Summer Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ex2p65

Exact2Pass Menu

Question # 4

An engineer must add a group of 70 bare-metal ESXi servers to the Cisco ACI fabric, which is integrated with vCenter. These configuration steps are complete:

The configured pool of ESXi hosts is configured with an Attachable Access Entity Profile (AAEP) called AEP_VMM.

The new group uses the AAEP called AEP_BAREMETAL.

Which action extends functional VMM integration to the new nodes?

A.

Update AAEP to AEP_VMM on all policy groups that are used toward bare-metal servers.

B.

Create a new AAEP container object for policy groups for AEP_VMM.

C.

Implement a separate VMM domain for the bare-metal servers by using AEP_VMM.

D.

Add the VMM domain under the AEP_BAREMETAL AAEP object.

Full Access
Question # 5

A network engineer mustconfigurea Cisco ACI system to detect network loops for untagged and tagged traffic The loop must be detected and slopped by disabling an interface within 4 seconds Which configuration must be used?

A.

Option A

B.

Option B

C.

Option C

Full Access
Question # 6

An engineermustsecurely export Cisco APIC configuration snapshots to a secure, offsite location The exported configuration must be transferred using an encrypted tunnel and encoded with a platform-agnostic data format that provides namespace support Which configuration set must be used?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 7

An engineer must limit management access to me Cisco ACI fabric that originates from a single subnet where the NOC operates. Access should be limited to SSH and HTTPS only. Where should the policy be configured on the Cisco APIC to meet the requirements?

A.

policy In the management tenant

B.

policy on the management VLAN

C.

ACL on the management interface of the APIC

D.

ACL on the console interface

Full Access
Question # 8

What must be configured to redistribute externally learned OSPF routes within the ACI fabric?

A.

Route Control Profile

B.

BGP Route Reflector

C.

BGP Inter-leak Route Map

D.

PIM Sparse Mode

Full Access
Question # 9

What controls communication between EPGs?

A.

Inter-EPG communication is controlled by BGP.

B.

Inter-EPG communication is controlled by contracts.

C.

Inter-EPG communication is controlled by IS-IS.

D.

Inter-EPG communication is controlled by VXLAN.

Full Access
Question # 10

A data center administrator is upgrading an ACI fabric. There are 3 APIC controllers in the fabric and all the servers are dual-homed to pairs of leaf switches configured in VPC mode. How should the fabric be upgraded to minimize possible traffic impact during the upgrade?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 11

Which statement about ACI syslog is true or Which statement describes the ACI syslog?

A.

Notifications for different scopes of syslog objects can be sent only to one destination.

B.

Syslog messages are sent to the destination through the spine.

C.

All syslog messages are sent to the destination through APIC.

D.

Switches send syslog messages directly to the destinations.

Full Access
Question # 12

What do Pods use to allow Pod-to-Pod communication in a Cisco ACI Multi-Pod environment?

A.

over Layer 3 directly connected back-to-back spines

B.

over Layer 3 Out connectivity via border leafs

C.

over Layer 3 IPN connectivity via spines

D.

over Layer 3 IPN connectivity via border leafs

Full Access
Question # 13

An ACI engineer is implementing a Layer 3 out inside the Cisco ACI fabric that must meet these requirements:

    The data center core switch must be connected to one of the leaf switches with a single 1G link.

    The routes must be exchanged using a link-state routing protocol that supports hierarchical network design.

    The data center core switch interface must be using 802.1Q tagging, and each vlan will be configured with a dedicated IP address.

Which set of steps accomplishes these goals?

A.

Set up the ElGRP Protocol policy with the selected Autonomous System number. Set up the Routed External Network object ana Node Profile, selecting ElGRP Create the Switch profile, selecting Port-channel and the appropriate interfaces Create the default network and associate it with the Routed Outside object.

B.

Set up the BGP Protocol policy with the Autonomous System number of 0.

Configure an interface policy and an External Bridged Domain.

Create an External Bridged Network using the configured VLAN pool.

Build the Leaf profile, selecting Routed sub-interface and the appropriate VLAN.

C.

Configure the OSPF Protocol policy with an area of 0.

Create Routed Outside object and Node Profile, selecting OSPF as the routing protocol. Build the Interface profile, selecting Routed Sub-interface and the appropriate VLAN. Configure the External Network object with a network of 0.0.0.0/0.

D.

Set up the ElGRP Protocol policy with the selected Autonomous System number. Create the Routed Outside object and Node Profile selecting ElGRP Configure the Interface profile selecting Routed Interface and the appropriate interfaces. Create the External Network object with a network of 0.0.0.0/0.

Full Access
Question # 14

An administrator must migrate the vSphere Management VMkernel of all ESXi hosts in the production cluster from the standard default virtual switch to a VDS that is integrated with APIC in a VMM domain. Which action must be completed in this scenario?

A.

The Management VMkernel EPG resolution must be set to Pre-Provosion.

B.

The administrator must create an in-band VMM Management EPG before performing the migration.

C.

The administrator must set the Management VMkernel BD resolution immediacy to On-Demand.

D.

The VMkernel Management BD must be located under the Management Tenant.

Full Access
Question # 15

Refer to the exhibit.

Which two components should be configured as route reflectors in the ACI fabric? (Choose two.)

A.

Spine1

B.

apic1

C.

Spine2

D.

Leaf1

E.

Leaf2

F.

apic2

Full Access
Question # 16

Which routing protocol is supported between Cisco ACI spines and IPNs in a Cisco ACI Multi-Pod environment?

A.

OSPF

B.

ISIS

C.

BGP

D.

EIGRP

Full Access
Question # 17

What is the purpose of the Overlay Multicast TEP in a Cisco ACI Multi-Site deployment?

A.

to source and receive unicast VXLAN data plane traffic

B.

to establish MP-BGP EVPN adjacencies with the spine nodes in remote sites

C.

to encapsulate multicast traffic in a common multicast group

D.

to perform head-end replication for BUM traffic

Full Access
Question # 18

An engineer is extending EPG connectivity to an external network. The external network houses the Layer 3 gateway and other end hosts. Which ACI bridge domain configuration should be used?

A.

Forwarding: Custom

L2 Unknown Unicast: Hardware Proxy L3 Unknown Multicast Flooding: Flood Multi Destination Flooding: Flood in BD ARP Flooding: Enabled

B.

Forwarding: Custom

L2 Unknown Unicast: Flood

L3 Unknown Multicast Flooding: Flood Multi Destination Flooding: Flood in BD ARP Flooding: Enabled

C.

Forwarding: Custom

L2 Unknown Unicast: Hardware Proxy L3 Unknown Multicast Flooding: Flood Multi Destination Flooding: Flood in BD ARP Flooding: Disabled

D.

Forwarding: Custom

L2 Unknown Unicast: Flood

L3 Unknown Multicast Flooding: Flood Multi Destination Flooding: Flood in BD ARP Flooding: Disabled

Full Access
Question # 19

What two actions should be taken to deploy a new Cisco ACI Multi-Pod setup? (Choose two.)

A.

Configure MP-BGP on IPN routers that face the Cisco ACI spines.

B.

Connect all spines to the IPN.

C.

Configure anycast RP for the underlying multicast protocol

D.

Configure the TEP pool of the new pod to be routable across the IPN.

E.

Increase interface MTU for all IPN routers to support VXLAN traffic.

Full Access
Question # 20

Refer to the exhibit.

A systems engineer is implementing the Cisco ACI fabric. However, the Server2 information is missing from the Leaf 101 endpoint table and the COOP database of the spine. The requirement is for the bridge domain configuration to enforce the ACI fabric to forward the unicast packets generated by Server1 destined to Server2. Which action must be taken to meet these requirements?

A.

Enable ARP Flooding

B.

Set L2 Unknown Unicast to Flood

C.

Set IP Data-Plane Learning to No

D.

Enable Unicast Routing

Full Access
Question # 21

An engineer is configuring ACI VMM domain integration with Cisco UCS-B Series. Which type of port channel policy must be configured in the vSwitch policy?

A.

LACP Active

B.

MAC Pinning

C.

LACP Passive

D.

MAC Pinning-Physical-NIC-load

Full Access
Question # 22

An engineer is extending an EPG out of the ACI fabric using static path binding. Which statement about the endpoints is true?

A.

Endpoints must connect directly to the ACI leaf port.

B.

External endpoints are in a different bridge domain than the endpoints in the fabric.

C.

Endpoint learning encompasses the MAC address only.

D.

External endpoints are in the same EPG as the directly attached endpoints.

Full Access
Question # 23

In the context of VMM, which protocol between ACI leaf and compute hosts ensures that the policies are pushed to the leaf switches for immediate and on demand resolution immediacy?

A.

VXLAN

B.

LLDP

C.

ISIS

D.

STP

Full Access
Question # 24

Which two components are essential parts of a Cisco ACI Virtual Machine Manager (VMM) domain policy configuration? (Choose two.)

A.

VMM domain profile

B.

EPG static port binding

C.

Layer 3 outside interface association

D.

IP address pool association

E.

EPG association

Full Access
Question # 25

An engineer is implementing Cisco ACI at a large platform-as-a-service provider using APIC controllers, 9396PX leaf switches, and 9336PQ spine switches. The leaf switch ports are configured as IEEE 802.1p ports. Where does the traffic exit from the EPG in IEEE 802.1p mode in this configuration?

A.

from leaf ports tagged as VLAN 0

B.

from leaf ports untagged

C.

from leaf ports tagged as VLAN 4094

D.

from leaf ports tagged as VLAN 1

Full Access
Question # 26

An engineer must set up a Cisco ACI fabric to send Syslog messages related to hardware events, such as chassis line card failures. The messages should be sent to a dedicated Syslog server. Where in the Cisco APIC should the policy be configured to meet this requirement?

A.

uni/tn-common/monepg-default

B.

uni/infra/monifra-default

C.

uni/fabric/monfab-default

D.

uni/fabric/moncommon

Full Access
Question # 27

An engineer configured a bridge domain with the hardware-proxy option for Layer 2 unknown unicast traffic. Which statement is true about this configuration?

A.

The leaf switch drops the Layer 2 unknown unicast packet if it is unable to find the MAC address in the local forwarding tables.

B.

The Layer 2 unknown hardware proxy lacks support of the topology change notification.

C.

The leaf switch forwards the Layers 2 unknown unicast packets to all other leaf switches if it is unable to find the MAC address in its local forwarding tables.

D.

The spine switch drops the Layer 2 unknown unicast packet if it is unable to find the MAC address in the proxy database.

Full Access
Question # 28

An engineer is implementing a Cisco ACI data center network that includes Cisco Nexus 2000 Series 10G fabric extenders. Which physical topology is supported?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 29

Drag and drop the Cisco ACI filter entry options from the left onto the correct categories on the right indicating what are required or optional parameters.

Full Access
Question # 30

Which type of port is used for in-band management within ACI fabric?

A.

spine switch port

B.

APIC console port

C.

leaf access port

D.

management port

Full Access
Question # 31

An engineer is troubleshooting fabric discovery in a newly deployed Cisco ACI fabric and analyzes this output:

Which ACI fabric address is assigned to interface lo1023?

A.

Dynamic tunnel endpoint

B.

Physical tunnel endpoint

C.

Fabric tunnel endpoint

D.

VXLAN tunnel endpoint

Full Access
Question # 32

When does the Cisco ACI leaf learn a source IP or MAC as a remote endpoint?

A.

When VXLAN traffic arrives on a leaf fabric port from the spine and outer source IP is in the Layer 3 Out EPG subnet range.

B.

When VXLAN traffic arrives on a leaf fabric port from the spine and outer source IP is in the bridge domain subnets range.

C.

When VXLAN traffic arrives on a leaf fabric port from the spine and inner source IP is in the Layer 3 Out EPG subnet range.

D.

When VXLAN traffic arrives on a leaf fabric port from the spine and inner source IP is in the bridge domain subnets range.

Full Access
Question # 33

An engineer configured Layer 2 extension from the ACI fabric and changed the Layer 2 unknown unicast policy from Flood to Hardware Proxy. How does this change affect the flooding of the L2 unknown unicast traffic?

A.

It is forwarded to one of the spines to perform as a spine proxy.

B.

It is flooded within the whole fabric.

C.

It is dropped by the leaf when the destination endpoint is not present in the endpoint table.

D.

It is forwarded to one of the APICs to perform as a proxy.

Full Access
Question # 34

Refer to the exhibit.

An engineer must implement the inter-tenant service graph. Which set of actions must be taken to accomplish this goal?

A.

• Define the contract in the provider tenant and export it to the consumer tenant.

• Define the L4-L7 device, service graph template, and ASA bridge domains in the provider tenant.

B.

• Define the contract in the provider tenant and export it to the consumer tenant.

• Define the L4-L7 device and service graph template in the provider tenant and the ASA bridge domains in the consumer tenant.

C.

• Define the contract in the provider tenant and export it to the provider tenant.

• Define the L4-L7 device and service graph template in the provider tenant and the ASA bridge domains in the consumer tenant.

D.

• Define the contract in the provider tenant and export it to the provider tenant.

• Define the L4-L7 device, service graph template, and ASA bridge domains in the consumer tenant.

Full Access
Question # 35

Regarding the MTU value of MP-BGP EVPN control plane packets in Cisco ACI, which statement about communication between spine nodes in different sites is true?

A.

By default, spine nodes generate 9000-bytes packets to exchange endpoints routing information. As a result, the Inter-Site network should be able to carry 9000-bytes packets.

B.

By default, spine nodes generate 1500-bytes packets to exchange endpoints routing information. As a result, the Inter-Site network should be able to carry 1800-bytes packets.

C.

By default, spine nodes generate 1500-bytes packets to exchange endpoints routing information. As a result, the Inter-Site network should be able to carry 1500-bytes packets.

D.

By default, spine nodes generate 9000-bytes packets to exchange endpoints routing information. As a result, the Inter-Site network should be able to carry 9100-bytes packets.

Full Access
Question # 36

Which two actions extend a Layer 2 domain beyond the ACI fabric? (Choose two.)

A.

extending the routed domain out of the ACI fabric

B.

creating a single homed Layer 3 Out

C.

creating an external physical network

D.

extending the bridge domain out of the ACI fabric

E.

extending the EPG out of the ACI fabric

Full Access
Question # 37

An engineer must ensure that Cisco ACI flushes the appropriate endpoints when a topology change notification message is received in an MST domain. Which three steps are required to accomplish this goal? (Choose three.)

A.

Enable the BPDU interface controls under the spanning tree interface policy.

B.

Configure a new STP interface policy.

C.

Bind the spanning tree policy to the switch policy group.

D.

Associate the STP interface policy to the appropriate interface policy group.

E.

Create a new region policy under the spanning tree policy.

F.

Map VLAN range to MAT instance number.

Full Access
Question # 38

The Application team reports that a previously existing port group has disappeared from vCenter. An engineer confirms that the VM domain association for the EPG is no longer present. Which action determines which user is responsible for the change?

A.

Check the EPG audit logs for the 'deletion' action and compare the affected object and user.

B.

Evaluate the potential faults that are raised for that EPG.

C.

Examine the health score and drill down to an object that affects the EPG combined score.

D.

Inspect the server logs to see who was logging in to the APIC during the last few hours.

Full Access
Question # 39

A network engineer is integrating a new Hyperflex storage duster into an existing Cisco ACI fabric The Hyperflex cluster must be managed by vCenter so a new vSphere Distributed switch must be created In addition the hardware discovery must be performed by a vendor-neutral discovery protocol Which set of steps meets these requirements'?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 40

A customer implements RBAC on a Cisco APIC using a Windows RADIUS server that is configured with network control policies. The APIC is as follows:

    Tenant = TenantX

    Security Domain = Tenantx-SD

    User = X

The customer requires User X to have access to TenantX only, without any extra privilege in the Cisco ACI fabric domain. Which Cisco AV pair must be implemented on the RADIUS server to meet these requirement?

A.

shell:domains = TenantX-SD/fabric-admin/,common//read-all

B.

shell:domains = TenantX-SD/tenant-admin

C.

shell:domains = TenantX-SD/tenant-ext-admin/,common//read-all

D.

shell:domains = TenantX-SD/tenant-admin/,common//read-all

Full Access
Question # 41

A network engineer must integrate VMware vCenter cluster with Cisco ACI. The requirement is for the management traffic of the hypervisors and VM controllers to use the virtual switch associated with the Cisco Application Policy. The EPG called "Vmware-MGMT" with VLAN 300 has been created for this purpose. Which set of steps must be taken to complete the configuration?

A.

Add VLAN 300 with static allocation to the VLAN POOL that is used for VMM integration.

Attach the VMM domain to the target EPG with resolution preprovision, mode static, untagged access VLAN, and Port-Encap 300.

B.

Associate the target EPG with the VMM domain with default settings.

Enable Infrastructure VLAN on AAEP used toward VMware hypervisors.

C.

Enable Infrastructure VLAN on AAEP used toward VMware hypervisors.

Associate the target EPG with the VMM domain with default settings.

D.

Enable Infrastructure VLAN on AAEP used toward VMware hypervisors.

Create a static binding in the target EPG toward VMware hypervisors with VLAN 300, untagged access VLAN, and Untagged 802.1P mode.

Full Access
Question # 42

An engineer configures a Cisco ACI Multi-Pod for disaster recovery. Which action should be taken for the new nodes to be discoverable by the existing Cisco APICs?

A.

Configure IGMPv3 on the interfaces of IPN routers that face the Cisco ACI spine.

B.

Enable subinterfaces with dot1q tagging on all links between the IPN routers.

C.

Enable DHCP relay on all links that are connected to Cisco ACI spines on IPN devices.

D.

Configure BGP as the underlay protocol in IPN.

Full Access
Question # 43

An ACI administrator notices a change in the behavior of the fabric. Which action must be taken to determine if a human intervention introduced the change?

A.

Inspect event records in the APIC UI to see all actions performed by users.

B.

Inspect /var/log/audit_messages on the APIC to see a record of all user actions.

C.

Inspect audit logs in the APIC UI to see all user events.

D.

Inspect the output of show command history in the APIC CLI.

Full Access
Question # 44

A company must connect three Cisco ACI data centers by using Cisco ACI Multi-Site. An engineer must configure the Inter-Site Network (ISN) between the existing sites. Which two configuration steps must be taken to implement the ISN? (Choose two.)

A.

Configure OSPF on subinterfaces on routers that are directly connected with spine nodes.

B.

Configure ISN site extension on Cisco routers in the network.

C.

Configure OSPF on all ISN routers.

D.

Configure BIDIR-PIM on all ISN routers.

E.

Configure encapsulation VLAN-4 between the routers and spine nodes.

Full Access
Question # 45

A RADIUS user resolves its role via the Cisco AV Pair. What object does the Cisco AV Pair resolve to?

A.

tenant

B.

security domain

C.

primary Cisco APIC

D.

managed object class

Full Access
Question # 46

The unicast routing feature is enabled on the bridge domain. Which two conditions enable the Cisco ACI leaf to learn a source IP as a local endpoint? (Choose two.)

A.

Through Ethernet traffic received in a bridge domain.

B.

IP traffic routed through an SVI.

C.

Through VXLAN traffic received on the uplink.

D.

IP traffic routed through a Layer 3 Out.

E.

Through ARP received on an SVI.

Full Access
Question # 47

When configuring Cisco ACI VMM domain integration with VMware vCenter, which object is created in vCenter?

A.

datacenter

B.

VMware vSphere Standard vSwitch

C.

VMware vSphere Distributed Switch

D.

cluster

Full Access
Question # 48

A Cisco ACI bridge domain and VRF are configured with a default data-plane learning configuration. Which two endpoint attributes are programmed in the leaf switch when receiving traffic? (Choose two.)

A.

Remote MAC. IP

B.

Remote Subnet

C.

Local IP, not MAC

D.

Local MAC, IP

E.

Local Subnet

F.

Remote IP

Full Access
Question # 49

Which feature should be disabled on a bridge domain when a default gateway for endpoints is on an external device instead of a Cisco ACI bridge domain SVI?

A.

unknown unicast flooding

B.

ARP flooding

C.

unicast routing

D.

proxy ARP

Full Access
Question # 50

An engineer wants to monitor all configuration changes, threshold crossing, and link-state transitions in a Cisco ACI fabric. Which action must be taken to receive the required messages?

A.

Add Faults and Events to the monitor policy.

B.

Add Session Logs and Audit Logs to the monitor policy.

C.

Include Audit Logs and Events in the Syslog source policy.

D.

Include Events and Session Logs in the Syslog source policy.

Full Access
Question # 51

An engineer is implementing a Cisco ACI environment that consists of more than 20 servers. Two of the servers support only Cisco Discovery Protocol with no order link discovery protocol. The engineer wants the servers to be discovered automatically by the Cisco ACI fabric when connected. Which action must be taken to meet this requirement?

A.

Create an override policy that enables Cisco Discovery Protocol after LLDP is enabled in the default policy group.

B.

Configure a higher order interface policy that enables Cisco Discovery Protocol for the interface on the desired leaf switch.

C.

Configure a lower order policy group that enables Cisco Discovery Protocol for the interface on the desired leaf switch.

D.

Create an interface profile for the interface that disables LLDP on the desired switch that is referenced by the interface policy group.

Full Access
Question # 52

An engineer must configure a Layer 3 connection to the WAN router. The hosts in production VRF must access WAN subnets. The engineer associates EPGs in the production VRF with the external routed domain. Which action completes the task?

A.

Configure the Export Route Control Subnet scope for the external EPG.

B.

Configure the External Subnets for the External EPG scope for the external EPG.

C.

Configure the Import Route Control Subnet scope for the external EPG.

D.

Configure the Shared Route Control Subnet scope for the external EPG.

Full Access
Question # 53

Refer to the exhibit. A Cisco APIC raises an error when the EPG must accept endpoints from a VMM domain created. Which action clears the fault?

A.

Expand the VLAN pool for the VMM domain.

B.

Create a bridge domain for the VMM domain.

C.

Associate the EPG with the VMM domain.

D.

Associate the VLAN pool with the VMM domain.

Full Access
Question # 54

A network engineer must backup the PRODUCTION tenant. The configuration backup should be stored on the APIC using a markup language and contain all secure information. Which export policy must be used to meet these requirement?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option D

D.

Option D

Full Access
Question # 55

Which two dynamic routing protocols are supported when using Cisco ACI to connect to an external Layer 3 network? (Choose two.)

A.

iBGP

B.

VXLAN

C.

IS-IS

D.

RIPv2

E.

eBGP

Full Access
Question # 56

Which protocol does ACI use to securely sane the configuration in a remote location?

A.

SCP

B.

HTTPS

C.

TFTP

D.

FTP

Full Access
Question # 57

An engineer must allow multiple external networks to communicate with internal ACI subnets. Which action should the engineer take to assign the prefix to the class ID of the external Endpoint Group?

A.

Enable the Export Route Control Subnet for the External Endpoint Group flag.

B.

Enable an L30ut with Shared Route Control Subnet.

C.

Configure subnets with the External Subnets for External EPG flag enabled.

D.

Configure subnets with the Import Route Control Subnet flag enabled.

Full Access