Exam2pass
0 items Sign In or Register
  • Home
  • IT Exams
  • Guarantee
  • FAQs
  • Reviews
  • Contact Us
  • Demo
Exam2pass > Cisco > CCNP Data Center > 300-620 > 300-620 Online Practice Questions and Answers

300-620 Online Practice Questions and Answers

Questions 4

On which two interface types should a user configure storm control to protect against broadcast traffic? (Choose two.)

A. APIC facing interfaces

B. port channel on a single leaf switch

C. all interfaces on the leaf switches in the fabric

D. endpoint-facing trunk interface

E. fabric uplink interfaces on the leaf switches

Buy Now

Correct Answer: BD

Typically, a fabric administrator configures storm control in fabric access policies on the following interfaces:

1.

A regular trunk interface.

2.

A direct port channel on a single leaf switch.

3.

A virtual port channel (a port channel on two leaf switches).

Reference:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/L2_config/b_Cisco_APIC_Layer_2_Configuration_Guide/ b_Cisco_APIC_Layer_2_Configuration_Guide_chapter_01010.html

Questions 5

The unicast routing feature is enabled on the bridge domain. Which two conditions enable the Cisco ACI leaf to learn a source IP as a local endpoint? (Choose two.)

A. Through Ethernet traffic received in a bridge domain.

B. IP traffic routed through an SVI.

C. Through VXLAN traffic received on the uplink.

D. IP traffic routed through a Layer 3 Out.

E. Through ARP received on an SVI.

Buy Now

Correct Answer: BE

Questions 6

An engineer must create a backup of the Cisco ACI fabric for disaster recovery purposes. The backup must be transferred over a secure and encrypted transport. The backup file must contain all user and password related information. The engineer also wants to process and confirm the backup file validity by using a Python script. This requires the data structure to have a format similar to a Python dictionary. Which configuration set must be used to meet these requirements?

A. Under the Create Remote location settings, select Protocol: FTP Under the Export policy, select

-Format: XML

-Modify Global AES Encryption Settings: Enabled

B. Under the Create Remote location settings, select Protocol: FTP Under the Export policy, select

-Format: XML

-Modify Global AES Encryption Settings: Disabled

C. Under the Create Remote location settings, select Protocol: SCP Under the Export policy, select

-Format: JSON

-Modify Global AES Encryption Settings: Disabled

D. Under the Create Remote location settings, select Protocol: SCP Under the Export policy, select

-Format: JSON

-Modify Global AES Encryption Settings: Enabled

Buy Now

Correct Answer: D

Questions 7

An engineer must securely export Cisco APIC configuration snapshots to a secure, offsite location The exported configuration must be transferred using an encrypted tunnel and encoded with a platform-agnostic data format that provides namespace support. Which configuration set must be used?

A. Policy: Export Policy Protocol: TLS Format: JSON

B. Policy: Import Policy Protocol: TLS Format: XML

C. Policy: Import Policy Protocol: SCP Format: JSON

D. Policy: Export Policy Protocol: SCP Format: XML

Buy Now

Correct Answer: D

Questions 8

What do Pods use to allow Pod-to-Pod communication in a Cisco ACI Multi-Pod environment?

A. over Layer 3 directly connected back-to-back spines

B. over Layer 3 Out connectivity via border leafs

C. over Layer 3 IPN connectivity via border leafs

D. over Layer 3 IPN connectivity via spines

Buy Now

Correct Answer: D

Reference: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-737855.html

Questions 9

An engineer must configure a Layer 3 connection to the WAN router. The hosts in production VRF must access WAN subnets. The engineer associates EPGs in the production VRF with the external routed domain. Which action completes the task?

A. Configure the Export Route Control Subnet scope for the external EPG.

B. Configure the External Subnets for the External EPG scope for the external EPG.

C. Configure the Import Route Control Subnet scope for the external EPG.

D. Configure the Shared Route Control Subnet scope for the external EPG.

Buy Now

Correct Answer: B

External Subnets for the External EPG (also called Security Import Subnet) - This option does not control the movement of routing information into or out of the fabric. If you want traffic to flow from one external EPG to another external EPG or to an internal EPG, the subnet must be marked with this control. If you do not mark the subnet with this control, then routes learned from one EPG are advertised to the other external EPG, but packets are dropped in the fabric. The drops occur because the APIC operates in a allowed list model where the default behavior is to drop all data plane traffic between EPGs, unless it is explicitly permitted by a contract. The allowed list model applies to external EPGs and application EPGs. When using security policies that have this option configured, you must configure a contract and a security prefix.

Questions 10

What are two PBR characteristics of the Cisco ACI Active-Active Across Pods deployment mode in Cisco ACI Multi-Pod design? (Choose two.)

A. Traffic is dynamically redirected to the firewall that owns the connection.

B. Deployment occurs in transparent mode.

C. The connection state is unsynchronized.

D. Deployment occurs in go-to mode only.

E. This mode causes the traffic to flow asymmetrically.

Buy Now

Correct Answer: AD

Active-active firewall cluster stretched across pods: beginning with Cisco ACI Release 3.2(4d), an active/active firewall cluster can be stretched across pods. When deploying Cisco ASA or Cisco Firepower firewall appliances, this deployment model takes the name of “split spanned EtherChannel” and ensures that all the nodes of the cluster “own” the same MAC/IP values so that the stretched firewall cluster appears as a single logical entity to the ACI Multi-Pod fabric. This deployment model removes any concern about the possible creation of asymmetric traffic paths for both east-west and north-south traffic flows, as traffic will be dynamically redirected to the specific firewall node owning the connection state for that specific traffic flow.

https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739571.html

Questions 11

Where are STP BPDUSs flooded in Cisco ACI fabric?

A. in the access encapsulation VLAN part of different VLAN pools

B. in the bridge domain VLAN

C. in the native VLAN ID

D. in the VNID that is assigned to the FD VLAN

Buy Now

Correct Answer: D

ACI floods STP Bridge Protocol Data Units (BPDUs) to the VXLAN network identifier (VNID) assigned to the FD VLAN (VNID is assigned through the VLAN pool so encapsulation has to be part of same VLAN pool to be in part of same STP domain). So in effect, it operates as an Ethernet hub when it comes to Spanning Tree. When external L2 switches are connected to an ACI leaf, they default to full-duplex operation. In the STP world, this equates to a P2P link type

https://www.cisco.com/c/en/us/support/docs/cloud-systems-management/application-policy-infrastructure-controller-apic/211236-ACI-operation-with-L2-switches-and-Spann.pdf

Questions 12

An engineer plans a Cisco ACI firmware upgrade. The ACI fabric consists of three Cisco APIC controllers, two spine switches, and four leaf switches. Two leaf switches have 1-Gb copper ports for bare metal servers, and the other two leaf switches have 10-Gb SFP ports to connect storage. Which set of actions accomplishes an upgrade with minimal disruptions?

A. Upgrade the APIC controllers by selecting the desired firmware and choosing Upgrade Now. Divide the switches into two upgrade groups: spines and leaves. Start the firmware upgrade on the spine upgrade group and then proceed with the leaf upgrade group.

B. Upgrade the APIC controllers by initiating the upgrade process that uses the most recent uploaded firmware. Divide the switches into three upgrade groups: spines, 1-Gb switches, and 10-Gb switches. Start the firmware upgrade on the spine upgrade group and then proceed with the other two groups.

C. Upgrade the APIC controllers by selecting the desired firmware and choosing Upgrade Now.

Divide the switches into two upgrade groups with one spine, one 1-Gb switch, and one 10-Gb switch per group.

Start the firmware upgrade on the first upgrade group and when it finishes, start the second upgrade group.

D. Upgrade the APIC controllers as a single group by selecting the firmware and choosing Upgrade Now. Divide the switches into four upgrade groups with one switch per group. Start the firmware upgrade on each upgrade group in succession until all four are complete.

Buy Now

Correct Answer: C

Questions 13

DRAG DROP

An engineer is configuring a VRF for a tenant named Cisco. Drag and drop the child objects on the left onto the correct containers on the right for this configuration.

Select and Place:

Buy Now

Correct Answer:

Exam Code: 300-620
Exam Name: Implementing Cisco Application Centric Infrastructure (DCACI)
Last Update: Jun 10, 2025
Questions: 309

PDF (Q&A)

$45.99
ADD TO CART

VCE

$49.99
ADD TO CART

PDF + VCE

$59.99
ADD TO CART

Exam2Pass----The Most Reliable Exam Preparation Assistance

There are tens of thousands of certification exam dumps provided on the internet. And how to choose the most reliable one among them is the first problem one certification candidate should face. Exam2Pass provide a shot cut to pass the exam and get the certification. If you need help on any questions or any Exam2Pass exam PDF and VCE simulators, customer support team is ready to help at any time when required.

Home | Guarantee & Policy |  Privacy & Policy |  Terms & Conditions |  How to buy |  FAQs |  About Us |  Contact Us |  Demo |  Reviews

2025 Copyright @ exam2pass.com All trademarks are the property of their respective vendors. We are not associated with any of them.