300-620 DCACI:Implementing Cisco Application Centric Infrastructure
Update:2026年5月12日
Questions and Answers: 245 Q&A
1.
An engineer must migrate workloads from the brownfield network to the Cisco ACI fabric. The VLAN 10 default gateway remains in the router located in the brownfield Network. The bridge domain has already been associated with L20ut. Which two actions must be taken to migrate the workloads? (Choose two.)
2.
A customer is deploying a new application across two ACI pods that is sensitive to latency and jitter. The application sets the DSCP values of packets to AF31 and CS6, respectively. Which configuration changes must be made on the APIC to support the new application and prevent packets from being delayed or dropped between pods?
3.
An engineer wants to initiate an ICMP ping from Server1 to Server2. The requirement is for the BD1 to enforce ICMP replies that follow the expected path. The packets must be prevented from taking the direct path from Leaf1 to Server1. Which action must be taken on BD1 to meet these requirements?
4.
Which type of policy configures the suppression of faults that are generated from a port being down?
5.
A customer is deploying a WAN with these requirements: •Routers 1 and 2 must receive only routes 192.168.11.0/24 and 192.168.21.0724 from the Cisco ACI fabric •Reachability to the WAN users must be permitted only for the servers that are located in vrf_prod. Which settings must be configured to meet these objectives?
6.
Which type of port is used for in-band management within ACI fabric?
7.
An engineer must implement the inter-tenant service graph. Which set of actions must be taken to accomplish this goal?
8.
An engineer must allow IP mobility between Site1 and Site2 in a Cisco ACI Multi-Site orchestrator. The design must meet these requirements:
A disaster recovery (DR) solution must exist between the sites that do not require vMotion support.
The application must be started at a DR site without having to re-IP the application servers.
The solution must avoid any broadcast storms between the sites.
Which two actions meet these criteria? (Choose two.)
9.
Which two configuration steps are completed before this output is generated? (Choose two.)
10.
An engineer wants to configure Cisco ACI switches to use authenticated ZMQ when communicating with the proxy spine. Which configuration allows MD5 ZMQ messages only?
11.
An engineer must advertise a bridge domain subnet out of the ACI fabric to an OSPF neighbor. Which two configuration steps are required? (Choose two.)
12.
An engineer configured a bridge domain with the hardware-proxy option for Layer 2 unknown unicast traffic. Which statement is true about this configuration?
13.
An engineer is implementing an out-of-band (OOB) management access for the Cisco ACI fabric. The secure access must meet these requirements:
- Only GUI and secure shell must be allowed to access the management interfaces of the ACIs.
- The only IP ranges that must be permitted to connect the fabric will be 10.10.10.0724 and 192.168.15.0/24.
Which configuration set meets these requirements?
14.
Which two protocols are used for fabric discovery in ACI? (Choose two.)
15.
When the subnet is configured on a bridge domain, on which physical devices is the gateway IP address configured?
16.
Where are STP BPDUSs flooded in Cisco ACI fabric?
17.
An engineer is configuring a production Multi-Site solution to provide connectivity from EPGs from a specific site to networks reachable through a remote site L3OUT. All required schema and template objects are already defined. Which additional configuration must be implemented in the Multi-Site Orchestrator to support the cross-site connectivity?
18.
Which two statements regarding ACI Multi-Site are true? (Choose two.)
19.
The external subnet and internal EPG1 must communicate with each other, and the L3Out traffic must leak into the VRF named "VF1". Which configuration set accomplishes these goals?
20.
An engineer is creating a configuration import policy that must terminate if the imported configuration is incompatible with the existing system. Which import mode achieves this result?
21.
A company is implementing a new security policy to track system access, configuration, and changes. The network engineer must enable the log collection to track user login and logout attempts. In addition, any configuration changes such as a fabric node failure must be collected in the logs. The syslog policy is configured to send logs to the company SEIM appliance. Which two log types must be enabled to meet the security requirements? (Choose two.)
22.
A Cisco ACI fabric is using out-of-band management connectivity The APIC must access a routable host with an IP address of 192 168 11 2 Which action accomplishes this goal?
23.
What are two requirements for the IPN network when implementing a Multi-Pod ACI fabric? (Choose two.)
24.
An engineer must divert the traffic between VM-1 and VM-2 by using a MultiNode service graph. The solution should prevent an insufficient number of available Layer 4 to Layer 7 devices in the first cluster. Which configuration set accomplishes this goal?
25.
Drag and drop the Cisco ACI Layer 4 to Layer 7 service insertion terms on the left to the correct descriptions on the right.
26.
Which protocol is used in a Multi-Pod topology to synchronize reachability information across pods?
27.
What is the result of selecting the On Demand attribute in the Deploy Immediacy feature during VMM domain association to an EPG?
28.
An engineer configures a Multi-Pod system with the default getaway residing outside of the ACI fabric for a bridge domain. Which setting should be configured to support this requirement?
29.
When a pre-provision immediacy is used, when is the policy downloaded to the Cisco ACI leaf switch?
30.
Which statement about ACI syslog is true or Which statement describes the ACI syslog?
31.
The Application team reports that a previously existing port group has disappeared from vCenter. An engineer confirms that the VM domain association for the EPG is no longer present. Which action determines which user is responsible for the change?
32.
The customer is looking for redundant interconnection of the existing network to the new ACI fabric. Unicast and multicast traffic must be routed between the two networks. Which L3Out implementation meets these requirements?
33.
Which action sets Layer 2 loop migration in an ACI Fabric with a Layer 2 Out configured?
34.
An engineer must advertise a selection of external networks learned from a BGP neighbor into the ACI fabric. Which L3Out subnet configuration option creates an inbound route map for route filtering?
35.
Which components must be configured for the BGP Route Reflector policy to take effect?
36.
An engineer configures an L30ut in VRF-1 that was configured for Import Route Control Enforcement. The L30ut uses OSPF to peer with a core switch. The L30ut has one external EPG, it has been configured with a subnet 10.1.0.0/24. Which scope must be set to force 10.1.0.0/24 to populate in the routing table for VRF-1?
37.
An engineer created two interface protocol policies called Pol_CDP40275332 and Pol_LLDP46783451. The policies must be used together in a single policy. Which ACI object must be used?
38.
A network administrator configures AAA inside the Cisco ACI fabric. The authentication goes through the local users if the TACACS+ server is not reachable. If the Cisco APIC is out of the cluster, the access must be granted through the fallback domain. Which configuration set meets these requirements?
39.
An engineer must configure a Layer 3 connection to the WAN router. The hosts in production VRF must access WAN subnets. The engineer associates EPGs in the production VRF with the external routed domain. Which action completes the task?
40.
An engineer deploys a two-pod Cisco ACI Multi-Pod environment. Why should no more than two Cisco APIC controllers be deployed in the same pod?
41.
What is a characteristic of a Cisco ACI Multi-Pod?
42.
Where is the COOP database located?
43.
A customer must upgrade the Cisco ACI fabric to use a feature from the new code release. However, there is no direct path from the current release to the desired one. Based on the Cisco APIC Upgrade/Downgrade Support Matrix, the administrator must go through one intermediate release. Which set of steps must be taken to upgrade the fabric to the new release?
44.
When does the Cisco ACI leaf learn a source IP or MAC as a remote endpoint?
45.
Cisco ACI fabric is integrated with VMware VDS. The fabric must apply a security policy to check the integrity of traffic out of the network adapter. Which action must be taken to drop the .. when the ESXi host discovers a mismatch between the actual source MAC address transmitted by the guest operating system and the effective MAC address of the virtual machine ….?
46.
An engineer configures communication between the EPGs in different tenants. Which action should be taken to create the subnet?
47.
An engineer is implementing a Cisco ACI environment that consists of more than 20 servers. Two of the servers support only Cisco Discovery Protocol with no order link discovery protocol. The engineer wants the servers to be discovered automatically by the Cisco ACI fabric when connected. Which action must be taken to meet this requirement?
48.
Which two components should be configured as route reflectors in the ACI fabric? (Choose two.)
49.
A customer must back up the current Cisco ACl configuration securely to the remote location using encryption and authentication. The backup job must run once per day The customer s security policy mandates that any sensitive information including passwords, must not be exported from the device Which set of steps meets these requirements?
50.
A customer migrates a legacy environment to Cisco ACI. A Layer 2 trunk is configured to interconnect the two environments. The customer also builds ACI fabric in an application-centric mode. Which feature should be enabled in the bridge domain to reduce instability during the migration?
51.
An engineer is implementing Cisco ACI at a large platform-as-a-service provider using APIC controllers, 9396PX leaf switches, and 9336PQ spine switches. The leaf switch ports are configured as IEEE 802.1p ports. Where does the traffic exit from the EPG in IEEE 802.1p mode in this configuration?
52.
A network engineer must integrate VMware vCenter cluster with Cisco ACI. The requirement is for the management traffic of the hypervisors and VM controllers to use the virtual switch associated with the Cisco Application Policy. The EPG called "Vmware-MGMT" with VLAN 300 has been created for this purpose. Which set of steps must be taken to complete the configuration?
53.
An engineer must configure a group of servers with a contract that uses TCP port 80. The EGP that contains the web servers requires an external Layer 3 cloud to initiate communication. Which action must be taken to meet these requirements?
54.
Cisco ACI fabric must detect all silent endpoints for the Layer 3 bridge domain. Which actions accomplish this goal?
55.
A Cisco APIC is configured with RADIUS authentication as the default The network administrator must ensure that users can access the APIC GUI with a local account if the RADIUS server is unreachable. Which action must be taken to accomplish this goal?
56.
A customer creates Layer 3 connectivity to the outside network. However, only border leaf switches start receiving destination updates to other networks from the newly created L3Out. The updates must also be propagated to other Cisco ACI leaf switches. The L3Out is linked with the EPGs via a contract. Which action must be taken in the pod policy group to accomplish this goal?
57.
An engineer must connect Cisco ACI fabric using Layer 2 with external third-party switches. The third-party switches are configured using 802.1s protocol. Which two constructs are required to complete the task? (Choose two.)
58.
Which feature allows firewall ACLs to be configured automatically when new endpoints are attached to an EPG?
59.
A network engineer demonstrates Cisco ACI to a customer. One of the test cases is to validate a disaster recovery event by resetting the ACI fabric to factory and then restoring the fabric to the state it was in before the event. Which setting must be enabled on ACI to export all configuration parameters that are necessary to meet these requirements?
60.
Cisco ACI fabric is integrated with a VMware environment. The engineer must back up the current configuration of the fabric and restore the vCenter password when the configuration is ... Which action accomplishes this goal?
61.
A Cisco ACI fabric is newly deployed, and the security team requires more visibility of all interEPG traffic flows. All traffic in a VRF must be forwarded to an existing firewall pair. During fallover, the standby firewall must continue to use the same IP and MAC as the primary firewall. Drag and drop the steps from the left Into the Implementation order on the right to configure the service graph that meets the requirements. (Not all steps are used.)
