Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

300-620Free trial

By cisco

Verified

25Q per page

Question 26

An engineer must create a backup of the Cisco ACI fabric for disaster recovery purposes. The backup must be transferred over a secure and encrypted transport. The backup file must contain all user and password related information. The engineer also wants to process and confirm the backup file validity by using a Python script. This requires the data structure to have a format similar to a Python dictionary. Which configuration set must be used to meet these requirements?

A: Under the Create Remote location settings, select Protocol: FTP Under the Export policy, select - - Format: XML - Modify Global AES Encryption Settings: Enabled
B: Under the Create Remote location settings, select Protocol: FTP Under the Export policy, select - - Format: XML - Modify Global AES Encryption Settings: Disabled
C: Under the Create Remote location settings, select Protocol: SCP Under the Export policy, select - - Format: JSON - Modify Global AES Encryption Settings: Disabled
D: Under the Create Remote location settings, select Protocol: SCP Under the Export policy, select - - Format: JSON - Modify Global AES Encryption Settings: Enabled

—

Question 27

The Application team reports that a previously existing port group has disappeared from vCenter. An engineer confirms that the VMM domain association for the EPG is no longer present. Which action determines which user is responsible for the change?

A: Check the EPG audit logs for the “deletion” action and compare the affected object and user.
B: Evaluate the potential faults that are raised for that EPG.
C: Examine the health score and drill down to an object that affects the EPG combined score.
D: Inspect the server logs to see who was logging in to the APIC during the last few hours.

—

Question 28

An application team tells the Cisco ACI network administrator that it wants to monitor the statistics of the unicast and BUM traffic that are seen in a certain EPG. Which statement describes the collection statistics?

A: All EPGs in the Cisco ACI tenant object must be enabled for statistics to be collected.
B: Cisco ACI does not capture statistics at the EPG level. Only statistics that pass through ACI contracts can be monitored.
C: EPG statistics can be collected only for VMM domains. If a physical domain exists, statistics are not collected.
D: The collection of statistics is enabled on the EPG level by enabling the statistics for unicast and BUM traffic.

—

Question 29

An engineer must securely export Cisco APIC configuration snapshots to a secure, offsite location. The exported configuration must be transferred using an encrypted tunnel and encoded with a platform-agnostic data format that provides namespace support. Which configuration set must be used?

A: Policy: Export Policy - Protocol: TLS - Format: JSON
B: Policy: Import Policy - Protocol: TLS - Format: XML
C: Policy: Import Policy - Protocol: SCP - Format: JSON
D: Policy: Export Policy - Protocol: SCP - Format: XML

—

Question 30

A network engineer must allow secure access to the Cisco ACI out-of-band (OOB) management only from external subnets 10.0.0.0/24 and 192.168.20.0/25. Which configuration set accomplishes this goal?

A: Create a L3Out in the MGMT tenant in OOB VRF. Set External Management Network Instance Profile as a consumer of the OOB contract. Create an External EPG with two subnet entries with the external subnets.
B: Create a PBR service graph in the MGMT tenant. Create a management Profile with the required OOB EPG. Redirect all traffic going into ACI management to the external firewall. Create two subnet entries under the OOB Bridge domain with the required subnets.
C: Create an EPG and BD in the MGMT tenant in OOB VRF. Set OOB VRF to provide the contract. Set a new EPG to consume the OOB contract.
D: Create an OOB contract that allows the required ports. Provide the contract from the OOB EPG. Consume the contract by the OOB External Management Network Instance Profile. Create two subnet entries in the External Management Network Profile with the required subnets.

—

Question 31

Refer to the exhibit. A Cisco ACI fabric is using out-of-band management connectivity. The APIC must access a routable host with an IP address of 192.168.11.2. Which action accomplishes this goal?

A: Change the switch APIC Connectivity Preference to in-band management
B: Modify the Pod Profile to use the default Management Access Policy
C: Add a Fabric Access Policy to allow management connections
D: Remove the in-band management address from the APIC

—

Question 32

A Cisco APIC is configured with RADIUS authentication as the default. The network administrator must ensure that users can access the APIC GUI with a local account if the RADIUS server is unreachable. Which action must be taken to accomplish this goal?

A: Associate console authentication with the “RADIUS” realm
B: Reference the “local” realm in the fallback domain
C: Create an additional login domain that references local accounts
D: Enable the fallback check with the default authentication domain

—

Question 33

Refer to the exhibit. A customer must back up the current Cisco ACI configuration securely to the remote location using encryption and authentication. The backup job must run once per day. The customer’s security policy mandates that any sensitive information including passwords must not be exported from the device. Which set of steps meets these requirements?

A: Export destination using FTP protocol. Use XML format.
B: Export destination using FTP protocol. Disable Global AES Encryption.
C: Export destination using SCP protocol. Disable Global AES Encryption.
D: Export destination using SCP protocol. Use XML format.

—

Question 34

An engineer must perform a Cisco ACI fabric upgrade that minimizes the impact on user traffic and allows only permitted users to perform an upgrade. Which two configuration steps should be taken to meet these requirements? (Choose two.)

A: Grant tenant-ext-admin access to a user who performs an upgrade
B: Divide Cisco APIC controllers into two or more maintenance groups
C: Combine all switches into an upgrade group
D: Grant the fabric administrator role to a user who performs an upgrade
E: Divide switches into two or more maintenance groups

—

Question 35

How is an EPG extended outside of the ACI fabric?

A: Create an external bridged network that is assigned to a leaf port.
B: Create an external routed network that is assigned to an EPG.
C: Enable unicast routing within an EPG.
D: Statically assign a VLAN ID to a leaf port in an EPG.

—

Question 36

Which routing protocol is supported between Cisco ACI spines and IPNs in a Cisco ACI Multi-Pod environment?

A: OSPF
B: IS-IS
C: BGP
D: EIGRP

—

Question 37

An engineer must deploy Cisco ACI across 10 geographically separated data centers. Which ACI site deployment feature enables the engineer to control which bridge domains contain Layer 2 flooding?

A: GOLF
B: Multi-Site
C: Multi-Pod
D: Stretched Fabric

—

Question 38

A customer creates Layer 3 connectivity to the outside network. However, only border leaf switches start receiving destination updates to other networks from the newly created L3Out. The updates must also be propagated to other Cisco ACI leaf switches. The L3Out is linked with the EPGs via a contract. Which action must be taken in the pod policy group to accomplish this goal?

A: Apply a BGP route reflector policy.
B: Enable a COOP policy.
C: Configure an IS-IS policy.
D: Implement an access management policy.

—

Question 39

A network administrator configures AAA inside the Cisco ACI fabric. The authentication goes through the local users if the TACACS+ server is not reachable. If the Cisco APIC is out of the cluster, the access must be granted through the fallback domain. Which configuration set meets these requirements?

A: Ping Check: True - Default Authentication Realm: Local Fallback Check: True
B: Ping Check: True - Default Authentication Realm: TACACS+ Fallback Check: False
C: Ping Check: False - Default Authentication Realm: Local Fallback Check: False
D: Ping Check: False - Default Authentication Realm: TACACS+ Fallback Check: True

—

Question 40

A Cisco ACI environment consists of multiple silent hosts that are often relocated between leaf switches. When the host is relocated, the bridge domain takes more than a few seconds to relearn the host’s new location. The requirement is to minimize the relocation impact and make the ACI fabric relearn the new location of the host faster. Which action must be taken to meet these requirements?

A: Set Unicast Routing to Enabled.
B: Configure ARP Flooding to Enabled.
C: Set L2 Unknown Unicast to Hardware Proxy.
D: Configure IP Data-Plane Learning to No.

—

Question 41

Refer to the exhibit. An engineer configures an L3Out but receives the error presented. Which action clears the fault?

A: Acknowledge the QoS-related error.
B: Associate a custom QoS class.
C: Create a custom QoS policy.
D: Set the QoS policy to Level 3.

—

Question 42

A customer must upgrade the Cisco ACI fabric to use a feature from the new code release. However, there is no direct path from the current release to the desired one. Based on the Cisco APIC Upgrade/Downgrade Support Matrix, the administrator must go through one intermediate release.

Which set of steps must be taken to upgrade the fabric to the new release?

A: 1. Upgrade the APICs to an interim release. 2. Upgrade the switches to an interim release. 3. Upgrade the APICs to the targeted release. 4. Upgrade the leaf and spine switches to the targeted release.
B: 1. Upgrade the APICs to an interim release and then switches to an interim release. 2. When all switches are operational, upgrade leaf switches to the targeted release. 3. Upgrade the spine switches to the targeted release. 4. Upgrade the APICs to the targeted release.
C: 1. Upgrade the APICs to an interim release. 2. Upgrade the leaf switches directly to the targeted release. 3. Upgrade the spine switches directly to the targeted release. 4. Upgrade the APICs to the targeted release.
D: 1. Upgrade the APICs directly to the targeted release. 2. Upgrade the switches to an interim release. 3. When all switches are operational, upgrade the leaf switches to the targeted release. 4. Upgrade the spine switches to the targeted release.

—

Question 43

Refer to the exhibit. Which two configuration steps are completed before this output is generated? (Choose two.)

A: MCP policy for the interface policy group for Port-channel 12 is enabled.
B: MCP Instance Policy default in the global access policies is enabled.
C: Error Disabled Recovery Policy for Loop Indication by MCP is set to True.
D: BPDU Guard is enabled for the interface policy group for Port-channel 12.
E: Spanning Tree Policy Region STP_4CAF232E48FF20 is added to the spanning-tree policy of the switch.

—

Question 44

The customer is looking for redundant interconnection of the existing network to the new ACI fabric. Unicast and multicast traffic must be routed between the two networks. Which L3Out implementation meets these requirements?

—

Question 45

A network engineer configures the Cisco ACI fabric to connect to vCenter with these requirements:
• Port groups must be automatically created on the distributed virtual switch.
• Port groups must use the VLAN allocation in the range between 20-30.
• The deployment must optimize the CAM space on the leaf switches.

Which set of actions meets these criteria?

A: Create a dynamic VLAN pool with the VLAN range of 20-30. Create a VMM domain and associate it with the VLAN pool. Create the EPG and associate the domain. Set the deployment immediacy to On Demand.
B: Create a dynamic VLAN pool with the VLAN range of 20-30. Create a physical domain and associate it with the VLAN pool. Create the EPG and associate the domain. Set the deployment immediacy to On Demand.
C: Create a static VLAN pool with the VLAN range of 20-30. Create a physical domain and associate it with the VLAN pool. Create the EPG and associate the domain. Set the deployment immediacy to Immediate.
D: Create a static VLAN pool with the VLAN range of 20-30. Create a VMM domain and associate it with the VLAN pool. Create the EPG and associate the domain. Set the deployment immediacy to Immediate.

—

Question 46

DRAG DROP -
Drag and drop the Cisco ACI filter entry options from the left onto the correct categories on the right indicating what are required or optional parameters.
Select and Place:

—

Question 47

Refer to the exhibit. A Cisco ACI environment hosts two e-commerce applications. The default contract from a common tenant between different application tiers is used, and the applications work as expected. The customer wants to move to more specific contracts to prevent unwanted traffic between EPGs. A network administrator creates the app-to-db contract to meet this objective for the application and database tiers. The application EPGs must communicate only with their respective database EPGs. How should this contract be configured to meet this requirement?

A: Set the app-to-db scope to Global.
B: Set the app-to-db scope to Application Profile.
C: Implement the app-to-db scope as VRF.
D: Implement the app-to-db as a Taboo contract.

—

Question 48

Refer to the exhibit. An engineer configured subnets on the external EPG called L3OUT_CORE. The external endpoints in the 10.1.0.0/24 subnet can reach internal endpoints, but the external endpoints in the 172.16.1.0/24 subnet are unreachable. Which set of actions enables the connectivity?

A: Delete both external EPG subnets. Create the 0.0.0.0/1 subnet.
B: Delete the external EPG subnet 0.0.0.128/1. Create the 128.0.0.0/1 subnet.
C: Delete both external EPG subnets. Create the 0.0.0.0/0 subnet.
D: Delete the external EPG subnet 0.0.0.0/0. Create the 0.0.0.0/128 subnet.

—

Question 49

An engineer deploys a two-pod Cisco ACI Multi-Pod environment. Why should no more than two Cisco APIC controllers be deployed in the same pod?

A: to enable equal capacity to scale in each pod
B: to avoid losing all replicas of a shard if a pod fails
C: to avoid hair-pinning traffic that is destined for the primary APIC controller between pods
D: to ensure that all nodes in all pods have local access to a controller

—

Question 50

Refer to the exhibit. An engineer configures communication between the EPGs in different tenants. Which action should be taken to create the subnet?

A: Change Scope to Shared between VRFs.
B: Leave Scope set to Private to VRF.
C: Add the L3Out for Route Profile value.
D: Change Scope to Advertised Externally.

—

Page 2 of 13 • Questions 26-50 of 316

←

1 2 3 4 5

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!