[Req] Cisco 300-620 DCACI dump

[Bob1733]

1 hour ago, pif80 said:

@Bob1733hello ! yesterday I passed the exam 😃, I found at least 10 new questions  and 1 new d&d about radius config steps .. soon I will try to share a draft of the questions with arguments and possible answers

Thanks a lot. We wait.

Once again, congratulations!

[Bob1733]

A customer migrates a legacy environment to Cisco ACI. A Layer 2 trunk is configured to interconnect the two environments. The customer also builds ACI fabric in an application-centric mode. Which feature should be enabled in the bridge domain to reduce instability during the migration?

• A. Set Multi-Destination Flooding to Flood in BD.
• B. Enable Flood in Encapsulation.
• C. Set Multi-Destination Flooding to Flood in Encapsulation.
• D. Disable Endpoint Dataplane Learning

The Flood in Encapsulation option is used to limit flooding traffic inside the bridge domain to a single encapsulation. When two EPGs share the same bridge domain and Flood in Encapsulation is enabled, the EPG flooding traffic does not reach the other EPG. C looking better

 

i think better answer is C, not A.

[Bob1733]

@pif80, please, share the new questions.

[jay555]

thanks

[pif80]

@Bob1733Here a new D&D about RADIUS configuration action with OOB 

there are 6 option , only 4 need to be dragged  in the correct order:

1)specify and set cisco apic connectivity preference to oob

2) create radius provider group

3) set cisco apic connectivity preference to oob

4) create login domain  for radius

5) set cisco apic connectivity to inband 

6) create the radius provider

[pif80]

here 2 questions about Backup

1) an eng  must create backup ACI for DR..the backup must be transfer over secure and encrypt transport , data structure format Phyton and  password must also be saved

you have to choose one of the four apic  screenshot ..  i think the correct one is the only with protocol SCP , AES enabled and json format

2) an eng must backup tenant PRODUCTION ,conf backup should be stored in apic  using a markup language and contain all secure info .

which export policy must be used to meet req?

you have to choose one of the four apic  screenshot .. i think the correct one is the only with export destination Blank, flag snapshot enable , aes enable and target dn uni/tn-PRODUCTION 

[Bob1733]

@pif80, thanks

Tell me, there were the questions that I write below:

1. Using EPG extension, an engineer has moved all endpoints in a VLAN into an ACI fabric. When he moves the default gateway from traditional switches into the fabric, he suddenly loses all connectivity to the endpoints from outside the fabric. Which of the following are possible reasons this has taken place?  (Choose all that apply.)

a) The Layer 2 connection between ACI switches and non-ACI switches has been disconnected.
b) The bridge domain does not have an associated L3Out configured.
c) The subnet Scope parameter on the BD needs to be set to Advertised Externally.
d) No contracts have been associated with the EPG.

 

02. Which statements are correct regarding ACI support for BFD?

(Choose all that apply.)

a) BFD is supported for EIGRP, OSPF, and BGP in ACI.

b) BFD is supported on L3Out loopback interfaces.

c) BFD is supported for BGP prefix peers (dynamic neighbors).

d) BFD is supported on routed interfaces, routed subinterfaces, and SVIs.

 

03. Out of the following switches, which are spine platforms that support ACI Multi-Site?

(Choose all that apply.)

a) Nexus 93180YC-EX

b) Nexus 9364C

c) Nexus 9736C-FX line card

d) Nexus 9396PX

 

04. A user needs full read-only visibility into an ACI fabric. Which predefined security domain can be used to enable such visibility?

a) common

b) all

c) infra

d) fabric

 

 

[pif80]

32 minutes ago, Bob1733 said:

@pif80, thanks

Tell me, there were the questions that I write below:

1. Using EPG extension, an engineer has moved all endpoints in a VLAN into an ACI fabric. When he moves the default gateway from traditional switches into the fabric, he suddenly loses all connectivity to the endpoints from outside the fabric. Which of the following are possible reasons this has taken place?  (Choose all that apply.)

a) The Layer 2 connection between ACI switches and non-ACI switches has been disconnected.
b) The bridge domain does not have an associated L3Out configured.
c) The subnet Scope parameter on the BD needs to be set to Advertised Externally.
d) No contracts have been associated with the EPG.

 

02. Which statements are correct regarding ACI support for BFD?

(Choose all that apply.)

a) BFD is supported for EIGRP, OSPF, and BGP in ACI.

b) BFD is supported on L3Out loopback interfaces.

c) BFD is supported for BGP prefix peers (dynamic neighbors).

d) BFD is supported on routed interfaces, routed subinterfaces, and SVIs.

 

03. Out of the following switches, which are spine platforms that support ACI Multi-Site?

(Choose all that apply.)

a) Nexus 93180YC-EX

b) Nexus 9364C

c) Nexus 9736C-FX line card

d) Nexus 9396PX

 

04. A user needs full read-only visibility into an ACI fabric. Which predefined security domain can be used to enable such visibility?

a) common

b) all

c) infra

d) fabric

 

 

@Bob1733 sorry, none of these

[Bob1733]

45 minutes ago, pif80 said:

@Bob1733 sorry, none of these

Please tell me what is the correct answer for the new D&D about RADIUS?

[Bob1733]

Refer to the exhibit. An engineer configures the Cisco ACI fabric for VMM integration with ESXi servers that are to be connected to the ACI leaves. The server team requires the network switches to initiate the LACP negotiation as opposed to the servers. The LAG group consists of two 10 Gigabit Ethernet links. The server learn also wants to evenly distribute traffic across all available links. Which two enhanced LAG policies meet these requirements? (Choose two.)

    A. LACP Mode: LACP Standby
    B. LB Mode: Destination IP Address and TCP/UDP Port
    C. LB Mode: Source and Destination MAC Address
    D. LB Mode: Source IP Address and TCP/UDP Port
    E. LACP Mode: LACP Active

i think better answer is E and C, but I'm not sure
Friends, what do you say?

[Bob1733]

Guys who can help with the correct answer? Who has any new information on the exam, who took it recently?

[Bob1733]

Guys, I really ask for help. my exam is coming soon. Suggest new questions. Tell me the right solution for D&D:

there are 6 option , only 4 need to be dragged in the correct order:

1)specify and set cisco apic connectivity preference to oob
2) create radius provider group
3) set cisco apic connectivity preference to oob
4) create login domain for radius
5) set cisco apic connectivity to inband
6) create the radius provider

 

what better answer: 6 2 4 3 or 3 6 2 4 ?

 

=======================================================

Who can tell by D&D:

drag n drop:
where to config vlan pool,
where to config vcenter domain,
where to config vcenter/vshield controller ,
where to verify dvs,

 

[Bob1733]

Spoiler

This is the hidden content, please

• Sign In
• or
• Sign Up

 

This is the hidden content, please

• Sign In
• or
• Sign Up

 +

new question:
there is a group in which the servers live and must provide service on port 80. they must be accessible from the outside. when creating a contract, who should be the provider and who should be the consumer?

Answer - the EPG with services in the ACI must be a provider, the external L3Out EPG must be a consumer

Edited August 11, 2021 by Bob1733

[3jojo]

Hello guys

I have the exam next week could anyone please share the latest dump?

Thank you in advance 😉

[Ocek]

On 8/20/2021 at 3:16 PM, 3jojo said:

Hello guys

I have the exam next week could anyone please share the latest dump?

Thank you in advance 😉

same here

[xzeeshanmo]

did anyone take the exam recently. any updates 

 

Thanks

[thomisus]

have look at these questions, if you have any comments please share

 

An engineer must advertise a selection of external networks learned from a BGP neighbor into the ACI
fabric. Which L3Out subnet configuration option creates an inbound route map for route filtering?
A. External Subnets for the External EPG
B. Shared Route Control Subnet
C. Import Route Control Subnet
D. Shared Security Import Subnet

An engineer must set up a Cisco ACI fabric to send Syslog messages related to hardware events, such as
chassis line card failures. The messages should be sent to a dedicated Syslog server. Where in the Cisco
APIC should the policy be configured to meet this requirement?
A. uni/tn-common/monepg-default
B. uni/infra/monifra-default
C. uni/fabric/monfab-default
D. uni/fabric/moncommon

An engineer must implement management policy and data plane separation in the Cisco ACI fabric. Which
ACI object must be created in Cisco APIC to accomplish this goal?
A. Application profile
B. Tenant
C. Contract
D. Bridge domain

An engineer wants to monitor all configuration changes, threshold crossing, and link-state transitions in a
Cisco ACI fabric. Which action must be taken to receive the required messages?
A. Add Faults and Events to the monitor policy.
B. Add Session Logs and Audit Logs to the monitor policy.
C. Include Audit Logs and Events in the Syslog source policy.
D. Include Events and Session Logs in the Syslog source policy.

An organization has encountered many STP-related issues in the past due to failed hardware components.
They are in the process of long-term migration to a newly deployed ACI fabric. Senior engineers are worried
that spanning-tree loops in the existing network may be extended to the ACI fabric. Which feature must be
enabled on the ACI leaf ports to protect the fabric from spanning-tree loops?
A. BPDU Guard
B. per-VLAN MCP
C. Storm Control
D. BPDU Filter

A network engineer must design a method to allow the Cisco ACI to redirect traffic to the firewalls. Only
traffic that matches specific L4-L7 policy rules should be redirected. The load must be distributed across
multiple firewalls to scale the performance horizontally. Which action must be taken to meet these
requirements?
A. Configure ACI Service Graph with Unidirectional PBR.
B. Implement ACI Service Graph with GIPo.
C. Implement ACI Service Graph Two Nodes with GIPo.
D. Configure ACI Service Graph with Symmetric PBR.

An engineer created two interface protocol policies called Pol_CDP40275332 and Pol_LLDP46783451. The
policies must be used together in a single policy. Which ACI object must be used?
A. interface policy group
B. switch policy group
C. switch profile
D. interface profile

A systems engineer is implementing the Cisco ACI fabric. However, the Server2
information is missing from the Leaf 101 endpoint table and the COOP database of the spine. The
requirement is for the bridge domain configuration to enforce the ACI fabric to forward the unicast packets
generated by Server1 destined to Server2. Which action must be taken to meet these requirements?
A. Enable ARP Flooding
B. Set L2 Unknown Unicast to Flood
C. Set IP Data-Plane Learning to No
D. Enable Unicast Routing

An engineer must allow multiple external networks to communicate with internal ACI subnets. Which action
should the engineer take to assign the prefix to the class ID of the external Endpoint Group?
B9670B295EC4724B7AC7AF37296A4809
A. Enable the Export Route Control Subnet for the External Endpoint Group flag.
B. Enable an L3Out with Shared Route Control Subnet.
C. Configure subnets with the External Subnets for External EPG flag enabled.
D. Configure subnets with the Import Route Control Subnet flag enabled.

An engineer must ensure that Cisco ACI flushes the appropriate endpoints when a topology change
notification message is received in an MST domain. Which three steps are required to accomplish this
goal? (Choose three.)
A. Enable the BPDU interface controls under the spanning tree interface policy.
B. Configure a new STP interface policy.
C. Bind the spanning tree policy to the switch policy group.
D. Associate the STP interface policy to the appropriate interface policy group.
E. Create a new region policy under the spanning tree policy.
F. Map VLAN range to MAT instance number.

A Cisco ACI bridge domain and VRF are configured with a default data-plane learning configuration. Which
two endpoint attributes are programmed in the leaf switch when receiving traffic? (Choose two.)
A. Remote MAC, IP
B. Remote Subnet
C. Local IP, not MAC
D. Local MAC, IP
E. Local Subnet
F. Remote IP

 An engineer wants to initiate an ICMP ping from Server1 to Server2. The requirement
is for the BD1 to enforce ICMP replies that follow the expected path. The packets must be prevented from
taking the direct path from Leaf1 to Server1. Which action must be taken on BD1 to meet these
requirements?
A. Set L2 Unknown Unicast to Flood.
B. Set L2 Unknown Unicast to Hardware Proxy.
C. Disable Unicast Routing.
D. Enable ARP Flooding.

An engineer must configure a group of servers with a contract that uses TCP port 80. The EGP that
contains the web servers requires an external Layer 3 cloud to initiate communication. Which action must
be taken to meet these requirements?
A. Configure the EGP as a provider and L3 out as consumer of the contract.
B. Configure OSPF to exchange routes between the L3 out and EGP.
C. Configure a taboo contract and apply it to the EPG.
D. Configure the EPG as a consumer and L3 out as a provider of the contract.

The unicast routing feature is enabled on the bridge domain. Which two conditions enable the Cisco ACI
B9670B295EC4724B7AC7AF37296A4809
leaf to learn a source IP as a local endpoint? (Choose two.)
A. Through Ethernet traffic received in a bridge domain.
B. IP traffic routed through an SVI.
C. Through VXLAN traffic received on the uplink.
D. IP traffic routed through a Layer 3 Out.
E. Through ARP received on an SVI.

When does the Cisco ACI leaf learn a source IP or MAC as a remote endpoint?
A. When VXLAN traffic arrives on a leaf fabric port from the spine and outer source IP is in the Layer 3 Out
EPG subnet range.
B. When VXLAN traffic arrives on a leaf fabric port from the spine and outer source IP is in the bridge
domain subnets range.
C. When VXLAN traffic arrives on a leaf fabric port from the spine and inner source IP is in the Layer 3 Out
EPG subnet range.
D. When VXLAN traffic arrives on a leaf fabric port from the spine and inner source IP is in the bridge
domain subnets range.

The company ESXi infrastructure is hosted on the Cisco UCS-B Blade Servers. The company decided to
take advantage of ACI VMM integration to enable consistent enforcement of policies across virtual and
physical workloads. The requirement is to prevent the packet loss between the distributed virtual switch and
the ACI fabric. Which setting must be implemented on a vSwitch policy to accomplish this goal?
A. Static Channel
B. MAC Pinning
C. LACP
D. LLDP

An engineer is configuring ACI VMM domain integration with Cisco UCS-B Series. Which type of port
channel policy must be configured in the vSwitch policy?
A. LACP Active
B. MAC Pinning
C. LACP Passive
D. MAC Pinning-Physical-NIC-load

In-band is currently configured and used to manage the Cisco ACI fabric. The requirement is for leaf and
spine switches to use out-of-band management for NTP protocol. Which action accomplishes this goal?
A. Select Out-of-Band as Management EPG in the default DateTimePolicy.
B. Create an Override Policy with NTP Out-of-Band for leaf and spine switches.
C. Change the interface used for APIC external connectivity to ooband.
D. Add a new filter to the utilized Out-of-Band-Contract to allow NTP protocol.

An administrator must migrate the vSphere Management VMkernel of all ESXi hosts in the production
cluster from the standard default virtual switch to a VDS that is integrated with APIC in a VMM domain.
Which action must be completed in this scenario?
A. The Management VMkernel EPG resolution must be set to Pre-Provosion.
B. The administrator must create an in-band VMM Management EPG before performing the migration.
C. The administrator must set the Management VMkernel BD resolution immediacy to On-Demand.
D. The VMkernel Management BD must be located under the Management Tenant.

A customer implements RBAC on a Cisco APIC using a Windows RADIUS server that is configured with
network control policies. The APIC is as follows:
Tenant = TenantX
Security Domain = Tenantx-SD
User = X
The customer requires User X to have access to TenantX only, without any extra privilege in the Cisco ACI
fabric domain. Which Cisco AV pair must be implemented on the RADIUS server to meet these
requirement?
A. shell:domains = TenantX-SD/fabric-admin/,common//read-all
B. shell:domains = TenantX-SD/tenant-admin
B9670B295EC4724B7AC7AF37296A4809
C. shell:domains = TenantX-SD/tenant-ext-admin/,common//read-all
D. shell:domains = TenantX-SD/tenant-admin/,common//read-all

An engineer must create a backup of the Cisco ACI fabric for disaster recovery purposes. The backup must
be transferred over a secure and encrypted transport. The backup file must contain all user and password
related information. The engineer also wants to process and confirm the backup file validity by using a
Python script. This requires the data structure to have a format similar to a Python dictionary. Which
configuration set must be used to meet these requirements?
A. Under the Create Remote location settings, select Protocol: FTP
Under the Export policy, select
- Format: XML
- Modify Global AES Encryption Settings: Enabled
B. Under the Create Remote location settings, select Protocol: FTP
Under the Export policy, select
- Format: XML
- Modify Global AES Encryption Settings: Disabled
C. Under the Create Remote location settings, select Protocol: SCP
Under the Export policy, select
- Format: JSON
- Modify Global AES Encryption Settings: Disabled
D. Under the Create Remote location settings, select Protocol: SCP
Under the Export policy, select
- Format: JSON
- Modify Global AES Encryption Settings: Enabled

An application team tells the Cisco ACI network administrator that it wants to monitor the statistics of the
unicast and BUM traffic that are seen in a certain EPG. Which statement describes the collection statistics?
A. All EPGs in the Cisco ACI tenant object must be enabled for statistics to be collected.
B. Cisco ACI does not capture statistics at the EPG level. Only statistics that pass through ACI contracts
can be monitored.
C. EPG statistics can be collected only for VMM domains. If a physical domain exists, statistics are not
collected.
D. The collection of statistics is enabled on the EPG level by enabling the statistics for unicast and BUM
traffic.

Which routing protocol is supported between Cisco ACI spines and IPNs in a Cisco ACI Multi-Pod
environment?
A. OSPF
B. IS-IS
C. BGP
D. EIGRP

An engineer must deploy Cisco ACI across 10 geographically separated data centers. Which ACI site
deployment feature enables the engineer to control which bridge domains contain Layer 2 flooding?
A. GOLF
B. Multi-Site
C. Multi-Pod
D. Stretched Fabric

 

Edited September 9, 2021 by thomisus

[mohamadasl]

Hi Everyone,

Any hero here could share his latest exam experience using this dump?

Thanks

[Snoofix]

On 8/8/2021 at 9:55 AM, Bob1733 said:

Guys, I really ask for help. my exam is coming soon. Suggest new questions. Tell me the right solution for D&D:

there are 6 option , only 4 need to be dragged in the correct order:

1)specify and set cisco apic connectivity preference to oob
2) create radius provider group
3) set cisco apic connectivity preference to oob
4) create login domain for radius
5) set cisco apic connectivity to inband
6) create the radius provider

 

what better answer: 6 2 4 3 or 3 6 2 4 ?

 

Im Not 100% sure but I think could be the following options:

6) create the radius provider
1)specify and set cisco apic connectivity preference to oob
4) create login domain for radius
2) create radius provider group

------------------------------------

To configure the Cisco APIC for RADIUS access using the GUI, follow this procedure:
1. In the APIC, create the RADIUS provider through:
2. On the menu bar, click Admin > AAA > Authentication.
3. In the Work pane, choose RADIUS and then Actions > Create RADIUS Provider.
4. Specify the RADIUS hostname (or IP address), Authorization Port, Authorization Protocol, and Management EPG. If the Cisco APIC is configured for in-band management connectivity, out-of-band management does not work for authentication. You can set a global toggle between in-band and OOB as the default management connectivity between the Cisco APIC server and other external management devices. Hence, use the appropriate procedure (depending on your Cisco APIC software release) to toggle between in-band or OOB management according to your environment.
5. Create the login domain for RADIUS:
6. In the Navigation pane, choose AAA > Authentication.
7. In the Work pane, choose AAA and then Actions > Create Login Domain.
8. Specify the login domain name, description, choose the RADIUS realm, and add the appropriate providers.
 

[gemwk2]

Hi ,

 

Does anyone have a new dump?

 

Thanks

[Ssay]

Can any one share recent dumps please ?

[Snoofix]

Any update about this exame?

[Jzhead]

Any update ?

 

[Jzhead]

Any update ?

 

[cool1024]

Could anyone share recent dump file.