DRAG DROP -
 
Refer to the exhibit. A Cisco ACI fabric is newly deployed, and the security team requires more visibility of all inter EPG traffic flows. All traffic in a VRF must be forwarded to an existing firewall pair. During failover, the standby firewall must continue to use the same IP and MAC as the primary firewall. Drag and drop the steps from the left into the implementation order on the right to configure the service graph that meets the requirements. (Not all steps are used.)
Select and Place:
 

Refer to the exhibit. Which two configuration steps are completed before this output is generated? (Choose two.)

A. MCP policy for the interface policy group for Port-channel 12 is enabled.

B. MCP Instance Policy default in the global access policies is enabled.

C. Error Disabled Recovery Policy for Loop Indication by MCP is set to True.

D. BPDU Guard is enabled for the interface policy group for Port-channel 12.

E. Spanning Tree Policy Region STP_4CAF232E48FF20 is added to the spanning-tree policy of the switch.

An engineer must attach an ESXi host to the Cisco ACI fabric. The host is connected to Leaf 1 and has its gateway IP address 10.10.10.254/24 configured inside the ACI fabric. A new firewall is attached to Leaf 2 and mapped to the same EPG and BD as the ESXi host. The engineer must migrate the gateway of the ESXi host to the firewall. Which configuration set accomplishes this goal?

A. Disable unicast routing.Configure IP address 10.10.10.254/24 on the ACI BD.

B. Disable unicast routing.Define IP address 10.10.10.254/24 on the firewall.

C. Enable unicast routing.Configure IP address 10.10.10.254/24 on the ACI EPG.

D. Enable unicast routing.Set IP address 10.10.10.254/24 on the firewall.

A network engineer demonstrates Cisco ACI to a customer. One of the test cases is to validate a disaster recovery event by resetting the ACI fabric to factory and then restoring the fabric to the state it was in before the event. Which setting must be enabled on ACI to export all configuration parameters that are necessary to meet these requirements?

A. enabled AES encryption

B. generated a tech-support file

C. encrypted export destination

D. enabled JSON format export

An engineer is configuring ACI VMM domain integration with Cisco UCS-B Series. Which type of port channel policy must be configured in the vSwitch policy?

A. LACP Active

B. MAC Pinning

C. LACP Passive

D. MAC Pinning-Physical-NIC-load

Refer to the exhibit. An engineer configures communication between the EPGs in different tenants. Which action should be taken to create the subnet?

A. Change Scope to Shared between VRFs.

B. Leave Scope set to Private to VRF.

C. Add the L3Out for Route Profile value.

D. Change Scope to Advertised Externally.

An engineer needs to deploy a leaf access port policy group in ACI Fabric to support the following requirements:
✑ Control the amount of application data flowing into the system
✑ Allow the newly connected device to auto-negotiate link speed with the leaf switch
Which two ACI policies must be configured to achieve these requirements? (Choose two.)

A. link level policy

B. L2 interface policy

C. slow drain policy

D. ingress data plane policing policy

E. ingress control plane policing policy

Refer to the exhibit. Which two configurations enable inter-VRF communication? (Choose two.)

A. Set the subnet scope to Shared Between VRFs.

B. Enable Advertise Externally under the subnet scope.

C. Export the contract and import as a contract interface.

D. Change the contract scope to Tenant.

E. Change the subject scope to VRF.

An engineer is implementing a connection that represents an external bridged network. Which two configurations are used? (Choose two.)

A. Layer 2 remote fabric

B. Layer 2 outside

C. Layers 2 internal

D. Static path binding

E. VXLAN outside

Refer to the exhibit. An engineer configures the Cisco ACI fabric for VMM integration with ESXi servers that are to be connected to the ACI leaves. The server team requires the network switches to initiate the LACP negotiation as opposed to the servers. The LAG group consists of two 10 Gigabit Ethernet links. The server learn also wants to evenly distribute traffic across all available links. Which two enhanced LAG policies meet these requirements? (Choose two.)

A. LACP Mode: LACP Standby

B. LB Mode: Destination IP Address and TCP/UDP Port

C. LB Mode: Source and Destination MAC Address

D. LB Mode: Source IP Address and TCP/UDP Port

E. LACP Mode: LACP Active

A network engineer must optimize a Cisco ACI multi-pod deployment. Both pods are using the same pod policy group. The customer requirement is to avoid inter-pod traffic loss in case of planned or unplanned spine reload. Which action accomplishes this goal?

A. Configure the COOP type as compatible in COOP Group Policy.

B. Configure MACsec in the MACsec Fabric Interface Policy.

C. Configure a lower IS-IS metric for redistributed routes in ISIS Policy.

D. Configure all spines as Route Reflectors in the BGP Route Reflector Policy.

A network engineer configures the Cisco ACI fabric to connect to vCenter with these requirements:
• Port groups must be automatically created on the distributed virtual switch.
• Port groups must use the VLAN allocation in the range between 20-30.
• The deployment must optimize the CAM space on the leaf switches.
Which set of actions meets these criteria?

A. Create a dynamic VLAN pool with the VLAN range of 20-30.Create a VMM domain and associate it with the VLAN pool.Create the EPG and associate the domain.Set the deployment immediacy to On Demand.

B. Create a dynamic VLAN pool with the VLAN range of 20-30.Create a physical domain and associate it with the VLAN pool.Create the EPG and associate the domain.Set the deployment immediacy to On Demand.

C. Create a static VLAN pool with the VLAN range of 20-30.Create a physical domain and associate it with the VLAN pool.Create the EPG and associate the domain.Set the deployment immediacy to Immediate.

D. Create a static VLAN pool with the VLAN range of 20-30.Create a VMM domain and associate it with the VLAN pool.Create the EPG and associate the domain.Set the deployment immediacy to Immediate.

Refer to the exhibit. A Cisco ACI fabric displays this fault. Which set of actions modifies the event to be displayed as a warning in the future?

A. Navigate to the ACI Events tab.Create a new record.

B. Navigate to the ACI Fault tab.Create a new record.

C. Navigate to the ACI Events tab.Change the severity level.

D. Navigate to the ACI Fault tab.Change the severity level.

How does Cisco ACI detect the IP address of a silent host that moved from one location to another without notifying a Cisco ACI leaf?

A. Silent hosts are detected by the ACI fabric.

B. Endpoint announce messages are sent to COOP.

C. ARP requests are flooded in the bridge domain.

D. Bounce entries are installed on the leaf switch.

An engineer must configure a Layer 3 connection to the WAN router. The hosts in production VRF must access WAN subnets. The engineer associates EPGs in the production VRF with the external routed domain. Which action completes the task?

A. Configure the Export Route Control Subnet scope for the external EPG.

B. Configure the External Subnets for the External EPG scope for the external EPG.

C. Configure the Import Route Control Subnet scope for the external EPG.

D. Configure the Shared Route Control Subnet scope for the external EPG.

When Layer 3 routed traffic is destined to a Cisco ACI fabric, which mechanism does ACI use to detect silent hosts?

A. gratuitous ARP

B. ARP gleaning

C. proxy ARP

D. inverse ARP

A bridge domain for a new endpoint group in the Cisco ACI fabric must meet these requirements:
• The bridge domain must function as the default gateway for the subnet so that routing remains within the Cisco ACI fabric.
• ARP requests must be managed via Layer 3 unicast packets or be dropped to reduce excessive broadcast traffic.
• The impact of misconfigured virtual machines must be kept to a minimum by preventing IP addresses outside of the configured subnet from being routed.
Which set of actions must be taken?

A. Disable ARP Flooding.Enable Limit IP Learning to Subnet.Enable Unicast Routing on the bridge domain and configure a subnet.

B. Enable Limit IP Learning to Subnet.Enable Unicast Routing on the bridge domain and configure a subnet.Set Multi-Destination Flooding to Flood in BD.

C. Set Endpoint Retention Policy to default.Enable ARP Flooding.Enable Unicast Routing on the bridge domain and configure a subnet.

D. Enable Unicast Routing on the bridge domain and configure a subnet.Set L2 Unknown Unicast to Flood.Disable Endpoint Retention Policy.

What is the minimum number of APICs does Cisco recommend to deploy in a production cluster?

A. 1

B. 3

C. 4

D. 5

Which new construct must a user create when configuring in-band management?

A. VLAN pool

B. management contract

C. management tenant

D. bridge domain

Refer to the exhibit.
 
An engineer configures a Layer 4 to Layer 7 device object. The device is a virtual firewall with a single network adapter and it must be deployed in routed mode. Which action completes the configuration of the device object?

A. Enable Promiscuous Mode.

B. Change Function Type to GoTo.

C. Change context awareness to Multiple.

D. Add an outside interface to the cluster interfaces.

Refer to the exhibit. How are the STP BPDUs forwarded over Cisco ACI fabric?

A. Cisco ACI acts as the STP root for all three external switches.

B. STP BPDUs that are generated by Switch2 are received by Switch1 and Switch3.

C. STP BPDUs that are generated by Switch1 are received only by Switch3.

D. Cisco ACI fabric drops all STP BPDUs that are generated by the external switches.

Which components must be configured for the BGP Route Reflector policy to take effect?

A. spine fabric interface overrides and profiles

B. access policies and profiles

C. pod policy groups and profiles

D. leaf fabric interface overrides and profiles

An engineer must configure Cisco ACI for VMM integration to VMware vCenter. Which two attributes must be configured on the Cisco APIC to achieve this goal? (Choose two.)

A. cluster name

B. virtual switch name

C. data center name

D. port group

E. logon credentials

Refer to the exhibit. All nodes in the Cisco ACI fabric have been statically assigned out-of-band management IP addresses in the 10.100.180.0/24 range. An engineer is attempting to SSH into Leaf101 using a laptop with an IP address of 10.101.180.100/24. Which configuration change must be performed to allow the engineer to SSH using the laptop?

A. Add a contract filter to oobbrc-default that allows SSH.

B. Change the Leaf101 IP address to 10.101.180.101.

C. Change the allowed subnets.

D. Select the default QoS Class policy.

In a Cisco ACI Multi-Site fabric, the Inter-Site BUM Traffic Allow option is enabled in a specific stretched bridge domain. What is used to forward BUM traffic to all endpoints in the same broadcast domain?

A. ingress replication on the spines in the source site

B. egress replication on the destination leaf switches

C. egress replication on the source leaf switches

D. ingress replication on the spines in the destination site

A customer requested the creation of a VLAN POOL for VMM integration. The pool must support the creation of 999 dynamic and 10 static VLANs. Which VLAN pool implementation meets the customer requirements?

A.

B.

C.

D.

What is the result of the pcEnPref flag configured on the epg-App_EPG?
 

A. Any configuration changes to the private network are validated.

B. Access control rules for the L3Out network are applied.

C. Access control rules for the private network are applied.

D. Any changes to the underlying EPG objects are forbidden.

An ACI administrator notices a change in the behavior of the fabric. Which action must be taken to determine if a human intervention introduced the change?

A. Inspect event records in the APIC UI to see all actions performed by users.

B. Inspect /var/log/audit_messages on the APIC to see a record of all user actions.

C. Inspect audit logs in the APIC UI to see all user events.

D. Inspect the output of show command history in the APIC CLI.

An engineer must set up a Cisco ACI fabric to send Syslog messages related to hardware events, such as chassis line card failures. The messages should be sent to a dedicated Syslog server. Where in the Cisco APIC should the policy be configured to meet this requirement?

A. uni/tn-common/monepg-default

B. uni/infra/monifra-default

C. uni/fabric/monfab-default

D. uni/fabric/moncommon

What happens to the traffic flow when the Cisco ACI fabric has a stale endpoint entry for the destination endpoint?

A. The leaf switch does not learn the source endpoint through data plane learning.

B. The leaf switch drops the traffic that is destined to the endpoint.

C. The leaf switch floods the traffic to the endpoint throughout the fabric.

D. The leaf switch sends the traffic to the wrong destination leaf.

Refer to the exhibit. Cisco ACI fabric is connected to a Cisco Catalyst 3850 Series Switch using EBGP. Server 2 is unable to communicate with Server 1. Leaf-2 fails to learn the external subnet 10.2.2.0/24 and other external subnets from other L3Outs. Which configuration ensures that the networks from Leaf-2 are learned by the external network?

A. Configure 10.2.2.0/24 under the external EPG of the L3Out.

B. Implement a contract between the Server 2 EPG and the L3Out.

C. Implement the bridge domain to advertise the bridge domain subnet.

D. Configure Spine-1 as the MP-BGP route reflector.

An organization has encountered many STP-related issues in the past due to failed hardware components. They are in the process of long-term migration to a newly deployed ACI fabric. Senior engineers are worried that spanning-tree loops in the existing network may be extended to the ACI fabric. Which feature must be enabled on the ACI leaf ports to protect the fabric from spanning-tree loops?

A. BPDU Guard

B. per-VLAN MCP

C. Storm Control

D. BPDU Filter

Which two actions extend a Layer 2 domain beyond the ACI fabric? (Choose two.)

A. extending the routed domain out of the ACI fabric

B. creating a single homed Layer 3 Out

C. creating an external physical network

D. extending the bridge domain out of the ACI fabric

E. extending the EPG out of the ACI fabric

An engineer must configure an L3Out to advertise a single summarized address for all Cisco ACI host routes. The summarized address must be advertised to the core switches that are physically attached to the ACI fabric. An external EPG is created with the required subnet. Which configuration set advertises the subnet to the remote peer?

A. Set the external EPG subnet scope to Export Route Control Subnet.Associate a route control profile.

B. Set the external EPG subnet scope to Export Route Control Subnet.Associate a route summarization policy.

C. Set the external EPG subnet scope to Import Route Control Subnet.Associate a route summarization policy.

D. Set the external EPG subnet scope to Import Route Control Subnet.Associate a route control profile.

A Cisco ACI fabric contains a tenant called Prod. User_1 must have written access to tenant Prod and full access to the fabric access policy. Which set of actions must be taken to meet these requirements?

A. Associate User_1 to tenant Prod.Associate the security domain to the distinguished name of the fabric access policy.Create RBAC for the distinguished name of security domain.

B. Associate User_1 to the distinguished name of the fabric access policy.Associate the security domain to RBAC.Create RBAC for the distinguished name of User_1.

C. Associate User_1 to the fabric access policy.Associate the security domain to the fabric access policy.Create RBAC for the distinguished name of tenant Prod.

D. Associate User_1 to the security domain.Associate the security domain to tenant Prod.Create RBAC for the distinguished name of fabric access policy.

Which two components are essential parts of a Cisco ACI Virtual Machine Manager (VMM) domain policy configuration? (Choose two.)

A. Layer 3 outside interface association

B. EPG static port binding

C. VMM domain profile

D. EPG association

E. IP address pool association

The unicast routing feature is enabled on the bridge domain. Which two conditions enable the Cisco ACI leaf to learn a source IP as a local endpoint? (Choose two.)

A. Through Ethernet traffic received in a bridge domain.

B. IP traffic routed through an SVI.

C. Through VXLAN traffic received on the uplink.

D. IP traffic routed through a Layer 3 Out.

E. Through ARP received on an SVI.

A situation causes a fault to be raised on the APIC. The ACI administrator does not want that fault to be raised because it is not directly relevant to the environment. Which action should the administrator take to prevent the fault from appearing?

A. Under System -> Faults, right-click on the fault and select Acknowledge Fault so that acknowledged faults will immediately disappear.

B. Create a stats threshold policy with both rising and falling thresholds defined so that the critical severity threshold matches the squelched threshold.

C. Under System -> Faults, right-click on the fault and select Ignore Fault to create a fault severity assignment policy that hides the fault.

D. Create a new global health score policy that ignores specific faults as identified by their unique fault code.

When creating a subnet within a bridge domain, which configuration option is used to specify the network visibility of the subnet?

A. limit IP learning to subnet

B. scope

C. gateway IP

D. subnet control

What is a requirement for Cisco ACI IPN to manage multidestination traffic?

A. pervasive gateway

B. unicast routing

C. anycast gateway

D. multicast routing

Which feature dynamically assigns or modifies the EPG association of virtual machines based on their attributes?

A. vzAny contracts

B. standard contracts

C. application EPGs

D. uSeg EPGs

An engineer is implementing a Cisco ACI environment that consists of more than 20 servers. Two of the servers support only Cisco Discovery Protocol with no other link discovery protocol. The engineer wants the servers to be discovered automatically by the Cisco ACI fabric when connected. Which action must be taken to meet this requirement?

A. Create an override policy that enables Cisco Discovery Protocol after LLDP is enabled in the default policy group.

B. Configure a higher order interface policy that enables Cisco Discovery Protocol for the interface on the desired leaf switch.

C. Configure a lower order policy group that enables Cisco Discovery Protocol for the interface on the desired leaf switch.

D. Create an interface profile for the interface that disables LLDP on the desired switch that is referenced by the interface policy group.

What is MP-BGP used for in Cisco ACI fabric?

A. MP-BGP VPNv4 AF is used as protocol on L3Out between a border leaf and an external router

B. MP-BGP Layer 2 VPN EVPN AF is used to propagate L3Out routes that are received from a border leaf

C. MP-BGP VPNv4 AF is used to propagate L3Out routes that are received from a border leaf to the fabric

D. MP-BGP VPNv4 AF is used between spines in an ACI Multi-Pod fabric to propagate the endpoint

Which table holds IP address, MAC address and VXLAN/VLAN information on a Cisco ACI leaf?

A. endpoint

B. adjacency

C. RIB

D. ARP

An engineer configured a bridge domain with the hardware-proxy option for Layer 2 unknown unicast traffic. Which statement is true about this configuration?

A. The leaf switch drops the Layer 2 unknown unicast packet if it is unable to find the MAC address in the local forwarding tables.

B. The Layer 2 unknown hardware proxy lacks support of the topology change notification.

C. The leaf switch forwards the Layers 2 unknown unicast packets to all other leaf switches if it is unable to find the MAC address in its local forwarding tables.

D. The spine switch drops the Layer 2 unknown unicast packet if it is unable to find the MAC address in the proxy database.

DRAG DROP -
Drag and drop the Cisco ACI Layer 4 to Layer 7 service insertion terms on the left to the correct descriptions on the right.
Select and Place:
 

An engineer is extending an EPG out of the ACI fabric using static path binding. Which statement about the endpoints is true?

A. Endpoints must connect directly to the ACI leaf port.

B. External endpoints are in a different bridge domain than the endpoints in the fabric.

C. Endpoint learning encompasses the MAC address only.

D. External endpoints are in the same EPG as the directly attached endpoints.

An engineer configures SNMP for an ACI fabric and created an SNMP Monitoring Destination Group called snmp_dgroup1. Snmp_dgroup1 is configured with the server hostname and community password. An SNMP policy called snmp_podpolicy1 is configured to enable SNMP and add an SNMP Client Group Profile called snmp_clgroup1. Snmp_podpolicy1 is associated the default pod profile via a pod policy group named pod1. Which configuration set must the engineer enable to complete the SNMP configuration?

A. Configure the OOB management contract to permit UDP 162.Associate snmp_dgroup1 with the OOB management EPG.

B. Configure an SNMP management contract to permit all traffic.Associate snmp_podpolicy1 with an SNMP pod profile.

C. Configure an SNMP management contract to permit UDP 162.Associate the SNMP Source to snmp_clgroup1.

D. Configure the OOB management contract to permit all traffic.Associate snmp_clgroup1 with the SNMP management EPG.

Which Cisco ACI feature allows the encryption of communication over TEP addresses connecting sites via the intersite network in a Cisco Multi-Site deployment?

A. TrustSec

B. IPsec

C. MACsec

D. CloudSec

DRAG DROP -
Drag and drop the Cisco ACI filter entry options from the left onto the correct categories on the right indicating what are required or optional parameters.
Select and Place: