Cisco Implementing Cisco Application Centric Infrastructure 300-620 DCACI Exam Questions

Page: 1 / 14
Total 247 questions
Question 1

All workloads in VLAN 1001 have been migrated into EPG-1001. The requirement is to move the gateway address for VLAN 1001 from the core outside the Cisco ACI fabric into the Cisco ACI fabric. The endpoints in EPG-1001 must route traffic to endpoints in other EPGs and minimize flooded traffic in the fabric. Which configuration set is needed on the bridge domain to meet these requirements?



Answer : B

To move the gateway address for VLAN 1001 from the core outside the Cisco ACI fabric into the Cisco ACI fabric and ensure that endpoints in EPG-1001 route traffic to endpoints in other EPGs while minimizing flooded traffic in the fabric, the following configuration set is needed on the bridge domain:

Enable Hardware Proxy: This step involves enabling the hardware proxy feature, which allows the fabric to learn and maintain endpoint information more efficiently7.

Enable Unicast Routing: This step involves enabling unicast routing within the bridge domain, which allows for the routing of traffic between different EPGs and minimizes flooded traffic


Question 2

A network engineer must design a method to allow the Cisco ACI to redirect traffic to the firewalls. Only traffic that matches specific L4-L7 policy rules should be redirected. The load must be distributed across multiple firewalls to scale the performance horizontally. Which action must be taken to meet these requirements?



Answer : A

To design a method that allows the Cisco ACI to redirect traffic to the firewalls based on specific L4-L7 policy rules and distribute the load across multiple firewalls, the action that must be taken is toConfigure ACI Service Graph with Unidirectional PBR (

https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html


Question 3

Which tenant is used when configuring in-band management IP addresses for Cisco APICs, leaf nodes, and spine nodes?



Answer : D

When configuring in-band management IP addresses for Cisco APICs, leaf nodes, and spine nodes, the tenant used is themgmttenant1.


Question 4

An engineer must limit management access to me Cisco ACI fabric that originates from a single subnet where the NOC operates. Access should be limited to SSH and HTTPS only. Where should the policy be configured on the Cisco APIC to meet the requirements?



Answer : A

To limit management access to the Cisco ACI fabric that originates from a single subnet where the NOC operates, the policy should be configuredin the management tenanton the Cisco APIC5.

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/Operating_ACI/guide/b_Cisco_Operating_ACI/b_Cisco_Operating_ACI_chapter_0111.html


Question 5

Refer to the exhibit.

An engineer must implement the inter-tenant service graph. Which set of actions must be taken to accomplish this goal?



Answer : B

To implement the inter-tenant service graph, the set of actions that must be taken are:

Define the contract in the provider tenant and export it to the consumer tenant (Option B).

Define the L4-L7 device and service graph template in the provider tenant and the ASA bridge domains in the consumer tenant (Option B).

This approach allows for the proper configuration and association of the service graph between the provider and consumer tenants, ensuring that the services are correctly applied to the traffic flowing between them.


Question 6

An engineer wants to monitor all configuration changes, threshold crossing, and link-state transitions in a Cisco ACI fabric. Which action must be taken to receive the required messages?



Answer : C

To monitor all configuration changes, threshold crossing, and link-state transitions in a Cisco ACI fabric, the action that must be taken is toInclude Audit Logs and Events in the Syslog source policy

https://community.cisco.com/legacyfs/online/attachments/blog/technote-aci-syslog_external-latest.pdf

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/all/faults/guide/b_APIC_Faults_Errors/b_IFC_Faults_Errors_chapter_010.html


Question 7

What must be enabled in the bridge domain to have the endpoint table learn the IP addresses of endpoints?



Answer : C

To have the endpoint table learn the IP addresses of endpoints in a bridge domain,unicast routingmust be enabled1.This allows the bridge domain to learn the IP addresses of endpoints through the data plane1.


Page:    1 / 14   
Total 247 questions