[2025-December-New]Braindump2go 300-620 Dumps Free[Q109-Q150]
2025/December Latest Braindump2go 300-620 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go 300-620 Real Exam Questions!
QUESTION 109
An engineer must perform a Cisco ACI fabric upgrade that minimizes the impact on user traffic and allows only permitted users to perform an upgrade.
Which two configuration steps should be taken to meet these requirements?
A. Divide Cisco APIC controllers into two or more maintenance groups.
B. Grant tenant-ext-admin access to a user who performs an upgrade
C. Combine all switches into an upgrade group.
D. Divide switches into two or more maintenance groups.
E. Grant the fabric administrator role to a user who performs an upgrade.
Answer: DE
QUESTION 110
A customer creates Layer 3 connectivity to the outside network. However, only border leaf switches start receiving destination updates to other networks from the newly created L3Out. The updates must also be propagated to other Cisco ACI leaf switches. The L3Out is linked with the EPGs via a contract. Which action must be taken in the pod policy group to accomplish this goal?
A. Apply a BGP route reflector policy.
B. Enable a COOP policy.
C. Configure an IS-IS policy.
D. Implement an access management policy.
Answer: A
QUESTION 111
Which routing protocol is supported between Cisco ACI spines and IPNs in a Cisco ACI Multi-Pod environment?
A. OSPF
B. IS-IS
C. BGP
D. EIGRP
Answer: A
QUESTION 112
An engineer must deploy Cisco ACI across 10 geographically separated data centers. Which ACI site deployment feature enables the engineer to control which bridge domains contain Layer 2 flooding?
A. GOLF
B. Multi-Site
C. Multi-Pod
D. Stretched Fabric
Answer: B
Explanation:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/aci_multi-site/sw/2x/fundamentals/Cisco-ACI-Multi-Site-Fundamentals-Guide-211/Cisco-ACI-Multi-Site-Fundamentals-Guide-211_chapter_011.html#id_51188
From the web page, we see that multi-site has control over:
Stretched Bridge Domain with Layer 2 Broadcast Extension. Stretched Bridge Domain with no Layer 2 Broadcast Extension.
QUESTION 113
Drag and Drop Question
An engineer must configure RADIUS authentication with Cisco ACI for remote authentication with out-of-band management access. Drag and drop the RADIUS configuration steps from the left into the required implementation order on the right. Not all steps are used.
Answer:
Explanation:
Set OOBAND first, the RADIUS servers are outside!
ACI configuration for RADIUS involves the following three basic steps:
Step 1. Create the desired RADIUS providers.
Step 2. If using ACI versions prior to Release 4 or configuring via the APIC CLI, create a RADIUS provider group.
Step 3. Create a RADIUS login domain.
QUESTION 114
Which statements are correct regarding ACI support for BFD? (Choose two.)
A. BFD is supported for EIGRP, OSPF, and BGP in ACI.
B. BFD is supported on L3Out loopback interfaces.
C. BFD is supported for BGP prefix peers (dynamic neighbors).
D. BFD is supported on routed interfaces, routed subinterfaces, and SVIs.
Answer: AD
QUESTION 115
An engineer must advertise a selection of external networks learned from a BGP neighbor into the ACI fabric. Which L3Out subnet configuration option creates an inbound route map for route filtering?
A. External Subnets for the External EPG
B. Shared Route Control Subnet
C. Import Route Control Subnet
D. Shared Security Import Subnet
Answer: C
QUESTION 116
An engineer must set up a Cisco ACI fabric to send Syslog messages related to hardware events, such as chassis line card failures. The messages should be sent to a dedicated Syslog server. Where in the Cisco APIC should the policy be configured to meet this requirement?
A. uni/tn-common/monepg-default
B. uni/infra/monifra-default
C. uni/fabric/monfab-default
D. uni/fabric/moncommon
Answer: C
Explanation:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/4-x/aci-fundamentals/Cisco-ACI-Fundamentals-401/Cisco-ACI-Fundamentals-401_chapter_01100.html
QUESTION 117
The existing network and ACI fabric have been connected to support workload migration. Servers will physically terminate at the Cisco ACI, but their gateway must stay in the existing network. The solution needs to adhere to Cisco’s best practices. The engineer started configuring the relevant Bridge Domain and needs to complete the configuration. Which group of settings are required to meet these requirements?
A. L2 Unknown Unicast: Hardware Proxy
L3 Unknown Multicast Flooding: Flood
Multi Destination Flooding: Flood in BD
ARP Flooding: Enable
B. L2 Unknown Unicast: Flood
L3 Unknown Multicast Flooding: Flood
Multi Destination Flooding: Flood in BD
ARP Flooding: Enable
C. L2 Unknown Unicast: Flood
L3 Unknown Multicast Flooding: Optimize Flood
Multi Destination Flooding: Flood in BD
ARP Flooding: Disable
D. L2 Unknown Unicast: Hardware Proxy
L3 Unknown Multicast Flooding: Optimize Flood
Multi Destination Flooding: Flood in BD
ARP Flooding: Disable
Answer: B
Explanation:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/migration_guides/migrating_existing_networks_to_aci.html
QUESTION 118
An engineer must implement management policy and data plane separation in the Cisco ACI fabric. Which ACI object must be created in Cisco APIC to accomplish this goal?
A. Application profile
B. Tenant
C. Contract
D. Bridge domain
Answer: B
Explanation:
An ACI tenant is a secure and exclusive virtual computing environment that forms a unit of isolation from a policy perspective but does not represent a private network.
If you investigate further into use cases for tenants in the real world, you will find that tenants are often deployed in order to achieve these two technical controls:
– Administrative separation
– Configuration fault isolation
QUESTION 119
An engineer is implementing a Cisco ACI environment that consists of more than 20 servers. Two of the servers support only Cisco Discovery Protocol with no order link discovery protocol. The engineer wants the servers to be discovered automatically by the Cisco ACI fabric when connected. Which action must be taken to meet this requirement?
A. Create an override policy that enables Cisco Discovery Protocol after LLDP is enabled in the default policy group.
B. Configure a higher order interface policy that enables Cisco Discovery Protocol for the interface on the desired leaf switch.
C. Configure a lower order policy group that enables Cisco Discovery Protocol for the interface on the desired leaf switch.
D. Create an interface profile for the interface that disables LLDP on the desired switch that is referenced by the interface policy group.
Answer: A
Explanation:
A leaf interface override policy allows interfaces that have interface policy group assignments to apply an alternate interface policy group.
Imagine that a group of ports have been configured on Node 101, using a specific interface policy group.
One of the interfaces connects to a firewall, and security policies dictate that LLDP and CDP toward the firewall need to be disabled on all firewall-facing interfaces.
It might be impossible to modify the interface policy group associated with the port because it might be part of a port block.
In this case, a leaf interface override can be used to assign an alternative interface policy group to the port of interest.
QUESTION 120
An engineer wants to monitor all configuration changes, threshold crossing, and link-state transitions in a Cisco ACI fabric. Which action must be taken to receive the required messages?
A. Add Faults and Events to the monitor policy.
B. Add Session Logs and Audit Logs to the monitor policy.
C. Include Audit Logs and Events in the Syslog source policy.
D. Include Events and Session Logs in the Syslog source policy.
Answer: C
Explanation:
Events – Holds records of system related events (i.e., link state transitions, Logged Contract hits)
Audit Logs – Records user-initiated events (i.e., logins, configuration changes)
https://unofficialaciguide.com/2018/08/11/configuring-syslog-for-aci/
QUESTION 121
An organization has encountered many STP-related issues in the past due to failed hardware components. They are in the process of long-term migration to a newly deployed ACI fabric. Senior engineers are worried that spanning-tree loops in the existing network may be extended to the ACI fabric. Which feature must be enabled on the ACI leaf ports to protect the fabric from spanning-tree loops?
A. BPDU Guard
B. per-VLAN MCP
C. Storm Control
D. BPDU Filter
Answer: B
Explanation:
A Layer 2 loop does not impact the stability of an ACI fabric because ACI can broadcast traffic at line rate with little need to process the individual packets.
Layer 2 loops, however, can impact the ability of endpoints to process important traffic.
For this reason, mechanisms are needed to detect loops resulting from miscabling and misconfiguration.
One of the protocols ACI uses to detect such externally generated Layer 2 loops is MisCabling Protocol (MCP).
MCP is disabled in ACI by default. To enable MCP, you must first enable MCP globally and then ensure that it is also enabled at the interface policy level.
As part of the global enablement of MCP, you define a key that ACI includes in MCP packets sent out on access ports.
If ACI later receives an MCP packet with the same key on any other port, it knows that there is a Layer 2 loop in the topology.
In response, ACI can either attempt to mitigate the loop by disabling the port on which the MCP protocol data unit was received or
it can generate a system message to notify administrators of the issue.
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/4-x/aci-fundamentals/Cisco-ACI-Fundamentals-401/Cisco-ACI-Fundamentals-401_chapter_0101.html#concept_706016DC62404574B77A5A4B3AD3C905
QUESTION 122
A network engineer must design a method to allow the Cisco ACI to redirect traffic to the firewalls. Only traffic that matches specific L4-L7 policy rules should be redirected. The load must be distributed across multiple firewalls to scale the performance horizontally. Which action must be taken to meet these requirements?
A. Configure ACI Service Graph with Unidirectional PBR.
B. Implement ACI Service Graph with GIPo.
C. Implement ACI Service Graph Two Nodes with GIPo.
D. Configure ACI Service Graph with Symmetric PBR.
Answer: D
Explanation:
https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html
QUESTION 123
An engineer created two interface protocol policies called Pol_CDP40275332 and Pol_LLDP46783451.
The policies must be used together in a single policy. Which ACI object must be used?
A. interface policy group
B. switch policy group
C. switch profile
D. interface profile
Answer: A
Explanation:
LLDP and CDP can be used on the same interface.
A CDP policy will be created like this:
Fabric > Access Policies > Policies > Interface > CDP Interface > <create Your policy>
A LLDP policy will be created like this:
Fabric > Access Policies > Policies > Interface > LLDP Interface > <create Your policy>
Both policies are independant to each other and can be applied within an Interface Policy Group
Fabric > Access Policies > Interfaces > Leaf Interfaces > Policy Group > Leaf Access Port > <Your policy here > > <set a CDP and a LLDP policy within Your interface policy group>
An interface profile will be used to create an interface selector.
The interface selector has physical ports and also calls Your interface policy group.
Reference: https://sandboxapicdc.cisco.com
QUESTION 124
What is the minimum number of APICs does Cisco recommend to deploy in a production cluster?
A. 1
B. 3
C. 4
D. 5
Answer: B
QUESTION 125
Refer to the exhibit. An engineer must implement the inter-tenant service graph. Which set of actions must be taken to accomplish this goal?
A. – Define the contract in the provider tenant and export it to the consumer tenant.
– Define the L4-L7 device, service graph template, and ASA bridge domains in the provider tenant.
B. – Define the contract in the provider tenant and export it to the consumer tenant.
– Define the L4-L7 device and service graph template in the provider tenant and the ASA bridge domains in the consumer tenant.
C. – Define the contract in the provider tenant and export it to the provider tenant.
– Define the L4-L7 device and service graph template in the provider tenant and the ASA bridge domains in the consumer tenant.
D. – Define the contract in the provider tenant and export it to the provider tenant.
– Define the L4-L7 device, service graph template, and ASA bridge domains in the consumer tenant.
Answer: A
QUESTION 126
Refer to the exhibit. A systems engineer is implementing the Cisco ACI fabric. However, the Server2 information is missing from the Leaf 101 endpoint table and the COOP database of the spine. The requirement is for the bridge domain configuration to enforce the ACI fabric to forward the unicast packets generated by Server1 destined to Server2. Which action must be taken to meet these requirements?
A. Enable ARP Flooding
B. Set L2 Unknown Unicast to Flood
C. Set IP Data-Plane Learning to No
D. Enable Unicast Routing
Answer: B
Explanation:
Both servers are in the same subnet. ARP flooding is out if we read the article in the link. Also unicast routing is not needed.
https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739989.html
QUESTION 127
An engineer must allow multiple external networks to communicate with internal ACI subnets. Which action should the engineer take to assign the prefix to the class ID of the external Endpoint Group?
A. Enable the Export Route Control Subnet for the External Endpoint Group flag.
B. Enable an L3Out with Shared Route Control Subnet.
C. Configure subnets with the External Subnets for External EPG flag enabled.
D. Configure subnets with the Import Route Control Subnet flag enabled.
Answer: C
Explanation:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1- x/ACI_Best_Practices/b_ACI_Best_Practices/b_ACI_Best_Practices_chapter_01001.html
QUESTION 128
An engineer must ensure that Cisco ACI flushes the appropriate endpoints when a topology change notification message is received in an MST domain.
Which three steps are required to accomplish this goal? (Choose three.)
A. Enable the BPDU interface controls under the spanning tree interface policy.
B. Configure a new STP interface policy.
C. Bind the spanning tree policy to the switch policy group.
D. Associate the STP interface policy to the appropriate interface policy group.
E. Create a new region policy under the spanning tree policy.
F. Map VLAN range to MAT instance number.
Answer: CEF
Explanation:
Create a new region policy under the spanning tree policy.
Map VLAN range to MST instance number.
Bind the spanning tree policy to the switch policy group.
These steps allow the ACI system to understand MST BPDUs. ACI can now flush the appropriate endpoints when a TCN message is received in an MST domain.
QUESTION 129
A Cisco ACI bridge domain and VRF are configured with a default data-plane learning configuration. Which two endpoint attributes are programmed in the leaf switch when receiving traffic? (Choose two.)
A. Remote MAC, IP
B. Remote Subnet
C. Local IP, not MAC
D. Local MAC, IP
E. Local Subnet
F. Remote IP
Answer: AD
QUESTION 130
Refer to the exhibit. An engineer wants to initiate an ICMP ping from Server1 to Server2. The requirement is for the BD1 to enforce ICMP replies that follow the expected path. The packets must be prevented from taking the direct path from Leaf1 to Server1.
Which action must be taken on BD1 to meet these requirements?
A. Set L2 Unknown Unicast to Flood.
B. Set L2 Unknown Unicast to Hardware Proxy.
C. Disable Unicast Routing.
D. Enable ARP Flooding.
Answer: C
Explanation:
In this topology the gateway for Server1 is outside of the ACI fabric.
QUESTION 131
An engineer must configure a group of servers with a contract that uses TCP port 80. The EGP that contains the web servers requires an external Layer 3 cloud to initiate communication. Which action must be taken to meet these requirements?
A. Configure the EGP as a provider and L3 out as consumer of the contract.
B. Configure OSPF to exchange routes between the L3 out and EGP.
C. Configure a taboo contract and apply it to the EPG.
D. Configure the EPG as a consumer and L3 out as a provider of the contract.
Answer: A
QUESTION 132
The unicast routing feature is enabled on the bridge domain. Which two conditions enable the Cisco ACI leaf to learn a source IP as a local endpoint? (Choose two.)
A. Through Ethernet traffic received in a bridge domain.
B. IP traffic routed through an SVI.
C. Through VXLAN traffic received on the uplink.
D. IP traffic routed through a Layer 3 Out.
E. Through ARP received on an SVI.
Answer: BE
Explanation:
https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739989.html
QUESTION 133
When does the Cisco ACI leaf learn a source IP or MAC as a remote endpoint?
A. When VXLAN traffic arrives on a leaf fabric port from the spine and outer source IP is in the Layer 3 Out EPG subnet range.
B. When VXLAN traffic arrives on a leaf fabric port from the spine and outer source IP is in the bridge domain subnets range.
C. When VXLAN traffic arrives on a leaf fabric port from the spine and inner source IP is in the Layer 3 Out EPG subnet range.
D. When VXLAN traffic arrives on a leaf fabric port from the spine and inner source IP is in the bridge domain subnets range.
Answer: D
QUESTION 134
The company ESXi infrastructure is hosted on the Cisco UCS-B Blade Servers. The company decided to take advantage of ACI VMM integration to enable consistent enforcement of policies across virtual and physical workloads. The requirement is to prevent the packet loss between the distributed virtual switch and the ACI fabric. Which setting must be implemented on a vSwitch policy to accomplish this goal?
A. Static Channel
B. MAC Pinning
C. LACP
D. LLDP
Answer: B
Explanation:
Configure the vSwitch Policies on APIC for UCS B
… … …
Along with this, the only supported load balancing mechanism when UCS B series is used is Route Based on Originating Virtual Port.
If you configure a mac-pinning policy, it programs the port groups to use this mechanism. This is very important in order to prevent packet loss.
Reference:
https://www.cisco.com/c/en/us/support/docs/cloud-systems-management/application-policy-infrastructure-controller-apic/118965-config-vmm-aci-ucs-00.html
QUESTION 135
An engineer is configuring ACI VMM domain integration with Cisco UCS-B Series.
Which type of port channel policy must be configured in the vSwitch policy?
A. LACP Active
B. MAC Pinning
C. LACP Passive
D. MAC Pinning-Physical-NIC-load
Answer: B
Explanation:
Configure the vSwitch Policies on APIC for UCS B
… … …
Along with this, the only supported load balancing mechanism when UCS B series is used is Route Based on Originating Virtual Port.
If you configure a mac-pinning policy, it programs the port groups to use this mechanism. This is very important in order to prevent packet loss.
Reference:
https://www.cisco.com/c/en/us/support/docs/cloud-systems-management/application-policy-infrastructure-controller-apic/118965-config-vmm-aci-ucs-00.html
QUESTION 136
Drag and Drop Question
An engineer must configure VMM domain integration on a Cisco UCS B-Series server that is connected to a Cisco ACI fabric. Drag and drop the products used to create VMM domain from the bottom into the sequence in which they should be implemented at the top. Products are used more than once.
Answer:
Explanation:
1. Create a dynamic VLAN pool. From the APIC user interface, choose Fabric > Access Policies > Pools > VLAN > Create VLAN Pool.
2. From the APIC user interface, choose Virtual Networking > VMM Domains > VMware > Create vCenter Domain.
3. On the vCenter interface, create a vShield contoller(vShield is a third party produt and we do here an simple OVA deployment. We use vCenter to install a VM)
4. On the vCenter interface, verify that the VMware DVS is created
Reference:
https://www.cisco.com/c/en/us/support/docs/cloud-systems-management/application-policy-infrastructure-controller-apic/118965-config-vmm-aci-ucs-00.html
https://vshield.pro/dedicated-servers
QUESTION 137
Which class of ACI object is presented in this output?
A. Contract
B. Bridge Domain
C. Tenant
D. Endpoint
Answer: C
Explanation:
Create a tenant in the GUI
in the databse: Class tenant – Objects have a Relative Name (RN) and Distinguished Name (DN)
ssh to the APIC
go into bash shell
moquery -c fvTenant
# fv.Tenant
name : Gaming-BU
annotation :
childAction :
descr : DCACI Book – Part II – Chapter 8 – ACI Lab creation
dn : uni/tn-Gaming-BU
extMngdBy :
lcOwn : local
modTs : 2022-06-28T11:10:50.506+02:00
monPolDn : uni/tn-common/monepg-default
nameAlias :
ownerKey :
ownerTag :
rn : tn-Gaming-BU
status :
uid : 15374
userdom : all
Reference:
ACI object moquery Cheat Sheet
https://community.cisco.com/t5/data-center-and-cloud-knowledge/aci-object-moquery-cheat-sheet/ta-p/3367801
moquery – Cisco’s Mysterious Obscure ACI query utility
https://rednectar.net/2020/04/09/moquery-ciscos-mysterious-obscure-aci-query-utility/
Troubleshooting ACI
https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/BRKACI-2643.pdf
QUESTION 138
What is the effect of enabling the disable Remote EP learn feature?
A. It disables remote IP endpoint learning on all leaf nodes in the fabric.
B. It disables remote IP endpoint learning on leaf switches that do not have L3Outs.
C. It limits learning of compute leaf endpoints on border leaves.
D. It prevents border leaf switches from receiving routes through peering with external routers.
Answer: C
Explanation:
https://community.cisco.com/t5/application-centric/aci-disable-remote-ep-learn/td-p/4062054
When you enable this feature, it clears all the remote endpoints from the border leaf only.
https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739989.html#DisableRemoteEPLearnonborderleaf
When this feature is enabled, remote IP endpoint learning at the VRF instance is disabled on border leaf switches.
However, border leaf may still learn remote IP endpoints from IP multicast routing packets
QUESTION 139
An engineer must connect a new host to port 1/1 on Leaf 101. A Cisco ACI fabric has an MOP policy configured but experience excessive Layer 2 loops. The engineer wants the Cisco ACI fabric to detect and prevent Layer 2 loops in the fabric.
Which set of actions accomplishes these goals’?
A. Enable MCP locally.
Associate the MCP policy with an interface policy group.
B. Enable MCP locally.
Associate the MCP policy with an interface profile.
C. Enable MCP globally.
Associate the MCP policy with an interface selector.
D. Enable MCP globally.
Associate the MCP policy with an interface policy group.
Answer: D
QUESTION 140
A network engineer is integrating a new Hyperflex storage duster into an existing Cisco ACI fabric. The Hyperflex cluster must be managed by vCenter, so a new vSphere Distributed switch must be created. In addition, the hardware discovery must be performed by a vendor-neutral discovery protocol. Which set of steps meets these requirements?
A. Configure an Interface Policy group, select CDP, and apply it to the desired interfaces.
Enter the vCenter IP and credentials in the Create vCenter Controller dialog box.
In the Create VMware VMM domain dialog box, select Read-Only Mode.
B. Configure an Interface Policy group, select LLDP, and apply it to the selected interfaces.
Create a VLAN pool, add it to the VMware VMM domain, and include the appropriate interfaces.
Enter the vCenter IP and credentials in the Create vCenter Controller dialog box.
C. Configure a Switch Policy group, select LLDP, and apply it to the indicated interfaces.
Set up a VMware VMM domain and apply it to the appropriate interfaces.
Enter the APIC management IP and credentials in the Create vCenter Controller dialog box.
D. Configure an Interface Policy group, select CDP, and apply it to the designated interfaces.
Create a VMware VMM domain, add it to the VLAN pool, and associate it to the designated interfaces.
Select Read Only Mode in the Create VMware VMM domain dialog box.
Answer: B
QUESTION 142
Refer to the exhibit. A customer must back up the current Cisco ACl configuration securely to the remote location using encryption and authentication. The backup job must run once per day. The customer s security policy mandates that any sensitive information including passwords, must not be exported from the device. Which set of steps meets these requirements?
A. Export destination using FTP protocol.
Use XML format.
B. Export destination using FTP protocol.
Disable Global AES Encryption.
C. Export destination using SCP protocol.
Disable Global AES Encryption.
D. Export destination using SCP protocol.
Use XML format.
Answer: C
QUESTION 143
What is MP-BGP used for in Cisco ACl fabric?
A. MP-BGP VPNv4 AF is used to propagate L3Out routes that are received from a border leaf to the fabric.
B. MP-BGP VPNv4 AF is used between spines in an ACI Multi-Pod fabric to propagate the endpoint
C. MP-BGP VPNv4 AF is used as protocol on L3Out between a border leaf and an external router
D. MP-BGP Layer 2 VPN EVPN AF is used to propagate L30ut routes that are received from a border leaf.
Answer: A
QUESTION 144
An engineer must securely export Cisco APIC configuration snapshots to a secure, offsite location. The exported configuration must be transferred using an encrypted tunnel and encoded with a platform- agnostic data format that provides namespace support.
Which configuration set must be used?
A. Policy: Export Policy
Protocol: TLS
Format: JSON
B. Policy: Import Policy
Protocol: TLS
Format: XML
C. Policy: Import Policy
Protocol: SCP
Format: JSON
D. Policy: Export Policy
Protocol: SCP
Format: XML
Answer: D
QUESTION 145
A Cisco APIC is configured with RADIUS authentication as the default. The network administrator must ensure that users can access the APIC GUI with a local account if the RADIUS server is unreachable. Which action must be taken to accomplish this goal?
A. Create an additional login domain that references local accounts
B. Enable the fallback check with the default authentication domain
C. Associate console authentication with the “RADIUS” realm.
D. Reference the “local” realm in the fallback domain
Answer: D
QUESTION 146
A network engineer must allow secure access to the Cisco ACI out-of-band (OOB) management only from external subnets 10.0.0.0/24 and 192.168.20.0/25. Which configuration set accomplishes this goal?
A. Create a L3Out in the MGMT tenant in OOB VRF.
Set External Management Network Instance Profile as a consumer of the OOB contract.
Create an External EPG with two subnet entries with the external subnets.
B. Create a PBR service graph in the MGMT tenant.
Create a management Profile with the required OOB EPG.
Redirect all traffic going into ACI management to the external firewall.
Create two subnet entries under the OOB Bridge domain with the required subnets.
C. Create an EPG and BD in the MGMT tenant in OOB VRF.
Set OOB VRF to provide the contract.
Set a new EPG to consume the OOB contract.
D. Create an OOB contract that allows the required ports.
Provide the contract from the OOB EPG.
Consume the contract by the OOB External Management Network Instance Profile.
Create two subnet entries in the External Management Network Profile with the required subnets.
Answer: D
QUESTION 147
Refer to the exhibit A Cisco ACI fabric is using out-of-band management connectivity.
The APIC must access a routable host with an IP address of 192.168.11.2.
Which action accomplishes this goal?
A. Change the switch APIC Connectivity Preference to in-band management
B. Remove the in-band management address from the APIC.
C. Add a Fabric Access Policy to allow management connections.
D. Modify the Pod Profile to use the default Management Access Policy
Answer: B
QUESTION 148
A bridge domain for an EPC called “Web Servers” must be created in the Cisco APIC.
The configuration must meet these requirements:
– Only traffic to known Mac addresses must be allowed to reduce noice.
– The multicast traffic must be limited to the ports that are participating in multicast routing.
– The endpoints within the bridge domain must be kept in the endpoint table for 20 minultes without any updates.
Which set of steps configures the bridge domain that satisfies the requirements?
A. Select the ARP Flooding checkbox.
Create an Endpoint Retention Policy with a Remote Endpoint Aging Interval of 20 minutes.
Set L3 Unknown Multicast Flooding to Optimized Flooding
B. Set L2 Unknown Unicast to Hardware Proxy.
Configure L3 Unknown Multicast Flooding to Optimized Flood.
Create an Endpoint Retention Policy with a Local Endpoint Aging interval of 1200 seconds.
C. Switch L2 Unknown Unicast to Flood.
Select the default Endpoint Retention Policy and set the Local Endpoint Aging to 20 minutes.
Set Multicast Destination Flooding to Flood in Encapsulation.
D. Multicast Destination Flooding should be set to Flood in BD.
Set L3 Unknown Multicast Flooding to Flood.
Select the default Endpoint Retention Policy with a Local Endpoint Aging Interval of 1200 seconds.
Answer: B
QUESTION 149
The company’s Cisco ACI fabric hosts multiple customer tenants. To meet a service level agreement, the company is constantly monitoring the Cisco ACI environment. Syslog is one of the methods used for monitoring. Only events related to leaf and spine environmental information without specific customer data should be logged. To which ACI object must the configuration be applied to meet these requirements?
A. access policy
B. infra tenant
C. switch profile
D. fabric policy
Answer: D
QUESTION 150
A Cisco ACI is integrated with a VMware vSphere environment. The port groups must be created automatically in vSphere and propagated to hypervisors when created in the ACI environment.
Which action accomplishes this goal?
A. Associate the VMM domain with the EPGs that must be available in vCenter.
B. Assign the uplinks of the ESXi hosts to the vDS that the APIC created.
C. Configure contracts for the EPGs that are required on the ESXi hosts.
D. Create the port groups on the vCenter that reflect the EPG names in the APIC.
Answer: A
Resources From:
1.2025 Latest Braindump2go 300-620 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/300-620.html
2.2025 Latest Braindump2go 300-620 PDF and 300-620 VCE Dumps Free Share:
https://drive.google.com/drive/folders/1hx8JLBTuYBZKFq5qp0Ug2jvJSDvWZrd9?usp=sharing
3.2025 Free Braindump2go 300-620 Exam Questions Download:
https://www.braindump2go.com/free-online-pdf/300-620-VCE-Dumps(109-150).pdf
Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!