An engineer must perform a Cisco ACI fabric upgrade that minimizes the impact on user traffic and allows only permitted users to perform an upgrade. Which two configuration steps should be taken to meet these requirements? (Choose two.)

A. Grant tenant-ext-admin access to a user who performs an upgrade

B. Divide Cisco APIC controllers into two or more maintenance groups

C. Combine all switches into an upgrade group

D. Grant the fabric administrator role to a user who performs an upgrade

E. Divide switches into two or more maintenance groups

A network engineer configures the Cisco ACI fabric to connect to vCenter with these requirements:
• Port groups must be automatically created on the distributed virtual switch.
• Port groups must use the VLAN allocation in the range between 20-30.
• The deployment must optimize the CAM space on the leaf switches.
Which set of actions meets these criteria?

A. Create a dynamic VLAN pool with the VLAN range of 20-30.Create a VMM domain and associate it with the VLAN pool.Create the EPG and associate the domain.Set the deployment immediacy to On Demand.

B. Create a dynamic VLAN pool with the VLAN range of 20-30.Create a physical domain and associate it with the VLAN pool.Create the EPG and associate the domain.Set the deployment immediacy to On Demand.

C. Create a static VLAN pool with the VLAN range of 20-30.Create a physical domain and associate it with the VLAN pool.Create the EPG and associate the domain.Set the deployment immediacy to Immediate.

D. Create a static VLAN pool with the VLAN range of 20-30.Create a VMM domain and associate it with the VLAN pool.Create the EPG and associate the domain.Set the deployment immediacy to Immediate.

What does a bridge domain represent?

A. Layer 3 cloud

B. Layer 2 forwarding construct

C. tenant

D. physical domain

Regarding the MTU value of MP-BGP EVPN control plane packets in Cisco ACI, which statement about communication between spine nodes in different sites is true?

A. By default, spine nodes generate 9000-bytes packets to exchange endpoints routing information. As a result, the Inter-Site network should be able to carry 9000-bytes packets.

B. By default, spine nodes generate 1500-bytes packets to exchange endpoints routing information. As a result, the Inter-Site network should be able to carry 1800-bytes packets.

C. By default, spine nodes generate 1500-bytes packets to exchange endpoints routing information. As a result, the Inter-Site network should be able to carry 1500-bytes packets.

D. By default, spine nodes generate 9000-bytes packets to exchange endpoints routing information. As a result, the Inter-Site network should be able to carry 9100-bytes packets.

Which type of profile needs to be created to deploy an access port policy group?

A. attachable entity

B. Pod

C. module

D. leaf interface

An engineer configures an L3Out between BLeaf1 and Core1. A Cisco Nexus 9000 Series Switch runs in NX-OS mode, and the two devices must peer using OSPF. The devices in the network are configured as follows:
• BLeaf1 has been configured with the IP address 10.1.0.2/31 and the router ID 0.0.0.2.
• Core1 has been configured with the IP address 10.1.0.3/31 and the router ID 0.0.0.1.
• On Cisco ACI, the engineer has enabled OSPF using the default OSPF settings.
• The engineer has configured OSPF on the NX-OS switch using the ip router ospf ACI_peering area 1 command.
Which action brings up the OSPF adjacency?

A. Set and Auth Key on Core1.

B. Configure Area 1 on BLeaf1.

C. Disable Hello Timer on BLeaf1.

D. Change the MTU on Core1.

An engineer wants to configure Cisco ACI switches to use authenticated ZMQ when communicating with the proxy spine. Which configuration allows MD5 ZMQ messages only?

A. COOP Group policy in strict mode

B. IS-IS password using MD5

C. BGP password using MD5

D. COOP Group policy in compatible mode

A Cisco ACI environment is configured to integrate with a vCenter environment using the VMM domain name west_coast_VMM. Within the ACI environment, only tenant west_coast has EPGs associated with west_coast_VMM. This deployment is new, so these EPGs currently do not have any members. A systems engineer is setting up vCenter, creates a VDS named west-coast-VMM, and deletes the VDS named west_coast_VMM. The systems engineer creates the necessary port groups that correspond with the EPGs, but when VMs are connected to the port groups, they cannot ping their gateway. Which action establishes connectivity?

A. Associate the EPGs to west-coast-VMM.

B. Rename the VDS to west_coast_VMM.

C. Use the EPG encap-VLAN on the port groups.

D. Disconnect Cisco APIC connectivity from vCenter.

Refer to the exhibit. All nodes in the Cisco ACI fabric have been statically assigned out-of-band management IP addresses in the 10.100.180.0/24 range. An engineer is attempting to SSH into Leaf101 using a laptop with an IP address of 10.101.180.100/24. Which configuration change must be performed to allow the engineer to SSH using the laptop?

A. Add a contract filter to oobbrc-default that allows SSH.

B. Change the Leaf101 IP address to 10.101.180.101.

C. Change the allowed subnets.

D. Select the default QoS Class policy.

 
Refer to the exhibit. A network engineer deploys Cisco APIC for the first time. Which connectivity type must be used to connect a Cisco ACI APIC node to connect to an out-of-band segment?

A. 4. 1-Gb Ethernet dedicated management port

B. 5. Serial port (RJ-45 connector)

C. 9. VIC 1455 with external 10/25-Gigabit Ethernet ports

D. 2. Dual 1-Gb/10-Gb Ethernet ports (LAN1 and LAN2)

In-band is currently configured and used to manage the Cisco ACI fabric. The requirement is for leaf and spine switches to use out-of-band management for NTP protocol. Which action accomplishes this goal?

A. Select Out-of-Band as Management EPG in the default DateTimePolicy.

B. Create an Override Policy with NTP Out-of-Band for leaf and spine switches.

C. Change the interface used for APIC external connectivity to ooband.

D. Add a new filter to the utilized Out-of-Band-Contract to allow NTP protocol.

A customer is deploying a new application across two ACI pods that is sensitive to latency and jitter. The application sets the DSCP values of packets to AF31 and CS6, respectively. Which configuration changes must be made on the APIC to support the new application and prevent packets from being delayed or dropped between pods?

A. disable DSCP mapping on the IPN devices

B. disable DSCP translation policy

C. align the ACI QoS levels and IPN QoS policies

D. align the custom QoS policy on the EPG site in the customer tenant

A bridge domain for an EPG called “Web Servers” must be created in the Cisco APIC. The configuration must meet these requirements:
• Only traffic to known MAC addresses must be allowed to reduce noise.
• The multicast traffic must be limited to the ports that are participating in multicast routing.
• The endpoints within the bridge domain must be kept in the endpoint table for 20 minutes without any updates.
Which set of steps configures the bridge domain that satisfies the requirements?

A. Switch L2 Unknown Unicast to Flood.Select the default Endpoint Retention Policy and set the Local Endpoint Aging to 20 minutes.Set Multicast Destination Flooding to Flood in Encapsulation.

B. Set L2 Unknown Unicast to Hardware Proxy.Configure L3 Unknown Multicast Flooding to Optimized Flood.Create an Endpoint Retention Policy with a Local Endpoint Aging Interval of 1200 seconds.

C. Multicast Destination Flooding should be set to Flood in BD.Set L3 Unknown Multicast Flooding to Flood.Select the default Endpoint Retention Policy with a Local Endpoint Aging Interval of 1200 seconds.

D. Select the ARP Flooding checkbox.Create an Endpoint Retention Policy with a Remote Endpoint Aging Interval of 20 minutes.Set L3 Unknown Multicast Flooding to Optimized Flooding.

Refer to the exhibit. A load balancer is connected to the Cisco ACI fabric using a single interface. The load balancer is performing source and destination NAT. A service graph is configured on the Cisco ACI. Which action must be taken to allow traffic from host A to pass through the load balancer before reaching host B?

A. Apply PBR on contract between the load balancer and application EPGs.

B. Disable unicast routing on the bridge domain BD_2.

C. Configure limit IP learning to subnet on BD_3.

D. Set the default gateway for host B on the load balancer.

Refer to the exhibit. A Cisco ACI fabric is created with L2Out to N7K1 and N7K2 switches. The switches are running MSTP with native VLAN 10. The N7K1 and N7K2 act as the root bridge for VLAN 20. An EPG named Data has been created. The ACI fabric must be configured with these requirements:
• The ACI fabric must receive MSTP BPDU.
• The N7K1 switch must act as the root bridge for VLAN 20.
Which set of actions accomplishes these goals?

A. Encapsulate EPG Data with VLAN 20.Set the VLAN mode to Trunk.

B. Encapsulate EPG Data with VLAN 10.Set the VLAN mode to Trunk.

C. Encapsulate EPG Data with VLAN 10.Set the VLAN mode to 802.1P.

D. Encapsulate EPG Data with VLAN 20.Set the VLAN mode to 802.1P.

When a pre-provision immediacy is used, when is the policy downloaded to the Cisco ACI leaf switch?

A. The policy is downloaded and programmed in the hardware policy CAM when the change is implemented on the Cisco APIC.

B. The policy is programmed in the hardware policy CAM when the policy is downloaded in the leaf software.

C. The policy is programmed in the hardware policy CAM when the first packet is received through the data path.

D. The policy is downloaded to the associated leaf switch software when the ESXi host is attached to a DVS.

Refer to the exhibit. A service provider hosts applications for multiple organizations. Each organization owns a separate tenant and syslog server. The events from each tenant must be sent to the corresponding syslog server. Which action accomplishes this goal?

A. Configure a single shared external syslog server and apply it to all of the user tenants.

B. Configure a single shared external syslog server and apply it to the common tenant.

C. Configure an external syslog server for each tenant and apply each of them to the related tenant.

D. Configure an external syslog server for each tenant and apply all of them to the common tenant.

A Cisco ACI fabric is experiencing packet loss that originates from a bare metal server. The engineer must configure the syslog service to meet these requirements:
• The ACI syslog information must be collected with logging information from other network devices.
• The monitoring must only be performed on leaf 103 and leaf 104.
Which set of actions accomplishes these goals?

A. Configure the Syslog Monitoring Destination Group to remote server logging.Create an Access Monitoring policy for ingress and egress packet drops.Apply the Monitoring policy to the appropriate Switch Profile group.

B. Configure the Syslog Monitoring Destination Group to Console logging.Create a Fabric-Wide Monitoring policy for ingress packet drops.Apply the Monitoring policy to the appropriate Switch Profile group.

C. Configure the Syslog Monitoring Destination Group to Local File logging.Create a Fabric Monitoring policy for ingress and egress bytes.Apply the Monitoring policy to the appropriate Switch Profile group.

D. Configure the Syslog Monitoring Destination Group to Console logging.Create an Access Monitoring policy for egress packet drops.Apply the Monitoring policy to the appropriate Switch Profile group.

When Layer 3 routed traffic is destined to a Cisco ACI fabric, which mechanism does ACI use to detect silent hosts?

A. gratuitous ARP

B. ARP gleaning

C. proxy ARP

D. inverse ARP

A customer migrates a legacy environment to Cisco ACI. A Layer 2 trunk is configured to interconnect the two environments. The customer also builds ACI fabric in an application-centric mode. Which feature should be enabled in the bridge domain to reduce instability during the migration?

A. Set Multi-Destination Flooding to Flood in BD.

B. Enable Flood in Encapsulation.

C. Set Multi-Destination Flooding to Flood in Encapsulation.

D. Disable Endpoint Dataplane Learning

An engineer must advertise a bridge domain subnet out of the ACI fabric to an OSPF neighbor. Which two configuration steps are required? (Choose two.)

A. Add External Subnet for External EPG flag under External EPG

B. Configure Subnet scope to Advertised Externally

C. Configure the Subnet under the EPG level

D. Create Route Control Profile with the export direction under External EPG

E. Add L3Out profile to the bridge domain using Associated L3Outs section

An organization has encountered many STP-related issues in the past due to failed hardware components. They are in the process of long-term migration to a newly deployed ACI fabric. Senior engineers are worried that spanning-tree loops in the existing network may be extended to the ACI fabric. Which feature must be enabled on the ACI leaf ports to protect the fabric from spanning-tree loops?

A. BPDU Guard

B. per-VLAN MCP

C. Storm Control

D. BPDU Filter

An engineer is configuring a new user account in Cisco ACI. The new user will be assigned the role of fabric administrator. The fabric has only one tenant, so the engineer associated the new user account with a security domain for the tenant, as well as the security domain for the management tenant. Which configuration permits the new user with admin access to the fabric?

A. Associate the new user with the security domain all.

B. Grant the new user R/W access to the user and management tenant.

C. Add the DN uni/fabric under explicit rules.

D. Bind the security domain infra to the new user account.

An engineer must monitor a Cisco ACI fabric with SNMP. The “permit any contract” attribute is not configured in the fabric. Which action must be taken to receive SNMP traps from Cisco APIC?

A. Consume the inband contract from the out-of-band EPG.

B. Configure the OOB contract under the common tenant.

C. Add the UDP filter port 162 to the existing OOB contract.

D. Provide a standard contract under the user tenant.

A network engineer must design a method to allow the Cisco ACI to redirect traffic to the firewalls. Only traffic that matches specific L4-L7 policy rules should be redirected. The load must be distributed across multiple firewalls to scale the performance horizontally. Which action must be taken to meet these requirements?

A. Configure ACI Service Graph with Unidirectional PBR.

B. Implement ACI Service Graph with GIPo.

C. Implement ACI Service Graph Two Nodes with GIPo.

D. Configure ACI Service Graph with Symmetric PBR.

Which feature dynamically assigns or modifies the EPG association of virtual machines based on their attributes?

A. vzAny contracts

B. standard contracts

C. application EPGs

D. uSeg EPGs

Refer to the exhibit. An engineer is deploying a Cisco ACI fabric with an L2Out to external switches. The Cisco ACI fabric has just been deployed and follows the default forwarding behavior. Which two actions accomplish a loop free topology? (Choose two.)

A. Add ports Eth1/1 and Eth1/2 to the LACP port channel.

B. Enable MCP on the ports between the leafs and spine switches.

C. Disconnect the link between Leaf3 and Leaf4.

D. Implement LLDP on ports Eth1/1 and Eth1/2 on Leaf2.

E. Configure BPDU guard on Catalyst switch ports.

When the subnet is configured on a bridge domain, on which physical devices is the gateway IP address configured?

A. all leaf switches and all spine nodes

B. only spine switches where the bridge domain of the tenant is present

C. only leaf switches where the bridge domain of the tenant is present

D. all border leaf nodes where the bridge domain of the tenant is present

Refer to the exhibit. Endpoint-A must communicate with Endpoint-B, but Leaf-101 has not learned the location of Endpoint-B. Which step must Leaf-101 take before sending the data?

A. Leaf-101 forwards the packet to the anycast proxy VTEP IP.

B. Leaf-101 creates an eVXLAN tunnel to Leaf-104.

C. Leaf-101 sends the packet to the Spine-201.

D. Leaf-101 broadcasts an ARP request on a link to one of the spines.

An engineer must implement user activity tracking in the Cisco ACI with a solution that meets these requirements:
• All user activity that is related to the Cisco ACI infrastructure hardware must be tracked.
• All audit logs with severity level 5 and below must be collected and exported.
• Logs must be exported to a Security Information and Event Management (SIEM) appliance.
Which set of steps must be taken?

A. Create a Syslog Monitoring Destination Group with a remote destination of the SIEM device.Create a Tenant-level Syslog Source under the Monitoring section of the Tenant Tab.Select Audit Logs and a severity level of Warning,

B. Create a Syslog Monitoring Destination Group with a Local File destination.Create an Access-level Syslog Source under the Monitoring section of the Fabric Tab.Select Fault Logs and a severity level of Notification.

C. Create a Syslog Monitoring Destination Group with a remote destination of the SIEM device.Create a Fabric-level Syslog Source under the Monitoring section of the Fabric Tab.Select Audit Logs and a severity level of Notification.

D. Create a Syslog Monitoring Destination Group with Console Destination.Create a System-level Syslog Source under the Monitoring section of the System Tab.Select Session Logs and a severity level of Warning.

Which attribute should be configured for each user to enable RADIUS for external authentication in Cisco ACI?

A. cisco-security domain

B. cisco-auth-features

C. cisco-aci-role

D. cisco-av-pair

A Solutions Architect is asked to design two data centers based on Cisco ACI technology that can extend L2/L3, VXLAN, and network policy across locations. ACI
Multi-Pod has been selected. Which two requirements must be considered in this design? (Choose two.)

A. ACI underlay protocols, i.e. COOP, IS-IS and MP-BGP, spans across pods. Create QoS policies to make sure those protocols have higher priority.

B. A single APIC Cluster is required in a Multi-Pod design. It is important to place the APIC Controllers in different locations in order to maximize redundancy and reliability.

C. ACI Multi-Pod requires an IP Network supporting PIM-Bidir.

D. ACI Multi-Pod does not support Firewall Clusters across Pods. Firewall Clusters should always be local.

E. Multi-Pod requires multiple APIC Controller Clusters, one per pod. Make sure those clusters can communicate to each other through a highly available connection.

An engineer resolves an underlying condition of a fault but notices that the fault was not deleted from the Faults view. Which two actions must be taken to remove the fault? (Choose two.)

A. The raised condition ceases.

B. Faults are never deleted from the system.

C. The soaking timer expires.

D. Acknowledge the fault as an administrator.

E. The fault is deleted after the retention interval.

What is MP-BGP used for in Cisco ACI fabric?

A. MP-BGP VPNv4 AF is used as protocol on L3Out between a border leaf and an external router

B. MP-BGP Layer 2 VPN EVPN AF is used to propagate L3Out routes that are received from a border leaf

C. MP-BGP VPNv4 AF is used to propagate L3Out routes that are received from a border leaf to the fabric

D. MP-BGP VPNv4 AF is used between spines in an ACI Multi-Pod fabric to propagate the endpoint

How does Cisco ACI detect the IP address of a silent host that moved from one location to another without notifying a Cisco ACI leaf?

A. Silent hosts are detected by the ACI fabric.

B. Endpoint announce messages are sent to COOP.

C. ARP requests are flooded in the bridge domain.

D. Bounce entries are installed on the leaf switch.

Which type of port is used for in-band management within ACI fabric?

A. spine switch port

B. APIC console port

C. leaf access port

D. management port

Which role do interfaces Ethernet 1/49-50 have in this output?
 

A. leaf fabric ports

B. server fabric ports

C. leaf access ports

D. server uplink ports

An SNMP monitoring service is added to a Cisco ACI fabric. The solution must meet these requirements:
• The notification must be generated when significant events occur during hardware-related events.
• The notification system must be redundant by using multiple servers to receive the notifications.
Which set of actions meets these requirements?

A. Implement an SNMP Monitoring Destination Group.Associate the SNMP policy to the desired pod in the Pod Policies section under the Fabric tab.

B. Configure an SNMP policy with community policies in the Tenant section of the common tenant.Link the SNMP policy to the common tenant in the Monitoring Policies section under the Fabric tab.

C. Define an SNMP policy with community policies in the Fabric Policies section under the Fabric tab.Implement an SNMP Client Group Profile.

D. Configure an SNMP Monitoring Destination Group.Define an SNMP source by using the previously defined group in the Access Policies section under the Fabric tab.

An engineer configures SNMP for an ACI fabric and created an SNMP Monitoring Destination Group called snmp_dgroup1. Snmp_dgroup1 is configured with the server hostname and community password. An SNMP policy called snmp_podpolicy1 is configured to enable SNMP and add an SNMP Client Group Profile called snmp_clgroup1. Snmp_podpolicy1 is associated the default pod profile via a pod policy group named pod1. Which configuration set must the engineer enable to complete the SNMP configuration?

A. Configure the OOB management contract to permit UDP 162.Associate snmp_dgroup1 with the OOB management EPG.

B. Configure an SNMP management contract to permit all traffic.Associate snmp_podpolicy1 with an SNMP pod profile.

C. Configure an SNMP management contract to permit UDP 162.Associate the SNMP Source to snmp_clgroup1.

D. Configure the OOB management contract to permit all traffic.Associate snmp_clgroup1 with the SNMP management EPG.

Refer to the exhibit. A Cisco ACI environment hosts two e-commerce applications. The default contract from a common tenant between different application tiers is used, and the applications work as expected. The customer wants to move to more specific contracts to prevent unwanted traffic between EPGs. A network administrator creates the app-to-db contract to meet this objective for the application and database tiers. The application EPGs must communicate only with their respective database EPGs. How should this contract be configured to meet this requirement?

A. Set the app-to-db scope to Global.

B. Set the app-to-db scope to Application Profile.

C. Implement the app-to-db scope as VRF.

D. Implement the app-to-db as a Taboo contract.

Refer to the exhibit. A Cisco ACI fabric uses L3Out to connect with R1. The 192.168.1.0/24 subnet is received over the physical interface Eth1/1 of Leaf1 and Leaf2. Which set of actions must be taken to receive the 2001:db8::2:1 subnet over the interface Eth1/1 interface?

A. Create a new interface profile.Mark the IPv6 subnet as the export route control subnet.

B. Create a new interface profile.Mark the IPv6 subnet as the import route control subnet.

C. Use the current interface profile.Mark the IPv6 subnet as the export route control subnet.

D. Use the current interface profile.Mark the IPv6 subnet as the import route control subnet.

Refer to the exhibit. A Cisco ACI fabric has these configurations:
• VPC exists between Leaf2 and Leaf3.
• A switch profile called SW_Prof exists.
• A switch selector called SW_Selec exists.
• An interface selector named Int_Selec exists.
• An interface profile named Int_Prof exists.
Which two sets of actions must the engineer perform to connect Server1 to Leaf2 and Leaf3 using VPC? (Choose two.)

A. Map switch selector SW_Selec under switch profile SW_Prof.Add Leaf2 and Leaf3 node IDs under switch selector SW_Selec.Assign policy group to interface selector Int_Selec.

B. Add Leaf2 and Leaf3 node IDs under switch selector SW_Selec.Map switch profile SW_Prof under switch selector SW_Selec.Create the explicit VPC group from access policies.

C. Create the explicit VPC group from fabric policies.Map interface Eth1/1 under interface selector Int_Selec.Assign policy group to interface selector Int_Selec.

D. Add Leaf2 and Leaf3 node IDs under switch profile SW_Prof.Map Int_Selec under Int_Prof.Assign policy group to interface profile Int_Prof.

E. Create the explicit VPC group from access policies.Map Interface Eth1/1 under interface selector Int_Selec.Map Int_Selec under Int_Prof.

Which two external entities are referenced by an AEP? (Choose two.)

A. Layer 3 domain

B. Hypervisor

C. VMM domain

D. Fibre Channel switch

E. VMware vCenter server

Refer to the exhibit. A customer must back up the current Cisco ACI configuration securely to the remote location using encryption and authentication. The backup job must run once per day. The customer’s security policy mandates that any sensitive information including passwords must not be exported from the device. Which set of steps meets these requirements?

A. Export destination using FTP protocol.Use XML format.

B. Export destination using FTP protocol.Disable Global AES Encryption.

C. Export destination using SCP protocol.Disable Global AES Encryption.

D. Export destination using SCP protocol.Use XML format.

An engineer is creating a configuration import policy that must terminate if the imported configuration is incompatible with the existing system. Which import mode achieves this result?

A. merge

B. atomic

C. best effort

D. replace

An engineer must securely export Cisco APIC configuration snapshots to a secure, offsite location. The exported configuration must be transferred using an encrypted tunnel and encoded with a platform-agnostic data format that provides namespace support. Which configuration set must be used?

A. Policy: Export Policy -Protocol: TLS -Format: JSON

B. Policy: Import Policy -Protocol: TLS -Format: XML

C. Policy: Import Policy -Protocol: SCP -Format: JSON

D. Policy: Export Policy -Protocol: SCP -Format: XML

When does the Cisco ACI leaf learn a source IP or MAC as a remote endpoint?

A. When VXLAN traffic arrives on a leaf fabric port from the spine and outer source IP is in the Layer 3 Out EPG subnet range.

B. When VXLAN traffic arrives on a leaf fabric port from the spine and outer source IP is in the bridge domain subnets range.

C. When VXLAN traffic arrives on a leaf fabric port from the spine and inner source IP is in the Layer 3 Out EPG subnet range.

D. When VXLAN traffic arrives on a leaf fabric port from the spine and inner source IP is in the bridge domain subnets range.

An engineer must deploy Cisco ACI across 10 geographically separated data centers. Which ACI site deployment feature enables the engineer to control which bridge domains contain Layer 2 flooding?

A. GOLF

B. Multi-Site

C. Multi-Pod

D. Stretched Fabric

What two actions should be taken to deploy a new Cisco ACI Multi-Pod setup? (Choose two.)

A. Configure MP-BGP on IPN routers that face the Cisco ACI spines.

B. Connect all spines to the IPN.

C. Configure anycast RP for the underlying multicast protocol

D. Configure the TEP pool of the new pod to be routable across the IPN.

E. Increase interface MTU for all IPN routers to support VXLAN traffic.

Which Cisco APIC configuration prevents a remote network that is not configured on the bridge domain from being learned by the fabric?

A. enable Limit IP Learning to Subnet

B. enable Unicast Routing

C. enable IP Data-plane Learning

D. enable ARP Flooding to BD