuration snapshots to a secure, offsite location The exported configuration must be transferred using an encrypted tunnel and encoded with a platform-agnostic data format that provides namespace support Which configuration set must be used?

Question # 14

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 15

An administrator must migrate the vSphere Management VMkernel of all ESXi hosts in the production cluster from the standard default virtual switch to a VDS that is integrated with APIC in a VMM domain. Which action must be completed in this scenario?

Options:

A.

The Management VMkernel EPG resolution must be set to Pre-Provosion.

B.

The administrator must create an in-band VMM Management EPG before performing the migration.

C.

The administrator must set the Management VMkernel BD resolution immediacy to On-Demand.

D.

The VMkernel Management BD must be located under the Management Tenant.

Question 16

What must be configured to allow SNMP traffic on the APIC controller?

Options:

A.

out-of-band management interface

B.

contract under tenant mgmt

C.

SNMP relay policy

D.

out-of-band bridge domain

Question 17

Refer to the exhibit.

Question # 17

An engineer is implementing a BPDU filter on external switch interfaces That face the Cisco ACI fabric to prevent excessive TCNs from impacting the fabric. Which Configuration must be applied on Cisco ACI to avoid a Layer 2 loop?

Options:

A.

Apply an MSTP instance on Cisco ACI.

B.

Configure MCP globally

C.

implement BPDU Guard.

D.

Enable STP on downlinks.

Question 18

A RADIUS user resolves its role via the Cisco AV Pair. What object does the Cisco AV Pair resolve to?

Options:

A.

tenant

B.

security domain

C.

primary Cisco APIC

D.

managed object class

Question 19

What must be enabled in the bridge domain to have the endpoint table learn the IP addresses of endpoints?

Options:

A.

L2 unknown unicast: flood

B.

GARP based detection

C.

unicast routing

D.

subnet scope

Question 20

Which two actions extend a Layer 2 domain beyond the ACI fabric? (Choose two.)

Options:

A.

extending the routed domain out of the ACI fabric

B.

creating a single homed Layer 3 Out

C.

creating an external physical network

D.

extending the bridge domain out of the ACI fabric

E.

extending the EPG out of the ACI fabric

Question 21

Question # 21

Refer to the exhibit. A company merges three of its departments: CORP, HR, and SERVICES, Currently, the connectivity between departments is achieved by using VRF route leaking. The requirement is to redesign the Cisco ACI networking architecture to communicate between EPGs and BDs from any tenant without configuring contracts or VRF route leaking. Which configuration meets these criteria?

Options:

A.

Configure an unenforced VRF in the user tenant and map all required EPGs to it.

B.

Implement an enforced VRF in the common tenant and map all required BDs to it.

C.

Configure an enforced VRF in the user tenant and map all required EPGs to it.

D.

Implement an unenforced VRF in the common tenant and map all required BDs to it.

Question 22

Refer to the exhibit.

Question # 22

Which Adjacency Type value should be set when the client endpoint and the service node

interface are in a different subnet?

Options:

A.

Routed

B.

Unicast

C.

L3Out

D.

L3

Question 23

An engineer must deploy Cisco ACI across 10 geographically separated data centers. Which ACI site deployment feature enables the engineer to control which bridge domains contain Layer 2 flooding?

Options:

A.

GOLF

B.

Multi-Site

C.

Multi-Pod

D.

Stretched Fabric

Question 24

An engineer must set up a Cisco ACI fabric to send Syslog messages related to hardware events, such as chassis line card failures. The messages should be sent to a dedicated Syslog server. Where in the Cisco APIC should the policy be configured to meet this requirement?

Options:

A.

uni/tn-common/monepg-default

B.

uni/infra/monifra-default

C.

uni/fabric/monfab-default

D.

uni/fabric/moncommon

Question 25

When Cisco ACI connects to an outside Layers 2 network, where does the ACI fabric flood the STP BPDU frame?

Options:

A.

within the bridge domain

B.

within the APIC

C.

within the access encap VLAN

D.

between all the spine and leaf switches

Question 26

Refer to the exhibit.

Question # 26

An application called App_1 is hosted on the server called S1. A silent host application. App_2. is hosted on S2. Both applications use the same VLAN encapsulation, which action forces Cisco ACI fabric to learn App_2 on ACI leaf 2?

Options:

A.

Set Multi-Destination Flooding to Drop.

B.

Set Unicast Routing to Hardware Proxy.

C.

Set L2 Unknown Unicast to Flood.

D.

Set L3 Unknown Multicast to Optimized flood.

Question 27

Which two external entities are referenced by an AEP? (Choose two.)

Options:

A.

VMware vCenter server

B.

VMM domain

C.

Layer 3 domain

D.

Hypervisor

E.

Fibre Channel switch

Question 28

An engineer configured a bridge domain with the hardware-proxy option for Layer 2 unknown unicast traffic. Which statement is true about this configuration?

Options:

A.

The leaf switch drops the Layer 2 unknown unicast packet if it is unable to find the MAC address in the local forwarding tables.

B.

The Layer 2 unknown hardware proxy lacks support of the topology change notification.

C.

The leaf switch forwards the Layers 2 unknown unicast packets to all other leaf switches if it is unable to find the MAC address in its local forwarding tables.

D.

The spine switch drops the Layer 2 unknown unicast packet if it is unable to find the MAC address in the proxy database.

Question 29

What is the name of the automatically configured VLAN 3600 presented during Cisco ACI fabric discovery?

Question # 29

Options:

A.

Transit VLAN

B.

Infrastructure VLAN

C.

Loopback VLAN

D.

Fabric VLAN

Question 30

A customer is deploying a new application across two ACI pods that is sensitive to latency and jitter. The application sets the DSCP values of packets to AF31 and CS6, respectively. Which configuration changes must be made on the APIC to support the new application and prevent packets from being delayed or dropped between pods?

Options:

A.

disable DSCP mapping on the IPN devices

B.

disable DSCP translation policy

C.

align the ACI QoS levels and IPN QoS policies

D.

align the custom QoS policy on the EPG site in the customer tenant

Question 31

The existing network and ACI fabric have been connected to support workload migration. Servers will physically terminate at the Cisco ACI, but their gateway must stay in the existing network. The solution needs to adhere to Cisco’s best practices. The engineer started configuring the relevant Bridge Domain and needs to complete the configuration. Which group of settings are required to meet these requirements?

Options:

A.

L2 Unknown Unicast: Hardware Proxy

L3 Unknown Multicast Flooding: Flood

Multi Destination Flooding: Flood in BD

ARP Flooding: Enable

B.

L2 Unknown Unicast: Flood

L3 Unknown Multicast Flooding: Flood

Multi Destination Flooding: Flood in BD

ARP Flooding: Enable

C.

L2 Unknown Unicast: Flood

L3 Unknown Multicast Flooding: Optimize Flood

Multi Destination Flooding: Flood in BD

ARP Flooding: Disable

D.

L2 Unknown Unicast: Hardware Proxy

L3 Unknown Multicast Flooding: Optimize Flood

Multi Destination Flooding: Flood in BD

ARP Flooding: Disable

Question 32

An engineer configures a Multi-Pod system with the default getaway residing outside of the ACI fabric for a

bridge domain. Which setting should be configured to support this requirement?

Options:

A.

disable Limit IP Learning to Subnet

B.

disable IP Data-plane Learning

C.

disable Unicast Routing

D.

disable Advertise Host Routes

Question 33

Which feature should be disabled on a bridge domain when a default gateway for endpoints is on an external device instead of a Cisco ACI bridge domain SVI?

Options:

A.

unknown unicast flooding

B.

ARP flooding

C.

unicast routing

D.

proxy ARP

Question 34

Refer to the exhibit.

Question # 34

An engineer is implementing Cisco ACI – VMware vCenter integration for a blade server that lacks support of bonding. Which port channel mode results in “route based on originating virtual port” on the VMware VDS?

Options:

A.

Static Channel – Mode On

B.

MAC Pinning-Physical-NIC-load

C.

LACP Passive

D.

MAC Pinning+

E.

LACP Active

Question 35

Question # 35

Refer to the exhibit. A client is configuring a new Cisco ACI fabric. All VLANs will be extended during the migration phase using the VPC connections on leaf switches 3. 4 and leaf switches toward the legacy network. The migration phase has these requirements;

* If The legacy switches must be able to transfer BPDUs through the ACI fabric.

* If the legacy switches fail to break a loop. Cisco ACI must break the loop.

Which group settings must be configured on VPC interface policy groups ipg_vpc-legacy_1 and ipg_vpc-legacy_2 to meet these requirements?

Options:

A.

MCP: enabled

BPDU Guard: enabled

BPDU Filter: disabled

B.

MCP: enabled

BPDU Guard: disabled

BPDU Filter: disabled

C.

MCP: disabled

BPDU Guard: disabled

BPDU Filter: enabled

D.

MCP: disabled

BPDU Guard: enabled

BPDU Filter enable

Question 36

On which two interface types should a user configure storm control to protect against broadcast traffic? (Choose two.)

Options:

A.

APIC facing interfaces

B.

port channel on a single leaf switch

C.

all interfaces on the leaf switches in the fabric

D.

endpoint-facing trunk interface

E.

fabric uplink interfaces on the leaf switches

Question 37

An engineer must configure RADIUS authentication with Cisco ACI for remote authentication with out-of-band management access. Drag and drop the RADIUS configuration steps from the left into the required implementation order on the right. Not all steps are used.

Question # 37

Options:

Question 38

An engineer must configure a Layer 3 connection to the WAN router. The hosts in production VRF must access WAN subnets. The engineer associates EPGs in the production VRF with the external routed domain. Which action completes the task?

Options:

A.

Configure the Export Route Control Subnet scope for the external EPG.

B.

Configure the External Subnets for the External EPG scope for the external EPG.

C.

Configure the Import Route Control Subnet scope for the external EPG.

D.

Configure the Shared Route Control Subnet scope for the external EPG.

Question 39

Question # 39

Refer to the exhibit. An engineer is migrating legacy servers into the Cisco ACI environment. The requirement is to ensure that all endpoints and MAC addresses are learned properly in legacy and Cisco ACI switches. Which configuration set must be configured under the bridge domain called bd__360 to accomplish this goal?

Options:

A.

L2 Unknown Unicast: Hardware Proxy ARP Flooding: Disabled

B.

L2 Unknown Unicast: Hardware Proxy ARP Flooding: Enabled

C.

L2 Unknown Unicast: Flood ARP Flooding: Disabled

D.

L2 Unknown Unicast: Flood

ARP Flooding: Enabled

Question 40

Question # 40

When the subnet is configured on a bridge domain, on which physical devices is the gateway IP address configured?

Options:

A.

all leaf switches and all spine nodes

B.

only spine switches where the bridge domain of the tenant is present

C.

only leaf switches where the bridge domain of the tenant is present

D.

all border leaf nodes where the bridge domain of the tenant is present

Question 41

An engineer is implementing a Cisco ACI environment that consists of more than 20 servers. Two of the servers support only Cisco Discovery Protocol with no order link discovery protocol. The engineer wants the servers to be discovered automatically by the Cisco ACI fabric when connected. Which action must be taken to meet this requirement?

Options:

A.

Create an override policy that enables Cisco Discovery Protocol after LLDP is enabled in the default policy group.

B.

Configure a higher order interface policy that enables Cisco Discovery Protocol for the interface on the desired leaf switch.

C.

Configure a lower order policy group that enables Cisco Discovery Protocol for the interface on the desired leaf switch.

D.

Create an interface profile for the interface that disables LLDP on the desired switch that is referenced by the interface policy group.

Question 42

Question # 42

Refer to the exhibit. A Cisco APIC raises an error when the EPG must accept endpoints from a VMM domain created. Which action clears the fault?

Options:

A.

Expand the VLAN pool for the VMM domain.

B.

Create a bridge domain for the VMM domain.

C.

Associate the EPG with the VMM domain.

D.

Associate the VLAN pool with the VMM domain.

Question 43

In the context of ACI Multi-Site, when is the information of an endpoint (MAC/IP) that belongs to site 1 advertised to site 2 using the EVPN control plane?

Options:

A.

Endpoint information is not exchanged across sites unless COOP protocol is used.

B.

Endpoint information is not exchanged across sites unless a policy is configured to allow communication across sites.

C.

Endpoint information is exchanged across sites as soon as the endpoint is discovered in one site.

D.

Endpoint information is exchanged across sites when the endpoints are discovered in both sites.

Question 44

What must be configured to redistribute externally learned OSPF routes within the ACI fabric?

Options:

A.

Route Control Profile

B.

BGP Route Reflector

C.

BGP Inter-leak Route Map

D.

PIM Sparse Mode

Question 45

What does a bridge domain represent?

Options:

A.

Layer 3 cloud

B.

Layer 2 forwarding construct

C.

tenant

D.

physical domain

Question 46

How is an EPG extended outside of the ACI fabric?

Options:

A.

Create an external bridged network that is assigned to a leaf port.

B.

Create an external routed network that is assigned to an EPG.

C.

Enable unicast routing within an EPG.

D.

Statically assign a VLAN ID to a leaf port in an EPG.

Question 47

Refer to the exhibit. VM1 and VM2 are in Cisco ACI POD1 and communication takes place. Which event is triggered when VM2 is live migrated from POD1 to POD2?

Options:

A.

Leaf 102 installs a bounce entry for VM2 pointing to the PTEP address of leaf 201.

B.

Leaf 201 creates a tunnel with leaf 102 because of the bounced traffic that is destined to VM2.

C.

Spines from POD2 send an MP-BGP EVPN update to the leaves in POD1 about the new location of VM2.

D.

An MP-BGP EVPN update is received by spines in POD1 announcing the reachability of VM2 via the proxy VTEP address of the spines in POD2.

Question 48

Which two statements regarding ACI Multi-Site are true? (Choose two.)

Options:

A.

The Multi-Site orchestrator must be directly attached to one ACI leaf.

B.

Routers in the Inter-Site network must run OSPF, DHCP relay, and MP-BGP.

C.

ACI Multi-Site is a solution that supports a dedicated APIC cluster per site.

D.

ACI Multi-Site is a solution that allows one APIC cluster to manage multiple ACI sites.

E.

The Inter-Site network routers should run OSPF to establish peering with the spines.

Question 49

What are two PBR characteristics of the Cisco ACI Active-Active Across Pods deployment mode in Cisco ACI Multi-Pod design? (Choose two.)

Options:

A.

Traffic is dynamically redirected to the firewall that owns the connection.

B.

Deployment occurs in transparent mode.

C.

The connection state is unsynchronized.

D.

Deployment occurs in go-to mode only.

E.

This mode causes the traffic to flow asymmetrically.

Question 50

Which feature dynamically assigns or modifies the EPG association of virtual machines based on their attributes?

Options:

A.

vzAny contracts

B.

standard contracts

C.

application EPGs

D.

uSeg EPGs

Question 51

A bridge domain for an EPC called “Web Servers” must be created in the Cisco APIC. The configuration must meet these requirements:

    Only traffic to known Mac addresses must be allowed to reduce noice.

    The multicast traffic must be limited to the ports that are participating in multicast routing.

    The endpoints within the bridge domain must be kept in the endpoint table for 20 minultes without any updates.

Which set of steps configures the bridge domain that satisfies the requirements?

Options:

A.

Select the ARP Flooding checkbox.

Create an Endpoint Retention Policy with a Remote Endpoint Aging Interval of 20 minutes.

Set L3 Unknown Multicast Flooding to Optimized Flooding

B.

Set L2 Unknown Unicast to Hardware Proxy.

Configure L3 Unknown Multicast Flooding to Optimized Flood.

Create an Endpoint Retention Policy with a Local Endpoint Aging interval of 1200 seconds.

C.

Switch L2 Unknown Unicast to Flood.

Select the default Endpoint Retention Policy and set the Local Endpoint Aging to 20 minutes.

Set Multicast Destination Flooding to Flood in Encapsulation.

D.

Multicast Destination Flooding should be set to Flood in BD.

Set L3 Unknown Multicast Flooding to Flood.

Select the default Endpoint Retention Policy with a Local Endpoint Aging Interval of 1200 seconds.

Question 52

Engineer must configure SNMP inside a Cisco ACI fabric. The engineer has created an SNMP Policy, called SNMP-policy and an SNMP Monitoring Group called SNMP-group1 that Contains five trap receivers. Which configuration set completes the configuration?

Options:

A.

Edit oobbrc to permit traffic using UDP port 16. Associate the client group policy to SNMP-group1.

B.

Permit OOB management traffic using UDP port 161. Associate client group policy with the OOB management EPG.

C.

Allow all OOB management traffic. Configure three trap receivers on SNMP-group1.

D.

Create an OOB management contract. Include the SNMP server in the OOB management EPG.

Question 53

Network engineer configured a Cisco ACI fabric as follows:

• An EPG called EPG-A is created and associated with a VMM domain called North. •The EPG-A is associated with BD-A and is in an application profile called Apps-A.

• The BD-A is associated with VRF-1 in the Prod tenant.

Which port group must be selected to place VMs in EPG-A?

Options:

A.

Prod|VRF-1 |Apps-A|EPG-A

B.

Prod|Business_Apps|BD-A|EPG-A

C.

Prod|Apps-A|North|EPG-A

D.

Prod|Apps-A|EPG-A

Question 54

Question # 54

Refer to the exhibit. The external subnet and internal EPG1 must communicate with each other, and the L3Out traffic must leak into the VRF named "VF1". Which configuration set accomplishes these goals?

Options:

A.

Export Route Control Subnet

Import Route Control Subnet

Aggregate Shared Routes

B.

External Subnets for External EPG

Shared Route Control Subnet

Shared Security Import Subnet

C.

External Subnets for External EPG

Import Route Control Subnet

Shared Route Control Subnet

D.

Export Route Control Subnet

Shared Security Import Subnet

Aggregate Shared Routes

Question 55

An engineer needs to deploy a leaf access port policy group in ACI Fabric to support the following requirements:

• Control the amount of application data flowing into the system

• Allow the newly connected device to auto-negotiate link speed with the leaf switch

Which two ACI policies must be configured to achieve these requirements? (Choose two.)

Options:

A.

L2 interface policy

B.

link level policy

C.

slow drain policy

D.

ingress control plane policing policy

E.

ingress data plane policing policy

Question 56

Which protocol does ACI use to securely sane the configuration in a remote location?

Options:

A.

SCP

B.

HTTPS

C.

TFTP

D.

FTP

Question 57

Question # 57

Refer to the exhibit. The Cisco ACI fabric has an egress L3Out from Leaf-101 and Leaf-102 to CORE-1. VLAN 102 is used to form the OSPF adjacency. The workloads must be migrated into EPG-101, and the static port binding is configured to Leaf-103 e1/1 with encap VLAN 101. An engineer completes the port binding and receives an MCP fault. Which action clears the fault?

Options:

A.

Use VLAN 101 for OSPF adjacency on the egress L3Out.

B.

Use VLAN 102 as the encap VLAN on the EPG-101 static port binding.

C.

Add VLAN 102 to the VLAN pool that is used by the static port binding.

D.

Prune VLAN 101 from the VLAN pool that is used by the egress L3Out.

Question 58

An engineer configures an L30ut in VRF-1 that was configured for Import Route Control Enforcement. The L30ut uses OSPF to peer with a core switch. The L30ut has one external EPG, it has been configured with a subnet 10.1.0.0/24. Which scope must be set to force 10.1.0.0/24 to populate in the routing table for VRF-1?

Options:

A.

External Subnet for External EPG

B.

Export Route Control Subnet

C.

Shared Route for External EPG

D.

Import Route Control Subnet

Question 59

A Cisco ACI bridge domain and VRF are configured with a default data-plane learning configuration. Which two endpoint attributes are programmed in the leaf switch when receiving traffic? (Choose two.)

Options:

A.

Remote MAC. IP

B.

Remote Subnet

C.

Local IP, not MAC

D.

Local MAC, IP

E.

Local Subnet

F.

Remote IP

Question 60

Regarding the MTU value of MP-BGP EVPN control plane packets in Cisco ACI, which statement about communication between spine nodes in different sites is true?

Options:

A.

By default, spine nodes generate 9000-bytes packets to exchange endpoints routing information. As a result, the Inter-Site network should be able to carry 9000-bytes packets.

B.

By default, spine nodes generate 1500-bytes packets to exchange endpoints routing information. As a result, the Inter-Site network should be able to carry 1800-bytes packets.

C.

By default, spine nodes generate 1500-bytes packets to exchange endpoints routing information. As a result, the Inter-Site network should be able to carry 1500-bytes packets.

D.

By default, spine nodes generate 9000-bytes packets to exchange endpoints routing information. As a result, the Inter-Site network should be able to carry 9100-bytes packets.

Question 61

A network engineer must allow secure access to the Cisco ACl out-of-band (OOB) management only from external subnets 10 0 0024 and 192.168 20 G'25. Which configuration set accomplishes this goal?

Question # 61

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 62

An ACI engineer is implementing a Layer 3 out inside the Cisco ACI fabric that must meet these requirements:

    The data center core switch must be connected to one of the leaf switches with a single 1G link.

    The routes must be exchanged using a link-state routing protocol that supports hierarchical network design.

    The data center core switch interface must be using 802.1Q tagging, and each vlan will be configured with a dedicated IP address.

Which set of steps accomplishes these goals?

Options:

A.

Set up the ElGRP Protocol policy with the selected Autonomous System number. Set up the Routed External Network object ana Node Profile, selecting ElGRP Create the Switch profile, selecting Port-channel and the appropriate interfaces Create the default network and associate it with the Routed Outside object.

B.

Set up the BGP Protocol policy with the Autonomous System number of 0.

Configure an interface policy and an External Bridged Domain.

Create an External Bridged Network using the configured VLAN pool.

Build the Leaf profile, selecting Routed sub-interface and the appropriate VLAN.

C.

Configure the OSPF Protocol policy with an area of 0.

Create Routed Outside object and Node Profile, selecting OSPF as the routing protocol. Build the Interface profile, selecting Routed Sub-interface and the appropriate VLAN. Configure the External Network object with a network of 0.0.0.0/0.

D.

Set up the ElGRP Protocol policy with the selected Autonomous System number. Create the Routed Outside object and Node Profile selecting ElGRP Configure the Interface profile selecting Routed Interface and the appropriate interfaces. Create the External Network object with a network of 0.0.0.0/0.

Question 63

A Solutions Architect is asked to design two data centers based on Cisco ACI technology that can extend L2/ L3, VXLAN, and network policy across locations. ACI Multi-Pod has been selected. Which two requirements must be considered in this design? (Choose two.)

Options:

A.

ACI underlay protocols, i.e. COOP, IS-IS and MP-BGP, spans across pods. Create QoS policies to make sure those protocols have higher priority.

B.

A single APIC Cluster is required in a Multi-Pod design. It is important to place the APIC Controllers in different locations in order to maximize redundancy and reliability.

C.

ACI Multi-Pod requires an IP Network supporting PIM-Bidir.

D.

ACI Multi-Pod does not support Firewall Clusters across Pods. Firewall Clusters should always be local.

E.

Multi-Pod requires multiple APIC Controller Clusters, one per pod. Make sure those clusters can communicate to each other through a highly available connection.

Question 64

All workloads in VLAN 1001 have been migrated into EPG-1001. The requirement is to move the gateway address for VLAN 1001 from the core outside the Cisco ACI fabric into the Cisco ACI fabric. The endpoints in EPG-1001 must route traffic to endpoints in other EPGs and minimize flooded traffic in the fabric. Which configuration set is needed on the bridge domain to meet these requirements?

Options:

A.

Disable ARP Flood

Disable Limn Endpoint Learning

B.

Enable Hardware Proxy Enable Unicast Routing

C.

Disable Local IP Learning Limit Disable Unicast Routing

D.

Enable Flood

Enable Unicast Routing

Question 65

Which setting prevents the learning of Endpoint IP addresses whose subnet does not match the bridge domain subnet?

Options:

A.

“Limit IP learning to network” setting within the bridge domain.

B.

“Limit IP learning to subnet” setting within the EPG.

C.

“Limit IP learning to network” setting within the EPG.

D.

“Limit IP learning to subnet” setting within the bridge domain.

Question 66

An ACI administrator notices a change in the behavior of the fabric. Which action must be taken to determine if a human intervention introduced the change?

Options:

A.

Inspect event records in the APIC UI to see all actions performed by users.

B.

Inspect /var/log/audit_messages on the APIC to see a record of all user actions.

C.

Inspect audit logs in the APIC UI to see all user events.

D.

Inspect the output of show command history in the APIC CLI.

Question 67

An engineer is configuring ACI VMM domain integration with Cisco UCS-B Series. Which type of port channel policy must be configured in the vSwitch policy?

Options:

A.

LACP Active

B.

MAC Pinning

C.

LACP Passive

D.

MAC Pinning-Physical-NIC-load

Question 68

Question # 68

Refer to the exhibit, An engineer is deploying a Cisco ACI environment but experiences a STP loop between switch1 and switch2. Which configuration step is needed to break the STP loop?

Options:

A.

Configure the STP instance to VLAN mapping under the switch STP policy.

B.

Configure a Layer 2 external bridged network on the interfaces facing the MST switches.

C.

Enable the native VLAN on the interfaces facing the MST switches using static pons in a dedicated EPG.

D.

Enable BPDU filter under the STP interface policy on the Interfaces lacing the MST switches.

Question 69

What is the purpose of the Overlay Multicast TEP in a Cisco ACI Multi-Site deployment?

Options:

A.

to source and receive unicast VXLAN data plane traffic

B.

to establish MP-BGP EVPN adjacencies with the spine nodes in remote sites

C.

to encapsulate multicast traffic in a common multicast group

D.

to perform head-end replication for BUM traffic

Question 70

An engineer wants to monitor all configuration changes, threshold crossing, and link-state transitions in a Cisco ACI fabric. Which action must be taken to receive the required messages?

Options:

A.

Add Faults and Events to the monitor policy.

B.

Add Session Logs and Audit Logs to the monitor policy.

C.

Include Audit Logs and Events in the Syslog source policy.

D.

Include Events and Session Logs in the Syslog source policy.

Question 71

What is the result of selecting the On Demand attribute in the Deploy Immediacy feature during VMM domain association to an EPG?

Options:

A.

The EPG policy is downloaded to the leaf when a hypervisor is connected, and a VM is placed in a port group.

B.

The EPG policy is programmed in the hardware policy CAM only when the first packet is received through the data path.

C.

The EPG policy is programmed in the hardware policy CAM as soon as the policy is downloaded in the leaf software.

D.

The EPG policy is downloaded to the leaf when a hypervisor is attached to a DVS. and CDP or LLDP adjacency is formed.

Question 72

Question # 72

Refer to the exhibit. New e-commerce software is deployed on Cisco ACI fabric. The environment must meet these requirements:

The overall number of contracts must be reduced by reusing the existing contracts within a VRF when possible.

The e-commerce software must communicate only with software EPGs that are part of the same ANP.

The e-commerce software must be prevented from communicating with applications in different ANPs.

Which scope must be selected to meet these requirements?

Options:

A.

Application Profile

B.

Endpoint Group

C.

Tenant

D.

Global

Question 73

Which two dynamic routing protocols are supported when using Cisco ACI to connect to an external Layer 3 network? (Choose two.)

Options:

A.

iBGP

B.

VXLAN

C.

IS-IS

D.

RIPv2

E.

eBGP

Question 74

Which description regarding the initial APIC cluster discovery process is true?

Options:

A.

The APIC uses an internal IP address from a pool to communicate with the nodes.

B.

Every switch is assigned a unique AV by the APIC.

C.

The APIC discovers the IP address of the other APIC controllers by using Cisco Discovery Protocol.

D.

The ACI fabric is discovered starting with the spine switches.

Page: 1 / 25
Total 247 questions