1. Home
  2. Cisco
  3. 300-620

Cisco 300-620 Online Practice Questions and Exam Preparation

300-620 Exam Details

  • Exam Code
    :300-620
  • Exam Name
    :Implementing Cisco Application Centric Infrastructure (DCACI)
  • Certification
    :CCNP Data Center
  • Vendor
    :Cisco
  • Total Questions
    :388 Q&As
  • Last Updated
    :May 29, 2026

Cisco 300-620 Online Questions & Answers

  • Question 291:

    An engineer configures a one-armed policy-based redirect service Insertion for an unmanaged firewall. The engineer configures these Cisco ACI objects:

    1.

    a contract named All_Traffic_Allowed

    2.

    a Layer 4 to Layer 7 device named FW-Device

    3.

    a policy-based redirect policy named FW-1Arm-Policy-Based RedirectPolicy

    Which configuration set redirects the traffic to the firewall?

    A. Configure a policy-based redirect subject. Associate the policy-based redirect subject with All_Traffic_Allowed.
    B. Configure a firewall bridge domain. Associate the bridge domain with FW-Device.
    C. Configure a device interface policy. Associate the device interface policy with FW-Device.
    D. Configure a service graph. Associate the service graph with All_Traffic_Allowed.

  • Question 292:

    Which two actions extend a Layer 2 domain beyond the ACI fabric? (Choose two.)

    A. extending the routed domain out of the ACI fabric
    B. creating a single homed Layer 3 Out
    C. creating an external physical network
    D. extending the bridge domain out of the ACI fabric
    E. extending the EPG out of the ACI fabric

  • Question 293:

    Refer to the exhibit.

    An engineer is deploying a Cisco ACI environment but experiences a STP loop between switch1 and switch2. Which configuration step is needed to break the STP loop?

    A. Configure a Layer 2 external bridged network on the interfaces facing the MST switches.
    B. Enable the native VLAN on the interfaces facing the MST switches using static ports in a dedicated EPG.
    C. Enable BPDU filter under the STP interface policy on the interfaces facing the MST switches.
    D. Configure the STP instance to VLAN mapping under the switch STP policy.

  • Question 294:

    Refer to the exhibit.

    A Cisco ACI fabric is configured using a VPC protection group with a setting of consecutive. Also, these ACI objects have been created:

    1. Access policy group Acc_Pol_Grp.

    2. STP policy STP_Pol

    Which action set must be taken to disable Eth1/1 when receiving BPDU from SW2?

    A. Enable BPDU guard on STP_Pol. Assign STP_Pol to Acc_Pol_Grp. Assign STP_Pol to Eth1/1.
    B. Enable BPDU guard on STP_Pol. Assign STP_Pol to Acc_Pol_Grp. Assign Acc_Pol_Grp to Eth1/1.
    C. Enable BPDU guard on Acc_Pol_Grp. Assign STP_Pol to Acc_Pol_Grp. Assign STP_Pol to Eth1/1.
    D. Enable BPDU guard on Acc_Pol_Grp. Assign STP_Pol to Acc_Pol_Grp. Assign Acc_Pol_Grp to Eth1/1.

  • Question 295:

    A Cisco ACI fabric is integrated with VMware VDS. The fabric must apply a security policy to check the integrity of traffic out of the network adapter. Which action must be taken to drop the packet when the ESXi host discovers a mismatch between the actual source MAC address transmitted by the guest operating system and the effective MAC address of the virtual machine adapter?

    A. Reject MAC changes.
    B. Reject forged transmits.
    C. Accept MAC changes.
    D. Accept forged transmits.

  • Question 296:

    Refer to the exhibit.

    How are the STP BPDUs forwarded over Cisco ACI fabric?

    A. Cisco ACI acts as the STP root for all three external switches.
    B. STP BPDUs that are generated by Switch2 are received by Switch1 and Switch3.
    C. STP BPDUs that are generated by Switch1 are received only by Switch3.
    D. Cisco ACI fabric drops all STP BPDUs that are generated by the external switches.

  • Question 297:

    An engineer must ensure that Cisco ACI flushes the appropriate endpoints when a topology change notification message is received in an MST domain. Which three steps are required to accomplish this goal? (Choose three.)

    A. Enable the BPDU interface controls under the spanning tree interface policy.
    B. Configure a new STP interface policy.
    C. Bind the spanning tree policy to the switch policy group.
    D. Associate the STP interface policy to the appropriate interface policy group.
    E. Create a new region policy under the spanning tree policy.
    F. Map VLAN range to MST instance number.

  • Question 298:

    Refer to the exhibit.

    A load balancer is connected to the Cisco ACI fabric using a single interface. The load balancer is performing source and destination NAT. A service graph is configured on the Cisco ACI. Which action must be taken to allow traffic from host A to pass through the load balancer before reaching host B?

    A. Apply PBR on contract between the load balancer and application EPGs.
    B. Disable unicast routing on the bridge domain BD_2.
    C. Configure limit IP learning to subnet on BD_3.
    D. Set the default gateway for host B on the load balancer.

  • Question 299:

    How is an EPG extended outside of the ACI fabric?

    A. Create an external bridged network that is assigned to a leaf port.
    B. Create an external routed network that is assigned to an EPG.
    C. Enable unicast routing within an EPG.
    D. Statically assign a VLAN ID to a leaf port in an EPG.

  • Question 300:

    A 200-node Cisco ACI fabric with dual-homed servers is being affected by a newly discovered vulnerability and must be upgraded within 15 days with minimum downtime.

    Which two actions accomplish this goal? (Choose two.)

    A. Set the concurrent capacity of the update/maintenance group to 0.
    B. Deregister the Cisco Nexus switches from the APIC and upgrade.
    C. Configure multiple schedulers to upgrade two update groups per evening.
    D. Automate the upgrade by upgrading the leaf switches directly bypassing the APIC.
    E. Divide the ACI nodes into multiple odd/even update groups that contain no more than 10 nodes.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-620 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.