support@Free-Braindumps.com
Register Login
Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  1. Home
  2. Exams
  3. Cisco
  4. 300-620

Cisco 300-620 Exam Questions
Implementing Cisco Application Centric Infrastructure (DCACI) (Page 7 )

Updated On: 17-May-2026
Page 7 of 50
PDF with 389 Questions

An ACI engineer is implementing a Layer 3 Out inside the Cisco ACI fabric that must meet these requirements:

The data center core switch must be connected to one of the leaf switches with a single 1G link.



The routes must be exchanged using a link-state routing protocol that supports hierarchical network design.



The data center core switch interface must be using 802.1Q tagging, and each VLAN will be configured with



a dedicated IP address.

Which set of steps accomplishes this goals?

  1. Set up the EIGRP Protocol policy with the selected Autonomous System number.
    Create the Routed Outside object and Node Profile, selecting EIGRP.
    Configure the Interface profile, selecting Routed Interface and the appropriate interfaces.
    Create the External Network object with a network of 0.0.0
    .
  2. Set up the EIGRP Protocol policy with the selected Autonomous System number.
    Set up the Routed External Network object and Node Profile, selecting EIGRP.
    Create the Switch profile, selecting Port-channel and the appropriate interfaces.

    Create the default network and associate it with the Routed Outside object.
  3. Set up the BGP Protocol policy with the Autonomous System number of 0.
    Configure an Interface policy and an External Bridged Domain.
    Create an External Bridged Network using the configured VLAN pool.
    Build the Leaf profile, selecting Routed sub-interface and the appropriate VLAN.
  4. Configure the OSPF Protocol policy with an area of 0.
    Create Routed Outside object and Node Profile, selecting OSPF as the routing protocol.
    Build the Interface profile, selecting Routed Sub-interface and the appropriate VLAN.
    Configure the External Network object with a network of 0 0.0
    .

Answer(s): D

Explanation:

Option D is correct because the scenario requires a link-state protocol that supports hierarchical network design for L3 Out in ACI, and OSPF is the appropriate protocol policy for external routed connections with an area of 0 in ACI External Routed domains. A) and B) identical incorrect options claim EIGRP policy but EIGRP is not a standard in ACI for L3Out with OSPF hierarchical design. C) BGP policy with AS 0 is invalid for this L3Out use case and does not align with the required hierarchical link-state design. D) correctly specifies OSPF with area 0 to meet the requirements.



An engineer is in the process of discovering a new Cisco ACI fabric consisting of two spines and four leaf switches. The discovery of leaf 1 has just been completed. Which two nodes are expected to be discovered next? (Choose two.)

  1. leaf 2
  2. leaf 4
  3. spine 1
  4. leaf 3
  5. spine 2

Answer(s): C,E

Explanation:

Option C is correct because initial fabric discovery progresses from the first leaf to discover its neighboring spine nodes, establishing control-plane connectivity with spine devices. In a two-spine, four-leaf ACI fabric, after leaf 1, the two spines (spine 1 and spine 2) are discovered next to form the fabric’s backbone before full leaf-to-leaf or leaf-to-leaf spine adjacencies are completed. Option E is correct for the same reason: the second spine (spine 2) is discovered next to spine 1 to complete the spine pair for the fabric’s control plane. Incorrect — A, B, D describe other leaves; discovery of additional leaves typically follows spine discovery, not preceding it. Incorrect — Leaf 2, leaf 4, and any order of their discovery is contingent on spine readiness, not required immediately after leaf 1.


Reference:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/GSG/ b_APIC_Getting_Started_Guide_Rel_2_x/b_APIC_Getting_Started_Guide_Rel_2_x_chapter_0100.pdf



A bridge domain for an EPG called "Web Servers" must be created in the Cisco APIC. The configuration must meet these requirements:

Only traffic to known MAC addresses must be allowed to reduce noise.



The multicast traffic must be limited to the ports that are participating in multicast routing.



The endpoints within the bridge domain must be kept in the endpoint table for 20 minutes without any



updates.

Which set of steps configures the bridge domain that satisfies the requirements?

  1. Switch L2 Unknown Unicast to Flood.
    Select the default Endpoint Retention Policy and set the Local Endpoint Aging to 20 minutes.
    Set Multicast Destination Flooding to Flood in Encapsulation.
  2. Set L2 Unknown Unicast to Hardware Proxy.
    Configure L3 Unknown Multicast Flooding to Optimized Flood.
    Create an Endpoint Retention Policy with a Local Endpoint Aging Interval of 1200 seconds.
  3. Multicast Destination Flooding should be set to Flood in BD.
    Set L3 Unknown Multicast Flooding to Flood.
    Select the default Endpoint Retention Policy with a Local Endpoint Aging Interval of 1200 seconds.
  4. Select the ARP Flooding checkbox.
    Create an Endpoint Retention Policy with a Remote Endpoint Aging Interval of 20 minutes.
    Set L3 Unknown Multicast Flooding to Optimized Flooding.

Answer(s): B

Explanation:

Option B
A) Incorrect — L2 Unknown Unicast should be set to Hardware Proxy is not the mechanism for enforcing explicit known-MAC filtering or controlling multicast behavior in this scenario.
B) Correct — Setting L2 Unknown Unicast to Hardware Proxy aligns with restricting traffic to known MAC addresses and leverages APIC/BD policies to constrain unknown traffic, meeting noise reduction while preserving endpoint learn/aging semantics.
C) Incorrect — Multicast Destination Flooding to Flood in BD does not address known-MAC enforcement or endpoint aging requirements; it governs multicast flood behavior only.
D) Incorrect — ARP Flooding checkbox is unrelated to controlling unknown unicast, endpoint retention, or multicast port-eligibility in this context.



An engineer is troubleshooting fabric discovery in a newly deployed Cisco ACI fabric and analyzes this output:



Which ACI fabric address is assigned to interface lo1023?

  1. VXLAN tunnel endpoint
  2. Physical tunnel endpoint
  3. Fabric tunnel endpoint
  4. Dynamic tunnel endpoint

Answer(s): C

Explanation:

Option C is correct because lo1023 is shown as a fabric tunnel endpoint in the ACI fabric discovery output, which identifies the ACI fabric IP addressing for inter-node control-plane and data-path encapsulation within the fabric. Incorrect — A) VXLAN tunnel endpoint refers to endpoint for VXLAN encapsulated traffic but not the fabric discovery address specifically. Incorrect — B) Physical tunnel endpoint is not a standard ACI term for fabric discovery addressing. Incorrect — D) Dynamic tunnel endpoint is not a defined ACI construct for fabric discovery addressing.



The company's Cisco ACI fabric hosts multiple customer tenants. To meet a service level agreement, the company is constantly monitoring the Cisco ACI environment. Syslog is one of the methods used for monitoring. Only events related to leaf and spine environmental information without specific customer data should be logged. To which ACI object must the configuration be applied to meet these requirements?

  1. infra tenant
  2. access policy
  3. switch profile
  4. fabric policy

Answer(s): D

Explanation:

Option D is correct because fabric policies in Cisco ACI govern global fabric behavior, including environmental logging settings at the fabric level, which apply across tenants and do not expose specific tenant data. This aligns with logging leaf/spine environmental information without per-tenant data.
A) infra tenant — Incorrect — infra is an internal tenant for fabric infrastructure objects, but environmental logging scope at the fabric level is not restricted to infra tenant data and requires fabric-wide policy.
B) access policy — Incorrect — access policies control contract and endpoint access behavior, not fabric-wide environmental logging configuration.
C) switch profile — Incorrect — switch profiles configure switch-level features and policies, but the question requires a fabric-wide logging scope independent of individual switches.





Refer to the exhibit. A client is configuring a new Cisco ACI fabric. All VLANs will be extended during the migration phase using the VPC connections on leaf switches 3, 4 and leaf switches 5, 6 toward the legacy network. The migration phase has these requirements:

The legacy switches must be able to transfer BPDUs through the ACI fabric.



If the legacy switches fail to break a loop, Cisco ACI must break the loop.



Which group settings must be configured on VPC interface policy groups ipg_vpc-legacy_1 and ipg_vpc- legacy_2 to meet these requirements?

  1. MCP: enabled
    BPDU Guard: disabled
    BPDU Filter: disabled
  2. MCP: disabled
    BPDU Guard: enabled
    BPDU Filter: enabled
  3. MCP: enabled
    BPDU Guard: enabled
    BPDU Filter: disabled
  4. MCP: disabled
    BPDU Guard: disabled
    BPDU Filter: enabled

Answer(s): A

Explanation:

Option A is correct because MCP (MAC Pinning Control) must be enabled to allow the legacy switches to forward BPDUs through the ACI fabric via VPC without mislearning or loop protection interference. Enabling MCP ensures consistent MAC pinning behavior across the VPC peers, which helps preserve BPDU traversal while still allowing ACI to detect and break loops if a legacy device creates one.
B, C, D are incorrect because they imply different MCP states or configurations that do not provide the required balance of BPDU forwarding and loop protection in the migration scenario. Specifically, enabling MCP is the necessary condition to support stable BPDU passthrough in VPC legacy connections.



A Cisco ACI fabric is connected to an external Cisco Catalyst switch. Which set of actions must be taken for Cisco ACI leaf and spine switches to be managed from the management port?

  1. Provide default/common contract by external management network under tenant mgmt.

    Consume default/common contract by out-of-band EPG.
  2. Provide default/mgmt contract by out-of-band EPG.
    Consume default/mgmt contract by external management network under tenant common.
  3. Provide default/mgmt contract by external management network under tenant common.
    Consume default/mgmt contract by out-of-band EPG.
  4. Provide default/common contract by out-of-band EPG.
    Consume default/common contract by external management network under tenant mgmt.

Answer(s): D

Explanation:

Option D is correct because managing ACI leaf/spine from the management port requires exposing the default/common contract via the out-of-band (OOB) EPG, enabling management-plane access independent of tenant networks. A) and C) incorrectly reference the external management network under tenant mgmt/common, which is not the standard approach for OOB management in this scenario. B) incorrectly uses the default/mgmt contract by the OOB EPG alone, but the key requirement is the default/common contract, not default/mgmt, when using the management port for out-of-band access. E and F are not present in the question.



A Cisco ACI fabric contains a tenant called Prod. User_1 must have write access to tenant Prod and full access to the fabric access policy. Which set of actions must be taken to meet these requirements?

  1. Associate User_1 to tenant Prod.
    Associate the security domain to the distinguished name of the fabric access policy.
    Create RBAC for the distinguished name of security domain.
  2. Associate User_1 to the distinguished name of the fabric access policy.
    Associate the security domain to RBAC.
    Create RBAC for the distinguished name of User_1.
  3. Associate User_1 to the fabric access policy.
    Associate the security domain to the fabric access policy.
    Create RBAC for the distinguished name of tenant Prod.
  4. Associate User_1 to the security domain.
    Associate the security domain to tenant Prod.
    Create RBAC for the distinguished name of fabric access policy.

Answer(s): D

Explanation:

Option D is correct because assigning User_1 to the security domain ensures they inherit the necessary RBAC permissions scoped to that domain, granting them write access to the Prod tenant and full access to the fabric access policy via domain-level authorization in ACI RBAC.
A) Incorrect — Associating User_1 to the tenant Prod only grants tenant scope, not the required RBAC or fabric-access-policy domain linkage to enforce write and full access across the fabric.
B) Incorrect — Associating to the distinguished name of the fabric access policy confers policy-level access, but does not establish the necessary domain RBAC or tenant-scoped permissions for User_1.
C) Incorrect — Directly associating to the fabric access policy yields policy-level permissions but bypasses the security-domain RBAC linkage needed for proper Tenant and Fabric policy enforcement.



Viewing page 7 of 50
Viewing questions 49 - 56 out of 389 questions


300-620 Exam Discussions & Posts (Share your experience with others)

AI Tutor AI Tutor 👋 I’m here to help!