Cisco 300-620 Online Practice Questions and Exam Preparation

Cisco 300-620 Online Questions & Answers

• Question 201:

  Refer to the exhibit.

  

  An engineer must disable the communication between the two backup servers in the backup EPG. Which action accomplishes this goal?

  A. Set Preferred Group Member to Excluded.
  B. Set the physical domain to None.
  C. Set a different static binding for the encap VLAN.
  D. Set Intra EPG Isolation to Enforced.
  D. Set Intra EPG Isolation to Enforced.

  ---

  Explanation/Reference:

• Question 202:

  An engineer must advertise a bridge domain subnet out of the ACI fabric to an OSPF neighbor. Which two configuration steps are required? (Choose two.)

  A. Add External Subnet for External EPG flag under External EPG
  B. Configure Subnet scope to Advertised Externally
  C. Configure the Subnet under the EPG level
  D. Create Route Control Profile with the export direction under External EPG
  E. Add L3Out profile to the bridge domain using Associated L3Outs section
  B. Configure Subnet scope to Advertised Externally
  E. Add L3Out profile to the bridge domain using Associated L3Outs section

  ---

  Explanation/Reference:

  https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/guide-c07-743150.html#3AdvertiseinternalroutesBDsubnetstoexternaldevices

  The key points here are as follows:

  1.

  Mark a BD subnet with an “Advertised Externally” scope.

  2.

  Associate the BD with the L3Out(s) that need(s) to advertise the BD subnet to the outside.

• Question 203:

  As part of a migration, legacy non-ACI switches must be connected to the Cisco ACI fabric. All non-ACI switches run per-VLAN RSTP. After the non-ACI switches are connected to Cisco ACI, the STP convergence caused a microloop and significant CPU spike on all switches. Which configuration on the interfaces of the external switches that face the Cisco ACI fabric resolves the problem?

  A. BPDU guard
  B. aggressive STP timers
  C. BPDU filtering
  D. STP type link shared
  D. STP type link shared

  ---

  Explanation/Reference:

• Question 204:

  A design requires a single APIC cluster to manage multiple pods that are part of one logical Cisco ACI fabric. Which ACI Anywhere architecture matches this requirement?

  A. Multi-Site
  B. Multi-Pod
  C. Remote Leaf
  D. service graph
  B. Multi-Pod

  ---

  Explanation

  The correct answer is B because Multi-Pod uses a single APIC cluster to manage multiple pods within one logical ACI fabric. Option A is incorrect because Multi-Site uses a dedicated APIC cluster per site. Option C is incorrect because Remote Leaf extends connectivity for leaf functionality but does not describe multiple pods under one APIC cluster. Option D is incorrect because a service graph is used for L4-L7 service insertion, not ACI Anywhere topology.

• Question 205:

  How is broadcast forwarded in Cisco ACI Multi-Pod after ARP flooding is enabled?

  A. Ingress replication is used on the spines to forward broadcast frames in the IPN infrastructure.
  B. Within a pod, the ingress leaf switch floods the broadcast frame on all fabric ports.
  C. Broadcast frames are forwarded inside the pod and across the IPN using the multicast address that is associated to the bridge domain.
  D. For the specific bridge domain, all spines forward the broadcast frames to IPN routers.
  C. Broadcast frames are forwarded inside the pod and across the IPN using the multicast address that is associated to the bridge domain.

  ---

  Explanation/Reference:

  Within ACI, all Bridge Domains are allocated a multicast address known as a Group IP Outer (or GIPo) address. All traffic that must be flooded within a Bridge Domain is flooded on this GIPo. https://www.cisco.com/c/en/us/support/docs/cloud-systems-management/application-policy-infrastructure-controller-apic/218013-troubleshoot-aci-intra-fabric-forwarding.html#anc23

• Question 206:

  What is a requirement for Cisco ACI IPN to manage multidestination traffic?

  A. pervasive gateway
  B. unicast routing
  C. anycast gateway
  D. multicast routing
  D. multicast routing

  ---

  Explanation/Reference:

  Connectivity and control

  From a data-plane standpoint, all the pods within the topology are interconnected using an IP routed Inter-Pod Network (IPN). The IPN is not managed by the APIC, instead the user would configure it separately. Connectivity within each pod to the IPN takes place on the spine nodes, but there is no requirement to connect every spine to the IPN. All inter-pod traffic is encapsulated with VXLAN. Multi-destination traffic is dispersed to the pods via multicast, so there is a requirement for the IPN to support PIM bidirectional mode multicast.

  The control-plane between the pods leverages MP-BGP EVPN. This is how endpoint information is advertised between the pods so that communication from an endpoint in one pod to an endpoint in another pod will be seamless.

• Question 207:

  Which service graph option creates a permit entry for the traffic from the provider EPG to the provider connector of the PBR node?

  A. direct connect
  B. promiscuous mode
  C. single context aware
  D. share encap
  A. direct connect

• Question 208:

  A network engineer is configuring syslogs in the Cisco ACI environment with these requirements:

  All message severities must be logged except for debugging messages.

  Messages must be compliant with RFC 5424 format.

  Logs must be saved only in a file on the APIC.

  Which settings must be used in the Syslog Monitoring Destination Group to meet these requirements?

  A. Format: ACI Local File Destination Admin State: Enabled Severity: Notifications Console Destination Admin State: Disabled
  B. Format: NX-OS Local File Destination Admin State: Disabled Severity: Emergencies Console Destination Admin State: Enabled
  C. Format: NX-OS Local File Destination Admin State: Disabled Severity: Alerts Console Destination Admin State: Enabled
  D. Format: ACI Local File Destination Admin State: Enabled Severity: Information Console Destination Admin State: Disabled
  D. Format: ACI Local File Destination Admin State: Enabled Severity: Information Console Destination Admin State: Disabled

• Question 209:

  An engineer must configure a new local user inside a Cisco ACI. The new user must meet these criteria:

  1.

  Must be provided with complete read-only access to the tenant.

  2.

  Must be permitted to create and delete EPGs within a specific tenant.

  3.

  Must not be allowed to modify any other objects within that tenant.

  The tenant and security domain association is already in place. Which configuration set configures the new tenant?

  A. Create a new role with tenant-admin privilege. Create the local user and assign it to the tenant-security domain. Add the tenant-security domain to the role admin with access privilege type Read. Add the tenant-security domain to the new role with access privilege type Write.
  B. Create a new role with tenant-epg privilege. Create the local user and assign it to the tenant-security domain. Add the tenant-security domain to the role read-all with access privilege type Read. Add the tenant-security domain to the new role with access privilege type Write.
  C. Create a new role with tenant-connectivity privilege. Create the local user and assign it to the tenant-security domain. Add the tenant-security domain to the role access-admin with access privilege type Read. Add the tenant-security domain to the new role with access privilege type Write.
  D. Create a new role with tenant-security privilege. Create the local user and assign it to the tenant-security domain. Add the tenant-security domain to the role tenant-admin with access privilege type Read. Add the tenant-security domain to the new role with access privilege type Write.
  B. Create a new role with tenant-epg privilege. Create the local user and assign it to the tenant-security domain. Add the tenant-security domain to the role read-all with access privilege type Read. Add the tenant-security domain to the new role with access privilege type Write.

  ---

  Explanation/Reference:

• Question 210:

  Refer to the exhibit.

  

  An engineer must implement the inter-tenant service graph. Which set of actions must be taken to accomplish this goal?

  A. Define the contract in the provider tenant and export it to the consumer tenant. Define the L4-L7 device, service graph template, and ASA bridge domains in the provider tenant.
  B. Define the contract in the provider tenant and export it to the consumer tenant. Define the L4-L7 device and service graph template in the provider tenant and the ASA bridge domains in the consumer tenant.
  C. Define the contract in the provider tenant and export it to the provider tenant. Define the L4-L7 device and service graph template in the provider tenant and the ASA bridge domains in the consumer tenant.
  D. Define the contract in the provider tenant and export it to the provider tenant. Define the L4-L7 device, service graph template, and ASA bridge domains in the consumer tenant.
  B. Define the contract in the provider tenant and export it to the consumer tenant. Define the L4-L7 device and service graph template in the provider tenant and the ASA bridge domains in the consumer tenant.

  ---

  Explanation/Reference: