Cisco (300-620-DCACI) Exam Questions And Answers page 7
What must be configured to redistribute externally learned OSPF routes within the ACI fabric?
BGP Route Reflector
BGP Inter-leak Route Map
PIM Sparse Mode
ACI Fabric Connectivity Policies
ACI Tenant Policies
An engineer must limit management access to the Cisco ACI fabric that originates from a single subnet where the NOC operates. Access should be limited to SSH and HTTPS only. Where should the policy be configured on the Cisco APIC to meet the requirements?
policy in the management tenant
ACL on the console interface
ACL on the management interface of the APIC
policy on the management VLAN
ACI Fabric Access Policies
ACI Fabric Automation
Refer to the exhibit. A Cisco ACI fabric is newly deployed, and the security team requires more visibility of all inter EPG traffic flows. All traffic in a VRF must be forwarded to an existing firewall pair. During failover, the standby firewall must continue to use the same IP and MAC as the primary firewall. Drag and drop the steps from the left into the implementation order on the right to configure the service graph that meets the requirements. (Not all steps are used.)
ACI Fabric Access Policies
ACI Tenant Policies
Refer to the exhibit. Which action should be taken to ensure authentication if the RADIUS servers are unavailable?
Adjust the priority of server 10.1.1.1 to 1.
Assign the user to the default role.
Set the default login realm to LDAP.
Set the fallback login to local.
ACI Tenant Policies
ACI Fabric Automation
A network engineer must configure a Cisco ACI system to detect network loops for untagged and tagged traffic. The loop must be detected and stopped by disabling an interface within 4 seconds. Which configuration must be used?
ACI Fabric Access Policies
ACI Fabric Connectivity Policies
On which two interface types should a user configure storm control to protect against broadcast traffic? (Choose two.)
APIC facing interfaces
port channel on a single leaf switch
all interfaces on the leaf switches in the fabric
endpoint-facing trunk interface
fabric uplink interfaces on the leaf switches
ACI Fabric Access Policies
ACI Application Network Profiles
All workloads in VLAN 1001 have been migrated into EPG-1001. The requirement is to move the gateway address for VLAN 1001 from the core outside the Cisco ACI fabric into the Cisco ACI fabric. The endpoints in EPG-1001 must route traffic to endpoints in other EPGs and minimize flooded traffic in the fabric. Which configuration set is needed on the bridge domain to meet these requirements?
Enable Flood
Enable Unicast Routing
Enable Unicast Routing
Disable Local IP Learning Limit
Disable Unicast Routing
Disable Unicast Routing
Disable ARP Flood
Disable Limit Endpoint Learning
Disable Limit Endpoint Learning
Enable Hardware Proxy
Enable Unicast Routing
Enable Unicast Routing
ACI Fabric Access Policies
ACI Tenant Policies
Which two dynamic routing protocols are supported when using Cisco ACI to connect to an external Layer 3 network? (Choose two.)
iBGP
VXLAN
IS-IS
RIPv2
eBGP
ACI Fabric Connectivity Policies
ACI Tenant Policies
Which attribute should be configured for each user to enable RADIUS for external authentication in Cisco ACI?
cisco-security domain
cisco-auth-features
cisco-aci-role
cisco-av-pair
ACI Fabric Access Policies
ACI Tenant Policies
What actions extend a Layer 2 domain beyond the ACI fabric?
Multiple Choice
Which two actions extend a Layer 2 domain beyond the ACI fabric? (Choose two.)
extending the routed domain out of the ACI fabric
creating a single homed Layer 3 Out
creating an external physical network
extending the bridge domain out of the ACI fabric
extending the EPG out of the ACI fabric
ACI Fabric Access Policies
ACI Fabric Connectivity Policies
Comments