Cisco 300-620 Online Practice Questions and Exam Preparation

Cisco 300-620 Online Questions & Answers

• Question 251:

  An engineer configures an L3Out in VRF-1 that was configured for Import Route Control Enforcement. The L3Out uses OSPF to peer with a core switch. The L3Out has one external EPG, and it has been configured with a subnet 10.1.0.0/24. Which scope must be set to force 10.1.0.0/24 to populate in the routing table for VRF-1?

  A. Import Route Control Subnet
  B. External Subnet for External EPG
  C. Shared Route for External EPG
  D. Export Route Control Subnet
  A. Import Route Control Subnet

• Question 252:

  DRAG DROP

  An engineer must configure VMM domain integration on a Cisco UCS B-Series server that is connected to a Cisco ACI fabric. Drag and drop the products used to create VMM domain from the bottom into the sequence in which they should be implemented at the top. Products are used more than once.

  Select and Place:

  

  

  ---

  Explanation/Reference:

• Question 253:

  What represents the unique identifier of an ACI object?

  A. universal resource identifier (URI)
  B. application programming interface
  C. management information tree
  D. distinguished name
  D. distinguished name

• Question 254:

  The customer is looking for redundant interconnection of the existing network to the new ACI fabric. Unicast and multicast traffic must be routed between the two networks. Which L3Out implementation meets these requirements?

  

  A. Option A
  B. Option B
  C. Option C
  D. Option D
  B. Option B

  ---

  Explanation/Reference:

  PIMv4/PIM6 is supported on Layer 3 Out routed interfaces and routed subinterfaces including Layer 3 port-channel interfaces. In the 5.2(2) release and earlier, PIMv4/PIM6 is not supported on Layer 3 Out SVI interfaces. In the 5.2(3) release and later, PIMv4/PIM6 is supported on Layer 3 Out SVI interfaces https://www.cisco.com/c/en/us/td/docs/dcn/aci/apic/5x/l3-configuration/cisco-apic-layer-3-networking-configuration-guide-52x/ip-multicast-layer3-config-52x.html#id_21570

• Question 255:

  Refer to the exhibit.

  

  A four-node APIC cluster is deployed across two data centers. What happens to the database shards when DC1 with APIC1 and APIC2 fail?

  A. The blue shard remains in read-write mode, and green and red are inaccessible.
  B. The blue shard becomes primary, and green and red are standby.
  C. The blue shard remains in read-write mode, and green and red are in read-only mode.
  D. The red shard becomes primary, and blue and red are standby.
  C. The blue shard remains in read-write mode, and green and red are in read-only mode.

  ---

  Explanation/Reference:

  https://learnduty.com/articles/cisco-aci-apic-database-sharding-explained/

• Question 256:

  Refer to the exhibit.

  

  The engineering team restored the Cisco ACI fabric from a previous daily snapshot that was imported from a remote location. During the restore process, the team discovered that all password information was lost.

  Which set of steps must be used to prevent password loss in future system restores?

  A. Specify a secure transport protocol on the scheduler policy. Configure the configuration export policy with the required AES key.
  B. Enable global AES encryption on the configuration export policy. Use import replace mode on the configuration import policy.
  C. Specify a secure transport protocol on the scheduler policy. Configure the configuration import policy with the required AES key.
  D. Enable global AES encryption on the configuration export policy. Use import merge mode on the configuration import policy.
  B. Enable global AES encryption on the configuration export policy. Use import replace mode on the configuration import policy.

• Question 257:

  A bridge domain for a new endpoint group in the Cisco ACI fabric must meet these requirements:

  1.

  The bridge domain must function as the default gateway for the subnet so that routing remains within the Cisco ACI fabric.

  2.

  ARP requests must be managed via Layer 3 unicast packets or be dropped to reduce excessive broadcast traffic.

  3.

  The impact of misconfigured virtual machines must be kept to a minimum by preventing IP addresses outside of the configured subnet from being routed.

  Which set of actions must be taken?

  A. Disable ARP Flooding. Enable Limit IP Learning to Subnet. Enable Unicast Routing on the bridge domain and configure a subnet.
  B. Enable Limit IP Learning to Subnet. Enable Unicast Routing on the bridge domain and configure a subnet. Set Multi-Destination Flooding to Flood in BD.
  C. Set Endpoint Retention Policy to default. Enable ARP Flooding. Enable Unicast Routing on the bridge domain and configure a subnet.
  D. Enable Unicast Routing on the bridge domain and configure a subnet. Set L2 Unknown Unicast to Flood. Disable Endpoint Retention Policy.
  A. Disable ARP Flooding. Enable Limit IP Learning to Subnet. Enable Unicast Routing on the bridge domain and configure a subnet.

  ---

  Explanation/Reference:

  Unicast Routing: If this setting is enabled and a subnet address is configured, the fabric provides the default gateway function and routes the traffic. Enabling unicast routing also instructs the mapping database to learn the endpoint IP-to-VTEP mapping for this bridge domain. The IP learning is not dependent upon having a subnet configured under the bridge domain.

  Limit IP Learning To Subnet: Prevents the local IP endpoint from being learned outside the subnets configured on the bridge domain. Prevents mis-learning of IP addresses that may not belong to the fabric.

  ARP Flood is off: ARP Request is handled as L3 Unicast

• Question 258:

  An engineer wants to configure Cisco ACI switches to use authenticated ZMQ when communicating with the proxy spine.

  Which configuration allows MD5 ZMQ messages only?

  A. COOP Group policy in strict mode
  B. IS-IS password using MD5
  C. BGP password using MD5
  D. COOP Group policy in compatible mode
  A. COOP Group policy in strict mode

  ---

  Explanation/Reference:

  There are 2 choices, Compatible Type and Strict Type. Compatible Type accepts both MD5 authenticated and non-authenticated ZMQ connections, whereas Strict Type only allows MD5 authenticated ZMQ connections.

• Question 259:

  An engineer is implementing a Cisco ACI environment that consists of more than 20 servers. Two of the servers support only Cisco Discovery Protocol with no order link discovery protocol. The engineer wants the servers to be discovered automatically by the Cisco ACI fabric when connected. Which action must be taken to meet this requirement?

  A. Create an override policy that enables Cisco Discovery Protocol after LLDP is enabled in the default policy group.
  B. Configure a higher order interface policy that enables Cisco Discovery Protocol for the interface on the desired leaf switch.
  C. Configure a lower order policy group that enables Cisco Discovery Protocol for the interface on the desired leaf switch.
  D. Create an interface profile for the interface that disables LLDP on the desired switch that is referenced by the interface policy group.
  A. Create an override policy that enables Cisco Discovery Protocol after LLDP is enabled in the default policy group.

  ---

  Explanation/Reference:

  https://www.tejasjain.com/2019/10/cisco-aci-cdp-configuration.html

• Question 260:

  An engineer is validating the Cisco ACI fabric underlay after a new deployment. Which component maintains the COOP database for endpoint-to-location mappings?

  A. APIC controller
  B. leaf switch
  C. spine switch
  D. vCenter server
  C. spine switch

  ---

  Explanation

  The correct answer is C because the spine switches maintain the COOP database used to map endpoint information to the appropriate fabric location. Option A is incorrect because the APIC provides policy and management functions, not COOP endpoint mapping. Option B is incorrect because leaf switches learn local endpoints but do not host the COOP database. Option D is incorrect because vCenter is related to VMM integration, not ACI fabric endpoint control-plane operation.