All nodes in a Cisco ACI fabric are raising NTP faults. The Date and Time policy is configured with the IP address of two NTP servers and both servers are reachable via the out-of-band management network. Also, the out-of-band EPG has been selected as the management EPG. Which configuration clears the NTP faults?
A. Add the NTP server IPs to the external management instance profile. B. Create a node management address policy that includes all nodes in the fabric. C. Configure and apply an out-of-band contract to the out-of-band EPG. D. Directly attach both NTP servers to the Cisco ACI fabric via a leaf switch.
A. Add the NTP server IPs to the external management instance profile.
Question 32:
An engineer configures a Cisco ACI Multi-Pod for disaster recovery. Which action should be taken for the new nodes to be discoverable by the existing Cisco APICs?
A. Configure IGMPv3 on the interfaces of IPN routers that face the Cisco ACI spine. B. Enable subinterfaces with dot1q tagging on all links between the IPN routers. C. Enable DHCP relay on all links that are connected to Cisco ACI spines on IPN devices. D. Configure BGP as the underlay protocol in IPN.
A. Configure IGMPv3 on the interfaces of IPN routers that face the Cisco ACI spine.
Explanation/Reference:
DHCP relay support: One of the nice functionalities offered by the ACI Multi-Pod solution is the capability of allowing auto-provisioning of configuration for all the ACI devices deployed in remote Pods. This allows those remote Pods to join the Multi-Pod fabric with zero-touch configuration, as it normally happens to ACI nodes part of the same fabric (Pod).
Question 33:
Three application endpoint groups (EPGs) must be trunked using VLAN 1501 on leaf 101.
Which set of actions completes the configuration?
A. Deploy the three EPGs on different ports on leaf 101. Associate the three EPGs to different bridge domains. Set port scope to local. Map the three EPGs to the same physical domain. B. Deploy the three EPGs on different ports on leaf 101. Associate the three EPGs to different bridge domains. Set port scope to global. Map the three EPGs to the same physical domain. C. Deploy the three EPGs on different ports on leaf 101. Associate the three EPGs to different bridge domains. Set port scope to local. Map the three EPGs to different physical domain. D. Deploy the three EPGs on the same port on leaf 101. Associate the three EPGs to the same bridge domains. Set port scope to local. Map the three EPGs to different physical domain.
A. Deploy the three EPGs on different ports on leaf 101. Associate the three EPGs to different bridge domains. Set port scope to local. Map the three EPGs to the same physical domain.
Question 34:
An engineer configures two Cisco ACI leaf switches called Leaf1 and Leaf2 as VPC peers. The server called S1 is connected to Leaf1 with a port channel interface. How is S1 learned in the endpoint table of Leaf2?
A. remote endpoint B. bounce entry endpoint C. local endpoint D. on-peer endpoint
D. on-peer endpoint
Question 35:
In a Cisco ACI fabric, an endpoint moves between two leaf switches during a virtual machine migration. Which action does Cisco ACI take to minimize the impact to traffic during this event?
A. A new leaf switch updates a COOP database on the spine, which causes the old leaf switch to install a bounce entry. B. A new leaf switch sends a COOP message to the Cisco APIC cluster to populate a new location of the endpoint. C. A new leaf switch sends a COOP message directly to the old leaf switch to update it with new information about the endpoint move. D. A new leaf switch floods GARP to every other leaf switch in the fabric, which advertises a new endpoint location to the fabric.
A. A new leaf switch updates a COOP database on the spine, which causes the old leaf switch to install a bounce entry.
Explanation/Reference:
There are several scenarios in which an endpoint moves between two Cisco ACI leaf switches, such as a failover event or a virtual machine migration in a hypervisor environment. Cisco ACI data-plane endpoint learning detects these events quickly and updates the Cisco ACI endpoint database on a new leaf. In addition to data-plane learning, Cisco ACI uses bounce entries to manage the old endpoint information on the original leaf.
When a new local endpoint is detected on a leaf, the leaf updates the COOP database on spine switches with its new local endpoint. If the COOP database has already learned the same endpoint from another leaf, COOP will recognize this event as an endpoint move and report this move to the original leaf that contained the old endpoint information. The old leaf that receives this notification will delete its old endpoint entry and create a bounce entry, which will point to the new leaf. A bounce entry is basically a remote endpoint created by COOP communication instead of data-plane learning.
Question 36:
An engineer must configure a Layer 3 connection to the WAN router. The hosts in production VRF must access WAN subnets. The engineer associates EPGs in the production VRF with the external routed domain. Which action completes the task?
A. Configure the Export Route Control Subnet scope for the external EPG. B. Configure the External Subnets for the External EPG scope for the external EPG. C. Configure the Import Route Control Subnet scope for the external EPG. D. Configure the Shared Route Control Subnet scope for the external EPG.
B. Configure the External Subnets for the External EPG scope for the external EPG.
Explanation/Reference:
External Subnets for the External EPG (also called Security Import Subnet) - This option does not control the movement of routing information into or out of the fabric. If you want traffic to flow from one external EPG to another external EPG or to an internal EPG, the subnet must be marked with this control. If you do not mark the subnet with this control, then routes learned from one EPG are advertised to the other external EPG, but packets are dropped in the fabric. The drops occur because the APIC operates in a allowed list model where the default behavior is to drop all data plane traffic between EPGs, unless it is explicitly permitted by a contract. The allowed list model applies to external EPGs and application EPGs. When using security policies that have this option configured, you must configure a contract and a security prefix.
Question 37:
An engineer configured Layer 2 extension from the ACI fabric and changed the Layer 2 unknown unicast policy from Flood to Hardware Proxy. How does this change affect the flooding of the L2 unknown unicast traffic?
A. It is forwarded to one of the spines to perform as a spine proxy. B. It is flooded within the whole fabric. C. It is dropped by the leaf when the destination endpoint is not present in the endpoint table. D. It is forwarded to one of the APICs to perform as a proxy.
A. It is forwarded to one of the spines to perform as a spine proxy.
A Cisco ACI fabric is built to monitor and manage APIC devices using SNMP.
Which action allows SNMP to receive traps from APIC controllers?
A. Add a deny any rule under out-of-band contract. B. Permit UDP port 162 on the filter entry of the default subject. C. Consume out-of-band contract from the common tenant. D. Provide a standard contract under the management tenant.
B. Permit UDP port 162 on the filter entry of the default subject.
Question 40:
An administrator must migrate the vSphere Management VMkernel of all ESXi hosts in the production cluster from the standard default virtual switch to a VDS that is integrated with APIC in a VMM domain. Which action must be completed in this scenario?
A. The Management VMkernel EPG resolution must be set to Pre-Provision. B. The administrator must create an in-band VMM Management EPG before performing the migration. C. The administrator must set the Management VMkernel BD resolution immediacy to On-Demand. D. The VMkernel Management BD must be located under the Management Tenant.
A. The Management VMkernel EPG resolution must be set to Pre-Provision.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Cisco exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 300-620 exam preparations
and Cisco certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.