Refer to the exhibit. Cisco ACI fabric is connected to a Cisco Catalyst 3850 Series Switch using EBGP. Server 2 is unable to communicate with Server 1. Leaf-2 fails to learn the external subnet 10.2.2.0/24 and other external subnets from other L3Outs. Which configuration ensures that the networks from Leaf-2 are learned by the external network?

A. Configure 10.2.2.0/24 under the external EPG of the L3Out.

B. Implement a contract between the Server 2 EPG and the L3Out.

C. Implement the bridge domain to advertise the bridge domain subnet.

D. Configure Spine-1 as the MP-BGP route reflector.

What must be enabled in the bridge domain to have the endpoint table learn the IP addresses of endpoints?

A. L2 unknown unicast: flood

B. GARP based detection

C. unicast routing

D. subnet scope

Which method does the Cisco ACI fabric use to load-balance multidestination traffic?

A. forwarding tag trees

B. PIM routing

C. spanning trees

D. shortest-path trees

Refer to the exhibit. A company merges three of its departments: CORP, HR, and SERVICES, Currently, the connectivity between departments is achieved by using VRF route leaking. The requirement is to redesign the Cisco ACI networking architecture to communicate between EPGs and BDs from any tenant without configuring contracts or VRF route leaking. Which configuration meets these criteria?

A. Configure an unenforced VRF in the user tenant and map all required EPGs to it.

B. Implement an enforced VRF in the common tenant and map all required BDs to it.

C. Configure an enforced VRF in the user tenant and map all required EPGs to it.

D. Implement an unenforced VRF in the common tenant and map all required BDs to it.

Which statement about ACI syslog is true?

A. Notifications for different scopes of syslog objects can be sent only to one destination.

B. Syslog messages are sent to the destination through the spine.

C. All syslog messages are sent to the destination through APIC.

D. Switches send syslog messages directly to the destinations.

A RADIUS user resolves its role via the Cisco AV Pair. What object does the Cisco AV Pair resolve to?

A. tenant

B. security domain

C. primary Cisco APIC

D. managed object class

An engineer is implementing Cisco ACI at a large platform-as-a-service provider using APIC controllers, 9396PX leaf switches, and 9336PQ spine switches. The leaf switch ports are configured as IEEE 802.1p ports. Where does the traffic exit from the EPG in IEEE 802.1p mode in this configuration?

A. from leaf ports tagged as VLAN 0

B. from leaf ports untagged

C. from leaf ports tagged as VLAN 4094

D. from leaf ports tagged as VLAN 1

Refer to the exhibit. New e-commerce software is deployed on Cisco ACI fabric. The environment must meet these requirements:
• The overall number of contracts must be reduced by reusing the existing contracts within a VRF when possible.
• The e-commerce software must communicate only with software EPGs that are part of the same ANP.
• The e-commerce software must be prevented from communicating with applications in different ANPs.
Which scope must be selected to meet these requirements?

A. Application Profile

B. Endpoint Group

C. Tenant

D. Global

Which switch type is discovered first in the Cisco ACI fabric discovery process?

A. spine

B. distribution

C. leaf

D. access

New ESXi hosts are procured in a data center compute expansion project. An engineer must update the configuration on the Cisco APIC controllers to support the addition of the new servers to the existing VMM domain. Which action should be taken to support this change?

A. Create a range of internal VLANs in the associated VLAN pool.

B. Set the encapsulation mode as VXLAN.

C. Enable infrastructure VLAN in the associated AEP.

D. Map the leaf interface selector to the AEP that is associated with the VMM domain.

Refer to the exhibit. An engineer connects a Cisco ACI fabric to two different Cisco Nexus 9000 Series Switches. The fabric must be configured to ensure a loop-free topology and N9K1 must be configured as the root bridge for VLAN 10. Which action meets these requirements?

A. Enable STP on ports between the leaf and spine.

B. Set BPDU Guard on ports between the leaf and Nexus 9000 Series Switches.

C. Enable Cisco Discovery Protocol on ports between the leaf and spine.

D. Activate MCP on ports between the leaf and Nexus 9000 Series Switches.

A network engineer must integrate VMware vCenter cluster with Cisco ACI. The requirement is for the management traffic of the hypervisors and VM controllers to use the virtual switch associated with the Cisco Application Policy. The EPG called "Vmware-MGMT" with VLAN 300 has been created for this purpose. Which set of steps must be taken to complete the configuration?

A. • Add VLAN 300 with static allocation to the VLAN POOL that is used for VMM integration.• Attach the VMM domain to the target EPG with resolution preprovision, mode static, untagged access VLAN, and Port-Encap 300.

B. • Associate the target EPG with the VMM domain with default settings.• Enable Infrastructure VLAN on AAEP used toward VMware hypervisors.

C. • Enable Infrastructure VLAN on AAEP used toward VMware hypervisors.• Associate the target EPG with the VMM domain with default settings.

D. • Enable Infrastructure VLAN on AAEP used toward VMware hypervisors.• Create a static binding in the target EPG toward VMware hypervisors with VLAN 300, untagged access VLAN, and Untagged 802.1P mode.

An engineer configured Layer 2 extension from the ACI fabric and changed the Layer 2 unknown unicast policy from Flood to Hardware Proxy. How does this change affect the flooding of the L2 unknown unicast traffic?

A. It is forwarded to one of the spines to perform as a spine proxy.

B. It is flooded within the whole fabric.

C. It is dropped by the leaf when the destination endpoint is not present in the endpoint table.

D. It is forwarded to one of the APICs to perform as a proxy.

Refer to the exhibit. VM1 and VM2 are in Cisco ACI POD1 and communication takes place. Which event is triggered when VM2 is live migrated from POD1 to POD2?

A. Leaf 102 installs a bounce entry for VM2 pointing to the PTEP address of leaf 201.

B. Leaf 201 creates a tunnel with leaf 102 because of the bounced traffic that is destined to VM2.

C. Spines from POD2 send an MP-BGP EVPN update to the leaves in POD1 about the new location of VM2.

D. An MP-BGP EVPN update is received by spines in POD1 announcing the reachability of VM2 via the proxy VTEP address of the spines in POD2.

A network engineer configured a Cisco ACI fabric as follows:
• An EPG called EPG-A is created and associated with a VMM domain called North.
• The EPG-A is associated with BD-A and is in an application profile called Apps-A.
• The BD-A is associated with VRF-1 in the Prod tenant.
Which port group must be selected to place VMs in EPG-A?

A. Prod|Apps-A|EPG-A

B. Prod|Apps-A|North|EPG-A

C. Prod|Business_Apps|BD-A|EPG-A

D. Prod|VRF-1|Apps-A|EPG-A

A Cisco ACI fabric must send a packet between two pods in a Cisco ACI Multi-Pod topology where ARP flooding is disabled within the bridge domain. How does a Cisco ACI spine switch forward ARP messages from a leaf switch in POD1 to POD2?

A. ARP optimization is applied and sends ARP to remote anycast.

B. The ARP message is dropped and connectivity is lost between the endpoints.

C. A proxy ARP message is sent to destination group 225.224.0.0.

D. An ARP Glean message is sent to multicast address 239.255.255.240.

A network engineer configures the Cisco ACI fabric to connect to vCenter with these requirements:
• Port groups must be automatically created on the distributed virtual switch.
• Port groups must use the VLAN allocation in the range between 20-30.
• The deployment must optimize the CAM space on the leaf switches.
Which set of actions meets these criteria?

A. Create a dynamic VLAN pool with the VLAN range of 20-30.Create a VMM domain and associate it with the VLAN pool.Create the EPG and associate the domain.Set the deployment immediacy to On Demand.

B. Create a dynamic VLAN pool with the VLAN range of 20-30.Create a physical domain and associate it with the VLAN pool.Create the EPG and associate the domain.Set the deployment immediacy to On Demand.

C. Create a static VLAN pool with the VLAN range of 20-30.Create a physical domain and associate it with the VLAN pool.Create the EPG and associate the domain.Set the deployment immediacy to Immediate.

D. Create a static VLAN pool with the VLAN range of 20-30.Create a VMM domain and associate it with the VLAN pool.Create the EPG and associate the domain.Set the deployment immediacy to Immediate.

A Cisco ACI fabric contains a tenant called Prod. User_1 must have written access to tenant Prod and full access to the fabric access policy. Which set of actions must be taken to meet these requirements?

A. Associate User_1 to tenant Prod.Associate the security domain to the distinguished name of the fabric access policy.Create RBAC for the distinguished name of security domain.

B. Associate User_1 to the distinguished name of the fabric access policy.Associate the security domain to RBAC.Create RBAC for the distinguished name of User_1.

C. Associate User_1 to the fabric access policy.Associate the security domain to the fabric access policy.Create RBAC for the distinguished name of tenant Prod.

D. Associate User_1 to the security domain.Associate the security domain to tenant Prod.Create RBAC for the distinguished name of fabric access policy.

An SNMP monitoring service is added to a Cisco ACI fabric. The solution must meet these requirements:
• The notification must be generated when significant events occur during hardware-related events.
• The notification system must be redundant by using multiple servers to receive the notifications.
Which set of actions meets these requirements?

A. Implement an SNMP Monitoring Destination Group.Associate the SNMP policy to the desired pod in the Pod Policies section under the Fabric tab.

B. Configure an SNMP policy with community policies in the Tenant section of the common tenant.Link the SNMP policy to the common tenant in the Monitoring Policies section under the Fabric tab.

C. Define an SNMP policy with community policies in the Fabric Policies section under the Fabric tab.Implement an SNMP Client Group Profile.

D. Configure an SNMP Monitoring Destination Group.Define an SNMP source by using the previously defined group in the Access Policies section under the Fabric tab.

Which tenant is used when configuring in-band management IP addresses for Cisco APICs, leaf nodes, and spine nodes?

A. default

B. infra

C. common

D. mgmt

An engineer resolves an underlying condition of a fault but notices that the fault was not deleted from the Faults view. Which two actions must be taken to remove the fault? (Choose two.)

A. The raised condition ceases.

B. Faults are never deleted from the system.

C. The soaking timer expires.

D. Acknowledge the fault as an administrator.

E. The fault is deleted after the retention interval.

A Cisco ACI environment is configured to integrate with a vCenter environment using the VMM domain name west_coast_VMM. Within the ACI environment, only tenant west_coast has EPGs associated with west_coast_VMM. This deployment is new, so these EPGs currently do not have any members. A systems engineer is setting up vCenter, creates a VDS named west-coast-VMM, and deletes the VDS named west_coast_VMM. The systems engineer creates the necessary port groups that correspond with the EPGs, but when VMs are connected to the port groups, they cannot ping their gateway. Which action establishes connectivity?

A. Associate the EPGs to west-coast-VMM.

B. Rename the VDS to west_coast_VMM.

C. Use the EPG encap-VLAN on the port groups.

D. Disconnect Cisco APIC connectivity from vCenter.

Refer to the exhibit. An engineer configured subnets on the external EPG called L3OUT_CORE. The external endpoints in the 10.1.0.0/24 subnet can reach internal endpoints, but the external endpoints in the 172.16.1.0/24 subnet are unreachable. Which set of actions enables the connectivity?

A. Delete both external EPG subnets.Create the 0.0.0.0/1 subnet.

B. Delete the external EPG subnet 0.0.0.128/1.Create the 128.0.0.0/1 subnet.

C. Delete both external EPG subnets.Create the 0.0.0.0/0 subnet.

D. Delete the external EPG subnet 0.0.0.0/0.Create the 0.0.0.0/128 subnet.

Which two protocols support accessing backup files on a remote location from the APIC? (Choose two.)

A. TFTP

B. FTP

C. SFTP

D. SMB

E. HTTPS

Refer to the exhibit. A service provider hosts applications for multiple organizations. Each organization owns a separate tenant and syslog server. The events from each tenant must be sent to the corresponding syslog server. Which action accomplishes this goal?

A. Configure a single shared external syslog server and apply it to all of the user tenants.

B. Configure a single shared external syslog server and apply it to the common tenant.

C. Configure an external syslog server for each tenant and apply each of them to the related tenant.

D. Configure an external syslog server for each tenant and apply all of them to the common tenant.

Which components must be configured for the BGP Route Reflector policy to take effect?

A. spine fabric interface overrides and profiles

B. access policies and profiles

C. pod policy groups and profiles

D. leaf fabric interface overrides and profiles

A Cisco ACI fabric is experiencing packet loss that originates from a bare metal server. The engineer must configure the syslog service to meet these requirements:
• The ACI syslog information must be collected with logging information from other network devices.
• The monitoring must only be performed on leaf 103 and leaf 104.
Which set of actions accomplishes these goals?

A. Configure the Syslog Monitoring Destination Group to remote server logging.Create an Access Monitoring policy for ingress and egress packet drops.Apply the Monitoring policy to the appropriate Switch Profile group.

B. Configure the Syslog Monitoring Destination Group to Console logging.Create a Fabric-Wide Monitoring policy for ingress packet drops.Apply the Monitoring policy to the appropriate Switch Profile group.

C. Configure the Syslog Monitoring Destination Group to Local File logging.Create a Fabric Monitoring policy for ingress and egress bytes.Apply the Monitoring policy to the appropriate Switch Profile group.

D. Configure the Syslog Monitoring Destination Group to Console logging.Create an Access Monitoring policy for egress packet drops.Apply the Monitoring policy to the appropriate Switch Profile group.

A customer must deploy three Cisco ACI based data centers. Each site must be separated from the others. Which characteristic of Cisco ACI Multi-Pod makes it unsuitable for this deployment?

A. creates a virtual pod in the remote location

B. requires all pods to share the same Cisco APIC cluster

C. has distance and scale limitations

D. places leaf switches in the remote site that belong to the same fabric as at the headquarters site

An engineer must set up a Cisco ACI fabric to send Syslog messages related to hardware events, such as chassis line card failures. The messages should be sent to a dedicated Syslog server. Where in the Cisco APIC should the policy be configured to meet this requirement?

A. uni/tn-common/monepg-default

B. uni/infra/monifra-default

C. uni/fabric/monfab-default

D. uni/fabric/moncommon

Which two dynamic routing protocols are supported when using Cisco ACI to connect to an external Layer 3 network? (Choose two.)

A. iBGP

B. VXLAN

C. IS-IS

D. RIPv2

E. eBGP

Refer to the exhibit. An administrator configures inter-VRF route leaking between Production:vrf-prod and Non-Production:vrf-nonprod. However, the route in the Non-Production:vrf-nonprod VRF to the production tenant is missing. Which action resolves the VRF route leaking issue?

A. Change the contract scope to Global.

B. Enable the Shared between VRFs option for the BD subnet in the production VRF.

C. Enable the Shared between VRFs option for the EPG subnet in the non-production VRF.

D. Export the contract from provider to consumer tenant.

A Cisco ACI fabric is integrated with a Cisco ASA firewall using a service graph under the tenant called Operations. The fabric must permit the firewall used on tenant Operations to be referenced by the tenant called Management. Which export action must be used to accomplish this goal?

A. device selection policies

B. service graph template

C. router configurations

D. Layer4-Layer7 device

Refer to the exhibit. An engineer wants to initiate an ICMP ping from Server1 to Server2. The requirement is for the BD1 to enforce ICMP replies that follow the expected path. The packets must be prevented from taking the direct path from Leaf1 to Server1. Which action must be taken on BD1 to meet these requirements?

A. Set L2 Unknown Unicast to Flood.

B. Set L2 Unknown Unicast to Hardware Proxy.

C. Disable Unicast Routing.

D. Enable ARP Flooding.

Which statement regarding ACI Multi-Pod and TEP pool is true?

A. The IP addresses used in the IPN network can overlap TEP pool of the APIC.

B. A different TEP pool must be assigned to each Pod.

C. The Pod1 TEP pool must be split and a portion of the TEP pool allocated to each Pod.

D. The same TEP pool is used in all Pods.

An engineer wants to monitor all configuration changes, threshold crossing, and link-state transitions in a Cisco ACI fabric. Which action must be taken to receive the required messages?

A. Add Faults and Events to the monitor policy.

B. Add Session Logs and Audit Logs to the monitor policy.

C. Include Audit Logs and Events in the Syslog source policy.

D. Include Events and Session Logs in the Syslog source policy.

An engineer must adjust the time on a Cisco ACI fabric. The implementation must use a single external time server and the APIC management interfaces for the communication. Which action accomplishes this goal?

A. Enable the Date and Time offset state in the system settings.

B. Set the NTP provider minimum polling interval to 1.

C. Set the NTP provider in default Date and Time policy.

D. Create a contract in the management tenant to allow UDP port 123.

An engineer wants to configure Cisco ACI switches to use authenticated ZMQ when communicating with the proxy spine. Which configuration allows MD5 ZMQ messages only?

A. COOP Group policy in strict mode

B. IS-IS password using MD5

C. BGP password using MD5

D. COOP Group policy in compatible mode

The Application team reports that a previously existing port group has disappeared from vCenter. An engineer confirms that the VMM domain association for the EPG is no longer present. Which action determines which user is responsible for the change?

A. Check the EPG audit logs for the “deletion” action and compare the affected object and user.

B. Evaluate the potential faults that are raised for that EPG.

C. Examine the health score and drill down to an object that affects the EPG combined score.

D. Inspect the server logs to see who was logging in to the APIC during the last few hours.

DRAG DROP -
An engineer is configuring a VRF for a tenant named Cisco. Drag and drop the child objects on the left onto the correct containers on the right for this configuration.
Select and Place:
 

What represents the unique identifier of an ACI object?

A. universal resource identifier (URI)

B. application programming interface

C. management information tree

D. distinguished name

A customer is deploying a new application across two ACI pods that is sensitive to latency and jitter. The application sets the DSCP values of packets to AF31 and CS6, respectively. Which configuration changes must be made on the APIC to support the new application and prevent packets from being delayed or dropped between pods?

A. disable DSCP mapping on the IPN devices

B. disable DSCP translation policy

C. align the ACI QoS levels and IPN QoS policies

D. align the custom QoS policy on the EPG site in the customer tenant

Refer to the exhibit. Which two objects are created as a result of the configuration? (Choose two.)

A. application profile

B. attachable AEP

C. bridge domain

D. endpoint group

E. VRF

Where are STP BPDUSs flooded in Cisco ACI fabric?

A. in the access encapsulation VLAN part of different VLAN pools

B. in the bridge domain VLAN

C. in the native VLAN ID

D. in the VNID that is assigned to the FD VLAN

Refer to the exhibit.
 
An engineer must set a policy to reuse the old password when changed after two days. Which action set accomplishes this goal?

A. Change the password four times.Set the minimum period between changes to 6 hours.

B. Change the password two times.Set the minimum period between changes to 6 hours.

C. Change the password four times.Set the minimum period between changes to 48 hours.

D. Change the password six times.Set the minimum period between changes to 48 hours.

Refer to the exhibit. A Cisco ACI fabric has these configurations:
• VPC exists between Leaf2 and Leaf3.
• A switch profile called SW_Prof exists.
• A switch selector called SW_Selec exists.
• An interface selector named Int_Selec exists.
• An interface profile named Int_Prof exists.
Which two sets of actions must the engineer perform to connect Server1 to Leaf2 and Leaf3 using VPC? (Choose two.)

A. Map switch selector SW_Selec under switch profile SW_Prof.Add Leaf2 and Leaf3 node IDs under switch selector SW_Selec.Assign policy group to interface selector Int_Selec.

B. Add Leaf2 and Leaf3 node IDs under switch selector SW_Selec.Map switch profile SW_Prof under switch selector SW_Selec.Create the explicit VPC group from access policies.

C. Create the explicit VPC group from fabric policies.Map interface Eth1/1 under interface selector Int_Selec.Assign policy group to interface selector Int_Selec.

D. Add Leaf2 and Leaf3 node IDs under switch profile SW_Prof.Map Int_Selec under Int_Prof.Assign policy group to interface profile Int_Prof.

E. Create the explicit VPC group from access policies.Map Interface Eth1/1 under interface selector Int_Selec.Map Int_Selec under Int_Prof.

Refer to the exhibit. An engineer is implementing a BPDU filter on external switch interfaces that face the Cisco ACI fabric to prevent excessive TCNs from impacting the fabric. Which configuration must be applied on Cisco ACI to avoid a Layer 2 loop?

A. Configure MCP globally.

B. Implement BPDU Guard.

C. Apply an MSTP instance on Cisco ACI.

D. Enable STP on downlinks.

An engineer must allow multiple external networks to communicate with internal ACI subnets. Which action should the engineer take to assign the prefix to the class ID of the external Endpoint Group?

A. Enable the Export Route Control Subnet for the External Endpoint Group flag.

B. Enable an L3Out with Shared Route Control Subnet.

C. Configure subnets with the External Subnets for External EPG flag enabled.

D. Configure subnets with the Import Route Control Subnet flag enabled.

An engineer plans a Cisco ACI firmware upgrade. The ACI fabric consists of three Cisco APIC controllers, two spine switches, and four leaf switches. Two leaf switches have 1-Gb copper ports for bare metal servers, and the other two leaf switches have 10-Gb SFP ports to connect storage. Which set of actions accomplishes an upgrade with minimal disruptions?

A. Upgrade the APIC controllers by selecting the desired firmware and choosing Upgrade Now.Divide the switches into two upgrade groups: spines and leaves.Start the firmware upgrade on the spine upgrade group and then proceed with the leaf upgrade group.

B. Upgrade the APIC controllers by initiating the upgrade process that uses the most recent uploaded firmware.Divide the switches into three upgrade groups: spines, 1-Gb switches, and 10-Gb switches.Start the firmware upgrade on the spine upgrade group and then proceed with the other two groups.

C. Upgrade the APIC controllers by selecting the desired firmware and choosing Upgrade Now.Divide the switches into two upgrade groups with one spine, one 1-Gb switch, and one 10-Gb switch per group.Start the firmware upgrade on the first upgrade group and when it finishes, start the second upgrade group.

D. Upgrade the APIC controllers as a single group by selecting the firmware and choosing Upgrade Now.Divide the switches into four upgrade groups with one switch per group.Start the firmware upgrade on each upgrade group in succession until all four are complete.

In a Cisco ACI Multi-Site fabric, the Inter-Site BUM Traffic Allow option is enabled in a specific stretched bridge domain. What is used to forward BUM traffic to all endpoints in the same broadcast domain?

A. ingress replication on the spines in the source site

B. egress replication on the destination leaf switches

C. egress replication on the source leaf switches

D. ingress replication on the spines in the destination site

What must be configured to redistribute externally learned OSPF routes within the ACI fabric?

A. Route Control Profile

B. BGP Route Reflector

C. BGP Inter-leak Route Map

D. PIM Sparse Mode