1. Home
  2. Cisco
  3. 300-620

Cisco 300-620 Online Practice Questions and Exam Preparation

300-620 Exam Details

  • Exam Code
    :300-620
  • Exam Name
    :Implementing Cisco Application Centric Infrastructure (DCACI)
  • Certification
    :CCNP Data Center
  • Vendor
    :Cisco
  • Total Questions
    :388 Q&As
  • Last Updated
    :May 29, 2026

Cisco 300-620 Online Questions & Answers

  • Question 271:

    An engineer is preparing access policies for a host-facing interface. Which object is used to combine interface-level policies such as CDP and LLDP into one reusable attachment point?

    A. interface profile
    B. interface policy group
    C. switch profile
    D. pod policy group

  • Question 272:

    A company is implementing a new security policy to track system access, configuration, and changes. The network engineer must enable the log collection to track user login and logout attempts. In addition, any configuration changes such as a fabric node failure must be collected in the logs. The syslog policy is configured to send logs to the company SEIM appliance.

    Which two log types must be enabled to meet the security requirements? (Choose two.)

    A. error
    B. audit
    C. fault
    D. event
    E. health

  • Question 273:

    All workloads in VLAN 1001 have been migrated into EPG-1001. The requirement is to move the gateway address for VLAN 1001 from the core outside the Cisco ACI fabric into the Cisco ACI fabric. The endpoints in EPG-1001 must route traffic to endpoints in other EPGs and minimize flooded traffic in the fabric. Which configuration set is needed on the bridge domain to meet these requirements?

    A. Enable Flood Enable Unicast Routing
    B. Disable Local IP Learning Limit Disable Unicast Routing
    C. Disable ARP Flood Disable Limit Endpoint Learning
    D. Enable Hardware Proxy Enable Unicast Routing

  • Question 274:

    A network team is configuring management-plane separation so operators can reach APICs and switches over the production network instead of the dedicated management ports. Which management model is being implemented?

    A. out-of-band management
    B. in-band management
    C. remote leaf management
    D. VMM management

  • Question 275:

    A security team wants remote configuration backups of Cisco APIC to be transferred over an encrypted transport while excluding secure properties such as passwords from the exported file. Which combination meets the requirement?

    A. SCP with AES encryption enabled
    B. FTP with JSON format
    C. SCP with AES encryption disabled
    D. TFTP with XML format

  • Question 276:

    An engineer is configuring a new user account in Cisco ACI. The new user will be assigned the role of fabric administrator. The fabric has only one tenant, so the engineer associated the new user account with a security domain for the tenant, as well as the security domain for the management tenant.

    Which configuration permits the new user with admin access to the fabric?

    A. Associate the new user with the security domain all.
    B. Grant the new user R/W access to the user and management tenant.
    C. Add the DN uni/fabric under explicit rules.
    D. Bind the security domain infra to the new user account.

  • Question 277:

    Refer to the exhibit.

    A Cisco ACI fabric uses L3Out to connect with R1. The 192.168.1.0/24 subnet is received over the physical interface Eth1/1 of Leaf1 and Leaf2. Which set of actions must be taken to receive the 2001:db8::2:1 subnet over the interface Eth1/1 interface?

    A. Create a new interface profile. Mark the IPv6 subnet as the export route control subnet.
    B. Create a new interface profile. Mark the IPv6 subnet as the import route control subnet.
    C. Use the current interface profile. Mark the IPv6 subnet as the export route control subnet.
    D. Use the current interface profile. Mark the IPv6 subnet as the import route control subnet.

  • Question 278:

    Refer to the exhibit.

    An administrator configures inter-VRF route leaking between Production:vrf-prod and Non-Production:vrf-nonprod. However, the route in the Non-Production:vrf-nonprod VRF to the production tenant is missing. Which action resolves the VRF route leaking issue?

    A. Change the contract scope to Global.
    B. Enable the Shared between VRFs option for the BD subnet in the production VRF.
    C. Enable the Shared between VRFs option for the EPG subnet in the non-production VRF.
    D. Export the contract from provider to consumer tenant.

  • Question 279:

    Refer to the exhibit.

    A network engineer deploys Cisco APIC for the first time. Which connectivity type must be used to connect a Cisco ACI APIC node to connect to an out-of-band segment?

    A. 4. 1-Gb Ethernet dedicated management port
    B. 5. Serial port (RJ-45 connector)
    C. 9. VIC 1455 with external 10/25-Gigabit Ethernet ports
    D. 2. Dual 1-Gb/10-Gb Ethernet ports (LAN1 and LAN2)

  • Question 280:

    Refer to the exhibit.

    A network engineer must complete the Cisco ACI implementation based on the logical system design created by the systems architect. Which Cisco ACI object is required where the dotted line indicates to complete the task?

    A. contract
    B. application profile
    C. context
    D. attachable Access Entity Profile

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-620 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.