Cisco 300-620 Online Practice Questions and Exam Preparation

Cisco 300-620 Online Questions & Answers

• Question 311:

  An engineer created a monitoring policy called Test in a Cisco ACI fabric and had to change the severity level of the monitored object Call home source.

  Which set of actions prevent the event from appearing in event reports?

  A. Select Faults Severity Assignment Policies. Set severity level to cleared.
  B. Select Event Severity Assignment Policies. Set severity level to squelched.
  C. Select Faults Severity Assignment Policies. Set severity level to squelched.
  D. Select Event Severity Assignment Policies. Set severity level to cleared.
  C. Select Faults Severity Assignment Policies. Set severity level to squelched.

  ---

  Explanation/Reference:

• Question 312:

  Refer to the exhibit.

  

  The 0.0.0.0/0 is configured as a default static route on L3Out-1. Which action should be taken for the 0.0.0.0/0 prefix to advertise out on L3Out-2 OSPF?

  A. Enable Export Route Control Subnet.
  B. Enable Shared Security Import Subnet.
  C. Enable Shared Route Control Subnet.
  D. Enable Aggregate Export Subnet.
  A. Enable Export Route Control Subnet.

  ---

  Explanation/Reference:

  Aggregate Export This option can be used only for 0.0.0.0/0 with “Export Route Control Subnet”. When both “Export Route Control Subnet” and “Aggregate Export” are enabled for 0.0.0.0/0, ACI creates an IP prefix-list with “0.0.0.0/0 le 32”, which matches any subnets. Thus, this option can be used when an L3Out needs to advertise (export) any routes to the outside.

• Question 313:

  An engineer must configure an export policy that regularly backs up Cisco APIC configuration to a remote location. The backup must be sent by using a secure and encrypted protocol. Which configuration set must be used?

  A. Configure the export policy with the required export destination. Set the export destination as TLS. Configure the scheduler with a maximum number of nodes.
  B. Configure the export policy with the required export destination. Set the export destination as SSH. Set the scheduler settings to recurring.
  C. Configure the export policy with the required export destination. Set the export destination as SCP. Set the scheduler settings to recurring.
  D. Configure the export policy with the required export destination. Set the export destination as AES. Configure the scheduler with a maximum number of nodes.
  A. Configure the export policy with the required export destination. Set the export destination as TLS. Configure the scheduler with a maximum number of nodes.

• Question 314:

  A network administrator configures AAA inside the Cisco ACI fabric. The authentication goes through the local users if the TACACS+ server is not reachable. If the Cisco APIC is out of the cluster, the access must be granted through the fallback domain. Which configuration set meets these requirements?

  A. Ping Check: True Default Authentication Realm: Local Fallback Check: True
  B. Ping Check: True Default Authentication Realm: TACACS+ Fallback Check: False
  C. Ping Check: False Default Authentication Realm: Local Fallback Check: False
  D. Ping Check: False Default Authentication Realm: TACACS+ Fallback Check: True
  B. Ping Check: True Default Authentication Realm: TACACS+ Fallback Check: False

  ---

  Explanation/Reference:

  Unclear what is supposed be the ping check Anyway Default Authentication Realm hall be TACACS+ and you shall not put fallback check on if required working fallback local authentication Note: Make sure to leave/set the Fallback Check property to false. Setting the Fallback Check property to true may cause local logins to fail. https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/kb/b_KB_ACI-TACACS-config.html

• Question 315:

  Refer to the exhibit.

  

  An engineer wants to initiate an ICMP ping from Server1 to Server2. The requirement is for the BD1 to enforce ICMP replies that follow the expected path. The packets must be prevented from taking the direct path from Leaf1 to Server1. Which action must be taken on BD1 to meet these requirements?

  A. Set L2 Unknown Unicast to Flood.
  B. Set L2 Unknown Unicast to Hardware Proxy.
  C. Disable Unicast Routing.
  D. Enable ARP Flooding.
  C. Disable Unicast Routing.

  ---

  Explanation/Reference:

• Question 316:

  Which IP address pool must be reachable across the backbone from the physical pod to the remote leaf?

  A. seed pod tunnel endpoint pool
  B. seed pod external tunnel endpoint pool
  C. remote leaf tunnel endpoint pool
  D. remote leaf external tunnel endpoint pool
  D. remote leaf external tunnel endpoint pool

• Question 317:

  Refer to the exhibit.

  

  A customer is deploying a WAN with these requirements:

  1.

  Routers 1 and 2 must receive only routes 192.168.11.0/24 and 192.168.21.0/24 from the Cisco ACI fabric.

  2.

  Reachability to the WAN users must be permitted only for the servers that are located in vrf_prod.

  Which settings must be configured to meet these objectives?

  A. Configure the subnets 192.168.11.0/24 and 192.168.21.0/24 as Private to VRF. Configure the subnet 192.168.31.0/24 as Advertised Externally. Configure an EPG subnet 0.0.0.0/0 as Shared Route Control Subnet.
  B. Configure the subnets 192.168.11.0/24 and 192.168.21.0/24 as Private to VRF. Configure the subnet 192.168.31.0/24 as Advertised Externally. Configure an EPG subnet 0.0.0.0/0 as External Subnets for External EPG.
  C. Configure the subnets 192.168.11.0/24 and 192.168.21.0/24 as Advertised Externally. Configure the subnet 192.168.31.0/24 as Private to VRF. Configure an EPG subnet 0.0.0.0/0 as External Subnets for External EPG.
  D. Configure the subnets 192.168.11.0/24 and 192.168.21.0/24 as Advertised Externally. Configure the subnet 192.168.31.0/24 as Private to VRF. Configure an EPG subnet 0.0.0.0/0 as Shared Route Control Subnet.
  C. Configure the subnets 192.168.11.0/24 and 192.168.21.0/24 as Advertised Externally. Configure the subnet 192.168.31.0/24 as Private to VRF. Configure an EPG subnet 0.0.0.0/0 as External Subnets for External EPG.

  ---

  Explanation/Reference:

• Question 318:

  When does the Cisco ACI leaf learn a source IP or MAC as a remote endpoint?

  A. When VXLAN traffic arrives on a leaf fabric port from the spine and outer source IP is in the Layer 3 Out EPG subnet range.
  B. When VXLAN traffic arrives on a leaf fabric port from the spine and outer source IP is in the bridge domain subnets range.
  C. When VXLAN traffic arrives on a leaf fabric port from the spine and inner source IP is in the Layer 3 Out EPG subnet range.
  D. When VXLAN traffic arrives on a leaf fabric port from the spine and inner source IP is in the bridge domain subnets range.
  D. When VXLAN traffic arrives on a leaf fabric port from the spine and inner source IP is in the bridge domain subnets range.

  ---

  Explanation/Reference:

  Inner source is BD subnet. Outer address is VXLAN TEP.

• Question 319:

  Refer to the exhibit.

  

  An engineer is migrating legacy servers into the Cisco ACI environment. The requirement is to ensure that all endpoints and MAC addresses are learned properly in legacy and Cisco ACI switches. Which configuration set must be configured under the bridge domain called bd_360 to accomplish this goal?

  A. L2 Unknown Unicast: Hardware Proxy ARP Flooding: Disabled
  B. L2 Unknown Unicast: Flood ARP Flooding: Enabled
  C. L2 Unknown Unicast: Hardware Proxy ARP Flooding: Enabled
  D. L2 Unknown Unicast: Flood ARP Flooding: Disabled
  B. L2 Unknown Unicast: Flood ARP Flooding: Enabled

  ---

  Explanation/Reference:

  ARP HW proxy is not suited for this scenario as the routing is outside ACI

• Question 320:

  A customer migrates a legacy environment to Cisco ACI. A Layer 2 trunk is configured to interconnect the two environments. The customer also builds ACI fabric in an application-centric mode.

  Which feature should be enabled in the bridge domain to reduce instability during the migration?

  A. Set Multi-Destination Flooding to Flood in BD.
  B. Enable Flood in Encapsulation.
  C. Set Multi-Destination Flooding to Flood in Encapsulation.
  D. Disable Endpoint Dataplane Learning
  C. Set Multi-Destination Flooding to Flood in Encapsulation.

  ---

  Explanation/Reference:

  Quite a few engineers have asked whether multiple EPGs associated with a single bridge domain can be extended to non-ACI switches outside a fabric. The answer is yes. Among the options for Multi Destination Flooding, administrators can choose Flood in Encapsulation at the bridge domain level to isolate flooding to each associated EPG.

  In the context of migrations, the use case many proponents of this feature have in mind is to consolidate multiple VLANs and subnets into a small number of bridge domains.