300-620 DCACI:Implementing Cisco Application Centric Infrastructure
Update:2026年4月18日
Questions and Answers: 245 Q&A
1.
The company ESXi infrastructure is hosted on the Cisco UCS-B Blade Servers. The company decided to take advantage of ACI VMM integration to enable consistent enforcement of policies across virtual and physical workloads. The requirement is to prevent the packet loss between the distributed virtual switch and the ACI fabric. Which setting must be implemented on a vSwitch policy to accomplish this goal?
2.
A customer implements RBAC on a Cisco APIC using a Windows RADIUS server that is configured with network control policies. The APIC is as follows:
- Tenant = TenantX
- Security Domain = Tenantx-SD
- User = X
The customer requires User X to have access to TenantX only, without any extra privilege in the
Cisco ACI fabric domain. Which Cisco AV pair must be implemented on the RADIUS server to
meet these requirement?
3.
What is the minimum number of APICs does Cisco recommend to deploy in a production cluster?
4.
An engineer wants to configure Cisco ACI switches to use authenticated ZMQ when communicating with the proxy spine. Which configuration allows MD5 ZMQ messages only?
5.
A company must connect three Cisco ACI data centers by using Cisco ACI Multi-Site. An engineer must configure the Inter-Site Network (ISN) between the existing sites. Which two configuration steps must be taken to implement the ISN? (Choose two.)
6.
A bridge domain for a new endpoint group in the Cisco ACI fabric must meet these requirements:
The bridge domain must function as the default gateway for the subnet so that routing remains
within the Cisco ACI fabric.
ARP requests must be managed via Layer 3 unicast packets or be dropped to reduce excessive
broadcast traffic.
The impact of misconfigured virtual machines must be kept to a minimum by preventing IP
addresses outside of the configured subnet from being routed.
Which set of actions must be taken?
7.
What two actions should be taken to deploy a new Cisco ACI Multi-Pod setup? (Choose two.)
8.
Which two types of interfaces are supported on border leaf switches to connect to an external router? (Choose two.)
9.
An engineer must connect Cisco ACI fabric using Layer 2 with external third-party switches. The third-party switches are configured using 802.1s protocol. Which two constructs are required to complete the task? (Choose two.)
10.
What are two PBR characteristics of the Cisco ACI Active-Active Across Pods deployment mode in Cisco ACI Multi-Pod design? (Choose two.)
11.
An engineer must allow multiple external networks to communicate with internal ACI subnets. Which action should the engineer take to assign the prefix to the class ID of the external Endpoint Group?
12.
A network engineer must integrate VMware vCenter cluster with Cisco ACI. The requirement is for the management traffic of the hypervisors and VM controllers to use the virtual switch associated with the Cisco Application Policy. The EPG called "Vmware-MGMT" with VLAN 300 has been created for this purpose. Which set of steps must be taken to complete the configuration?
13.
An engineer must connect a new host to port 1 »’1 on Leaf 101. A Cisco ACI fabric has an MOP An engineer must connect a new host to port 1 »’1 on Leaf 101. A Cisco ACI fabric has an MOP
14.
An engineer must add a group of 70 bare-metal ESXi servers to the Cisco ACI fabric, which is integrated with vCenter. These configuration steps are complete:
The configured pool of ESXi hosts is configured with an Attachable Access Entity Profile (AAEP)
called AEP_VMM.
The new group uses the AAEP called AEP_BAREMETAL.
Which action extends functional VMM integration to the new nodes?
15.
An engineer needs to avoid loops in the ACI network and needs an ACI leaf switch to error-disable an interface if the interface receives an ACI-generated packet. Which action meets these requirements?
16.
The Application team reports that a previously existing port group has disappeared from vCenter. An engineer confirms that the VM domain association for the EPG is no longer present. Which action determines which user is responsible for the change?
17.
On which two interface types should a user configure storm control to protect against broadcast traffic? (Choose two.)
18.
Which statement regarding ACI Multi-Pod and TEP pool is true?
19.
Cisco ACI fabric contains 10 standalone leaf switches. An engineer must configure only the first two leaf switches in a VPC. Which VPC protection type must be configured to accomplish goal?
20.
An engineer must configure a Layer 3 connection to the WAN router. The hosts in production VRF must access WAN subnets. The engineer associates EPGs in the production VRF with the external routed domain. Which action completes the task?
21.
A network engineer must design a method to allow the Cisco ACI to redirect traffic to the firewalls. Only traffic that matches specific L4-L7 policy rules should be redirected. The load must be distributed across multiple firewalls to scale the performance horizontally. Which action must be taken to meet these requirements?
22.
What is a characteristic of a Cisco ACI Multi-Pod?
23.
The Cisco ACI fabric is built with L20ut to the N9K1 and N9K2 switches. The switches run the RSTP protocol. The requirement is for the Cisco ACI fabric to detect 5 from the N9K and for the fabric to be protected against loops. Which set of actions must be taken to meet the requirements?
24.
An engineer implements a configuration backup on the Cisco APIC. The backup job must meet these requirements:
- The backup must transfer the encrypted data to the remote server.
- The transfer must be resumed if the connection is interrupted.
Which configuration set meets these requirements?
25.
A customer creates Layer 3 connectivity to the outside network. However, only border leaf switches start receiving destination updates to other networks from the newly created L3Out. The updates must also be propagated to other Cisco ACI leaf switches. The L3Out is linked with the EPGs via a contract. Which action must be taken in the pod policy group to accomplish this goal?
26.
An engineer is in the process of discovering a new Cisco ACI fabric consisting of two spines and four leaf switches. The discovery of leaf 1 has just been completed. Which two nodes are expected to be discovered next? (Choose two.)
27.
An engineer must configure a group of servers with a contract that uses TCP port 80. The EGP that contains the web servers requires an external Layer 3 cloud to initiate communication. Which action must be taken to meet these requirements?
28.
Which components must be configured for the BGP Route Reflector policy to take effect?
29.
An application team tells the Cisco ACI network administrator that it wants to monitor the statistics of the unicast and BUM traffic that are seen in a certain EPG. Which statement describes the collection statistics?
30.
All workloads in VLAN 1001 have been migrated into EPG-1001. The requirement is to move the gateway address for VLAN 1001 from the core outside the Cisco ACI fabric into the Cisco ACI fabric. The endpoints in EPG-1001 must route traffic to endpoints in other EPGs and minimize flooded traffic in the fabric. Which configuration set is needed on the bridge domain to meet these requirements?
31.
A customer must deploy three Cisco ACI based data centers. Each site must be separated from the others. Which characteristic of Cisco ACI Multi-Pod makes it unsuitable for this deployment?
32.
A Cisco ACI environment consists of multiple silent hosts that are often relocated between leaf switches. When the host is relocated, the bridge domain takes more than a few seconds to relearn the host’s new location. The requirement is to minimize the relocation impact and make the ACI fabric relearn the new location of the host faster. Which action must be taken to meet these requirements?
33.
When creating a subnet within a bridge domain, which configuration option is used to specify the network visibility of the subnet?
34.
An engineer wants to initiate an ICMP ping from Server1 to Server2. The requirement is for the BD1 to enforce ICMP replies that follow the expected path. The packets must be prevented from taking the direct path from Leaf1 to Server1. Which action must be taken on BD1 to meet these requirements?
35.
Which two dynamic routing protocols are supported when using Cisco ACI to connect to an external Layer 3 network? (Choose two.)
36.
An engineer must securely export Cisco APIC configuration snapshots to a secure, offsite location The exported configuration must be transferred using an encrypted tunnel and encoded with a platform-agnostic data format that provides namespace support Which configuration set must be used?
37.
Which protocol is used in a Multi-Pod topology to synchronize reachability information across pods?
38.
How many ARP requests are sent from leaf switches to perform host tracking for local endpoints?
39.
Which attribute should be configured for each user to enable RADIUS for external authentication in Cisco ACI?
40.
A customer is deploying a WAN with these requirements: •Routers 1 and 2 must receive only routes 192.168.11.0/24 and 192.168.21.0724 from the Cisco ACI fabric •Reachability to the WAN users must be permitted only for the servers that are located in vrf_prod. Which settings must be configured to meet these objectives?
41.
An engineer configured a bridge domain with the hardware-proxy option for Layer 2 unknown unicast traffic. Which statement is true about this configuration?
42.
Which protocol does ACI use to securely sane the configuration in a remote location?
43.
Cisco ACI fabric is integrated with a VMware environment. The engineer must back up the current configuration of the fabric and restore the vCenter password when the configuration is ... Which action accomplishes this goal?
44.
An engineer wants to filter the System Faults page and view only the active faults that are present in the Cisco ACI fabric. Which two lifecycle stages must be selected for filtering? (Choose two.)
45.
An engineer created a local user named User on Cisco ACI. The engineer must configure the fabric so that the User can access only common and PROD tenants, ch set of actions accomplishes the goal?
46.
Which new construct must a user create when configuring in-band management?
47.
A client is configuring a new Cisco ACI fabric. All VLANs will be extended during the migration phase using the VPC connections on leaf switches 3. 4 and leaf switches toward the legacy network. The migration phase has these requirements;
* If The legacy switches must be able to transfer BPDUs through the ACI fabric.
* If the legacy switches fail to break a loop. Cisco ACI must break the loop.
Which group settings must be configured on VPC interface policy groups ipg_vpc-legacy_1 and
ipg_vpc-legacy_2 to meet these requirements?
48.
Which two components are essential parts of a Cisco ACI Virtual Machine Manager (VMM) domain policy configuration? (Choose two.)
49.
What must be configured in the service graph to redirect HTTP traffic between the EPG client and EPG server to go through the Cisco ASA firewall?
50.
How is broadcast forwarded in Cisco ACI Multi-Pod after ARP flooding is enabled?
51.
Which type of profile needs to be created to deploy an access port policy group?
52.
A customer must upgrade the Cisco ACI fabric to use a feature from the new code release. However, there is no direct path from the current release to the desired one. Based on the Cisco APIC Upgrade/Downgrade Support Matrix, the administrator must go through one intermediate release. Which set of steps must be taken to upgrade the fabric to the new release?
53.
What do Pods use to allow Pod-to-Pod communication in a Cisco ACI Multi-Pod environment?
54.
An engineer is implementing a Cisco ACI data center network that includes Cisco Nexus 2000 Series 10G fabric extenders. Which physical topology is supported?
55.
A company decided to decrease its routing footprint and remove RT-2 and RT-3 devices from its data center. Because of that, the exit point must be created from all the tenants by using the common tenant. Which two configuration tasks must be completed to meet these requirements? (Choose two.)
56.
Which action should be taken to ensure authentication if the RADIUS servers are unavailable?
57.
An engineer is extending EPG connectivity to an external network. The external network houses the Layer 3 gateway and other end hosts. Which ACI bridge domain configuration should be used?
58.
An engineer must allow IP mobility between Site1 and Site2 in a Cisco ACI Multi-Site orchestrator. The design must meet these requirements:
A disaster recovery (DR) solution must exist between the sites that do not require vMotion support.
The application must be started at a DR site without having to re-IP the application servers.
The solution must avoid any broadcast storms between the sites.
Which two actions meet these criteria? (Choose two.)
59.
Which feature dynamically assigns or modifies the EPG association of virtual machines based on their attributes?
60.
Which Cisco APIC configuration prevents a remote network that is not configured on the bridge domain from being learned by the fabric?
61.
A network engineer must allow secure access to the Cisco ACl out-of-band (OOB) management only from external subnets 10 0 0024 and 192.168 20 G'25. Which configuration set accomplishes this goal?
