300-620 DCACI:Implementing Cisco Application Centric Infrastructure Update:2025年12月22日 Questions and Answers: 245 Q&A 1. The Cisco ACI fabric has an egress L3Out from Leaf-101 and Leaf-102 to CORE-1. VLAN 102 is used to form the OSPF adjacency. The workloads must be migrated into EPG-101, and the static port binding is configured to Leaf-103 e1/1 with encap VLAN 101. An engineer completes the port binding and receives an MCP fault. Which action clears the fault? A. Use VLAN 101 for OSPF adjacency on the egress L3Out. B. Use VLAN 102 as the encap VLAN on the EPG-101 static port binding. C. Add VLAN 102 to the VLAN pool that is used by the static port binding. D. Prune VLAN 101 from the VLAN pool that is used by the egress L3Out. None 2. The EPG-100 must be extended to the vCenter as a port group with a tagged VLAN ID of 100. Which set of actions accomplishes this goal? A. Define a static VLAN range (from 100-200) under a VLAN pool that is associated with the dc1vcdev domain. Associate the dc1vcdev domain with EPG and select these settings: Untagged VLAN Access: unselected VLAN Mode: Static with Encap: 100 B. Define a static VLAN range (from 100-200) under a VLAN pool that is associated with the dc1vcdev domain. Associate the dc2vcdev domain with EPG and select these settings: Untagged VLAN Access: selected VLAN Mode: Static with Encap: 100 C. Define a dynamic VLAN range (from 100-200) under a VLAN pool that is associated with the delvdev domain. Associate the dc1vcdev domain with EPG and select these settings: Untagged VLAN Access: unselected VLAN Mode: Static with Encap: 100 D. Define a dynamic VLAN range (from 100-200) under a VLAN pool that is associated with the dclvdev domain. Associate the dc2vcdev domain with EPG and select these settings: Untagged VLAN Access: selected VLAN Mode: Static with Encap: 100 None 3. A customer must deploy three Cisco ACI based data centers. Each site must be separated from the others. Which characteristic of Cisco ACI Multi-Pod makes it unsuitable for this deployment? A. creates a virtual pod in the remote location B. requires all pods to share the same Cisco APIC cluster C. has distance and scale limitations D. places leaf switches in the remote site that belong to the same fabric as at the headquarters site None 4. A network engineer must configure a new SNMP configuration and syslog servers. The requirement is for all faults and events related to endpoint groups, bridge domains, and VRFs to be sent to it. Which action must be taken to meet the requirements? A. Enable access monitoring policies on the required endpoint groups, bridge domains, and VRFs. B. Utilize common tenant monitoring policies in the Cisco APIC. C. Configure fabric monitoring policies and attach to the spine switch in the fabric. D. Implement fabric-wide monitoring policies on all nodes. None 5. An engineer must configure a Layer 3 connection to the WAN router. The hosts in production VRF must access WAN subnets. The engineer associates EPGs in the production VRF with the external routed domain. Which action completes the task? A. Configure the Export Route Control Subnet scope for the external EPG. B. Configure the External Subnets for the External EPG scope for the external EPG. C. Configure the Import Route Control Subnet scope for the external EPG. D. Configure the Shared Route Control Subnet scope for the external EPG. None 6. A Cisco APIC raises an error when the EPG must accept endpoints from a VMM domain created. Which action clears the fault? A. Expand the VLAN pool for the VMM domain. B. Create a bridge domain for the VMM domain. C. Associate the EPG with the VMM domain. D. Associate the VLAN pool with the VMM domain. None 7. A Cisco ACI endpoint group must have its gateway address migrated out of the ACI fabric. An engineer configures EPG-TEST with a static port binding and configures the encap VLAN with the required VLAN. Which configuration set must be used on the bridge domain to meet these requirements? A. L2 Unknown Unicast: Hardware Proxy Unicast Routing: Disabled ARP Flooding: Enabled B. L2 Unknown Unicast: Hardware Proxy Unicast Routing: Disabled ARP Flooding: Disabled C. L2 Unknown Unicast: Flood Unicast Routing: Disabled ARP Flooding: Enabled D. L2 Unknown Unicast: Flood Unicast Routing: Enabled ARP Flooding: Enable None 8. What is a requirement for Cisco ACI IPN to manage multidestination traffic? A. pervasive gateway B. unicast routing C. anycast gateway D. multicast routing None 9. An organization deploys active-active data centers and active-standby firewalls in each data center. Which action should be taken in a Cisco ACI Multi-Pod to maintain traffic symmetry through the firewalls? A. Disable Resilient Hashing. B. Disable service node Health Tracking. C. Enable Pod ID Aware Redirection. D. Enable Endpoint Dataplane Learning. None 10. An engineer must allow IP mobility between Site1 and Site2 in a Cisco ACI Multi-Site orchestrator. The design must meet these requirements: A disaster recovery (DR) solution must exist between the sites that do not require vMotion support. The application must be started at a DR site without having to re-IP the application servers. The solution must avoid any broadcast storms between the sites. Which two actions meet these criteria? (Choose two.) A. Define a unique bridge domain subnet per site. B. Configure STP between Cisco ACI fabrics. C. Deploy a local EPG for Site1 and Site2. D. Disable Inter-site BUM Traffic. E. Apply the L2 Stretch feature. 11. New e-commerce software is deployed on Cisco ACI fabric. The environment must meet these requirements: The overall number of contracts must be reduced by reusing the existing contracts within a VRF when possible. The e-commerce software must communicate only with software EPGs that are part of the same ANP. The e-commerce software must be prevented from communicating with applications in different ANPs. Which scope must be selected to meet these requirements? A. Application Profile B. Endpoint Group C. Tenant D. Global None 12. A company merges three of its departments: CORP, HR, and SERVICES, Currently, the connectivity between departments is achieved by using VRF route leaking. The requirement is to redesign the Cisco ACI networking architecture to communicate between EPGs and BDs from any tenant without configuring contracts or VRF route leaking. Which configuration meets these criteria? A. Configure an unenforced VRF in the user tenant and map all required EPGs to it. B. Implement an enforced VRF in the common tenant and map all required BDs to it. C. Configure an enforced VRF in the user tenant and map all required EPGs to it. D. Implement an unenforced VRF in the common tenant and map all required BDs to it. None 13. What two actions should be taken to deploy a new Cisco ACI Multi-Pod setup? (Choose two.) A. Configure MP-BGP on IPN routers that face the Cisco ACI spines. B. Connect all spines to the IPN. C. Configure anycast RP for the underlying multicast protocol D. Configure the TEP pool of the new pod to be routable across the IPN. E. Increase interface MTU for all IPN routers to support VXLAN traffic. 14. The external subnet and internal EPG1 must communicate with each other, and the L3Out traffic must leak into the VRF named "VF1". Which configuration set accomplishes these goals? A. Export Route Control Subnet Import Route Control Subnet Aggregate Shared Routes B. External Subnets for External EPG Shared Route Control Subnet Shared Security Import Subnet C. External Subnets for External EPG Import Route Control Subnet Shared Route Control Subnet D. Export Route Control Subnet Shared Security Import Subnet Aggregate Shared Routes None 15. VM1 and VM2 are in Cisco ACI POD1 and communication takes place. Which event is triggered when VM2 is live migrated from POD1 to POD2? A. Leaf 102 installs a bounce entry for VM2 pointing to the PTEP address of leaf 201. B. Leaf 201 creates a tunnel with leaf 102 because of the bounced traffic that is destined to VM2. C. Spines from POD2 send an MP-BGP EVPN update to the leaves in POD1 about the new location of VM2 D. An MP-BGP EVPN update is received by spines in POD1 announcing the reachability of VM2 via the proxy VTEP address of the spines in POD2. None 16. An engineer configures a Cisco ACI Multi-Pod for disaster recovery. Which action should be taken for the new nodes to be discoverable by the existing Cisco APICs? A. Configure IGMPv3 on the interfaces of IPN routers that face the Cisco ACI spine. B. Enable subinterfaces with dot1q tagging on all links between the IPN routers. C. Enable DHCP relay on all links that are connected to Cisco ACI spines on IPN devices. D. Configure BGP as the underlay protocol in IPN. None 17. The 0.0.0.0/0 is configured as a default static route on L3Out-1. Which action should be taken for the 0.0.0.0/0 prefix to advertise out on L3Out-2 OSPF? A. Enable Export Route Control Subnet. B. Enable Shared Security Import Subnet. C. Enable Shared Route Control Subnet. D. Enable Aggregate Export Subnet. None 18. A packet is routed between two endpoints on different Cisco ACI leaf switches. Which VXLAN VNID is applied to the packet? A. FD B. EPG C. VRF D. BD None 19. A company decided to decrease its routing footprint and remove RT-2 and RT-3 devices from its data center. Because of that, the exit point must be created from all the tenants by using the common tenant. Which two configuration tasks must be completed to meet these requirements? (Choose two.) A. Move subnets from all the bridge domains to the EPG level and mark them with flag Shared between VRFs. B. Update the L3Out ExtEPG subnet in the common tenant with flag Shared Route Control Subnet and Aggregate Shared Routes. C. Mark all subnets with flag Shared between VRFs and attach contract Ctr-3 as a provider to all the EPGs. D. Change contract Ctr-3 scope to Global, consume it by all EPGs, and flag all subnets with flag Shared between VRFs E. Export contract Ctr-2 into the tenant TN-1 and attach it as a consumer to all the EPGs in the tenant TN-1. 20. A company must connect three Cisco ACI data centers by using Cisco ACI Multi-Site. An engineer must configure the Inter-Site Network (ISN) between the existing sites. Which two configuration steps must be taken to implement the ISN? (Choose two.) A. Configure OSPF on subinterfaces on routers that are directly connected with spine nodes. B. Configure ISN site extension on Cisco routers in the network. C. Configure OSPF on all ISN routers. D. Configure BIDIR-PIM on all ISN routers. E. Configure encapsulation VLAN-4 between the routers and spine nodes. 21. How are the STP BPDUs forwarded over Cisco ACI fabric? A. Cisco ACI acts as the STP root for all three external switches. B. STP BPDUs that are generated by Switch2 are received by Switch1 and Switch3 C. STP BPDUs that are generated by Switch1 are received only by Switch3. D. Cisco ACI fabric drops all STP BPDUs that are generated by the external switches. None 22. An administrator configures inter-VRF route leaking between Production:vrfprod and Non-Production:vrf-nonprod. However, the route in the Non-Production:vrf-nonprod VRF to the production tenant is missing. Which action resolves the VRF route leaking issue? A. Change the contract scope to Global. B. Enable the Shared between VRFs option for the BD subnet in the production VRF. C. Enable the Shared between VRFs option for the EPG subnet in the non-production VRF. D. Export the contract from provider to consumer tenant. None 23. How is broadcast forwarded in Cisco ACI Multi-Pod after ARP flooding is enabled? A. Ingress replication is used on the spines to forward broadcast frames in the IPN infrastructure. B. Within a pod, the ingress leaf switch floods the broadcast frame on all fabric ports. C. Broadcast frames are forwarded inside the pod and across the IPN using the multicast address that is associated to the bridge domain. D. For the specific bridge domain, all spines forward the broadcast frames to IPN routers. None 24. What are two PBR characteristics of the Cisco ACI Active-Active Across Pods deployment mode in Cisco ACI Multi-Pod design? (Choose two.) A. Traffic is dynamically redirected to the firewall that owns the connection. B. Deployment occurs in transparent mode. C. The connection state is unsynchronized. D. Deployment occurs in go-to mode only. E. This mode causes the traffic to flow asymmetrically. 25. What must be configured in the service graph to redirect HTTP traffic between the EPG client and EPG server to go through the Cisco ASA firewall? A. precise filter to allow only HTTP traffic B. permit-all contract filter C. contract with no filter D. contract filter to allow ARP and HTTP. None 26. What is the advantage of implementing an active-active firewall cluster that is stretched across separate pods when anycast services are configured? A. A cluster is capable to be deployed in transparent mode across pods. B. A different MAC/IP configuration combination is configurable for the firewall in each pod. C. Local traffic in a pod is load-balanced between the clustered firewalls. D. The local pod anycast node is preferred by the local spines. None 27. Server A is connected to the Cisco ACI fabric using two teamed interfaces. One interface in a team is configured as active and the other remains in standby mode. When a failover occurs and the standby interface becomes active, it uses its built-in MAC address to send traffic. Which bridge domain configuration must be applied to resolve the issue? A. Configure Hardware proxy. B. Set L2 Unknown Unicast to Flood. C. Enable ARP flooding. D. Activate Limit IP Learning to Subnet. None 28. In a Cisco ACI Multi-Site fabric, the Inter-Site BUM Traffic Allow option is enabled in a specific stretched bridge domain. What is used to forward BUM traffic to all endpoints in the same broadcast domain? A. ingress replication on the spines in the source site B. egress replication on the destination leaf switches C. egress replication on the source leaf switches D. ingress replication on the spines in the destination site None 29. The engineer notices frequent MAC and IP address moves between different leaf switch ports. Which action prevents this problem from occurring? A. Disable enforce subnet check. B. Enable endpoint loop protection. C. Enable rogue endpoint control. D. Disable IP bridge domain enforcement. None 30. A customer is deploying a new application across two ACI pods that is sensitive to latency and jitter. The application sets the DSCP values of packets to AF31 and CS6, respectively. Which configuration changes must be made on the APIC to support the new application and prevent packets from being delayed or dropped between pods? A. disable DSCP mapping on the IPN devices B. disable DSCP translation policy C. align the ACI QoS levels and IPN QoS policies D. align the custom QoS policy on the EPG site in the customer tenant None 31. What controls communication between EPGs? A. Inter-EPG communication is controlled by BGP. B. Inter-EPG communication is controlled by contracts. C. Inter-EPG communication is controlled by IS-IS. D. Inter-EPG communication is controlled by VXLAN. None 32. Which feature should be disabled on a bridge domain when a default gateway for endpoints is on an external device instead of a Cisco ACI bridge domain SVI? A. unknown unicast flooding B. ARP flooding C. unicast routing D. proxy ARP None 33. Where are STP BPDUSs flooded in Cisco ACI fabric? A. in the access encapsulation VLAN part of different VLAN pools B. in the bridge domain VLAN C. in the native VLAN ID D. in the VNID that is assigned to the FD VLAN None 34. An engineer is configuring a production Multi-Site solution to provide connectivity from EPGs from a specific site to networks reachable through a remote site L3OUT. All required schema and template objects are already defined. Which additional configuration must be implemented in the Multi-Site Orchestrator to support the cross-site connectivity? A. Configure a routable TEP pool for SITE1. B. Enable CloudSec for intersite traffic encryption. C. Add a new stretched external EPG to the existing L3OUT. D. Implement a policy-based redirect using a service graph. None 35. Which two configurations enable inter-VRF communication? (Choose two.) A. Set the subnet scope to Shared Between VRFs. B. Enable Advertise Externally under the subnet scope. C. Export the contract and import as a contract interface. D. Change the contract scope to Tenant. E. Change the subject scope to VRF. 36. A network engineer is implementing a Layer 3 Out in the Cisco ACI fabric. The data center core switches must connect to a pair of leaf switches and exchange routes via a routing protocol. In addition, the implementation must meet these criteria; The external switch interface must use 802.1Q tagging. Access to the internet for the ACI fabric must be the L30ut. The L30ut must use a routing protocol that has rapid convergence time and low CPU usage. Which configuration set meets these requirements? A. Configure the OSPF Protocol policy with an area of 0. Set up the Routed External Network object and Node Profile and select OSPF. Create the Switch profile and select VPC with the appropriate interfaces. Create the default network and associate it with the Routed Outside object. B. Configure the BGP Protocol policy with the appropriate Autonomous System number. Configure an Interface policy and an External Bridged Domain. Create an External Bridged Network and use the configured VLAN pool. Build the Leaf profile and select the Routed sub-interface with the appropriate VLAN. C. Implement the IS-IS Protocol policy with the selected Autonomous System number. Create the Routed Outside object and Node Profile and select IS-IS. Configure the Interface profile and select the Routed Interface with the appropriate interfaces. Create the External Network object. D. Implement the EIGRP Protocol policy with the selected Autonomous System number. Create Routed Outside object and Node Profile and select EIGRP as the routing protocol. Build the Interface profile and select SVI and the appropriate VPC. Configure the External Network object with a network of 0.0.0.070. None 37. An engineer must migrate workloads from the brownfield network to the Cisco ACI fabric. The VLAN 10 default gateway remains in the router located in the brownfield Network. The bridge domain has already been associated with L20ut. Which two actions must be taken to migrate the workloads? (Choose two.) A. Select Limit IP Learning to Subnet. B. Configure Multi-Destination Flooding Flood in Encapsulation. C. Set L2 Unknown Unicast Flood. D. Map the MAC address of the default gateway to the bridge domain E. Enable ARP Flooding 38. How does Cisco ACI detect the IP address of a silent host that moved from one location to another without notifying a Cisco ACI leaf? A. ARP requests are flooded in the bridge domain. B. Bounce entries are installed on the leaf switch. C. Endpoint announce messages are sent to COOP. D. Silent hosts are detected by the ACI fabric. None 39. Cisco ACI fabric is integrated with a VMware environment. The engineer must back up the current configuration of the fabric and restore the vCenter password when the configuration is ... Which action accomplishes this goal? A. Select SCP protocol for the remote location. B. Create a Configuration Import Policy. C. Enable the Global AES Encryption setting. D. Set the Authentication type to Use Password. None 40. An engineer associates EPG-A with a VMM domain and sets the Deployment and Resolution preferences to Immediate. The host that will generate endpoints for EPG-A is attached to Leaf-and Leaf-102 using etht1/1. However, no configuration for EPG-A appears to have been pushed to the leaf switches. Which action must be taken for the configuration to be pushed to f-101 and Leaf- 102? A. Enable CDP or LLDP on the host. B. Configure both ports for trunking. C. Enable LACP on the leaf switch ports. D. Disable and enable eth1/1 on both leaf switches None 41. An engineer is implementing an out-of-band (OOB) management access for the Cisco ACI fabric. The secure access must meet these requirements: Only GUI and secure shell must be allowed to access the management interfaces of the ACIs. The only IP ranges that must be permitted to connect the fabric will be 10.10.10.0724 and 192.168.15.0/24. Which configuration set meets these requirements? A. Implement HTTPS and SSH protocol filters in the OOB contract. Add the required subnets to the external network instance profile. B. Create an out-of-band EPG in the external management entity. Associate the management profile with the OOB contract. C. Set up static IPs on the management interfaces from the required IP range. Add the required subnets to the external network instance profile. D. Create an out-of-band EPG in the common tenant. Associate the external network instance profile with the OOB contract. None 42. An engineer configures port-12 on Leaf-101 and Leaf-102 to connect to a new server, SVR-12. The new server will belong to EPG-12 and use encap VLAN-1212. The engineer configured SVR- 12 as a VPC member port and statically bound the VPC member port to EPG-12. Which additional step must the engineer take to configure connectivity? A. Create a VPC Explicit Protection Group for EPG-12 and VLAN-1212. B. Associate a domain with EPG-12 that is associated with VLAN-1212. C. Select VLAN-1212 on the EPG-12 Interface Policy Group. D. Configure an LACP Interface Policy and apply it to EPG-12. None 43. An application called App_1 is hosted on the server called S1. A silent host application. App_2. is hosted on S2. Both applications use the same VLAN encapsulation, which action forces Cisco ACI fabric to learn App_2 on ACI leaf 2? A. Set Multi-Destination Flooding to Drop. B. Set Unicast Routing to Hardware Proxy. C. Set L2 Unknown Unicast to Flood. D. Set L3 Unknown Multicast to Optimized flood. None 44. An engineer configures an L30ut in VRF-1 that was configured for Import Route Control Enforcement. The L30ut uses OSPF to peer with a core switch. The L30ut has one external EPG, it has been configured with a subnet 10.1.0.0/24. Which scope must be set to force 10.1.0.0/24 to populate in the routing table for VRF-1? A. External Subnet for External EPG B. Export Route Control Subnet C. Shared Route for External EPG D. Import Route Control Subnet None 45. What is a characteristic of a Cisco ACI Multi-Pod? A. It eliminates the need to deploy multicast in the Layer 3 network that interconnects the pods. B. Spines use BGP peering with IPN to send out the TEP pool prefix for the local pod. C. It manages the configuration of different Cisco ACI pods using a single common Cisco APIC cluster D. A VPNv4 address family is used to exchange endpoint information between spines. None 46. An engineer discovered an outage on the mgmt0 port of Leaf113 and Leaf114. Both leaf switches were recently registered in the fabric and have health scores of 100. The engineer overs there is no IP address assigned to the mgmt0 interface of the switches. Which action resolves the outage? A. Statically bind the mgmt0 interface of Leaf113 and Leaf114 to the oob-default EPG. B. Enable Leaf 113 and Leaf 114 mgmt0 under the leaf switch. C. Associate the oobbrc-default contract to Leaf113 and Leaf114. D. Add Leaf113 and Leaf114 to the node management address policy. None 47. When Layer 3 routed traffic is destined to a Cisco ACI fabric, which mechanism does ACI use to detect silent hosts? A. gratuitous ARP B. inverse ARP C. ARP gleanin D. proxy ARP None 48. Which switch type is discovered first in the Cisco ACI fabric discovery process? A. leaf B. access C. distribution D. spine None 49. An Cisco ACI leaf switch learns the source IP address of a packet that enters the front panel port of the switch. Which bridge domain setting is used? A. Unicast Routing B. L3 Unknown Multicast Flooding - Flood C. ARP Flooding D. Unknown Unicast - Hardware proxy None 50. A tenant is configured with a single L30ut and a single-homed link to the core router called Core-1. An engineer must add a second link to the L30ut that connects to Core-2 router. Which action allows the traffic from Core-2 to BL-1002 to have the same connectivity as the traffic from Core-1 to BL-1001? A. Add a second path to the logical interface profile of the existing L30ut B. Add a second subnet to the external EPG to the existing L30ut. C. Add a second OSPF interface profile to the logical interface profile. D. Add a second interface to the external domain to the existing L30ut. None 51. An engineer wants to configure Cisco ACI switches to use authenticated ZMQ when communicating with the proxy spine. Which configuration allows MD5 ZMQ messages only? A. IS-IS password using MD5 B. COOP Group policy in strict mode C. COOP Group policy in compatible mode D. BGP password using MD5 None 52. Which feature is used to program policy CAM on a leaf switch without sending traffic from VM to the leaf? A. immediate resolution immediacy B. immediate deployment immediacy C. on-demand deployment immediacy D. on-demand resolution immediacy None 53. A customer is deploying a WAN with these requirements: •Routers 1 and 2 must receive only routes 192.168.11.0/24 and 192.168.21.0724 from the Cisco ACI fabric •Reachability to the WAN users must be permitted only for the servers that are located in vrf_prod. Which settings must be configured to meet these objectives? A. Configure the subnets 192.168.11.0/24 and 192.168.21.0/24 as Private to VRF Configure the subnet 192.168.31.0/24 as Advertised Externally. Configure an EPG subnet 0.0.0.0/0 as External Subnets for External EPG. B. Configure the subnets 192.168.11.0/24 and 192.168.21.0/24 as Private to VRF. Configure the subnet 192.168.31.0/24 as Advertised Externally. Configure an EPG subnet 0.0.0.0/0 as Shared Route Control Subnet. C. Configure the subnets 192.168.11.0/24 and 192.168.21.0/24 as Advertised Externally. Configure the subnet 192.168.31.0/24 as Private to VRF. Configure an EPG subnet 0.0.0.0/0 as Shared Route Control Subnet. D. Configure the subnets 192.168.11.0/24 and 192.168.21.0/24 as Advertised Externally. Configure the subnet 192.168.31.0/24 as Private to VRF. Configure an EPG subnet 0.0.0.0/0 as External Subnets for External EPG None 54. Cisco ACI fabric has three different endpoints S1, S2. and S3. These endpoints must communicate with each other without contracts. These objects have been created in APIC: Two EPGs named DNS_EPG and Database_EPG Two application profiles. PROD_App and Data_App Two bridge domains DNS_BD and Database_BD PROD_APP and Database_BD mapped to Tenant PROD Data_App and DNS_BD mapped to Tenant Data Which set of actions completes the fabric configuration? A. Add S1, S2, S3 under Database_EPG. MAP Database_EPG under PROD_ App. Associate Datbase_EPG with DNS_BD. B. Add S1, S2, S3, under DNS_EPG. MAP DNS_EPG to Data_App. Associate DNS_EPG with Dns_BD. C. Add S1, S2, S3 under DNS_EPG. MAP DNS_EPG to Data_App. Associate DNS_EPG with Database_BD. D. Add S1, S2, S3 under Database_EPG. MAP Database_EPG under Data_App. Associate Datbase_EPG with Database_BD. None 55. A company is implementing a new security policy to track system access, configuration, and changes. The network engineer must enable the log collection to track user login and logout attempts. In addition, any configuration changes such as a fabric node failure must be collected in the logs. The syslog policy is configured to send logs to the company SEIM appliance. Which two log types must be enabled to meet the security requirements? (Choose two.) A. error B. audit C. event D. health E. fault 56. Cisco ACI fabric contains 10 standalone leaf switches. An engineer must configure only the first two leaf switches in a VPC. Which VPC protection type must be configured to accomplish goal? A. serial B. explicit C. reciprocal D. consecutive None 57. An engineer must disable the communication between the two backup servers in the backup EPG. Which action accomplishes this goal? A. Set Preferred Group Member to Excluded. B. Set the physical domain to None. C. Set a different static binding for the encap VLAN. D. Set Intra EPG Isolation to Enforced. None 58. Which Cisco ACI setting corresponds to the VMware MAC pinning? A. route based on IP hash B. route based on originating virtual port C. route based on physical NIC load D. route based on MAC hash None 59. An engineer is migrating legacy servers into the Cisco ACI environment. The requirement is to ensure that all endpoints and MAC addresses are learned properly in legacy and Cisco ACI switches. Which configuration set must be configured under the bridge domain called bd__360 to accomplish this goal? A. L2 Unknown Unicast: Hardware Proxy ARP Flooding: Disabled B. L2 Unknown Unicast: Hardware Proxy ARP Flooding: Enabled C. L2 Unknown Unicast: Flood ARP Flooding: Disabled D. L2 Unknown Unicast: Flood ARP Flooding: Enabled None 60. An engineer configures a Layer 4 to Layer 7 device object. The device is a virtual firewall with a single network adapter and it must be deployed in routed mode. Which .. completes the configuration of the device object? A. Change Function Type to GoTo. B. Add an outside interface to the cluster interfaces. C. Change context awareness to Multiple. D. Enable Promiscuous Mode. None 61. The default route is not present in the routing tables of the Cisco ACI leaf switches. All static and direct routes are currently being redistributed and advertised. Which jn must be taken to advertise a default route on the eBGP L30ut? A. Configure a static default route on the ACI node profiles with next-hop null. B. Create a Default Route Leak Policy on the L3Qut. C. Enable a BGP peer prefix policy set to Always. D. Implement an export route map matching 0.0.0.0/0. None 1 out of 61 Name Email Time is Up!
