Cisco CCNP Data Center 300-620 Questions & Answers

• Question 81:

  A Solutions Architect is asked to design two data centers based on Cisco ACI technology that can extend L2/L3, VXLAN, and network policy across locations. ACI Multi-Pod has been selected. Which two requirements must be considered in this design? (Choose two.)

  A. ACI underlay protocols, i.e. COOP, IS-IS and MP-BGP, spans across pods. Create QoS policies to make sure those protocols have higher priority.

  B. A single APIC Cluster is required in a Multi-Pod design. It is important to place the APIC Controllers in different locations in order to maximize redundancy and reliability.

  C. ACI Multi-Pod requires an IP Network supporting PIM-Bidir.

  D. ACI Multi-Pod does not support Firewall Clusters across Pods. Firewall Clusters should always be local.

  E. Multi-Pod requires multiple APIC Controller Clusters, one per pod. Make sure those clusters can communicate to each other through a highly available connection.

  Correct Answer: BC

  Multipod is with only a single APIC cluster - multisite requires multiple clusters.

  "The entire network hence runs as a single large fabric from an operational perspective; however, ACI Multi-Pod introduces specific enhancements to isolate as much as possible the failure domains between Pods, contributing to increase the

  overall design resiliency. This is achieved by running separate instances of fabric control planes (IS-IS, COOP, MP-BGP) across Pods."

  https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-737855.html

• Question 82:

  A network engineer must configure a new SNMP configuration and syslog servers. The requirement is for all faults and events related to endpoint groups, bridge domains, and VRFs to be sent to it. Which action must be taken to meet the requirements?

  A. Enable access monitoring policies on the required endpoint groups, bridge domains, and VRFs.

  B. Utilize common tenant monitoring policies in the Cisco APIC.

  C. Configure fabric monitoring policies and attach to the spine switch in the fabric.

  D. Implement fabric-wide monitoring policies on all nodes.

  Correct Answer: D

  Below are the high-level steps required to successfully configuring your ACI Fabric to send messages to an external SYSLOG server.

  -Ensure that your Out-of-Band -or- Inband Contracts permit UDP Port 514. -Create a SYSLOG Destination -Create ACI Fabric Monitoring Sources -Select and Configure the appropriate Fabric-level Fabric SYSLOG events (Fabric > Fabric) -Fabric > Fabric > Policies > Monitoring > Common Policy -Fabric > Fabric > Policies > Monitoring > default -(optional) Fabric > Fabric > Policies > Monitoring > Common Policy > Syslog Message Policies > Policy for system syslog messages -Select and Configure the appropriate Access-level SYSLOG events (Fabric > Access) -Select and Configure the appropriate Tenant-level SYSLOG events (Tenants > common > Policies > Monitoring > default

• Question 83:

  A network engineer must integrate VMware vCenter cluster with Cisco ACI. The requirement is for the management traffic of the hypervisors and VM controllers to use the virtual switch associated with the Cisco Application Policy. The EPG called "Vmware-MGMT" with VLAN 300 has been created for this purpose. Which set of steps must be taken to complete the configuration?

  A. Add VLAN 300 with static allocation to the VLAN POOL that is used for VMM integration. Attach the VMM domain to the target EPG with resolution preprovision, mode static, untagged access VLAN, and Port-Encap 300.

  B. Associate the target EPG with the VMM domain with default settings. Enable Infrastructure VLAN on AAEP used toward VMware hypervisors.

  C. Enable Infrastructure VLAN on AAEP used toward VMware hypervisors. Associate the target EPG with the VMM domain with default settings.

  D. Enable Infrastructure VLAN on AAEP used toward VMware hypervisors. Create a static binding in the target EPG toward VMware hypervisors with VLAN 300, untagged access VLAN, and Untagged 802.1P mode.

  Correct Answer: A

• Question 84:

  Refer to the exhibit.

  

  A Cisco ACI fabric displays this fault. Which set of actions modifies the event to be displayed as a warning in the future?

  A. Navigate to the ACI Events tab. Create a new record.

  B. Navigate to the ACI Fault tab. Create a new record.

  C. Navigate to the ACI Events tab. Change the severity level.

  D. Navigate to the ACI Fault tab. Change the severity level.

  Correct Answer: C

  In the Events tab of an APIC GUI component, you can change the severity of a displayed event or you can suppress (squelch) it altogether.

  Step 1: Navigate to the Events tab that currently displays an instance of the event.

  Step 2: Choose one of the following actions:

  To change the severity of these events, right-click the row of the desired event code, select Change Severity, select the desired severity level, and click Change Severity. To prevent these events from appearing in event reports (squelching the event), right-click the row of the desired event code, select Ignore Event, then click Ignore Event.

  With either of these actions, a dialog box appears in which you can confirm the selected action. In both cases, the dialog box displays the path to the Affected Monitoring Policy, which will be automatically modified as a result of the action. To undo the action later, you can navigate to this policy and manually modify it as described in Changing Event Severity or Squelching an Event in the Monitoring Policy.

• Question 85:

  A bridge domain for a new endpoint group in the Cisco ACI fabric must meet these requirements:

  1.

  The bridge domain must function as the default gateway for the subnet so that routing remains within the Cisco ACI fabric.

  2.

  ARP requests must be managed via Layer 3 unicast packets or be dropped to reduce excessive broadcast traffic.

  3.

  The impact of misconfigured virtual machines must be kept to a minimum by preventing IP addresses outside of the configured subnet from being routed.

  Which set of actions must be taken?

  A. Disable ARP Flooding. Enable Limit IP Learning to Subnet. Enable Unicast Routing on the bridge domain and configure a subnet.

  B. Enable Limit IP Learning to Subnet. Enable Unicast Routing on the bridge domain and configure a subnet. Set Multi-Destination Flooding to Flood in BD.

  C. Set Endpoint Retention Policy to default. Enable ARP Flooding. Enable Unicast Routing on the bridge domain and configure a subnet.

  D. Enable Unicast Routing on the bridge domain and configure a subnet. Set L2 Unknown Unicast to Flood. Disable Endpoint Retention Policy.

  Correct Answer: A

  Unicast Routing: If this setting is enabled and a subnet address is configured, the fabric provides the default gateway function and routes the traffic. Enabling unicast routing also instructs the mapping database to learn the endpoint IP-to-VTEP mapping for this bridge domain. The IP learning is not dependent upon having a subnet configured under the bridge domain.

  Limit IP Learning To Subnet: Prevents the local IP endpoint from being learned outside the subnets configured on the bridge domain. Prevents mis-learning of IP addresses that may not belong to the fabric.

  ARP Flood is off: ARP Request is handled as L3 Unicast

• Question 86:

  An engineer configures a one-armed policy-based redirect service Insertion for an unmanaged firewall. The engineer configures these Cisco ACI objects:

  1.

  a contract named All_Traffic_Allowed

  2.

  a Layer 4 to Layer 7 device named FW-Device

  3.

  a policy-based redirect policy named FW-1Arm-Policy-Based RedirectPolicy

  Which configuration set redirects the traffic to the firewall?

  A. Configure a policy-based redirect subject. Associate the policy-based redirect subject with All_Traffic_Allowed.

  B. Configure a firewall bridge domain. Associate the bridge domain with FW-Device.

  C. Configure a device interface policy. Associate the device interface policy with FW-Device.

  D. Configure a service graph. Associate the service graph with All_Traffic_Allowed.

  Correct Answer: D

• Question 87:

  Refer to the exhibit.

  

  The Cisco ACI fabric has an egress L3Out from Leaf-101 and Leaf-102 to CORE-1. VLAN 102 is used to form the OSPF adjacency. The workloads must be migrated into EPG-101, and the static port binding is configured to Leaf-103 e1/1 with encap VLAN 101. An engineer completes the port binding and receives an MCP fault. Which action clears the fault?

  A. Use VLAN 101 for OSPF adjacency on the egress L3Out.

  B. Use VLAN 102 as the encap VLAN on the EPG-101 static port binding.

  C. Add VLAN 102 to the VLAN pool that is used by the static port binding.

  D. Prune VLAN 101 from the VLAN pool that is used by the egress L3Out.

  Correct Answer: D

• Question 88:

  Refer to the exhibit.

  

  The EPG-100 must be extended to the vCenter as a port group with a tagged VLAN ID of 100. Which set of actions accomplishes this goal?

  A. 1. Define a static VLAN range (from 100-200) under a VLAN pool that is associated with the dc1vcdev domain.

  2. Associate the dc1vcdev domain with EPG and select these settings:

  Untagged VLAN Access: unselected

  VLAN Mode: Static with Encap: 100

  B. 1. Define a static VLAN range (from 100-200) under a VLAN pool that is associated with the dc1vcdev domain.

  2. Associate the dc2vcdev domain with EPG and select these settings:

  Untagged VLAN Access: selected

  VLAN Mode: Static with Encap: 100

  C. 1. Define a dynamic VLAN range (from 100-200) under a VLAN pool that is associated with the del vdev domain.

  2. Associate the dc1vcdev domain with EPG and select these settings:

  Untagged VLAN Access: unselected

  VLAN Mode: Static with Encap: 100

  D. 1. Define a dynamic VLAN range (from 100-200) under a VLAN pool that is associated with the dc1vdev domain.

  2. Associate the dc2vcdev domain with EPG and select these settings:

  Untagged VLAN Access: selected

  VLAN Mode: Static with Encap: 100

  Correct Answer: A

• Question 89:

  An engineer must add a group of 70 bare-metal ESXi servers to the Cisco ACI fabric, which is integrated with vCenter. These configuration steps are complete:

  1.

  The configured pool of ESXi hosts is configured with an Attachable Access Entity Profile (AAEP) called AEP_VMM.

  2.

  The new group uses the AAEP called AEP_BAREMETAL.

  Which action extends functional VMM integration to the new nodes?

  A. Update AAEP to AEP_VMM on all policy groups that are used toward bare-metal servers.

  B. Create a new AAEP container object for policy groups for AEP_VMM.

  C. Implement a separate VMM domain for the bare-metal servers by using AEP_VMM.

  D. Add the VMM domain under the AEP_BAREMETAL AAEP object.

  Correct Answer: D

• Question 90:

  Refer to the exhibit.

  

  A network engineer must complete the Cisco ACI implementation based on the logical system design created by the systems architect. Which Cisco ACI object is required where the dotted line indicates to complete the task?

  A. contract

  B. application profile

  C. context

  D. attachable Access Entity Profile

  Correct Answer: B

  A tenant in the ACI object model represents the highest level object. A tenant consists of networking-related objects such as VRFs, bridge domains and subnets, and policy-related objects such as application profiles, EPGs, and contracts.