An engineer is configuring a new user account in Cisco ACI. The new user will be assigned the role of fabric administrator. The fabric has only one tenant, so the engineer associated the new user account with a security domain for the tenant, as well as the security domain for the management tenant. Which configuration permits the new user with admin access to the fabric?

A. Associate the new user with the security domain all.

B. Grant the new user R/W access to the user and management tenant.

C. Add the DN uni/fabric under explicit rules.

D. Bind the security domain infra to the new user account.

When Cisco ACI connects to an outside Layers 2 network, where does the ACI fabric flood the STP BPDU frame?

A. within the bridge domain

B. within the APIC

C. within the access encap VLAN

D. between all the spine and leaf switches

Refer to the exhibit. An engineer must implement the inter-tenant service graph. Which set of actions must be taken to accomplish this goal?

A. • Define the contract in the provider tenant and export it to the consumer tenant.• Define the Layer 4 to Layer 7 device, service graph template, and ASA bridge domains in the provider tenant.

B. • Define the contract in the provider tenant and export it to the consumer tenant.• Define the Layer 4 to Layer 7 device and service graph template in the provider tenant and the ASA bridge domains in the consumer tenant.

C. • Define the contract in the consumer tenant and export it to the provider tenant.• Define the Layer 4 to Layer 7 device and service graph template in the provider tenant and the ASA bridge domains in the consumer tenant.

D. • Define the contract in the consumer tenant and export it to the provider tenant.• Define the Layer 4 to Layer 7 device, service graph template, and ASA bridge domains in the consumer tenant.

An engineer must ensure that Cisco ACI flushes the appropriate endpoints when a topology change notification message is received in an MST domain. Which three steps are required to accomplish this goal? (Choose three.)

A. Enable the BPDU interface controls under the spanning tree interface policy.

B. Configure a new STP interface policy.

C. Bind the spanning tree policy to the switch policy group.

D. Associate the STP interface policy to the appropriate interface policy group.

E. Create a new region policy under the spanning tree policy.

F. Map VLAN range to MST instance number.

An engineer discovered an outage on the mgmt0 port of Leaf113 and Leaf114. Both leaf switches were recently registered in the fabric and have health scores of 100. The engineer discovers there is no IP address assigned to the mgmt0 interface of the switches. Which action resolves the outage?

A. Statically bind the mgmt0 interface of Leaf113 and Leaf114 to the oob-default EPG.

B. Enable Leaf113 and Leaf114 mgmt0 under the leaf switch.

C. Associate the oobbrc-default contract to Leaf113 and Leaf114.

D. Add Leaf113 and Leaf114 to the node management address policy.

A network engineer implements an L3Out inside the Cisco ACI fabric. The engineer plans to connect a Cisco ACI leaf switch to a switch outside of the Cisco ACI fabric to exchange routes via a routing protocol. The external switch interface is configured with IP address 192.168.15.1/30. The ACI engineer wants to use a routing protocol that uses a hierarchical network design. The Cisco ACI fabric should use the L3Out to access the Internet. Which set of steps must be taken to meet these requirements?

A. Set up the BGP Protocol policy with the appropriate Autonomous System number.Create the Routed Outside object and Node profile, selecting BGP as the routing protocol.Build the Interface profile, selecting SVI and the appropriate VPC.Configure the 0.0.0.0/32 network as part of the External Network object.

B. Set up the EIGRP Protocol policy with the selected Autonomous System number.Set up the Routed External Network object and Node profile, selecting EIGRP.Create the Switch profile, selecting VPC and the appropriate interfaces.Create the default network and associate it with the Routed Outside object.

C. Set up the EIGRP Protocol policy with the selected Autonomous System number.Configure an Interface policy and an External Bridged Domain.Create an External Bridged Network using the configured VLAN pool.Build the Leaf profile, selecting Routed Sub-Interface and the appropriate VLAN.

D. Configure the OSPF Protocol policy with an area of 0.Create the Routed Outside object and Node profile, selecting OSPF as the routing protocol.Build the Interface profiles, selecting Routed Interface and the appropriate interface.Set up the External Network object with a network of 0.0.0.0/0.

Refer to the exhibit. The external subnet and internal EPG1 must communicate with each other, and the L3Out traffic must leak into the VRF named "VF1". Which configuration set accomplishes these goals?

A. Export Route Control Subnet -Import Route Control Subnet -Aggregate Shared Routes

B. External Subnets for External EPGShared Route Control Subnet -Shared Security Import Subnet

C. External Subnets for External EPGImport Route Control Subnet -Shared Route Control Subnet

D. Export Route Control Subnet -Shared Security Import Subnet -Aggregate Shared Routes

An engineer is implementing a Cisco ACI data center network that includes Cisco Nexus 2000 Series 10G fabric extenders. Which physical topology is supported?
A.
 
B.
 
C.
 
D.
 

Which type of policy configures the suppression of faults that are generated from a port being down?

A. fault lifecycle assignment

B. event lifecycle assignment

C. fault severity assignment

D. event severity assignment

An engineer configures an L3Out in VRF-1 that was configured for Import Route Control Enforcement. The L3Out uses OSPF to peer with a core switch. The L3Out has one external EPG, and it has been configured with a subnet 10.1.0.0/24. Which scope must be set to force 10.1.0.0/24 to populate in the routing table for VRF-1?

A. Import Route Control Subnet

B. External Subnet for External EPG

C. Shared Route for External EPG

D. Export Route Control Subnet

Refer to the exhibit. A Cisco ACI fabric uses L3Out to connect with R1. The 192.168.1.0/24 subnet is received over the physical interface Eth1/1 of Leaf1 and Leaf2. Which set of actions must be taken to receive the 2001:db8::2:1 subnet over the interface Eth1/1 interface?

A. Create a new interface profile.Mark the IPv6 subnet as the export route control subnet.

B. Create a new interface profile.Mark the IPv6 subnet as the import route control subnet.

C. Use the current interface profile.Mark the IPv6 subnet as the export route control subnet.

D. Use the current interface profile.Mark the IPv6 subnet as the import route control subnet.

What is the purpose of the Overlay Multicast TEP in a Cisco ACI Multi-Site deployment?

A. to source and receive unicast VXLAN data plane traffic

B. to establish MP-BGP EVPN adjacencies with the spine nodes in remote sites

C. to encapsulate multicast traffic in a common multicast group

D. to perform head-end replication for BUM traffic

Refer to the exhibit. A systems engineer is implementing the Cisco ACI fabric. However, the Server2 information is missing from the Leaf 101 endpoint table and the COOP database of the spine. The requirement is for the bridge domain configuration to enforce the ACI fabric to forward the unicast packets generated by Server1 destined to Server2. Which action must be taken to meet these requirements?

A. Enable ARP Flooding

B. Set L2 Unknown Unicast to Flood

C. Set IP Data-Plane Learning to No

D. Enable Unicast Routing

A network engineer must design a method to allow the Cisco ACI to redirect traffic to the firewalls. Only traffic that matches specific L4-L7 policy rules should be redirected. The load must be distributed across multiple firewalls to scale the performance horizontally. Which action must be taken to meet these requirements?

A. Configure ACI Service Graph with Unidirectional PBR.

B. Implement ACI Service Graph with GIPo.

C. Implement ACI Service Graph Two Nodes with GIPo.

D. Configure ACI Service Graph with Symmetric PBR.

An engineer must advertise a bridge domain subnet out of the ACI fabric to an OSPF neighbor. Which two configuration steps are required? (Choose two.)

A. Add External Subnet for External EPG flag under External EPG

B. Configure Subnet scope to Advertised Externally

C. Configure the Subnet under the EPG level

D. Create Route Control Profile with the export direction under External EPG

E. Add L3Out profile to the bridge domain using Associated L3Outs section

A Cisco APIC is configured to authenticate users by using RADIUS by default. The network administrator must ensure that the users can access the APIC GUI with a local account if the RADIUS server is unreachable. Which action achieves this goal?

A. Enable Fallback Check for Default Authentication.

B. Configure the fallback login domain to reference Local Realm.

C. Set RADIUS Realm to connect with Console Authentication.

D. Create an additional login domain to associate with local accounts.

When Layer 3 routed traffic is destined to a Cisco ACI fabric, which mechanism does ACI use to detect silent hosts?

A. gratuitous ARP

B. ARP gleaning

C. proxy ARP

D. inverse ARP

An engineer must adjust the time on a Cisco ACI fabric. The implementation must use a single external time server and the APIC management interfaces for the communication. Which action accomplishes this goal?

A. Enable the Date and Time offset state in the system settings.

B. Set the NTP provider minimum polling interval to 1.

C. Set the NTP provider in default Date and Time policy.

D. Create a contract in the management tenant to allow UDP port 123.

Refer to the exhibit.
 
 
The engineer is planning to configure in-band management for the Cisco ACI fabric. The goal is to allow the network operators to reach the Cisco APIC servers and fabric switches from the in-band network. Which configuration must be applied on the bridge domain to accomplish these goals?

A. Enable Unicast Routing.Set scope to Advertised Externally.

B. Scope: Shared between VRF.Set the IP address as primary.

C. Make this IP address primary.Configure an L3Out for Route Profile.

D. Enable Unicast Routing.Configure a virtual IP address.

Refer to the exhibit. A company merges three of its departments: CORP, HR, and SERVICES, Currently, the connectivity between departments is achieved by using VRF route leaking. The requirement is to redesign the Cisco ACI networking architecture to communicate between EPGs and BDs from any tenant without configuring contracts or VRF route leaking. Which configuration meets these criteria?

A. Configure an unenforced VRF in the user tenant and map all required EPGs to it.

B. Implement an enforced VRF in the common tenant and map all required BDs to it.

C. Configure an enforced VRF in the user tenant and map all required EPGs to it.

D. Implement an unenforced VRF in the common tenant and map all required BDs to it.

An engineer created a monitoring policy called Test in a Cisco ACI fabric and had to change the severity level of the monitored object Call home source. Which set of actions prevent the event from appearing in event reports?

A. Select Faults Severity Assignment Policies.Set severity level to cleared.

B. Select Event Severity Assignment Policies.Set severity level to squelched.

C. Select Faults Severity Assignment Policies.Set severity level to squelched.

D. Select Event Severity Assignment Policies.Set severity level to cleared.

A data center administrator is upgrading an ACI fabric. There are 3 APIC controllers in the fabric and all the servers are dual-homed to pairs of leaf switches configured in VPC mode. How should the fabric be upgraded to minimize possible traffic impact during the upgrade?

A. 1. Create two maintenance groups for the APIC controllers: VPC left and VPC right. 2. Upgrade the first group of controllers. 3. Upgrade the second group of controllers. 4. Upgrade the leaf switches.

B. 1. Create two maintenance groups for APIC controllers: VPC left and VPC right. 2. Upgrade the leaf switches. 3. Upgrade the first group of controllers. 4. Upgrade the second group of controllers.

C. 1. Create two maintenance groups for the leaf switches: VPC left and VPC right. 2. Upgrade the APIC controllers. 3. Upgrade the first group of leaf switches. 4. Upgrade the second group of leaf switches.

D. 1. Create two maintenance groups for the leaf switches: VPC left and VPC right. 2. Upgrade the first group of switches. 3. Upgrade the second group of switches. 4. Upgrade the APIC controllers.

Refer to the exhibit. An engineer is configuring a production Multi-Site solution to provide connectivity from EPGs from a specific site to networks reachable through a remote site L3OUT. All required schema and template objects are already defined. Which additional configuration must be implemented in the Multi-Site Orchestrator to support the cross-site connectivity?

A. Configure a routable TEP pool for SITE1.

B. Enable CloudSec for intersite traffic encryption.

C. Add a new stretched external EPG to the existing L3OUT.

D. Implement a policy-based redirect using a service graph.

An engineer must deploy Cisco ACI across 10 geographically separated data centers. Which ACI site deployment feature enables the engineer to control which bridge domains contain Layer 2 flooding?

A. GOLF

B. Multi-Site

C. Multi-Pod

D. Stretched Fabric

An engineer is extending EPG connectivity to an external network. The external network houses the Layer 3 gateway and other end hosts. Which ACI bridge domain configuration should be used?

A. Forwarding: Custom L2 Unknown Unicast: Hardware Proxy L3 Unknown Multicast Flooding: Flood Multi Destination Flooding: Flood in BD ARP Flooding: Enabled

B. Forwarding: Custom L2 Unknown Unicast: Flood L3 Unknown Multicast Flooding: Flood Multi Destination Flooding: Flood in BD ARP Flooding: Enabled

C. Forwarding: Custom L2 Unknown Unicast: Hardware Proxy L3 Unknown Multicast Flooding: Flood Multi Destination Flooding: Flood in BD ARP Flooding: Disabled

D. Forwarding: Custom L2 Unknown Unicast: Flood L3 Unknown Multicast Flooding: Flood Multi Destination Flooding: Flood in BD ARP Flooding: Disabled

An endpoint called EP1 is connected to Cisco ACI compute leaf1. The engineer must replace EP1 with EP2 on the same leaf switch. Which set of actions forces all remote leaves to delete EP1 before timer expiration?

A. Set L2 Unknown Unicast to Hardware proxy.Select Clear remote MAC entries.

B. Set L2 Unknown Unicast to Flood.Select Clear remote MAC entries.

C. Set L2 Unknown Unicast to Hardware Proxy.Select Clear remote IP entries.

D. Set L2 Unknown Unicast to Flood.Select Clear remote IP entries.

What is the advantage of implementing an active-active firewall cluster that is stretched across separate pods when anycast services are configured?

A. A cluster is capable to be deployed in transparent mode across pods.

B. A different MAC/IP configuration combination is configurable for the firewall in each pod.

C. Local traffic in a pod is load-balanced between the clustered firewalls.

D. The local pod anycast node is preferred by the local spines.

Refer to the exhibit. An engineer connects a Cisco ACI fabric to two different Cisco Nexus 9000 Series Switches. The fabric must be configured to ensure a loop-free topology and N9K1 must be configured as the root bridge for VLAN 10. Which action meets these requirements?

A. Enable STP on ports between the leaf and spine.

B. Set BPDU Guard on ports between the leaf and Nexus 9000 Series Switches.

C. Enable Cisco Discovery Protocol on ports between the leaf and spine.

D. Activate MCP on ports between the leaf and Nexus 9000 Series Switches.

What must be enabled in the bridge domain to have the endpoint table learn the IP addresses of endpoints?

A. L2 unknown unicast: flood

B. GARP based detection

C. unicast routing

D. subnet scope

When does the Cisco ACI leaf learn a source IP or MAC as a remote endpoint?

A. When VXLAN traffic arrives on a leaf fabric port from the spine and outer source IP is in the Layer 3 Out EPG subnet range.

B. When VXLAN traffic arrives on a leaf fabric port from the spine and outer source IP is in the bridge domain subnets range.

C. When VXLAN traffic arrives on a leaf fabric port from the spine and inner source IP is in the Layer 3 Out EPG subnet range.

D. When VXLAN traffic arrives on a leaf fabric port from the spine and inner source IP is in the bridge domain subnets range.

Refer to the exhibit. A Cisco ACI fabric is using out-of-band management connectivity. The APIC must access a routable host with an IP address of 192.168.11.2. Which action accomplishes this goal?

A. Change the switch APIC Connectivity Preference to in-band management

B. Modify the Pod Profile to use the default Management Access Policy

C. Add a Fabric Access Policy to allow management connections

D. Remove the in-band management address from the APIC

Refer to the exhibit. All nodes in the Cisco ACI fabric have been statically assigned out-of-band management IP addresses in the 10.100.180.0/24 range. An engineer is attempting to SSH into Leaf101 using a laptop with an IP address of 10.101.180.100/24. Which configuration change must be performed to allow the engineer to SSH using the laptop?

A. Add a contract filter to oobbrc-default that allows SSH.

B. Change the Leaf101 IP address to 10.101.180.101.

C. Change the allowed subnets.

D. Select the default QoS Class policy.

An engineer configured a bridge domain with the hardware-proxy option for Layer 2 unknown unicast traffic. Which statement is true about this configuration?

A. The leaf switch drops the Layer 2 unknown unicast packet if it is unable to find the MAC address in the local forwarding tables.

B. The Layer 2 unknown hardware proxy lacks support of the topology change notification.

C. The leaf switch forwards the Layers 2 unknown unicast packets to all other leaf switches if it is unable to find the MAC address in its local forwarding tables.

D. The spine switch drops the Layer 2 unknown unicast packet if it is unable to find the MAC address in the proxy database.

Which setting prevents the learning of Endpoint IP addresses whose subnet does not match the bridge domain subnet?

A. “Limit IP learning to network” setting within the bridge domain.

B. “Limit IP learning to subnet” setting within the EPG.

C. “Limit IP learning to network” setting within the EPG.

D. “Limit IP learning to subnet” setting within the bridge domain.

Which type of profile needs to be created to deploy an access port policy group?

A. attachable entity

B. Pod

C. module

D. leaf interface

 
Refer to the exhibit. A syslog service was configured to capture different faults and events from a Cisco ACI tenant. The Cisco ACI fabric is missing any OOB capability. After some time, the administrator noticed that the syslog messages were not present on the APIC. Which two actions complete the configuration? (Choose two.)

A. Change forwarding facility to local1.

B. Ping the syslog server from the APIC.

C. Reconfigure the UDP port settings.

D. Change the minimum severity levels.

E. Set the management EPG to default.

Which description regarding the initial APIC cluster discovery process is true?

A. The APIC uses an internal IP address from a pool to communicate with the nodes.

B. Every switch is assigned a unique AV by the APIC.

C. The APIC discovers the IP address of the other APIC controllers by using Cisco Discovery Protocol.

D. The ACI fabric is discovered starting with the spine switches.

An engineer needs to deploy a leaf access port policy group in ACI Fabric to support the following requirements:
✑ Control the amount of application data flowing into the system
✑ Allow the newly connected device to auto-negotiate link speed with the leaf switch
Which two ACI policies must be configured to achieve these requirements? (Choose two.)

A. link level policy

B. L2 interface policy

C. slow drain policy

D. ingress data plane policing policy

E. ingress control plane policing policy

An engineer is creating a configuration import policy that must terminate if the imported configuration is incompatible with the existing system. Which import mode achieves this result?

A. merge

B. atomic

C. best effort

D. replace

An engineer wants to filter the System Faults page and view only the active faults that are present in the Cisco ACI fabric. Which two lifecycle stages must be selected for filtering? (Choose two.)

A. Raised

B. Retaining

C. Soaking, Clearing

D. Raised, Clearing

E. Soaking

For which type of endpoint entry does a Cisco ACI leaf switch keep the original TEP source address instead of rewriting the outer source IP address to its TEP address?

A. local entry

B. remote entry

C. bounce entry

D. COOP entry

Which table holds IP address, MAC address and VXLAN/VLAN information on a Cisco ACI leaf?

A. endpoint

B. adjacency

C. RIB

D. ARP

On which two interface types should a user configure storm control to protect against broadcast traffic? (Choose two.)

A. APIC facing interfaces

B. port channel on a single leaf switch

C. all interfaces on the leaf switches in the fabric

D. endpoint-facing trunk interface

E. fabric uplink interfaces on the leaf switches

Which protocol is used in a Multi-Pod topology to synchronize reachability information across pods?

A. MP-BGP EVPN

B. OSPF

C. IS-IS

D. COOP

What is the result of the pcEnPref flag configured on the epg-App_EPG?
 

A. Any configuration changes to the private network are validated.

B. Access control rules for the L3Out network are applied.

C. Access control rules for the private network are applied.

D. Any changes to the underlying EPG objects are forbidden.

An engineer must configure an L3Out to advertise a single summarized address for all Cisco ACI host routes. The summarized address must be advertised to the core switches that are physically attached to the ACI fabric. An external EPG is created with the required subnet. Which configuration set advertises the subnet to the remote peer?

A. Set the external EPG subnet scope to Export Route Control Subnet.Associate a route control profile.

B. Set the external EPG subnet scope to Export Route Control Subnet.Associate a route summarization policy.

C. Set the external EPG subnet scope to Import Route Control Subnet.Associate a route summarization policy.

D. Set the external EPG subnet scope to Import Route Control Subnet.Associate a route control profile.

A packet is routed between two endpoints on different Cisco ACI leaf switches. Which VXLAN VNID is applied to the packet?

A. FD

B. EPG

C. VRF

D. BD

A customer must deploy three Cisco ACI based data centers. Each site must be separated from the others. Which characteristic of Cisco ACI Multi-Pod makes it unsuitable for this deployment?

A. creates a virtual pod in the remote location

B. requires all pods to share the same Cisco APIC cluster

C. has distance and scale limitations

D. places leaf switches in the remote site that belong to the same fabric as at the headquarters site

In the context of ACI Multi-Site, when is the information of an endpoint (MAC/IP) that belongs to site 1 advertised to site 2 using the EVPN control plane?

A. Endpoint information is not exchanged across sites unless COOP protocol is used.

B. Endpoint information is not exchanged across sites unless a policy is configured to allow communication across sites.

C. Endpoint information is exchanged across sites as soon as the endpoint is discovered in one site.

D. Endpoint information is exchanged across sites when the endpoints are discovered in both sites.

A Cisco ACI fabric is integrated with VMware VDS. The fabric must apply a security policy to check the integrity of traffic out of the network adapter. Which action must be taken to drop the packet when the ESXi host discovers a mismatch between the actual source MAC address transmitted by the guest operating system and the effective MAC address of the virtual machine adapter?

A. Reject MAC changes.

B. Reject forged transmits.

C. Accept MAC changes.

D. Accept forged transmits.