Bob1733 Posted July 30, 2021 Author Share Posted July 30, 2021 1 hour ago, pif80 said: @Bob1733hello ! yesterday I passed the exam 😃, I found at least 10 new questions and 1 new d&d about radius config steps .. soon I will try to share a draft of the questions with arguments and possible answers Thanks a lot. We wait. Once again, congratulations! Link to comment Share on other sites More sharing options...
Bob1733 Posted August 2, 2021 Author Share Posted August 2, 2021 A customer migrates a legacy environment to Cisco ACI. A Layer 2 trunk is configured to interconnect the two environments. The customer also builds ACI fabric in an application-centric mode. Which feature should be enabled in the bridge domain to reduce instability during the migration? A. Set Multi-Destination Flooding to Flood in BD. B. Enable Flood in Encapsulation. C. Set Multi-Destination Flooding to Flood in Encapsulation. D. Disable Endpoint Dataplane Learning The Flood in Encapsulation option is used to limit flooding traffic inside the bridge domain to a single encapsulation. When two EPGs share the same bridge domain and Flood in Encapsulation is enabled, the EPG flooding traffic does not reach the other EPG. C looking better i think better answer is C, not A. Link to comment Share on other sites More sharing options...
Bob1733 Posted August 2, 2021 Author Share Posted August 2, 2021 @pif80, please, share the new questions. Link to comment Share on other sites More sharing options...
jay555 Posted August 2, 2021 Share Posted August 2, 2021 thanks Link to comment Share on other sites More sharing options...
pif80 Posted August 2, 2021 Share Posted August 2, 2021 @Bob1733Here a new D&D about RADIUS configuration action with OOB there are 6 option , only 4 need to be dragged in the correct order: 1)specify and set cisco apic connectivity preference to oob 2) create radius provider group 3) set cisco apic connectivity preference to oob 4) create login domain for radius 5) set cisco apic connectivity to inband 6) create the radius provider Link to comment Share on other sites More sharing options...
pif80 Posted August 2, 2021 Share Posted August 2, 2021 here 2 questions about Backup 1) an eng must create backup ACI for DR..the backup must be transfer over secure and encrypt transport , data structure format Phyton and password must also be saved you have to choose one of the four apic screenshot .. i think the correct one is the only with protocol SCP , AES enabled and json format 2) an eng must backup tenant PRODUCTION ,conf backup should be stored in apic using a markup language and contain all secure info . which export policy must be used to meet req? you have to choose one of the four apic screenshot .. i think the correct one is the only with export destination Blank, flag snapshot enable , aes enable and target dn uni/tn-PRODUCTION 1 Link to comment Share on other sites More sharing options...
Bob1733 Posted August 3, 2021 Author Share Posted August 3, 2021 @pif80, thanks Tell me, there were the questions that I write below: 1. Using EPG extension, an engineer has moved all endpoints in a VLAN into an ACI fabric. When he moves the default gateway from traditional switches into the fabric, he suddenly loses all connectivity to the endpoints from outside the fabric. Which of the following are possible reasons this has taken place? (Choose all that apply.) a) The Layer 2 connection between ACI switches and non-ACI switches has been disconnected. b) The bridge domain does not have an associated L3Out configured. c) The subnet Scope parameter on the BD needs to be set to Advertised Externally. d) No contracts have been associated with the EPG. 02. Which statements are correct regarding ACI support for BFD? (Choose all that apply.) a) BFD is supported for EIGRP, OSPF, and BGP in ACI. b) BFD is supported on L3Out loopback interfaces. c) BFD is supported for BGP prefix peers (dynamic neighbors). d) BFD is supported on routed interfaces, routed subinterfaces, and SVIs. 03. Out of the following switches, which are spine platforms that support ACI Multi-Site? (Choose all that apply.) a) Nexus 93180YC-EX b) Nexus 9364C c) Nexus 9736C-FX line card d) Nexus 9396PX 04. A user needs full read-only visibility into an ACI fabric. Which predefined security domain can be used to enable such visibility? a) common b) all c) infra d) fabric Link to comment Share on other sites More sharing options...
pif80 Posted August 3, 2021 Share Posted August 3, 2021 32 minutes ago, Bob1733 said: @pif80, thanks Tell me, there were the questions that I write below: 1. Using EPG extension, an engineer has moved all endpoints in a VLAN into an ACI fabric. When he moves the default gateway from traditional switches into the fabric, he suddenly loses all connectivity to the endpoints from outside the fabric. Which of the following are possible reasons this has taken place? (Choose all that apply.) a) The Layer 2 connection between ACI switches and non-ACI switches has been disconnected. b) The bridge domain does not have an associated L3Out configured. c) The subnet Scope parameter on the BD needs to be set to Advertised Externally. d) No contracts have been associated with the EPG. 02. Which statements are correct regarding ACI support for BFD? (Choose all that apply.) a) BFD is supported for EIGRP, OSPF, and BGP in ACI. b) BFD is supported on L3Out loopback interfaces. c) BFD is supported for BGP prefix peers (dynamic neighbors). d) BFD is supported on routed interfaces, routed subinterfaces, and SVIs. 03. Out of the following switches, which are spine platforms that support ACI Multi-Site? (Choose all that apply.) a) Nexus 93180YC-EX b) Nexus 9364C c) Nexus 9736C-FX line card d) Nexus 9396PX 04. A user needs full read-only visibility into an ACI fabric. Which predefined security domain can be used to enable such visibility? a) common b) all c) infra d) fabric @Bob1733 sorry, none of these Link to comment Share on other sites More sharing options...
Bob1733 Posted August 3, 2021 Author Share Posted August 3, 2021 45 minutes ago, pif80 said: @Bob1733 sorry, none of these Please tell me what is the correct answer for the new D&D about RADIUS? Link to comment Share on other sites More sharing options...
Bob1733 Posted August 4, 2021 Author Share Posted August 4, 2021 Refer to the exhibit. An engineer configures the Cisco ACI fabric for VMM integration with ESXi servers that are to be connected to the ACI leaves. The server team requires the network switches to initiate the LACP negotiation as opposed to the servers. The LAG group consists of two 10 Gigabit Ethernet links. The server learn also wants to evenly distribute traffic across all available links. Which two enhanced LAG policies meet these requirements? (Choose two.) A. LACP Mode: LACP Standby B. LB Mode: Destination IP Address and TCP/UDP Port C. LB Mode: Source and Destination MAC Address D. LB Mode: Source IP Address and TCP/UDP Port E. LACP Mode: LACP Active i think better answer is E and C, but I'm not sure Friends, what do you say? Link to comment Share on other sites More sharing options...
Bob1733 Posted August 5, 2021 Author Share Posted August 5, 2021 Guys who can help with the correct answer? Who has any new information on the exam, who took it recently? Link to comment Share on other sites More sharing options...
Bob1733 Posted August 8, 2021 Author Share Posted August 8, 2021 Guys, I really ask for help. my exam is coming soon. Suggest new questions. Tell me the right solution for D&D: there are 6 option , only 4 need to be dragged in the correct order: 1)specify and set cisco apic connectivity preference to oob 2) create radius provider group 3) set cisco apic connectivity preference to oob 4) create login domain for radius 5) set cisco apic connectivity to inband 6) create the radius provider what better answer: 6 2 4 3 or 3 6 2 4 ? ======================================================= Who can tell by D&D: drag n drop: where to config vlan pool, where to config vcenter domain, where to config vcenter/vshield controller , where to verify dvs, Link to comment Share on other sites More sharing options...
Bob1733 Posted August 11, 2021 Author Share Posted August 11, 2021 (edited) Spoiler This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up + new question: there is a group in which the servers live and must provide service on port 80. they must be accessible from the outside. when creating a contract, who should be the provider and who should be the consumer? Answer - the EPG with services in the ACI must be a provider, the external L3Out EPG must be a consumer Edited August 11, 2021 by Bob1733 12 2 Link to comment Share on other sites More sharing options...
3jojo Posted August 20, 2021 Share Posted August 20, 2021 Hello guys I have the exam next week could anyone please share the latest dump? Thank you in advance 😉 1 Link to comment Share on other sites More sharing options...
Ocek Posted August 23, 2021 Share Posted August 23, 2021 On 8/20/2021 at 3:16 PM, 3jojo said: Hello guys I have the exam next week could anyone please share the latest dump? Thank you in advance 😉 same here 1 Link to comment Share on other sites More sharing options...
xzeeshanmo Posted August 29, 2021 Share Posted August 29, 2021 did anyone take the exam recently. any updates Thanks 1 Link to comment Share on other sites More sharing options...
thomisus Posted September 8, 2021 Share Posted September 8, 2021 (edited) have look at these questions, if you have any comments please share An engineer must advertise a selection of external networks learned from a BGP neighbor into the ACI fabric. Which L3Out subnet configuration option creates an inbound route map for route filtering? A. External Subnets for the External EPG B. Shared Route Control Subnet C. Import Route Control Subnet D. Shared Security Import Subnet An engineer must set up a Cisco ACI fabric to send Syslog messages related to hardware events, such as chassis line card failures. The messages should be sent to a dedicated Syslog server. Where in the Cisco APIC should the policy be configured to meet this requirement? A. uni/tn-common/monepg-default B. uni/infra/monifra-default C. uni/fabric/monfab-default D. uni/fabric/moncommon An engineer must implement management policy and data plane separation in the Cisco ACI fabric. Which ACI object must be created in Cisco APIC to accomplish this goal? A. Application profile B. Tenant C. Contract D. Bridge domain An engineer wants to monitor all configuration changes, threshold crossing, and link-state transitions in a Cisco ACI fabric. Which action must be taken to receive the required messages? A. Add Faults and Events to the monitor policy. B. Add Session Logs and Audit Logs to the monitor policy. C. Include Audit Logs and Events in the Syslog source policy. D. Include Events and Session Logs in the Syslog source policy. An organization has encountered many STP-related issues in the past due to failed hardware components. They are in the process of long-term migration to a newly deployed ACI fabric. Senior engineers are worried that spanning-tree loops in the existing network may be extended to the ACI fabric. Which feature must be enabled on the ACI leaf ports to protect the fabric from spanning-tree loops? A. BPDU Guard B. per-VLAN MCP C. Storm Control D. BPDU Filter A network engineer must design a method to allow the Cisco ACI to redirect traffic to the firewalls. Only traffic that matches specific L4-L7 policy rules should be redirected. The load must be distributed across multiple firewalls to scale the performance horizontally. Which action must be taken to meet these requirements? A. Configure ACI Service Graph with Unidirectional PBR. B. Implement ACI Service Graph with GIPo. C. Implement ACI Service Graph Two Nodes with GIPo. D. Configure ACI Service Graph with Symmetric PBR. An engineer created two interface protocol policies called Pol_CDP40275332 and Pol_LLDP46783451. The policies must be used together in a single policy. Which ACI object must be used? A. interface policy group B. switch policy group C. switch profile D. interface profile A systems engineer is implementing the Cisco ACI fabric. However, the Server2 information is missing from the Leaf 101 endpoint table and the COOP database of the spine. The requirement is for the bridge domain configuration to enforce the ACI fabric to forward the unicast packets generated by Server1 destined to Server2. Which action must be taken to meet these requirements? A. Enable ARP Flooding B. Set L2 Unknown Unicast to Flood C. Set IP Data-Plane Learning to No D. Enable Unicast Routing An engineer must allow multiple external networks to communicate with internal ACI subnets. Which action should the engineer take to assign the prefix to the class ID of the external Endpoint Group? B9670B295EC4724B7AC7AF37296A4809 A. Enable the Export Route Control Subnet for the External Endpoint Group flag. B. Enable an L3Out with Shared Route Control Subnet. C. Configure subnets with the External Subnets for External EPG flag enabled. D. Configure subnets with the Import Route Control Subnet flag enabled. An engineer must ensure that Cisco ACI flushes the appropriate endpoints when a topology change notification message is received in an MST domain. Which three steps are required to accomplish this goal? (Choose three.) A. Enable the BPDU interface controls under the spanning tree interface policy. B. Configure a new STP interface policy. C. Bind the spanning tree policy to the switch policy group. D. Associate the STP interface policy to the appropriate interface policy group. E. Create a new region policy under the spanning tree policy. F. Map VLAN range to MAT instance number. A Cisco ACI bridge domain and VRF are configured with a default data-plane learning configuration. Which two endpoint attributes are programmed in the leaf switch when receiving traffic? (Choose two.) A. Remote MAC, IP B. Remote Subnet C. Local IP, not MAC D. Local MAC, IP E. Local Subnet F. Remote IP An engineer wants to initiate an ICMP ping from Server1 to Server2. The requirement is for the BD1 to enforce ICMP replies that follow the expected path. The packets must be prevented from taking the direct path from Leaf1 to Server1. Which action must be taken on BD1 to meet these requirements? A. Set L2 Unknown Unicast to Flood. B. Set L2 Unknown Unicast to Hardware Proxy. C. Disable Unicast Routing. D. Enable ARP Flooding. An engineer must configure a group of servers with a contract that uses TCP port 80. The EGP that contains the web servers requires an external Layer 3 cloud to initiate communication. Which action must be taken to meet these requirements? A. Configure the EGP as a provider and L3 out as consumer of the contract. B. Configure OSPF to exchange routes between the L3 out and EGP. C. Configure a taboo contract and apply it to the EPG. D. Configure the EPG as a consumer and L3 out as a provider of the contract. The unicast routing feature is enabled on the bridge domain. Which two conditions enable the Cisco ACI B9670B295EC4724B7AC7AF37296A4809 leaf to learn a source IP as a local endpoint? (Choose two.) A. Through Ethernet traffic received in a bridge domain. B. IP traffic routed through an SVI. C. Through VXLAN traffic received on the uplink. D. IP traffic routed through a Layer 3 Out. E. Through ARP received on an SVI. When does the Cisco ACI leaf learn a source IP or MAC as a remote endpoint? A. When VXLAN traffic arrives on a leaf fabric port from the spine and outer source IP is in the Layer 3 Out EPG subnet range. B. When VXLAN traffic arrives on a leaf fabric port from the spine and outer source IP is in the bridge domain subnets range. C. When VXLAN traffic arrives on a leaf fabric port from the spine and inner source IP is in the Layer 3 Out EPG subnet range. D. When VXLAN traffic arrives on a leaf fabric port from the spine and inner source IP is in the bridge domain subnets range. The company ESXi infrastructure is hosted on the Cisco UCS-B Blade Servers. The company decided to take advantage of ACI VMM integration to enable consistent enforcement of policies across virtual and physical workloads. The requirement is to prevent the packet loss between the distributed virtual switch and the ACI fabric. Which setting must be implemented on a vSwitch policy to accomplish this goal? A. Static Channel B. MAC Pinning C. LACP D. LLDP An engineer is configuring ACI VMM domain integration with Cisco UCS-B Series. Which type of port channel policy must be configured in the vSwitch policy? A. LACP Active B. MAC Pinning C. LACP Passive D. MAC Pinning-Physical-NIC-load In-band is currently configured and used to manage the Cisco ACI fabric. The requirement is for leaf and spine switches to use out-of-band management for NTP protocol. Which action accomplishes this goal? A. Select Out-of-Band as Management EPG in the default DateTimePolicy. B. Create an Override Policy with NTP Out-of-Band for leaf and spine switches. C. Change the interface used for APIC external connectivity to ooband. D. Add a new filter to the utilized Out-of-Band-Contract to allow NTP protocol. An administrator must migrate the vSphere Management VMkernel of all ESXi hosts in the production cluster from the standard default virtual switch to a VDS that is integrated with APIC in a VMM domain. Which action must be completed in this scenario? A. The Management VMkernel EPG resolution must be set to Pre-Provosion. B. The administrator must create an in-band VMM Management EPG before performing the migration. C. The administrator must set the Management VMkernel BD resolution immediacy to On-Demand. D. The VMkernel Management BD must be located under the Management Tenant. A customer implements RBAC on a Cisco APIC using a Windows RADIUS server that is configured with network control policies. The APIC is as follows: Tenant = TenantX Security Domain = Tenantx-SD User = X The customer requires User X to have access to TenantX only, without any extra privilege in the Cisco ACI fabric domain. Which Cisco AV pair must be implemented on the RADIUS server to meet these requirement? A. shell:domains = TenantX-SD/fabric-admin/,common//read-all B. shell:domains = TenantX-SD/tenant-admin B9670B295EC4724B7AC7AF37296A4809 C. shell:domains = TenantX-SD/tenant-ext-admin/,common//read-all D. shell:domains = TenantX-SD/tenant-admin/,common//read-all An engineer must create a backup of the Cisco ACI fabric for disaster recovery purposes. The backup must be transferred over a secure and encrypted transport. The backup file must contain all user and password related information. The engineer also wants to process and confirm the backup file validity by using a Python script. This requires the data structure to have a format similar to a Python dictionary. Which configuration set must be used to meet these requirements? A. Under the Create Remote location settings, select Protocol: FTP Under the Export policy, select - Format: XML - Modify Global AES Encryption Settings: Enabled B. Under the Create Remote location settings, select Protocol: FTP Under the Export policy, select - Format: XML - Modify Global AES Encryption Settings: Disabled C. Under the Create Remote location settings, select Protocol: SCP Under the Export policy, select - Format: JSON - Modify Global AES Encryption Settings: Disabled D. Under the Create Remote location settings, select Protocol: SCP Under the Export policy, select - Format: JSON - Modify Global AES Encryption Settings: Enabled An application team tells the Cisco ACI network administrator that it wants to monitor the statistics of the unicast and BUM traffic that are seen in a certain EPG. Which statement describes the collection statistics? A. All EPGs in the Cisco ACI tenant object must be enabled for statistics to be collected. B. Cisco ACI does not capture statistics at the EPG level. Only statistics that pass through ACI contracts can be monitored. C. EPG statistics can be collected only for VMM domains. If a physical domain exists, statistics are not collected. D. The collection of statistics is enabled on the EPG level by enabling the statistics for unicast and BUM traffic. Which routing protocol is supported between Cisco ACI spines and IPNs in a Cisco ACI Multi-Pod environment? A. OSPF B. IS-IS C. BGP D. EIGRP An engineer must deploy Cisco ACI across 10 geographically separated data centers. Which ACI site deployment feature enables the engineer to control which bridge domains contain Layer 2 flooding? A. GOLF B. Multi-Site C. Multi-Pod D. Stretched Fabric Edited September 9, 2021 by thomisus 4 Link to comment Share on other sites More sharing options...
mohamadasl Posted September 13, 2021 Share Posted September 13, 2021 Hi Everyone, Any hero here could share his latest exam experience using this dump? Thanks Link to comment Share on other sites More sharing options...
Snoofix Posted September 16, 2021 Share Posted September 16, 2021 On 8/8/2021 at 9:55 AM, Bob1733 said: Guys, I really ask for help. my exam is coming soon. Suggest new questions. Tell me the right solution for D&D: there are 6 option , only 4 need to be dragged in the correct order: 1)specify and set cisco apic connectivity preference to oob 2) create radius provider group 3) set cisco apic connectivity preference to oob 4) create login domain for radius 5) set cisco apic connectivity to inband 6) create the radius provider what better answer: 6 2 4 3 or 3 6 2 4 ? Im Not 100% sure but I think could be the following options: 6) create the radius provider 1)specify and set cisco apic connectivity preference to oob 4) create login domain for radius 2) create radius provider group ------------------------------------ To configure the Cisco APIC for RADIUS access using the GUI, follow this procedure: 1. In the APIC, create the RADIUS provider through: 2. On the menu bar, click Admin > AAA > Authentication. 3. In the Work pane, choose RADIUS and then Actions > Create RADIUS Provider. 4. Specify the RADIUS hostname (or IP address), Authorization Port, Authorization Protocol, and Management EPG. If the Cisco APIC is configured for in-band management connectivity, out-of-band management does not work for authentication. You can set a global toggle between in-band and OOB as the default management connectivity between the Cisco APIC server and other external management devices. Hence, use the appropriate procedure (depending on your Cisco APIC software release) to toggle between in-band or OOB management according to your environment. 5. Create the login domain for RADIUS: 6. In the Navigation pane, choose AAA > Authentication. 7. In the Work pane, choose AAA and then Actions > Create Login Domain. 8. Specify the login domain name, description, choose the RADIUS realm, and add the appropriate providers. Link to comment Share on other sites More sharing options...
gemwk2 Posted September 28, 2021 Share Posted September 28, 2021 Hi , Does anyone have a new dump? Thanks Link to comment Share on other sites More sharing options...
Ssay Posted October 8, 2021 Share Posted October 8, 2021 Can any one share recent dumps please ? Link to comment Share on other sites More sharing options...
Snoofix Posted October 12, 2021 Share Posted October 12, 2021 Any update about this exame? Link to comment Share on other sites More sharing options...
Jzhead Posted October 14, 2021 Share Posted October 14, 2021 Any update ? Link to comment Share on other sites More sharing options...
Jzhead Posted October 14, 2021 Share Posted October 14, 2021 Any update ? Link to comment Share on other sites More sharing options...
cool1024 Posted October 15, 2021 Share Posted October 15, 2021 Could anyone share recent dump file. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now