An engineer plans a Cisco ACI firmware upgrade. The ACI fabric consists of three Cisco APIC controllers, two spine switches, and four leaf switches. Two leaf switches have 1-Gb copper ports for bare metal servers, and the other two leaf switches have 10-Gb SFP ports to connect storage. Which set of actions accomplishes an upgrade with minimal disruptions?
A. Upgrade the APIC controllers by selecting the desired firmware and choosing Upgrade Now. Divide the switches into two upgrade groups: spines and leaves. Start the firmware upgrade on the spine upgrade group and then proceed with the leaf upgrade group.
B. Upgrade the APIC controllers by initiating the upgrade process that uses the most recent uploaded firmware. Divide the switches into three upgrade groups: spines, 1-Gb switches, and 10-Gb switches. Start the firmware upgrade on the spine upgrade group and then proceed with the other two groups.
C. Upgrade the APIC controllers by selecting the desired firmware and choosing Upgrade Now.
Divide the switches into two upgrade groups with one spine, one 1-Gb switch, and one 10-Gb switch per group.
Start the firmware upgrade on the first upgrade group and when it finishes, start the second upgrade group.
D. Upgrade the APIC controllers as a single group by selecting the firmware and choosing Upgrade Now. Divide the switches into four upgrade groups with one switch per group. Start the firmware upgrade on each upgrade group in succession until all four are complete.
A Cisco ACI fabric is integrated with VMware VDS. The fabric must apply a security policy to check the integrity of traffic out of the network adapter. Which action must be taken to drop the packet when the ESXi host discovers a mismatch between the actual source MAC address transmitted by the guest operating system and the effective MAC address of the virtual machine adapter?
A. Reject MAC changes.
B. Reject forged transmits.
C. Accept MAC changes.
D. Accept forged transmits.
How does Cisco ACI manage the old endpoint information on the original leaf switch after an endpoint moves between two Cisco ACI leaf switches?
A. A bounce entry is created by COOP communication instead of data plane learning.
B. A remote endpoint is created to represent the endpoint on another leaf.
C. Cisco APIC deletes an endpoint after receiving GARP packets from the new leaf.
D. The spine switch pushes all endpoint database entries to all leaf switches.
An engineer discovered an outage on the mgmt0 port of Leaf113 and Leaf114. Both leaf switches were recently registered in the fabric and have health scores of 100. The engineer discovers there is no IP address assigned to the mgmt0 interface of the switches. Which action resolves the outage?
A. Statically bind the mgmt0 interface of Leaf113 and Leaf114 to the oob-default EPG.
B. Enable Leaf113 and Leaf114 mgmt0 under the leaf switch.
C. Associate the oobbrc-default contract to Leaf113 and Leaf114.
D. Add Leaf113 and Leaf114 to the node management address policy.
A Cisco ACI leaf switch learns the source IP address of a packet that enters the front panel port of the switch. Which bridge domain setting is used?
A. ARP Flooding
B. L3 Unknown Multicast Flooding - Flood
C. L2 Unknown Unicast - Hardware proxy
D. Unicast Routing
When Layer 3 routed traffic is destined to a Cisco ACI fabric, which mechanism does ACI use to detect silent hosts?
A. gratuitous ARP
B. ARP gleaning
C. proxy ARP
D. inverse ARP
An engineer must attach an ESXi host to the Cisco ACI fabric. The host is connected to Leaf 1 and has its gateway IP address 10.10.10.254/24 configured inside the ACI fabric. A new firewall is attached to Leaf 2 and mapped to the same EPG and BD as the ESXi host. The engineer must migrate the gateway of the ESXi host to the firewall. Which configuration set accomplishes this goal?
A. Disable unicast routing. Configure IP address 10.10.10.254/24 on the ACI BD.
B. Disable unicast routing. Define IP address 10.10.10.254/24 on the firewall.
C. Enable unicast routing. Configure IP address 10.10.10.254/24 on the ACI EPG.
D. Enable unicast routing. Set IP address 10.10.10.254/24 on the firewall.
A VM called App_1 belongs to VLAN 10. VM App_2 belongs to VLAN 20. Pool_1 contains VLAN 10 and Pool_2 contains VLAN 20. Currently, AP_1 is located on Server 1. The Cisco ACI fabric has these configurations:
The two physical domains are called Phys_1 and Phys_2.
The two VLAN pools are called Pool_1 and Pool_2.
The two AAEPs are called AAEP_1 and AAEP_2.
An engineer must replace App_1 with App_2. Which action under the VPC interface policy group accomplishes this goal?
A. Configure Phys_2.
B. Map VM App_2.
C. Attach AAEP_2.
D. Assign Pool_2.
A Cisco ACI fabric with an ARP packet must ensure detection of silent hosts with an ARP packet. The current bridge domain is configured with hardware proxy and unicast routing. Which step must be taken on the bridge domain to complete the configuration?
A. Set Optimized Flood for L3 Unknown Multicast.
B. Enable Flood in the bridge domain for Multi Destination Flooding.
C. Set L2 Unknown Unicast to Flood.
D. Enable ARP Flooding in the bridge domain.
An engineer is implementing an out-of-band (OOB) management access for the Cisco ACI fabric. The secure access must meet these requirements:
Only GUI and secure shell must be allowed to access the management interfaces of the ACIs.
The only IP ranges that must be permitted to connect the fabric will be 10.10.10.0/24 and 192.168.15.0/24.
Which configuration set meets these requirements?
A. Implement HTTPS and SSH protocol filters in the OOB contract. Add the required subnets to the external network instance profile.
B. Set up static IPs on the management interfaces from the required IP range. Add the required subnets to the external network instance profile.
C. Create an out-of-band EPG in the external management entity. Associate the management profile with the OOB contract.
D. Create an out-of-band EPG in the common tenant. Associate the external network instance profile with the OOB contract.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-620 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.