DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Updated Cisco 300-620 DCACI Exam Questions for Effective Preparation

Preparing for the Cisco 300-620 DCACI exam can be a daunting task, but with the right resources, you can increase your chances of success. Cisco Data Center certification validates your expertise in designing, implementing, and troubleshooting data center solutions, making it a valuable credential for IT professionals. Reliable exam questions and answers, along with comprehensive study materials, are essential for effective exam preparation. At SPOTO, we offer a wide range of exam resources, including test questions, practice exams, and study guides, specifically designed to help you successfully pass the Cisco Data Center certification exams. Our team of experts meticulously crafts these resources to ensure they align with the latest exam objectives, providing you with the knowledge and skills you need to excel. Invest in our proven exam preparation solutions and take a confident stride towards achieving your Cisco Data Center certification goals.
Take other online exams

Question #1
DRAG DROP (Drag and Drop is not supported)An engineer must configure RADIUS authentication with Cisco ACI for remote authentication with out-of-band management access. Drag and drop the RADIUS configuration steps from the left into the required implementation order on the right. Not all steps are used.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #2
Which feature dynamically assigns or modifies the EPG association of virtual machines based on their attributes?
A. zAny contracts
B. tandard contracts
C. pplication EPGs
D. Seg EPGs
View answer
Correct Answer: D
Question #3
A Cisco ACI is integrated with a VMware vSphere environment. The port groups must be created automatically in vSphere and propagated to hypervisors when created in the ACI environment. Which action accomplishes this goal?
A. reate the port groups on the vCenter that reflect the EPG names in the APIC
B. ssign the uplinks of the ESXi hosts to the vDS that the APIC created
C. onfigure contracts for the EPGs that are required on the ESXi hosts
D. ssociate the VMM domain with the EPGs that must be available in vCenter
View answer
Correct Answer: D
Question #4
What happens to the traffic flow when the Cisco ACI fabric has a stale endpoint entry for the destination endpoint?
A. he leaf switch does not learn the source endpoint through data plane learning
B. he leaf switch drops the traffic that is destined to the endpoint
C. he leaf switch floods the traffic to the endpoint throughout the fabric
D. he leaf switch sends the traffic to the wrong destination leaf
View answer
Correct Answer: D
Question #5
The existing network and ACI fabric have been connected to support workload migration. Servers will physically terminate at the Cisco ACI, but their gateway must stay in the existing network. The solution needs to adhere to Cisco’s best practices. The engineer started configuring the relevant Bridge Domain and needs to complete the configuration. Which group of settings are required to meet these requirements?
A. 2 Unknown Unicast: Hardware Proxy L3 Unknown Multicast Flooding: Flood Multi Destination Flooding: Flood in BD ARP Flooding: Enable
B. 2 Unknown Unicast: FloodL3 Unknown Multicast Flooding: Flood Multi Destination Flooding: Flood in BD ARP Flooding: Enable
C. 2 Unknown Unicast: FloodL3 Unknown Multicast Flooding: Optimize Flood Multi Destination Flooding: Flood in BDARP Flooding: Disable
D. 2 Unknown Unicast: Hardware ProxyL3 Unknown Multicast Flooding: Optimize Flood Multi Destination Flooding: Flood in BDARP Flooding: Disable
View answer
Correct Answer: B
Question #6
Refer to the exhibit. A client reports that the ACI domain connectivity to the fiber channel storage is experiencing a B2B credit oversubscription. The environment has a SYSLOG server for state collection messages. Which value should be chosen to clear the critical fault?
A. 00
B. 10
C. 50
D. 10
View answer
Correct Answer: B
Question #7
What does a bridge domain represent?
A. ndpoint
B. djacency
C. IB
D. RP
View answer
Correct Answer: B
Question #8
A network administrator configures AAA inside the Cisco ACI fabric. The authentication goes through the local users if the TACACS+ server is not reachable. If the Cisco APIC is out of the cluster, the access must be granted through the fallback domain. Which configuration set meets these requirements?
A. ing Check: TrueDefault Authentication Realm: LocalFallback Check: True
B. ing Check: TrueDefault Authentication Realm: TACACS+Fallback Check: False
C. ing Check: FalseDefault Authentication Realm: LocalFallback Check: False
D. ing Check: FalseDefault Authentication Realm: TACACS+Fallback Check: True
View answer
Correct Answer: D
Question #9
Which protocol does ACI use to securely sane the configuration in a remote location?
A. CP
B. TTPS
C. FTP
D. TP
View answer
Correct Answer: A
Question #10
Which setting prevents the learning of Endpoint IP addresses whose subnet does not match the bridge domain subnet?
A. Limit IP learning to network" setting within the bridge domain
B. Limit IP learning to subnet" setting within the EPG
C. Limit IP learning to network" setting within the EPG
D. Limit IP learning to subnet" setting within the bridge domain
View answer
Correct Answer: D
Question #11
Which components must be configured for the BGP Route Reflector policy to take effect?
A. pine fabric interface overrides and profiles
B. ccess policies and profiles
C. od policy groups and profiles
D. eaf fabric interface overrides and profiles
View answer
Correct Answer: C
Question #12
A situation causes a fault to be raised on the APIC. The ACI administrator does not want that fault to be raised because it is not directly relevant to the environment. Which action should the administrator take to prevent the fault from appearing?
A. nder System -> Faults, right-click on the fault and select Acknowledge Fault so that acknowledged faults will immediately disappear
B. reate a stats threshold policy with both rising and falling thresholds defined so that the critical severity threshold matches the squelched threshold
C. nder System -> Faults, right-click on the fault and select Ignore Fault to create a fault severity assignment policy that hides the fault
D. reate a new global health score policy that ignores specific faults as identified by their unique fault code
View answer
Correct Answer: C
Question #13
Refer to the exhibit. An engineer must configure an L3Out peering with the backbone network. The L3Out must forward unicast and multicast traffic over the link.Which two methods should be used to configure L3Out to meet these requirements? (Choose two.)
A. nable tag collection
B. ecurity domains
C. elimiter
D. irtual switch name
View answer
Correct Answer: DE
Question #14
Which type of policy configures the suppression of faults that are generated from a port being down?
A. ault lifecycle assignment
B. vent lifecycle assignment
C. ault severity assignment
D. vent severity assignment
View answer
Correct Answer: C
Question #15
DRAG DROP (Drag and Drop is not supported)Refer to the exhibit. A Cisco ACI fabric is newly deployed, and the security team requires more visibility of all inter EPG traffic flows. All traffic in a VRF must be forwarded to an existing firewall pair. During failover, the standby firewall must continue to use the same IP and MAC as the primary firewall. Drag and drop the steps from the left into the implementation order on the right to configure the service graph that meets the requirements. (Not all steps ar
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #16
Which tenant is used when configuring in-band management IP addresses for Cisco APICs, leaf nodes, and spine nodes?
A. niversal resource identifier (URI)
B. pplication programming interface
C. anagement information tree
D. istinguished name
View answer
Correct Answer: D
Question #17
Refer to the exhibit. Which action should be taken to ensure authentication if the RADIUS servers are unavailable?
A. djust the priority of server 10
B. ssign the user to the default role
C. et the default login realm to LDAP
D. et the fallback login to local
View answer
Correct Answer: D
Question #18
An engineer wants to monitor all configuration changes, threshold crossing, and link-state transitions in a Cisco ACI fabric. Which action must be taken to receive the required messages?
A. dd Faults and Events to the monitor policy
B. dd Session Logs and Audit Logs to the monitor policy
C. nclude Audit Logs and Events in the Syslog source policy
D. nclude Events and Session Logs in the Syslog source policy
View answer
Correct Answer: A
Question #19
On which two interface types should a user configure storm control to protect against broadcast traffic? (Choose two.)
A. oute Control Profile
B. GP Route Reflector
C. GP Inter-leak Route Map
D. IM Sparse Mode
View answer
Correct Answer: BD
Question #20
What must be configured to allow SNMP traffic on the APIC controller?
A. ut-of-band management interface
B. ontract under tenant mgmt
C. NMP relay policy
D. ut-of-band bridge domain
View answer
Correct Answer: B
Question #21
Which Cisco APIC configuration prevents a remote network that is not configured on the bridge domain from being learned by the fabric?
A. et Multi-Destination Flooding to Flood in BD
B. nable Flood in Encapsulation
C. et Multi-Destination Flooding to Flood in Encapsulation
D. isable Endpoint Dataplane Learning
View answer
Correct Answer: A
Question #22
An engineer configures a Multi-Pod system with the default getaway residing outside of the ACI fabric for a bridge domain. Which setting should be configured to support this requirement?
A. ver Layer 3 directly connected back-to-back spines
B. ver Layer 3 Out connectivity via border leafs
C. ver Layer 3 IPN connectivity via border leafs
D. ver Layer 3 IPN connectivity via spines
View answer
Correct Answer: A
Question #23
Refer to the exhibit. Which Adjacency Type value should be set when the client endpoint and the service node interface are in a different subnet?
A. outed
B. nicast
C. 3Out
D. 3
View answer
Correct Answer: D
Question #24
An engineer must allow multiple external networks to communicate with internal ACI subnets. Which action should the engineer take to assign the prefix to the class ID of the external Endpoint Group?
A. nable the Export Route Control Subnet for the External Endpoint Group flag
B. nable an L3Out with Shared Route Control Subnet
C. onfigure subnets with the External Subnets for External EPG flag enabled
D. onfigure subnets with the Import Route Control Subnet flag enabled
View answer
Correct Answer: C
Question #25
Which two types of interfaces are supported on border leaf switches to connect to an external router? (Choose two.)
A. nable Limit IP Learning to Subnet
B. nable Unicast Routing
C. nable IP Data-plane Learning
D. nable ARP Flooding to BD
View answer
Correct Answer: BE
Question #26
An engineer configured Layer 2 extension from the ACI fabric and changed the Layer 2 unknown unicast policy from Flood to Hardware Proxy. How does this change affect the flooding of the L2 unknown unicast traffic?
A. t is forwarded to one of the spines to perform as a spine proxy
B. t is flooded within the whole fabric
C. t is dropped by the leaf when the destination endpoint is not present in the endpoint table
D. t is forwarded to one of the APICs to perform as a proxy
View answer
Correct Answer: A
Question #27
Which statement regarding ACI Multi-Pod and TEP pool is true?
A. he IP addresses used in the IPN network can overlap TEP pool of the APIC
B. different TEP pool must be assigned to each Pod
C. he Pod1 TEP pool must be split and a portion of the TEP pool allocated to each Pod
D. he same TEP pool is used in all Pods
View answer
Correct Answer: B
Question #28
Which method does the Cisco ACI fabric use to load-balance multidestination traffic?
A. orwarding tag trees
B. IM routing
C. panning trees
D. hortest-path trees
View answer
Correct Answer: A
Question #29
Refer to the exhibit. Which two components should be configured as route reflectors in the ACI fabric? (Choose two.)
A. imit IP learning to subnet
B. cope
C. ateway IP
D. ubnet control
View answer
Correct Answer: AC
Question #30
A customer implements RBAC on a Cisco APIC using a Windows RADIUS server that is configured with network control policies. The APIC configuration is as follows:•Tenant = TenantX•Security Domain = TenantX-SD•User = XThe customer requires User X to have access to TenantX only, without any extra privilege in the Cisco ACI fabric domain. Which Cisco AV pair must be implemented on the RADIUS server to meet these requirement?
A. hell:domains = TenantX-SD/fabric-admin/,common//read-all
B. hell:domains = TenantX-SD/tenant-admin
C. hell:domains = TenantX-SD/tenant-ext-admin/,common//read-all
D. hell:domains = TenantX-SD/tenant-admin/,common//read-all
View answer
Correct Answer: C
Question #31
An engineer must securely export Cisco APIC configuration snapshots to a secure, offsite location. The exported configuration must be transferred using an encrypted tunnel and encoded with a platform-agnostic data format that provides namespace support. Which configuration set must be used?
A. olicy: Export PolicyProtocol: TLSFormat: JSON
B. olicy: Import PolicyProtocol: TLSFormat: XML
C. olicy: Import PolicyProtocol: SCPFormat: JSON
D. olicy: Export PolicyProtocol: SCPFormat: XML
View answer
Correct Answer: D
Question #32
An engineer is troubleshooting fabric discovery in a newly deployed Cisco ACI fabric and analyzes this output:Which ACI fabric address is assigned to interface lo1023?
A. XLAN tunnel endpoint
B. hysical tunnel endpoint
C. abric tunnel endpoint
D. ynamic tunnel endpoint
View answer
Correct Answer: A
Question #33
Which statement about ACI syslog is true?
A. otifications for different scopes of syslog objects can be sent only to one destination
B. yslog messages are sent to the destination through the spine
C. ll syslog messages are sent to the destination through API
D. witches send syslog messages directly to the destinations
View answer
Correct Answer: A
Question #34
Which description regarding the initial APIC cluster discovery process is true?
A. he APIC uses an internal IP address from a pool to communicate with the nodes
B. very switch is assigned a unique AV by the APIC
C. he APIC discovers the IP address of the other APIC controllers by using Cisco Discovery Protocol
D. he ACI fabric is discovered starting with the spine switches
View answer
Correct Answer: A
Question #35
An engineer is creating a configuration import policy that must terminate if the imported configuration is incompatible with the existing system. Which import mode achieves this result?
A. erge
B. tomic
C. est effort
D. eplace
View answer
Correct Answer: B
Question #36
An engineer is implementing Cisco ACI at a large platform-as-a-service provider using APIC controllers, 9396PX leaf switches, and 9336PQ spine switches. The leaf switch ports are configured as IEEE 802.1p ports. Where does the traffic exit from the EPG in IEEE 802.1p mode in this configuration?
A. rom leaf ports tagged as VLAN 0
B. rom leaf ports untagged
C. rom leaf ports tagged as VLAN 4094
D. rom leaf ports tagged as VLAN 1
View answer
Correct Answer: A
Question #37
In the context of VMM, which protocol between ACI leaf and compute hosts ensures that the policies are pushed to the leaf switches for immediate and on demand resolution immediacy?
A. XLAN
B. LDP
C. SIS
D. TP
View answer
Correct Answer: A
Question #38
An engineer must implement management policy and data plane separation in the Cisco ACI fabric. Which ACI object must be created in Cisco APIC to accomplish this goal?
A. pplication profile
B. enant
C. ontract
D. ridge domain
View answer
Correct Answer: B
Question #39
Refer to the exhibit. An engineer is implementing Cisco ACI "" VMware vCenter integration for a blade server that lacks support of bonding. Which port channel mode results in "route based on originating virtual port" on the VMware VDS?
A. atacenter
B. Mware vSphere Standard vSwitch
C. Mware vSphere Distributed Switch
D. luster
View answer
Correct Answer: D
Question #40
A network engineer is integrating a new Hyperflex storage duster into an existing Cisco ACI fabric. The Hyperflex cluster must be managed by vCenter, so a new vSphere Distributed switch must be created. In addition, the hardware discovery must be performed by a vendor-neutral discovery protocol. Which set of steps meets these requirements?
A. onfigure an Interface Policy group, select CDP, and apply it to the desired interfaces
B. onfigure an Interface Policy group, select LLDP, and apply it to the selected interfaces
C. onfigure a Switch Policy group, select LLDP, and apply it to the indicated interfaces
D. onfigure an Interface Policy group, select CDP, and apply it to the designated interfaces
View answer
Correct Answer: B
Question #41
DRAG DROP (Drag and Drop is not supported)Drag and drop the Cisco ACI Layer 4 to Layer 7 service insertion terms on the left to the correct descriptions on the right.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #42
In-band is currently configured and used to manage the Cisco ACI fabric. The requirement is for leaf and spine switches to use out-of-band management for NTP protocol. Which action accomplishes this goal?
A. elect Out-of-Band as Management EPG in the default DateTimePolicy
B. reate an Override Policy with NTP Out-of-Band for leaf and spine switches
C. hange the interface used for APIC external connectivity to ooband
D. dd a new filter to the utilized Out-of-Band-Contract to allow NTP protocol
View answer
Correct Answer: A
Question #43
Refer to the exhibit. An engineer configures the Cisco ACI fabric for VMM integration with ESXi servers that are to be connected to the ACI leaves. The server team requires the network switches to initiate the LACP negotiation as opposed to the servers. The LAG group consists of two 10 Gigabit Ethernet links. The server learn also wants to evenly distribute traffic across all available links. Which two enhanced LAG policies meet these requirements? (Choose two.)
A. efault
B. nfra
C. ommon
D. gmt
View answer
Correct Answer: CE
Question #44
A Solutions Architect is asked to design two data centers based on Cisco ACI technology that can extend L2/L3, VXLAN, and network policy across locations. ACI Multi-Pod has been selected. Which two requirements must be considered in this design? (Choose two.)
A. isable Limit IP Learning to Subnet
B. isable IP Data-plane Learning
C. isable Unicast Routing
D. isable Advertise Host Routes
View answer
Correct Answer: AE
Question #45
An engineer configured a bridge domain with the hardware-proxy option for Layer 2 unknown unicast traffic. Which statement is true about this configuration?
A. he leaf switch drops the Layer 2 unknown unicast packet if it is unable to find the MAC address in the local forwarding tables
B. he Layer 2 unknown hardware proxy lacks support of the topology change notification
C. he leaf switch forwards the Layers 2 unknown unicast packets to all other leaf switches if it is unable to find the MAC address in its local forwarding tables
D. he spine switch drops the Layer 2 unknown unicast packet if it is unable to find the MAC address in the proxy database
View answer
Correct Answer: D
Question #46
What do Pods use to allow Pod-to-Pod communication in a Cisco ACI Multi-Pod environment?
A. xternal Subnets for the External EPG
B. hared Route Control Subnet
C. mport Route Control Subnet
D. hared Security Import Subnet
View answer
Correct Answer: D
Question #47
Which feature allows firewall ACLs to be configured automatically when new endpoints are attached to an EPG?
A. RP gleaning
B. ynamic endpoint attach
C. ardware proxy
D. etwork-stitching
View answer
Correct Answer: B
Question #48
When the subnet is configured on a bridge domain, on which physical devices is the gateway IP address configured?
A. ll leaf switches and all spine nodes
B. nly spine switches where the bridge domain of the tenant is present
C. nly leaf switches where the bridge domain of the tenant is present
D. ll border leaf nodes where the bridge domain of the tenant is present
View answer
Correct Answer: C
Question #49
An ACI engineer is implementing a Layer 3 Out inside the Cisco ACI fabric that must meet these requirements:-The data center core switch must be connected to one of the leaf switches with a single 1G link.-The routes must be exchanged using a link-state routing protocol that supports hierarchical network design.-The data center core switch interface must be using 802.1Q tagging, and each VLAN will be configured with a dedicated IP address.Which set of steps accomplishes this goals?
A. et up the EIGRP Protocol policy with the selected Autonomous System number
B. et up the EIGRP Protocol policy with the selected Autonomous System number
C. et up the BGP Protocol policy with the Autonomous System number of 0
D. onfigure the OSPF Protocol policy with an area of 0
View answer
Correct Answer: D
Question #50
An engineer is in the process of discovering a new Cisco ACI fabric consisting of two spines and four leaf switches. The discovery of leaf 1 has just been completed. Which two nodes are expected to be discovered next? (Choose two.)
A. witch L2 Unknown Unicast to Flood
B. et L2 Unknown Unicast to Hardware Proxy
C. ulticast Destination Flooding should be set to Flood in BD
D. elect the ARP Flooding checkbox
View answer
Correct Answer: AC
Question #51
A network engineer must allow secure access to the Cisco ACI out-of-band (OOB) management only from external subnets 10.0.0.0/24 and 192.168.20.0/25. Which configuration set accomplishes this goal?
A. reate a L3Out in the MGMT tenant in OOB VRF
B. reate a PBR service graph in the MGMT tenant
C. reate an EPG and BD in the MGMT tenant in OOB VRF
D. reate an OOB contract that allows the required ports
View answer
Correct Answer: D
Question #52
An engineer must connect a new host to port 1/1 on Leaf 101. A Cisco ACI fabric has an MCP policy configured but experiences excessive Layer 2 loops. The engineer wants the Cisco ACI fabric to detect and prevent Layer 2 loops in the fabric. Which set of actions accomplishes these goals?
A. nable MCP locally
B. nable MCP locally
C. nable MCP globally
D. nable MCP globally
View answer
Correct Answer: D
Question #53
Refer to the exhibit. An engineer is integrating a VMware vCenter with Cisco ACI VMM domain configuration. ACI creates port-group names with the format of "Tenant | Application | EPG". Which configuration option is used to generate port groups with names formatted as “Tenant=Application=EPG"?
A. tatic Channel "" Mode On
B. AC Pinning-Physical-NIC-load
C. ACP Passive
D. AC Pinning+
E. ACP Active
View answer
Correct Answer: D
Question #54
A Cisco ACI environment consists of multiple silent hosts that are often relocated between leaf switches. When the host is relocated, the bridge domain takes more than a few seconds to relearn the host’s new location. The requirement is to minimize the relocation impact and make the ACI fabric relearn the new location of the host faster. Which action must be taken to meet these requirements?
A. et Unicast Routing to Enabled
B. onfigure ARP Flooding to Enabled
C. et L2 Unknown Unicast to Hardware Proxy
D. onfigure IP Data-Plane Learning to No
View answer
Correct Answer: B
Question #55
When creating a subnet within a bridge domain, which configuration option is used to specify the network visibility of the subnet?
A. ayer 3 cloud
B. ayer 2 forwarding construct
C. enant
D. hysical domain
View answer
Correct Answer: C
Question #56
DRAG DROP (Drag and Drop is not supported) An engineer is configuring a VRF for a tenant named Cisco. Drag and drop the child objects on the left onto the correct containers on the right for this configuration.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #57
An engineer must perform a Cisco ACI fabric upgrade that minimizes the impact on user traffic and allows only permitted users to perform an upgrade. Which two configuration steps should be taken to meet these requirements? (Choose two.)
A. SPF
B. S-IS
C. GP
D. IGRP
View answer
Correct Answer: DE
Question #58
Which endpoint learning operation is completed on the egress leaf switch when traffic is received from an L3Out?
A. he source MAC and IP address of the traffic is learned as a local endpoint
B. he source MAC address of the traffic is learned as a remote endpoint
C. o source MAC or IP address of the traffic is learned as a remote endpoint
D. he source IP address of the traffic is learned as a remote endpoint
View answer
Correct Answer: B
Question #59
DRAG DROP (Drag and Drop is not supported)An engineer must configure VMM domain integration on a Cisco UCS B-Series server that is connected to a Cisco ACI fabric. Drag and drop the products used to create VMM domain from the bottom into the sequence in which they should be implemented at the top. Products are used more than once.
A. tatic Channel
B. AC Pinning
C. ACP
D. LDP
View answer
Correct Answer: A
Question #60
How is an EPG extended outside of the ACI fabric?
A. reate an external bridged network that is assigned to a leaf port
B. reate an external routed network that is assigned to an EPG
C. nable unicast routing within an EPG
D. tatically assign a VLAN ID to a leaf port in an EPG
View answer
Correct Answer: D
Question #61
The company’s Cisco ACI fabric hosts multiple customer tenants. To meet a service level agreement, the company is constantly monitoring the Cisco ACI environment. Syslog is one of the methods used for monitoring. Only events related to leaf and spine environmental information without specific customer data should be logged. To which ACI object must the configuration be applied to meet these requirements?
A. nfra tenant
B. ccess policy
C. witch profile
D. abric policy
View answer
Correct Answer: D
Question #62
Which type of port is used for in-band management within ACI fabric?
A. pine switch port
B. PIC console port
C. eaf access port
D. anagement port
View answer
Correct Answer: C
Question #63
A customer must upgrade the Cisco ACI fabric to use a feature from the new code release. However, there is no direct path from the current release to the desired one. Based on the Cisco APIC Upgrade/Downgrade Support Matrix, the administrator must go through one intermediate release.Which set of steps must be taken to upgrade the fabric to the new release?
A.
B.
C.
D.
View answer
Correct Answer: A
Question #64
An engineer must set up a Cisco ACI fabric to send Syslog messages related to hardware events, such as chassis line card failures. The messages should be sent to a dedicated Syslog server. Where in the Cisco APIC should the policy be configured to meet this requirement?
A. ni/tn-common/monepg-default
B. ni/infra/monifra-default
C. ni/fabric/monfab-default
D. ni/fabric/moncommon
View answer
Correct Answer: D
Question #65
The Application team reports that a previously existing port group has disappeared from vCenter. An engineer confirms that the VMM domain association for the EPG is no longer present. Which action determines which user is responsible for the change?
A. heck the EPG audit logs for the “deletion” action and compare the affected object and user
B. valuate the potential faults that are raised for that EPG
C. xamine the health score and drill down to an object that affects the EPG combined score
D. nspect the server logs to see who was logging in to the APIC during the last few hours
View answer
Correct Answer: A
Question #66
An engineer has set the VMM resolution immediacy to pre-provision in a Cisco ACI environment. No Cisco Discovery Protocol neighborship has been formed between the hypervisors and the ACI fabric leaf nodes. How does this affect the download policies to the leaf switches?
A. o policies are downloaded because LLDP is the only supported discovery protocol
B. olicies are downloaded when the hypervisor host is connected to the VMM VDS
C. olicies are downloaded to the ACI leaf switch regardless of Cisco Discovery Protocol neighborship
D. o policies are downloaded because there is no discovery protocol neighborship
View answer
Correct Answer: C
Question #67
Refer to the exhibit. Which two objects are created as a result of the configuration? (Choose two.)
A. 2 unknown unicast: flood
B. ARP based detection
C. nicast routing
D. ubnet scope
View answer
Correct Answer: CE
Question #68
Which endpoint learning operation is completed on the ingress leaf switch when traffic is received from a Layer 3 Out?
A. he source MAC address of the traffic is learned as a local endpoint
B. he source MAC address of the traffic is learned as a remote endpoint
C. he source IP address of the traffic is learned as a remote endpoint
D. he source IP address of the traffic is learned as a local endpoint
View answer
Correct Answer: B
Question #69
An application team tells the Cisco ACI network administrator that it wants to monitor the statistics of the unicast and BUM traffic that are seen in a certain EPG. Which statement describes the collection statistics?
A. ll EPGs in the Cisco ACI tenant object must be enabled for statistics to be collected
B. isco ACI does not capture statistics at the EPG level
C. PG statistics can be collected only for VMM domains
D. he collection of statistics is enabled on the EPG level by enabling the statistics for unicast and BUM traffic
View answer
Correct Answer: A
Question #70
Where is the COOP database located?
A. eaf
B. pine
C. PIC
D. ndpoint
View answer
Correct Answer: B
Question #71
A network engineer demonstrates Cisco ACI to a customer. One of the test cases is to validate a disaster recovery event by resetting the ACI fabric to factory and then restoring the fabric to the state it was in before the event. Which setting must be enabled on ACI to export all configuration parameters that are necessary to meet these requirements?
A. nabled AES encryption
B. enerated a tech-support file
C. ncrypted export destination
D. nabled JSON format export
View answer
Correct Answer: A
Question #72
What are two descriptions of ACI Multi-Site? (Choose two.)
A. ee Explanation section for answer
View answer
Correct Answer: DE
Question #73
Which two protocols support accessing backup files on a remote location from the APIC? (Choose two.)
A. isco-security domain
B. isco-auth-features
C. isco-aci-role
D. isco-av-pair
View answer
Correct Answer: BC
Question #74
A network engineer must design a method to allow the Cisco ACI to redirect traffic to the firewalls. Only traffic that matches specific L4-L7 policy rules should be redirected. The load must be distributed across multiple firewalls to scale the performance horizontally. Which action must be taken to meet these requirements?
A. onfigure ACI Service Graph with Unidirectional PBR
B. mplement ACI Service Graph with GIPo
C. mplement ACI Service Graph Two Nodes with GIPo
D. onfigure ACI Service Graph with Symmetric PBR
View answer
Correct Answer: D
Question #75
An engineer wants to filter the System Faults page and view only the active faults that are present in the Cisco ACI fabric. Which two lifecycle stages must be selected for filtering? (Choose two.)
A. olicy in the management tenant
B. CL on the console interface
C. CL on the management interface of the APIC
D. olicy on the management VLAN
View answer
Correct Answer: AD
Question #76
Refer to the exhibit. An engineer must implement the inter-tenant service graph. Which set of actions must be taken to accomplish this goal?
A. Define the contract in the provider tenant and export it to the consumer tenant
B. Define the contract in the provider tenant and export it to the consumer tenant
C. Define the contract in the provider tenant and export it to the provider tenant
D. Define the contract in the provider tenant and export it to the provider tenant
View answer
Correct Answer: B
Question #77
What must be enabled in the bridge domain to have the endpoint table learn the IP addresses of endpoints?
A. orwarding: Custom L2 Unknown Unicast: Hardware Proxy L3 Unknown Multicast Flooding: Flood Multi Destination Flooding: Flood in BD ARP Flooding: Enabled
B. orwarding: Custom L2 Unknown Unicast: Flood L3 Unknown Multicast Flooding: Flood Multi Destination Flooding: Flood in BD ARP Flooding: Enabled
C. orwarding: Custom L2 Unknown Unicast: Hardware Proxy L3 Unknown Multicast Flooding: Flood Multi Destination Flooding: Flood in BD ARP Flooding: Disabled
D. orwarding: Custom L2 Unknown Unicast: Flood L3 Unknown Multicast Flooding: Flood Multi Destination Flooding: Flood in BD ARP Flooding: Disabled
View answer
Correct Answer: C
Question #78
An engineer is extending an EPG out of the ACI fabric using static path binding. Which statement about the endpoints is true?
A. ndpoints must connect directly to the ACI leaf port
B. xternal endpoints are in a different bridge domain than the endpoints in the fabric
C. ndpoint learning encompasses the MAC address only
D. xternal endpoints are in the same EPG as the directly attached endpoints
View answer
Correct Answer: D
Question #79
An engineer is implementing a Cisco ACI environment that consists of more than 20 servers. Two of the servers support only Cisco Discovery Protocol with no order link discovery protocol. The engineer wants the servers to be discovered automatically by the Cisco ACI fabric when connected. Which action must be taken to meet this requirement?
A. reate an override policy that enables Cisco Discovery Protocol after LLDP is enabled in the default policy group
B. onfigure a higher order interface policy that enables Cisco Discovery Protocol for the interface on the desired leaf switch
C. onfigure a lower order policy group that enables Cisco Discovery Protocol for the interface on the desired leaf switch
D. reate an interface profile for the interface that disables LLDP on the desired switch that is referenced by the interface policy group
View answer
Correct Answer: B
Question #80
A data center administrator is upgrading an ACI fabric. There are 3 APIC controllers in the fabric and all the servers are dual-homed to pairs of leaf switches configured in VPC mode. How should the fabric be upgraded to minimize possible traffic impact during the upgrade?
A.
B.
C.
D.
View answer
Correct Answer: D
Question #81
DRAG DROP (Drag and Drop is not supported)Drag and drop the Cisco ACI filter entry options from the left onto the correct categories on the right indicating what are required or optional parameters.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #82
Refer to the exhibit. A Cisco ACI fabric is using out-of-band management connectivity. The APIC must access a routable host with an IP address of 192.168.11.2. Which action accomplishes this goal?
A. hange the switch APIC Connectivity Preference to in-band management
B. odify the Pod Profile to use the default Management Access Policy
C. dd a Fabric Access Policy to allow management connections
D. emove the in-band management address from the APIC
View answer
Correct Answer: D
Question #83
All workloads in VLAN 1001 have been migrated into EPG-1001. The requirement is to move the gateway address for VLAN 1001 from the core outside the Cisco ACI fabric into the Cisco ACI fabric. The endpoints in EPG-1001 must route traffic to endpoints in other EPGs and minimize flooded traffic in the fabric. Which configuration set is needed on the bridge domain to meet these requirements?
A. nable FloodEnable Unicast Routing
B. isable Local IP Learning LimitDisable Unicast Routing
C. isable ARP FloodDisable Limit Endpoint Learning
D. nable Hardware ProxyEnable Unicast Routing
View answer
Correct Answer: D
Question #84
An engineer is configuring ACI VMM domain integration with Cisco UCS-B Series. Which type of port channel policy must be configured in the vSwitch policy?
A. ACP Active
B. AC Pinning
C. ACP Passive
D. AC Pinning-Physical-NIC-load
View answer
Correct Answer: B
Question #85
Refer to the exhibit. A systems engineer is implementing the Cisco ACI fabric. However, the Server2 information is missing from the Leaf 101 endpoint table and the COOP database of the spine. The requirement is for the bridge domain configuration to enforce the ACI fabric to forward the unicast packets generated by Server1 destined to Server2. Which action must be taken to meet these requirements?
A. nable ARP Flooding
B. et L2 Unknown Unicast to Flood
C. et IP Data-Plane Learning to No
D. nable Unicast Routing
View answer
Correct Answer: B
Question #86
What is MP-BGP used for in Cisco ACI fabric?
A. P-BGP VPNv4 AF is used as protocol on L3Out between a border leaf and an external router
B. P-BGP Layer 2 VPN EVPN AF is used to propagate L3Out routes that are received from a border leaf
C. P-BGP VPNv4 AF is used to propagate L3Out routes that are received from a border leaf to the fabric
D. P-BGP VPNv4 AF is used between spines in an ACI Multi-Pod fabric to propagate the endpoint
View answer
Correct Answer: C
Question #87
New ESXi hosts are procured in a data center compute expansion project. An engineer must update the configuration on the Cisco APIC controllers to support the addition of the new servers to the existing VMM domain. Which action should be taken to support this change?
A. reate a range of internal VLANs in the associated VLAN pool
B. et the encapsulation mode as VXLAN
C. nable infrastructure VLAN in the associated AEP
D. ap the leaf interface selector to the AEP that is associated with the VMM domain
View answer
Correct Answer: D
Question #88
Which action sets Layer 2 loop migration in an ACI Fabric with a Layer 2 Out configured?
A. nable MCP on the ACI fabric
B. isable STP in the external network
C. isable STP on the ACI fabric
D. nable STP on the ACI fabric
View answer
Correct Answer: A
Question #89
The unicast routing feature is enabled on the bridge domain. Which two conditions enable the Cisco ACI leaf to learn a source IP as a local endpoint? (Choose two.)
A. hen VXLAN traffic arrives on a leaf fabric port from the spine and outer source IP is in the Layer 3 Out EPG subnet range
B. hen VXLAN traffic arrives on a leaf fabric port from the spine and outer source IP is in the bridge domain subnets range
C. hen VXLAN traffic arrives on a leaf fabric port from the spine and inner source IP is in the Layer 3 Out EPG subnet range
D. hen VXLAN traffic arrives on a leaf fabric port from the spine and inner source IP is in the bridge domain subnets range
View answer
Correct Answer: BE
Question #90
An engineer must ensure that Cisco ACI flushes the appropriate endpoints when a topology change notification message is received in an MST domain. Which three steps are required to accomplish this goal? (Choose three.)
A. et L2 Unknown Unicast to Flood
B. et L2 Unknown Unicast to Hardware Proxy
C. isable Unicast Routing
D. nable ARP Flooding
View answer
Correct Answer: ABD
Question #91
An organization has encountered many STP-related issues in the past due to failed hardware components. They are in the process of long-term migration to a newly deployed ACI fabric. Senior engineers are worried that spanning-tree loops in the existing network may be extended to the ACI fabric. Which feature must be enabled on the ACI leaf ports to protect the fabric from spanning-tree loops?
A. PDU Guard
B. er-VLAN MCP
C. torm Control
D. PDU Filter
View answer
Correct Answer: B
Question #92
Refer to the exhibit. An engineer configures an L3Out but receives the error presented. Which action clears the fault?
A. cknowledge the QoS-related error
B. ssociate a custom QoS class
C. reate a custom QoS policy
D. et the QoS policy to Level 3
View answer
Correct Answer: A
Question #93
Which type of profile needs to be created to deploy an access port policy group?
A. ttachable entity
B. od
C. odule
D. eaf interface
View answer
Correct Answer: A
Question #94
An engineer must create a backup of the Cisco ACI fabric for disaster recovery purposes. The backup must be transferred over a secure and encrypted transport. The backup file must contain all user and password related information. The engineer also wants to process and confirm the backup file validity by using a Python script. This requires the data structure to have a format similar to a Python dictionary. Which configuration set must be used to meet these requirements?
A. nder the Create Remote location settings, select Protocol: FTPUnder the Export policy, selectFormat: XMLModify Global AES Encryption Settings: Enabled
B. nder the Create Remote location settings, select Protocol: FTPUnder the Export policy, selectFormat: XMLModify Global AES Encryption Settings: Disabled
C. nder the Create Remote location settings, select Protocol: SCPUnder the Export policy, select -Format: JSONModify Global AES Encryption Settings: Disabled
D. nder the Create Remote location settings, select Protocol: SCPUnder the Export policy, select -Format: JSONModify Global AES Encryption Settings: Enabled
View answer
Correct Answer: D
Question #95
In the context of ACI Multi-Site, when is the information of an endpoint (MAC/IP) that belongs to site 1 advertised to site 2 using the EVPN control plane?
A. ndpoint information is not exchanged across sites unless COOP protocol is used
B. ndpoint information is not exchanged across sites unless a policy is configured to allow communication across sites
C. ndpoint information is exchanged across sites as soon as the endpoint is discovered in one site
D. ndpoint information is exchanged across sites when the endpoints are discovered in both sites
View answer
Correct Answer: A
Question #96
When does the Cisco ACI leaf learn a source IP or MAC as a remote endpoint?
A. onfigure a Layer 2 external bridged network on the interfaces facing the MST switches
B. nable the native VLAN on the interfaces facing the MST switches using static ports in a dedicated EPG
C. nable BPDU filter under the STP interface policy on the interfaces facing the MST switches
D. onfigure the STP instance to VLAN mapping under the switch STP policy
View answer
Correct Answer: B
Question #97
An engineer created two interface protocol policies called Pol_CDP40275332 and Pol_LLDP46783451. The policies must be used together in a single policy. Which ACI object must be used?
A. nterface policy group
B. witch policy group
C. witch profile
D. nterface profile
View answer
Correct Answer: A
Question #98
A RADIUS user resolves its role via the Cisco AV Pair. What object does the Cisco AV Pair resolve to?
A. enant
B. ecurity domain
C. rimary Cisco APIC
D. anaged object class
View answer
Correct Answer: D
Question #99
When Cisco ACI connects to an outside Layers 2 network, where does the ACI fabric flood the STP BPDU frame?
A. ithin the bridge domain
B. ithin the APIC
C. ithin the access encap VLAN
D. etween all the spine and leaf switches
View answer
Correct Answer: A
Question #100
An engineer must configure a group of servers with a contract that uses TCP port 80. The EPG that contains the web servers requires an external Layer 3 cloud to initiate communication. Which action must be taken to meet these requirements?
A. onfigure the EPG as a provider and L3 out as consumer of the contract
B. onfigure OSPF to exchange routes between the L3 out and EPG
C. onfigure a taboo contract and apply it to the EPG
D. onfigure the EPG as a consumer and L3 out as a provider of the contract
View answer
Correct Answer: A
Question #101
Which routing protocol is supported between Cisco ACI spines and IPNs in a Cisco ACI Multi-Pod environment?
A. OLF
B. ulti-Site
C. ulti-Pod
D. tretched Fabric
View answer
Correct Answer: B
Question #102
Refer to the exhibit. A customer must back up the current Cisco ACI configuration securely to the remote location using encryption and authentication. The backup job must run once per day. The customer’s security policy mandates that any sensitive information including passwords must not be exported from the device. Which set of steps meets these requirements?
A. xport destination using FTP protocol
B. xport destination using FTP protocol
C. xport destination using SCP protocol
D. xport destination using SCP protocol
View answer
Correct Answer: C
Question #103
A Cisco APIC is configured with RADIUS authentication as the default. The network administrator must ensure that users can access the APIC GUI with a local account if the RADIUS server is unreachable. Which action must be taken to accomplish this goal?
A. ssociate console authentication with the “RADIUS” realm
B. eference the “local” realm in the fallback domain
C. reate an additional login domain that references local accounts
D. nable the fallback check with the default authentication domain
View answer
Correct Answer: B
Question #104
An ACI administrator notices a change in the behavior of the fabric. Which action must be taken to determine if a human intervention introduced the change?
A. nspect event records in the APIC UI to see all actions performed by users
B. nspect /var/log/audit_messages on the APIC to see a record of all user actions
C. nspect audit logs in the APIC UI to see all user events
D. nspect the output of show command history in the APIC CLI
View answer
Correct Answer: C
Question #105
What represents the unique identifier of an ACI object?
A. LAN pool
B. anagement contract
C. anagement tenant
D. ridge domain
View answer
Correct Answer: D
Question #106
What is the minimum number of APICs does Cisco recommend to deploy in a production cluster?
A.
B.
C.
D.
View answer
Correct Answer: B
Question #107
An engineer must deploy Cisco ACI across 10 geographically separated data centers. Which ACI site deployment feature enables the engineer to control which bridge domains contain Layer 2 flooding?
A. pply a BGP route reflector policy
B. nable a COOP policy
C. onfigure an IS-IS policy
D. mplement an access management policy
View answer
Correct Answer: B
Question #108
Regarding the MTU value of MP-BGP EVPN control plane packets in Cisco ACI, which statement about communication between spine nodes in different sites is true?
A. y default, spine nodes generate 9000-bytes packets to exchange endpoints routing information
B. y default, spine nodes generate 1500-bytes packets to exchange endpoints routing information
C. y default, spine nodes generate 1500-bytes packets to exchange endpoints routing information
D. y default, spine nodes generate 9000-bytes packets to exchange endpoints routing information
View answer
Correct Answer: D
Question #109
An administrator must migrate the vSphere Management VMkernel of all ESXi hosts in the production cluster from the standard default virtual switch to a VDS that is integrated with APIC in a VMM domain. Which action must be completed in this scenario?
A. he Management VMkernel EPG resolution must be set to Pre-Provision
B. he administrator must create an in-band VMM Management EPG before performing the migration
C. he administrator must set the Management VMkernel BD resolution immediacy to On-Demand
D. he VMkernel Management BD must be located under the Management Tenant
View answer
Correct Answer: A

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: