400-151 v2019-09-12 PDF

400-151
Number: 400-151
Passing Score: 800
Time Limit: 120 min
File Version: 1
400-151
Sections
1. Cisco Data Center L2/L3 Technologies
2. Cisco Data Center Network Services
3. Data Center Storage Networking and Compute
4. Data Center Automation and Orchestration
5. Data Center Fabric Infrastructure
6. Evolving Technologies
7. Mixed Questions
Exam A
QUESTION 1
Which two statements about VXLAN are true? (Choose two.)
A. VXLAN uses a UDP destination port of 4987.

B. A VTEP is a virtual or physical device that maps end devices to VXLAN segments.
C. Devices that terminate VXLAN tunnels are known as VTEPs.
D. VXLAN adds an additional 32 bytes worth of headers.
Correct Answer: BC
Section: Cisco Data Center L2/L3 Technologies
Explanation
Explanation/Reference:
Explanation:
QUESTION 2
Which statement about VTP bombing is true?
A. It occurs because of configuration mismatch on VTPv3 switches. This problem can be avoided using a
confirmation management tool.
B. It occurs when switches with different VTP versions are connected together. This situation may occur
when a new switch is plugged into a stable VTP domain. The MAC address table of the new switch
overrides the MAC address table of stable switches causing interruption of service.
C. It occurs when a client connects to a switch and launches a distributed denial of service attack against
the VTP domain. This attack is possible only ifthe client knows the VTP password.
D. It occurs when a server with a higher revision number and a wrong VTP database is inserted into the
VTP domain. This situation may occur when a new switch plugged into a stable VTP domain. The
incorrect database is propagated to the domain and the earlier stable database is overwritten.
Correct Answer: D
Explanation
Explanation:
QUESTION 3
Which three options are common PTP device types? (Choose three.)
A. network clock
B. sundials
C. boundary clock
D. transparent clock
E. ordinary clock
F. crystal clock
Correct Answer: CDE

Explanation
Explanation:
QUESTION 4
Which two options are functions of the 6LoWPAN header? (Choose two.)
A. packet fragmentation and reassembly

B. limit the lifespan of a packet (TTL)
C. IPv6 header compression
D. cyclic redundancy check
E. Layer 2 encryption
Correct Answer: AC
Explanation
Explanation:
QUESTION 5
Which two statements about IP-directed broadcast are true? (Choose two.)
A. The destination address in the IP header of the packet is rewritten to the configured IP broadcast
address for the subnet, and the packet is sent as a link-layer broadcast.
B. An IP-directed broadcast is an IP packet whose destination address is a valid broadcast address, and it
originates from a node that is also part of the same subnet.
C. A switch that is not directly connectedto its destination subnet forwards an IP-directed broadcast in the
same way it forwards unicast IP packets destined to a host on that subnet.
D. All switches in the network forward an IP-directed broadcast in the same way they forward multicast IP
packets.
Correct Answer: AC
Explanation
Explanation:
QUESTION 6
Which statement about glean throttling in Cisco NX-OS is true?
A. The traffic shaping feature in Cisco NX-OS to avoid bottle necks in the network.
B. Cisco NX-OS supports a rate-limiting feature to manage the access bandwidth policy for a network by
ensuring that traffic falling within specified rate parameters is sent, while dropping packets that exceed
the acceptable amount of traffic or sending them a different priority.
C. When forwarding an incoming IP packet in a line card, if the Address Resolution Protocol request for the
next hop is not resolved, the line card forwards the packets to the supervisor. The supervisor resolves
the MAC address for the next hop and programs the hardware.
D. The traffic policing feature manages the maximum rate of traffic through a token bucket algorithm. The
token bucket algorithm can use the user-configured values to determine the maximum rate of traffic
allowed on an interface at a given moment in time.
Correct Answer: C
Explanation
Explanation:
QUESTION 7
Which two guidelines apply to private VLAN configuration when you are running FabricPath (Choose two.)
A. On the F-Series modules, user-configured static MAC addresses are programmed on all forwarding
engines that have ports in that VLAN.
B. The system does support hierarchical static MAC addresses.
C. FabricPath ports can be put into a private VLAN.
D. All VLANs in a private VLAN must be in the same VLAN mode; either CE or FabricPath.
Correct Answer: AD
Explanation
Explanation:
QUESTION 8
Refer to the exhibit. If you inspect a VXLAN packet at point 2, which two options about the outer fields in the
VXLAN header are two? (Choose two.)
A. Outer S-IP = IP-1 ; Outer D-IP = IP-2.

B. Outer S-IP = IP-A : Outer D-IP = IP-B.
C. Outer S-MAC = MAC-1 ; Outer D-MAC= MAC-4.
D. Outer S-MAC = NAC-A ; Outer D-MAC = MAC-B.
E. Outer S-IP = IP-1 ; Outer D-IP = IP-4.
F. Outer S-MAC = MAC-1 ; Outer D-MAC = MAC-2
Correct Answer: EF
Explanation
Explanation:
QUESTION 9
For which two multicast distribution modes is RP Configuration required? (Choose two.)
A. BIDIR
B. RPF routes for multicast
C. SSM
D. ASM
Correct Answer: AD
Explanation
Explanation:
QUESTION 10
Refer to the exhibit. Within an ACI fabric, a routing protocol is needed to assist with route redistribution
between the outside networks and the internal fabric. Which routing protocol is needed to run in the fabric at
location 1 to allow the VM access to the networks advertised by the external Layer 3 network.
A. iBGP
B. eBGP
C. IS-IS
D. MP-BGP
E. OSPF
Correct Answer: D
Explanation
Explanation:
QUESTION 11
Which three limitations or requirements do MP-BGP-based EVPN addresses have compared to the initial
IETF VXLAN standard (RFC 7348)? (Choose three.)
A. requirement to disable multicast for underlay forwarding

B. network flooding through protocol-based host MAC/IP route distribution and ARP suppression on the
local VTEPs
C. active-passive multihoming at Layer 2
D. scalability limitations due to data-driven flood-and-learn behavior
E. control-plane learning of end-host Layer 2 and Layer 3 reachability information, which provides
integrated bridging and routing in VXLAN overlay networks.
Correct Answer: BDE

Explanation
Explanation:
QUESTION 12
Refer to the exhibit. When specifying subnets under a bridge domain for a given tenant, the user can
specify the scope of a subnet. Which definition of the public subnet scope is true?
A. It indicates that this subnet is advertised to the external router by the border leaf.
B. It indicates that this subnet is advertised to the border leaf in ACI fabric.
C. It indicates that it must be leaked to one or more private networks within ACI fabric.
D. It indicates that this subnet is advertised to public Internet and must be protected by a firewall.
Correct Answer: A
Explanation
Explanation:
QUESTION 13
Which three PVLAN port modes are supported on Cisco Nexus 9000? (Choose three.)
A. FEX port
B. port channels
C. community host
D. isolated host trunk
E. isolated host
F. virtual port channels
Correct Answer: CDE

Explanation
Explanation:
QUESTION 14
After VTEP devices have established BGP neighbor adjacencies with other VTEPs or with Internal BGP
route reflectors, which three pieces of information are exchanged through BGP? (Choose three.)
A. VTEP address
B. VTEP peer list
C. VPNv4 prefixes
D. router MAC address
E. Layer 3 VNI
Correct Answer: ADE

Explanation
Explanation:
QUESTION 15
While doing service insertion with vAsA with route peering, which two parts must be configured? (Choose
two.)
A. The chassis must be specified when the L4-L7 device is created.

B. The path for interfaces must be specified when the L4-L7 device is created.
C. The VM name must be specified when the L4-L7 device is created.
D. The route peering profile must be specified when the L4-L7 Service Graph template is created
Correct Answer: BD
Section: Cisco Data Center Network Services
Explanation
Explanation:
QUESTION 16
Refer to the exhibit. The L4-L7 Services were configured in the APIC, but you see this fault under Service
Graph. Which actions is the best way to resolve the problem?
A. This is a configuration issue. Make sure that unicast routing is enabled on the bridge domain that is
associated with the interfaces that are connected to the Citrix load balancer.
B. Reset the NetScaler load balancer.
C. Reimport the device package.
D. Delete the service graph and create it again.
Correct Answer: A
Explanation
Explanation:
QUESTION 17
In which EPG is the consumer interface of an L4-L7 device placed?
A. consumer EPG
B. shadow consumer EPG
C. shadow provider EPG
D. provider EPG
Correct Answer: B
Explanation
Explanation:
QUESTION 18
Which two options does ITD replace? (Choose two.)
A. policy-based routing
B. Layer 4 load balancer
C. access lists
D. Layer 7 load balancer
E. IP SLA
F. WCCP
Correct Answer: AF
Explanation
Explanation:
QUESTION 19
Which platforms support ITD?
A. Nexus 7000 and Nexus 9000 only

B. Nexus 7000, Nexus 9000, Nexus 6000, and Nexus 5000
C. Nexus 7000, Nexus 9000, and Nexus 5000 only
D. Nexus 7000 with F3 line cards only
E. Nexus 7000, Nexus 9000, and Nexus 6000 only
Correct Answer: B
Explanation
Explanation:
QUESTION 20
According to Cisco, which two options are benefits of ITD compared to WCCP? (Choose two.)
A. does not require authentication or certificates

B. weighted load distribution
C. much less configuration
D. transparent for service node
E. requires less TCAM entries
Correct Answer: BE
Explanation
Explanation:
QUESTION 21
On a cluster with three APICs, on which APIC can you see actual device package logs?
A. depending on the device package, on the APIC that is a leader for that device package
B. on the one that is a leader for device package service
C. APIC 1
D. depending on the tenant, on the APIC that is a leader for the shard for that particular tenant
Correct Answer: C
Section: Data Center Storage Networking and Compute
Explanation
Explanation:
QUESTION 22
On which two criteria can an endpoint be classified statically into an application EPG? (Choose two.)
A. VM name
B. physical leaf port
C. guest operating system
D. DNS host name
E. VLAN
Correct Answer: AE
Explanation
Explanation:
QUESTION 23
Which description of how to enable the Flex Flash Controller auto-sync function on the B200M4 blade is
true?
A. Enable auto-sync in the servers > inventory > storage subtab

B. Configure a storage connection policy to use auto-sync.
C. Configure a local disk policy for FlexFlash.
D. Configure a storage policy for FX3S.
Correct Answer: A
Explanation
Explanation:
QUESTION 24
Which description of how to enable DIMM Blacklisting is true?
A. Configure a memory policy in the equipment > policy subtab.

B. Enable blacklisting in the servers > policy subtab.
C. Configure a memory policy under the services tab.
D. Enable blacklisting in the servers inventory > memory subtab.
Correct Answer: B
Explanation
QUESTION 25
Refer to the exhibit. Which two CLI actions are appropriate to try to resolve the enhanced zoning lock
problem? (Choose two.)
A. Use theclear zone lockcommand to remove the lock. Use this command on each switch in thefabric for
VSAN 16 only.
B. Using either Cisco Fabric Manager or the CLI, reactivate the existing zone set for VSAN 16. Be careful
to only reactivate and not deactivate activate to avoid a disruption in service.
C. Use theshow zone internal vsan 16commandto determine the IP address of the user and MDS switch
where the lock is currently held.
D. Use theno zone commit vsan <vsan id> forcecommand on the switch that holds the lock to release the
lock if another user holds the lock.
E. Use theno zone commitvsancommand on the switch that holds the lock to release the lock if you are the
holder of the lock.
Correct Answer: AE
Explanation
Explanation:
QUESTION 26
Refer to the exhibit. Which outcome of this configuration is true?
A. Fabric interconnects can view neighbor switches.

B. It displays Cisco UCS Central on the UCSM portal page.
C. Itenables the CIM XML service.
D. It enables call home policies to take effect.
Correct Answer: A
Explanation
Explanation:
QUESTION 27
Refer to the exhibit. Which option describes when this server reboots?
A. immediately after the next change

B. when the user acknowledges thereboot
C. when the schedule is set to occur
D. when the vnic/vhba placement is changed
Correct Answer: D
Explanation
Explanation:
QUESTION 28
Which three statements are considered best practice when configuring an NFS appliance port on Cisco
UCS? (Choose three.)
A. If storage isconfigured in active/passive mode and both fabric interconnects require communication to
the same controller, then the appliance port VLANs should be allowed on the upstream switch.
B. If storage and servers are located in the same subnets, then the appliance port VLANs should be
allowed on the upstream switch.
C. Use of the same VLAN for multiple storage protocol traffic is highly recommended in converse VLAN
namespace use.
D. If storage must be accessed outside of the Cisco UCS domain, then the applianceport VLANs should be
allowed on the upstream switch.
E. Cisco UCS supports Static and Link Aggregation Control Protocol port channels for appliance port
configuration. However, no virtual port-channel support.
F. Configuration of the VLAN tagging on the storage side and on the Cisco UCS side simultaneously is
recommended.
Correct Answer: ABD

Explanation
Explanation:
Why Appliance Port VLANs Should be Allowed on Uplinks There are number of reasons why an upstream
switch should allow storage appliance port traffic. These include:
If storage must be accessed outside of the UCS domain.
If storage and servers are located in different subnets.
If storage is configured in Active/Passive mode and both fabric interconnects require communication to
the same controller.
Incertain failover scenarios.
References:
QUESTION 29
How do you manually configure a vNIC MAC address?
A. Use theset identity dymanic-maccommand.

B. Modify the dynamic vNIC connection policy.
C. Use themac-address-table staticcommand.
D. Modify the adapter policy.
Correct Answer: A
Explanation
Explanation:
QUESTION 30
In which location can device package logs be found?
A. /data/<device package name>/logs

B. /data/devicescrips/<devicepackage name>/logs
C. /var/sysmgr/tmp_logs/<device package name>/logs
D. /var/logs/dme/log/<device package name>/logs
E. /data/devicescrips/logs
Correct Answer: B
Explanation
Explanation:
QUESTION 31
The OS team has requested that you expand the receive queues of an existing server. Which action
accomplishes this change?
A. Configure and apply a custom LAN connectivity policy.

B. Reconfigure the default vNICbehavior.
C. Reconfigure the vNIC to the requested queue size.
D. Configure and apply a custom adapter policy.
Correct Answer: C
Explanation
Explanation:
QUESTION 32
How do you preprovision a Cisco UCS chassis?
A. Configure server pool policies for the chassis.

B. Associate service profiles to each slot.
C. Associate a service profile template to the chassis.
D. Select preprovision from the general menu of the chassis.
Correct Answer: B
Explanation
Explanation:
QUESTION 33
Refer to the exhibit. A virtual machine in the EPG “Clients” is unable to communicate via ICMP with a virtual
machine in the EPG “Server”. Which option is the most likely cause of this issue?
A. The EPG “Server” is providing the relevant contract but the EPG “Clients” is not consuming the contract.
B. Not enough detail is provided in the output to determine the exact cause.
C. There is no contract configured between the two EPGs.
D. There is no issue because the configured rules permit ICMP traffic.
Correct Answer: C
Explanation
Explanation:
QUESTION 34
Refer to the exhibit. After you upgrade Cisco UCS firmware, some of your blades have these error
messages. Which description of the problem is true?
A. vNIC template must be converted to updating.

B. Some components are deprecated.
C. Storage provisioning is not configured.
D. Service profile requires a connectivity policy.
Correct Answer: D
Explanation
Explanation:
QUESTION 35
Refer to the exhibit.
Which two statements about this configuration command sequence with regards to the Cisco Nexus 5500
are true? (Choose two.)
A. It reserves this FCID so only this node can use this FCID when communicating with other Fiber Channel
entities.
B. It configures this node to use FCID 0EFC2A to forward the FDISC to when an endpoint is connected.
C. It configures this node to use 0EFC2A as the last 3bytes of the FPMA.
D. It permits this node to form FCoE ISLs only with other nodes configured for the same FC-MAP.
E. It configures this node to use 0EFC2A as the first 3 bytes of the FPMA.
Correct Answer: BE
Explanation
Explanation:
QUESTION 36
Which two options are possible reasons for device being in “init” mode? (choose two.)
A. Incorrect VM is selected.
B. “http service enable” is not configured on the ASA.
C. No management interface is specified in “Cluster interfaces” section.
D. Incorrect “Function type” is selected.
E. No “chassis” is selected.
F. Incorrect credentials provided.
Correct Answer: BF
Explanation
Explanation:
QUESTION 37
Which three services request states are valid in Cisco UCS Director service request execution state?
(Choose three.)
A. listening
B. scheduled
C. failed
D. debugging
E. running
Correct Answer: BCE

Section: Data Center Automation and Orchestration
Explanation
Explanation:
QUESTION 38
Which network script automation option or tool is used in the exhibit?
A. NETCONF
B. Bash script
C. REST
D. Cisco EEM
E. Python
Correct Answer: E
Explanation
Explanation:
QUESTION 39
Which two statements about Cisco UCS Director workflow are true? (Choose two.)
A. Each task in workflow designer is built using Python script.

B. You arrange tasks in sequence and define inputs and outputs to those tasks. Outputs from earlier tasks
are available to use as inputs to any subsequent task.
C. You build workflows using a drag-and-drop user called workflow designer.
D. Looping and conditional branching cannot be implemented.
Correct Answer: BC
Explanation
Explanation:
QUESTION 40
Which Cisco UCS Director feature provides API information and API code generation capabilities that make
it easy to see and work with all the available APIs, including the REST APIs and the Java APIs?
A. orchestration feature set

B. REST API Browser
C. automation feature set
D. report metadata
Correct Answer: B
Explanation
References:
QUESTION 41
Which CISCO UCS director feature enables you to view the REST API URL for every report displayed in
Cisco UCS Director?
A. REST API Browser

B. automation feature set
C. orchestration feature set
D. report metadata
Correct Answer: D
Explanation
References:
QUESTION 42
Cisco UCS Director provides an option to offer the report metadata and Rest API Browser for developers.
Which configuration step is needed in Cisco UCS Director to enable this feature?
A. Enable report metadata.

B. Enable the REST API.
C. Enable the developer menu.
D. Enable the debugging menu.
Correct Answer: C
Explanation
Explanation:
QUESTION 43
Which programming language is used at the core of OpenStack?
A. Java
B. C++
C. Ruby
D. Python
Correct Answer: D
Explanation
Explanation:
QUESTION 44
Refer to the exhibit. Which two types of encapsulations can be used in each switching mode, when utilizing
the Cisco Application Virtual Switch in ACI fabric? (Choose two.)
A. Local Switching: VXLAN

B. No local Switching: VXLAN
C. Local Switching: VLAN
D. Local Switching: VLAN or VXLAN
E. No Local Switching: VLAN or VXLAN
Correct Answer: BD
Section: Data Center Fabric Infrastructure
Explanation
Explanation:
QUESTION 45
Refer to the exhibit. Health scores can be aggregated for a variety of areas such as for the system,
infrastructure, tenants, applications, or services.
Which health score level is the exhibit from APIC GUI an example of?
A. system
B. managed object
C. tenant
D. pod
Correct Answer: A
Explanation
References:
QUESTION 46
Refer to the exhibit. Your application has a reduced health score. Upon inspection, you find a fault that
impacts the health score. The fault currently is in soaking state. Which two options are possible next steps
while in this state? (Choose two.)
A. The condition ceases by itself and automatically clears the fault.

B. Acknowledge the fault, which immediately clears it from the system.
C. The soaking timer expires and moves to the Raised severity level.
D. The condition ceases by itself and goes into the soaking-clearing state.
E. Once the soaking timer expires the fault ceases and no change is expected in severity level.
Correct Answer: CD
Explanation
Explanation:
QUESTION 47
Which two options are different way to extend the Layer 2 domain beyond the ACI fabric? (Choose two.)
A. Extend the bridge domain out of the ACI fabric.

B. Extend the VTEP out of the ACIfabric.
C. Configure fabric access policies on the ACI fabric to match the port settings at the remote end.
D. Extend the EPG out of the ACI fabric.
Correct Answer: AD
Explanation
Explanation:
There are several different ways to extend layer 2 domain beyond the ACI fabric:
● Extend the EPG out of the ACI fabric - A user can extend an EPG out of the ACI fabric by statically
assigning a port (along with VLAN ID) to an EPG. The leaf will learn the endpoint information and assign the
traffic (by matching the port and VLAN ID) to the proper EPG, and then enforce the policy. The endpoint
learning, data forwarding, and policy enforcement remain the same whether the endpoint is directly
attached to the leaf port or if it is behind a layer 2 network (provided the proper VLAN is enabled in the
layer2 network).
● Extend the bridge domain out of the ACI fabric - Another option to extend the layer 2 domain is to create a
layer 2 outside connection (or external bridged network, as called in the APIC GUI) for a given bridge
domain. It effectively extends the bridge domain to the outside network.
● Extend the layer 2 domain with remote VTEP (future) - In the previous two options the incoming traffic
from outside is tagged with a VLAN ID. The ACI leaf classifies the traffic to the proper EPGby checking the
port and VLAN ID. In future software releases, the remote VTEP will be supported, and can be used to
extend the EPG or bridge domain.
References:
QUESTION 48
In an ACI fabric, which three types of interface are supported on border leaf switches to connect to an
external router? (Choose three.)
A. Layer 3 interface
B. switch virtual interface
C. 10GbEinterface
D. subinterface with 802.1Q tagging
E. any interfaces that supports VXLAN encapsulation
F. 1GbE Interface
Correct Answer: ABD

Explanation
Explanation:
QUESTION 49
Which two statements about import and export route control in an ACI fabric are true? (Choose two.)
A. Prefixes learned from BGP L3outs cannot be filtered inbound.

B. Prefixes learned from OSPF/EIGRP are never permitted inbound by default.
C. Prefixes permitted inbound are redistributed into MP-BGP at the ingress leaf.
D. Export route control controls if the prefixes are redistributed from MP-BGP at the egress leaf.
Correct Answer: CD
Explanation
Explanation:
QUESTION 50
Which three editing options of Cisco UCS Director workflow are valid? (Choose three.)
A. Rename a workflow.
B. Edit tasks in the workflow.
C. Change an input from mandatory to optional.
D. Reorder inputs.
E. Delete inputs.
F. Change priority of a workflow.
Correct Answer: ABD

Section: Evolving Technologies
Explanation
Explanation:
QUESTION 51
Which two statements about Cisco UCS Director API access key are true? (Choose two.)
A. API access key is a unique security access key code that is associated with a specific Cisco UCS
Director user account.
B. API access key isrequired for Cisco UCS Director to authenticate API requests.
C. API access key is a shared secret that you must configure in Cisco UCS Director to enable REST API.
D. API access key is unique for each API request.
Correct Answer: AB
Explanation
Explanation:
QUESTION 52
Which option lists the contents of the NSH header in service function chaining?
A. Ethernet header, transport header, and application header

B. base header, service path header, and context header
C. network header, service header, and transport header
D. base header, transport header, and optional header
Correct Answer: B
Explanation
Explanation:
QUESTION 53
Which protocol is best suited for wireless communication in an IoT deployment where sensors only have a
power-generating element (and do not have a battery)?
A. Bluetooth
B. 3G/4G
C. ZigBee
D. WIFI
Correct Answer: C
Explanation
Explanation:
QUESTION 54
Which option is a consortium of service providers and vendors that addresses NFV architectures and
orchestration for NFV.
A. IETF
B. ONF
C. ETSI
D. IEEE
Correct Answer: C
Explanation
Explanation:
QUESTION 55
Which two statements about the Cisco Open SDN Controller are true? (Choose two.)
A. It is a commercial distribution based on the OpenFlow controller.

B. Your own, new network service functions can be added via Java APIs.
C. Security is enforced by using the Open Services Gateway Initiative framework.
D. It can be used in multivendor environments.
E. The controller is available as an appliance only.
Correct Answer: AB
Explanation
Explanation: The Cisco Open SDN Controller is a commercial distribution of OpenDaylight that delivers
business agility through automation of standards-based network infrastructure. It abstracts away the
complexity of managing heterogeneous network environments to improve service delivery and reduce
operating costs.
As open-source-based software, the Open SDN Controller continuously advances through ongoing
innovation and support of the OpenDaylight community.
Reference: http://www.cisco.com/c/en/us/products/cloud-systems-management/open-sdn-controller/
index.html
QUESTION 56
Which two statements about VLAN Trunking Protocol are true? (Choose two.)
A. VLAN Trunking Protocol is a Layer 2 messaging protocol that maintains VLAN consistency by managing
the addition, deletion, and renaming of VLANs within a VLAN Trunking Protocol domain.
B. Layer 2 trunk interfaces, Layer 2 port channels. and virtual port channels support VLAN Trunking
Protocol functionality.
C. VLAN Trunking Protocol is only supported on Layer 2 trunk interfaces.
D. On Cisco Nexus switches, VLAN Trunking Protocol is enabled by default.
E. VLAN Trunking is a Layer 2 messaging protocol that maintains the interface VLAN configuring within a
VLAN Trunking Protocol domain.
Correct Answer: AB
Explanation
Explanation:
VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the
addition, deletion, and renaming of VLANs within a VTP domain. A VTP domain (also called a VLAN
management domain) is made up of one or more network devices that share the same VTP domain name
and that are interconnected with trunks. VTP minimizes misconfigurations and configuration inconsistencies
that can result in a number of problems, such as duplicate VLAN names, incorrect VLAN-type
specifications, and security violations. Before you create VLANs, you must decide whether to use VTP in
your network. With VTP, you can make configuration changes centrally on one or more network devices
and have those changes automatically communicated to all the other network devices in the network.
Reference:http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/
book/vtp.html
QUESTION 57
Which three options are valid sources for Cisco UCS monitor sessions? (Choose three.)
A. VSAN
B. pin group
C. vHBA
D. vNIC
E. VLAN
F. uplink FC interface
Correct Answer: CDE

Explanation
Explanation:
Traffic Sources
An Ethernet traffic monitoring session can monitor any of the following traffic sources:
Uplink Ethernet port
Ethernet port channel
VLAN
Service profile vNIC
Service profile vHBA
FCoE port
Port channels
Server port
A Fibre Channel traffic monitoring session can monitor any of the following traffic sources:
Uplink Fibre Channel port
SAN port channel
VSAN
Service profile vHBA
Fibre Channel storage port
Reference:
http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/sw/gui/config/guide/2-0/
b_UCSM_GUI_Configuration_Guide_2_0/b_UCSM_GUI_Configuration_Guide_2_0_chapter_0101001.html
QUESTION 58
Which option is the default FC-MAP?
A. 0f:fc:00
B. 0e:fc:00
C. 0f:fe:00
D. 0e:fe:00
Correct Answer: B
Explanation
Explanation: Configures the global FC-Map. The default value is 0E.FC.00. The range is from 0E.FC.00 to
0E.FC.FF.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/fcoe/
b_Cisco_Nexus_5000_Series_NX-OS_Fibre_Channel_over_Ethernet_Configuration_Guide_/
Cisco_Nexus_5000_Series_NX-OS_Fibre_Channel_over_Ethernet_Configuration_Guide__chapter3.html
QUESTION 59
Which two connectivity modes does Cisco RISE support? (Choose two.)
A. Indirectly connected. Only Layer 3 adjacent.

B. Directly connected. Virtual port channel is supported.
C. Directly connected. No virtual port channel is supported.
D. Indirectly connected. Layer 2 and Layer 3 adjacent.
E. Indirectly connected. Only Layer 2 adjacent.
Correct Answer: BE
Explanation
Explanation:
Reference:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/nx-os/riseNetscaler/install_and_cfg/guide/b-
rise-netscaler/Configuring-Rise.html#task_556C027878484C91B6781DFDAAB4CF58
QUESTION 60
Which three distinct categories are within the cloud computing stack? (Choose three.)
A. DaaS
B. PaaS
C. IaaS
D. SaaS
E. NaaS
F. LaaS
Correct Answer: BCD

Explanation
Explanation: Sometimes the three are referred to, together, as the Cloud Computing Stack.
Infrastructure as a Service (IaaS)

Platform as a Service (PaaS)
Software as a Service (SaaS)
QUESTION 61
Which two options can be used for server pool qualifications? (Choose two.)
A. memory speed
B. RAID controller
C. CPU stepping
D. chassis model
E. firmware version
Correct Answer: AC
Explanation
Explanation: A server pool contains a set of servers. These servers typically share the same characteristics.
Those characteristics can be their location in the chassis, or an attribute such as server type, amount of
memory, local storage, type of CPU, or local drive configuration. You can manually assign a server to a
server pool, or use server pool policies and server pool policy qualifications to automate the assignment.
Reference: http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/sw/gui/config/guide/2-0/
b_UCSM_GUI_Configuration_Guide_2_0/b_UCSM_GUI_Configuration_Guide_2_0_chapter_011010.html
QUESTION 62
Refer to the exhibit. Which option is the minimum number of vNICs required by the service profile to
connect to all available VLANs?
A. 7
B. 3
C. 6
D. 1
Correct Answer: B
Explanation
QUESTION 63
Refer to the exhibit. Which command on a Cisco UCS provides this output?
A. show npv status

B. show npv info
C. show npv traffic-map
D. show npv external-interface-usage
Correct Answer: A
Explanation
Explanation:
To display the status and VSAN membership of the different servers and external interfaces, and to verify
that NPIV is enabled on the switch, enter the show npv status command.
switch# show npv status
npiv is enabled
External Interfaces:
====================
Interface: fc1/1, VSAN: 1, FCID: 0xee0006, State: Up
Interface: fc1/9, VSAN: 1, FCID: 0xee0007, State: Up
Number of External Interfaces: 2
Server Interfaces:
==================
Interface: fc1/19, VSAN: 1, NPIV: Yes, State: Up
Number of Server Interfaces: 1
Reference: http://www.cisco.com/en/US/products/ps5989/
prod_troubleshooting_guide_chapter09186a00808c82f1.html
QUESTION 64
Which two statements about policing, queuing, and scheduling are true? (Choose two.)
A. The WRED algorithm is a reactive approach that only applies to traffic congestion.
B. Policing is the monitoring of data rates for a particular class of traffic. The device can also monitor
associated burst sizes.
C. You can schedule traffic by imposing a maximum data rate on a class of traffic so that excess packets
are dropped from the queue.
D. Only single rate and dual rate policies can be defined.
E. You can apply WRED to a class of traffic, which allows packets to be dropped based on the CoS field.
Correct Answer: BE
Explanation
Explanation:
QUESTION 65
Which four options are part of Cisco ONE Enterprise Cloud Suite product portfolio? (Choose four.)
A. Application Policy Infrastructure Controller

B. Cisco UCS Director
C. Cisco PrimeService Catalog
D. Cisco Virtual Application Container Services
E. Cisco Intercloud Fabric for Business
F. Cisco Open SDN Controller
G. Cisco ASA
H. Cisco WAAS
Correct Answer: BCDE

Explanation
Explanation:
QUESTION 66
Which option is the best practice recommendation for Spanning Tree configuration in a vPC environment?
A. Disable PortFast (edge port type) on host-facing interfaces to avoid slow STP convergence.
B. Disable the BPDU Filter on the edge devices to avoid BPDU propagation.
C. Disable Rapid PVST or MST on all switches in the Layer 2 domain to avoid slow STP convergence.
D. Disable the Bridge Assurance feature on vPC links.
Correct Answer: D
Explanation
Explanation:
QUESTION 67
Which three commands must be run to enable support of adapter-fex on an interface on a Cisco Nexus
Switch? (Choose three.)
A. switchport mode adapter-fex

B. feature fex
C. feature-set adapter-fex
D. switchport mode vntag
E. feature-set virtualization
F. feature adapter-fex
Correct Answer: DEF

Explanation
Explanation:
QUESTION 68
An administrator is replacing a fabric interconnect. The failed fabric interconnect was FI-A and was master
at the time of failure. Which process brings the replacement fabric interconnect into the cluster?
A. Connect the new FI-A to the management network and the Layer 1/Layer 2 links to the existing FI-B.
Use the Full State Backup file to restore the configuration when prompted at the console.
B. Connect the new FI-A to the management network and the Layer 1/Layer 2 links to the existing FI-B. Let
the system sync with FI-B when prompted at the console.
C. Connect the FI-A to the management network and the Layer 1/Layer 2 links to the existing FI-B. Use the
All Configuration backup file to restore the configuration through Cisco UCS Manager GUI.
D. Connect the new FI-A to the management network only. Use the Full State Backup file to restore the
configuration through Cisco UCS Manager GUI. Connect the Layer 1/Layer 2 cables.
E. Connect the new FI-A to FI-B using the Layer1/Layer 2 cables only. Sync the configuration when
prompted. Connect the management interface when the configuration is synced.
Correct Answer: D
Explanation
Explanation:
QUESTION 69
Which four types of tables does Cisco vPath maintain, which are crucial for its operations to classify and
redirect traffic flows to enforce service policies? (Choose four.)
A. flow table
B. group table
C. forwarding table
D. MAC table
E. path table
F. adjacency table
G. service table
H. service node table
Correct Answer: AEGH

Explanation
Reference:http://www.cisco.com/c/en/us/products/collateral/switches/nexus-7000-series-switches/white-
paper-c11-730475.html
QUESTION 70
Which two statements about DNS support on Cisco NX-OS are true? (Choose two.)
A. You have to configure a new VRF for DNS client, default VRF cannot be used.
B. To map domain names to IP addresses in Cisco NX-OS, you must first identify the host names, then
specify a name server, and enable the DNS service.
C. You can configure Cisco NX-OS to use only one domain name server to find an IP address for a host
name.
D. Cisco NX-OS does not allow you to statically map IP addresses to domain names.
E. Cisco NX-OS supports stateless restarts for the DNS client. After a reboot or supervisor switchover,
Cisco NX-OS applier the running configuration.
Correct Answer: BE
Explanation
Explanation:
QUESTION 71
Which statement is true?
A. Interface veth10164 is up.

B. The interface belongs to server 8/3 and it is pinned to fabric interconnect B.
C. The port belongs to VSAN 70.
D. If you run “sh npv flogi | i vfc 1972”, details are shown for vfc 1972.
Correct Answer: C
Explanation
Explanation:
QUESTION 72
Which OSPF feature groups LSAs with similar link-state refresh times to allow OSPFv2 to pack multiple
LSAs into an OSPFv2 update message?
A. LSA throttling
B. LSA compression
C. LSA group pacing
D. SPF optimization
Correct Answer: C
Explanation
Explanation:
QUESTION 73
Which two statements about multicast routing are true? (Choose two.)
A. Multicast routes are used to directly forward traffic without making RPF checks.
B. IPv6 static multicast routes are supported.
C. You can define RPF routes for multicast when you want multicast data to diverge from the unicast traffic
path.
D. You can define RPF routes for multicast on border routers to enable reverse path forwarding to an
external network.
E. RPF routes for multicast can be redistributed.
Correct Answer: CD
Explanation
Explanation:
QUESTION 74
Refer to the exhibit. Which two statements about this output are true? (Choose two.)
A. Outputs shown are redirected to the logging flash.

B. Ethanalyzer is a licensed feature.
C. Outputs are for all traffic going to the SUP.
D. Outputs indicate the traffic passing from one module to another (non-SUP).
E. Ethanalyzer is available in all CISCO IOS/NX-OS/IOS-XR devices.
F. Outputs can be filtered using Wireshark filters.
Correct Answer: CF
Explanation
Explanation:
QUESTION 75
Which statement about IP-directed broadcast is true?
A. When a directed broadcast packet reaches a switch that is directly connected to its destination subnet,
that packet is “exploded” as a broadcast on the destination subnet.
B. An IP-directed broadcast is a packet whose destination address is a multicast group to send the packet
to a group of hosts in a local or remote network.
C. An IP-directed broadcast is an IP packet whose destination address is a valid unicast address, but
which originates from a node that is itself part of that destination subnet.
D. All switches in the network forward an IP-directed broadcast in the same way they forward unicast IP
packets.
Correct Answer: A
Explanation
Explanation:
QUESTION 76
When attempting to login to APIC, you receive this response. Which statement is true?
A. Your session cookie expires in 5 minutes.

B. You must set the APIC-cookie to a value of “sessionId”.
C. This is a successful login, and you encrypted your password in the “token” attribute using the SHA1
algorithm.
D. You must set the APIC-cookie to a value of “token”.
Correct Answer: C
Explanation
Explanation:
QUESTION 77
Which three LSA types are valid for OSPFv2? (Choose three.)
A. Backbone Summary: an LSA sent by the backbone router to all the OSPF areas.
B. Default LSA: an LSA generated by the ASBR. These LSAs are used to propagate default route into
OSPF.
C. DR Summary LSA: an LSA sent by the DR router to all the other routers on network.
D. As Internal LSA: an LSA generated by the ASBR. AS Internal LSAs are flooded only within the
autonomous system.
E. Router LSA: an LSA sent by every router. This LSA includes the state the cost of all links and a list of all
OSPFv2 neighbors on the link.
F. Opaque LSA: an LSA used to extend OSPF.
G. Network LSA: an LSA sent by the DR. This LSA lists all routers in the multi-access network.
Correct Answer: EFG

Explanation
Explanation:
QUESTION 78
Which open source controller is a general purpose SDN controller for service provider and enterprise
network operators?
A. Open Network Operating System

B. Beacon OpenFlow Controller
C. OpenStack Neutron
D. Linux Foundation OpenDaylight
E. Cisco OpenDaylight Controller
Correct Answer: D
Explanation
Explanation:
QUESTION 79
Refer to the exhibit. Which three steps must be taken to add NFS storage to the Cisco UCS domain?
(Choose three.)
A. Configure fabric interconnect A and B to Ethernet switching mode.

B. Create a LAN cloud VLAN on fabric A and fabric B.
C. Configure Eth1/17 as an appliance port.
D. Configure a QoS policy for NFS storage.
E. Create an appliance VLAN on fabric A and fabric B.
F. Configure Eth1/17 as a unified storage port.
Correct Answer: ABC

Explanation
Explanation:
QUESTION 80
Assume that ucsd-dcloud.cisco.com is the correct address of the Cisco UCS Director server. Which two
options are prerequisites to access the Cisco Director REST API interface? (Choose two.)
A. Run the dbgtoken utility and ask TAC to generate a response cookie.
B. Submit the username/password to http://ucsd-dcloud.cisco.com/api/access to obtain session cookie.
C. Obtain the REST API Access Key code for the User Information dialog box.
D. Enable the Developer menu on the Advanced tab of the User Information dialog box.
E. Obtain the developer token from Cisco DevNet.
Correct Answer: CD
Explanation
Explanation:
QUESTION 81
Refer to the exhibit. Which two statements are true? (Choose two.)
A. Server 7 in chassis 4 has been associated with the profile circuit.

B. To check the MAC address from server 7/4 interface eth10, you can check the MAC addresses learned
on veth 1866 on fabric interconnect B.
C. The option failover is enabled on all the interfaces.
D. The server has total of six vNICs.
E. Interface vfc 1871 is pinned to fc interface 1/32 in fabric interconnect B.
Correct Answer: C
Explanation
Explanation:
QUESTION 82
Cisco UCS Director provides a feature to facilitate acquisition of API information and help with API code
generation. Which option accesses this feature?
A. Download the ucsd-rest-api-sdk-x.x.0.0.zip file from the Cisco.com software download area or the
DevNet site.
B. Enable the Developer tools in your web browser.
C. Retrieve the list of available services using /app/api/
restformatType=json&opName=userAPIGetAllServices&opData={}.
D. Access the REST API browser in the Cisco UCS Director GUI.
Correct Answer: D
Explanation
Explanation:
QUESTION 83
Refer to the exhibit. On which VLAN does VLAN Discovery occur?
A. VLAN 1
B. VLAN 200
C. VLAN 105
D. VLAN 1105
Correct Answer: A
Explanation
Explanation:
QUESTION 84
Refer to the exhibit. Which two features are enabled on the upstream switch? (Choose two.)
A. feature fcoe
B. feature npiv
C. feature fport-channel-trunk
D. feature fcoe-npv
E. feature npv
Correct Answer: BC
Explanation
Explanation:
QUESTION 85
Which state is the optimal health state for an APIC cluster?
A. fully fit
B. fully sync’d
C. in-sync
D. in service
Correct Answer: A
Explanation
Explanation:
QUESTION 86
Which two statements about UCS switch mode are true? (Choose two.)
A. Disjoint Layer 2 networks are supported only when the Ethernet switching mode of the fabric
interconnects is configured for switch mode.
B. Server-to-server multicast and broadcast traffic is sent through all uplink ports in the same VLAN.
C. Broadcast packets flood out of all ports except the port that it was received on.
D. Switch mode is the default Ethernet switching mode.
E. Ethernet switching mode must be used only if the fabric interconnect is connected directly to a router.
Correct Answer: BC
Explanation
Explanation:
QUESTION 87
Refer to the exhibit. Assume that apic2-cloud.cisco.com is valid APIC in the cluster. Which statement is
true?
A. REST call is valid, but we should use the GET method instead of POST.
B. REST call is valid, but we cannot log in to APIC2; we should log in to APIC1 instead.
C. REST call to /api/aaaLogin.xml on APIC2 is valid, and we should receive a session token in the
response.
D. REST call is invalid, and we should call /api/aaaLogin.json.
Correct Answer: C
Explanation
Explanation:
QUESTION 88
You want to move one of your leaf switches connecting to your ACI fabric to another rack. It will be
reconnected to the same fabric after the move. Which operations must you perform before the move?
A. Decommission the switch and remove from the controller.

B. Disable the interfaces.
C. Blacklist the ports.
D. Decommission the switch.
Correct Answer: D
Explanation
Explanation:
QUESTION 89
Which three prerequisites must be created to enable Cisco UCS authentications via LDAP? (Choose three.)
A. LDAP server
B. LDAP provider group
C. LDAP group map
D. authentication domain
E. LDAP provider
F. remotely authenticated user
Correct Answer: BCE

Explanation
Explanation:
QUESTION 90
How many APICs can you communicate with at one time in a single REST call using Postman?
A. two
B. There is no limit.
C. one
D. three
Correct Answer: B
Explanation
Explanation:
QUESTION 91
Considering the ITIL v3 model, what are Puppet and Chef primarily used for?
A. problem management
B. configuration management
C. change management
D. release management
Correct Answer: B
Explanation
Explanation:
QUESTION 92
Which two options are valid span configurations for a Cisco Nexus 1000 Series Switch? (Choose two.)
A. n1000v(config)#monitor session 3n1000v(config-monitor)#source interface ethernet 2/1-3n1000v

(config-monitor)#source vlan 3, 6-8 txn1000v(config-monitor)#filter vlan 3-5, 7n1000v(config-monitor)
#destination interface ethernet 2/5
B. n1000v(config)#monitor session 3n1000v(config-monitor)#source interface ethernet 3/1n1000v(config-
monitor)#source vlan 3, 6-8 txn1000v(config-monitor)#filter vlan 3-5, 7n1000v(config-monitor)
C. n1000v(config)#monitor session 3n1000v(config-monitor)#source interface ethernet 3/1-3n1000v
D. n1000v(config)#monitor session 3n1000v(config-monitor)#source interface ethernet 2/1-4n1000v
E. n1000v(config)#monitor session 3n1000v(config-monitor)#source interface ethernet 2/1-3n1000v
Correct Answer: AB
Explanation
Explanation:
QUESTION 93
Refer to the exhibit. Which two characteristics can you tell about the device connected on e1/1 from the
output from the Cisco UCS CLI? (Choose two.)
A. This device supports FCoE.

B. The device is a C-Series server.
C. This device supports PoE.
D. The device supports Ethernet only.
E. The device is a B-Series server.
Correct Answer: AE
Explanation
Explanation:
QUESTION 94
Where are domains placed when they are initially registered with Cisco UCS Central?
A. discovered domains
B. acknowledged domains
C. ungrouped domains
D. registered domains
Correct Answer: C
Explanation
Explanation:
QUESTION 95
Which three configurations can be different between EVPN vPC peers? (Choose three.)
A. using the same primary IP addresses

B. loopback primary IP address
C. consistent NVE1 binding to the same loopback interface
D. using a different secondary IP address
E. consistent VNI to group mapping
F. consistent VLAN to VN-segment mapping
Correct Answer: CEF

Explanation
Explanation:
QUESTION 96
Which three options are SDN Southbound protocols? (Choose three.)
A. Puppet
B. API
C. OpenFlow
D. PCEP
E. VXLAN
F. OVSDB
Correct Answer: CDF

Explanation
Explanation:
QUESTION 97
How does FabricPath build loop-free topologies for multidestination traffic?
A. FabricPath uses forwarding tags to ensure a loop-free topology.

B. FabricPath uses multicast groups to encapsulate Ethernet traffic in IP multicast packet.
C. FabricPath cannot have loops and does not need to rely on any logic to prevent them.
D. FabricPath uses spanning-tree inside the FabricPath network to prevent loops.
Correct Answer: A
Section: Mixed Questions
Explanation
QUESTION 98
Which two statements about configuring the Intermediate System-to-Intermediate System domain policy on
an ACI Fabric are true? (Choose two.)
A. The IS-IS fast-flooding of link state packets improves IS-IS convergence time.
B. The IS-IS domain policy is configured under Fabric > Access Policies.
C. The IS-IS LSP generation initial wait, maximum wait, and second wait intervals can all be configured.
D. The IS-IS domain policy is configured under Fabric > Global Policies.
E. The IS-IS default MTU is set at 4352, and it cannot be changed.
Correct Answer: AC
Explanation
QUESTION 99
Which two statements about the dynamic load balancer mode in ACI are true? (Choose two.)
A. The aggressive DLB mode has a shorter flowlet timeout interval.

B. DLB adjusts the traffic allocations according to congestion levels.
C. The default DLB mode is “conservative”.
D. The aggressive mode flowlet timeout is a relatively higher value.
E. The aggressive DLB mode has a longer flowlet timeout interval.
Correct Answer: AB
Explanation
QUESTION 100
Which two statements about the VLAN Trunking Protocol are true? (Choose two.)
A. On Cisco Nexus switches, the VLAN Trunking Protocol is enabled by default.

B. The VLAN Trunking Protocol is a Layer 2 messaging protocol that maintains VLAN consistency by
managing the addition, deletion, and renaming of VLANs within the VLAN Trunking Protocol domain.
C. Layer 2 trunk interfaces, Layer 2 port channels, and virtual port channels support the VLAN Trunking
Protocol functionality.
D. The VLAN Trunking Protocol is a Layer 2 messaging protocol that maintains the interface VLAN
configuring within the VLAN Trunking Protocol domain.
E. The VLAN Trunking Protocol is only supported on Layer 2 trunk interfaces.
Correct Answer: BC
Explanation
QUESTION 101
Which two options are network considerations for common VXLAN deployments? (Choose two.)
A. placement of VXLAN tunnel endpoints

B. MTU size in the transport network
C. multicast group scaling
D. consistent VLAN-to-VN-Segment mapping
E. consistent VNI-to-group mapping
Correct Answer: BC
Explanation
QUESTION 102
While you attempt to register Cisco UCS Manager domains with Cisco UCS Central, you find that it is
failing. Which three options are possible causes for the failure between the Cisco UCS Manager domain
and Cisco UCS Central? (Choose three.)
A. TCP packet loss

B. using the IP address of the Cisco UCS Manager domain instead of the FQDN
C. version mismatch
D. incorrect default policy configured in Cisco UCS Central
E. incorrect shared secret
F. date and time mismatch
Correct Answer: BEF

Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/ucs-central/deployment-guide/1-
0/b_UCSC_Deployment_Guide_10/b_UCSC_Deployment_Guide_10_chapter_0100.html
QUESTION 103
Which description of Infrastructure as a Service is true?
A. a cloud service that delivers on-demand intranet connection between sites

B. a cloud service that delivers on-demand Internet connection between sites
C. a cloud service that delivers on-demand software services on a subscription basis
D. a cloud service that delivers on-demand resources like networking and storage
Correct Answer: D
Explanation
QUESTION 104
In OpenStack, which project stores and retrieves arbitrary unstructured data objects?
A. Swift
B. Nova
C. Cinder
D. Keynote
Correct Answer: A
Explanation
QUESTION 105
How is the virtual IP for an ACI VPC domain assigned?
A. by DHCP using the default management network

B. manually by the admin
C. by DHCP using the infrastructure VLAN
D. No virtual IP is available for VPC peers on ACI
Correct Answer: C
Explanation
QUESTION 106
Which two statements about the configuration of APIC controllers in the ACI Fabric are true? (Choose two.)
A. Commissioning an APIC can be done via the APIC UI, but decommissioning an APIC must be done
using the CLI.
B. Cluster controllers added to the APIC must be running the same version of firmware.
C. An APIC cluster is comprised of multiple controllers that provide monitoring, diagnostic, and
configuration capability.
D. When performing planned changes to the cluster, at least one controller in the cluster must be healthy.
E. APIC cluster size is set during the initial setup script, and after it is configured it requires a nondisruptive
re-initialization of the APIC cluster to change.
Correct Answer: BC
Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/troubleshooting/
b_APIC_Troubleshooting/b_APIC_Troubleshooting_appendix_010100.html
QUESTION 107
What is the valid overlay interface configuration that configures the OTV edge device as a secondary OTV
adjacency server?
A.
B.
C.
D.
Correct Answer: B
Explanation
QUESTION 108
Which two options are benefits of moving the application development workload to the cloud? (Choose
two.)
A. The application availability is not affected by the loss of a single virtual machine
B. High availability and redundancy is handled by the hypervisor
C. The workload can be moved or replicated easily
D. It provides a more secure environment
E. It provides you full control over the software packages and vendor used.
Correct Answer: AC
Explanation
QUESTION 109
Which statement about enhanced zoning is true?
A. Changes to the zoning database and subsequent distribution require reactivation of the zone set.
B. It does not support fWWN-based membership in the standard interop mode (interop mode 1).
C. It cannot move back to basic zoning from enhanced zoning without a clean wipe and restore of the
switches in the fabric.
D. It provides a vendor ID along with a vendor-specific type value to uniquely identify a member type.
Correct Answer: D
Explanation
QUESTION 110
Which two statements about the Cisco Fibre Channel Domain feature and persistent FC IDs are true?
(Choose two.)
A. If you connect to the switch from a Windows host, be sure to enable the persistent FC ID feature in the
VSAN that connects these hosts
B. Entries that the switch has learned must be manually acknowledged to be stored in the FCDomain FCID
database.
C. When persistent FC IDs are enabled, FC IDs cannot be changed after a reboot.
D. A persistent FC ID that is assigned to an F Port cannot be moved across interfaces if the same
persistent FC ID is to be maintained.
E. The current FC IDs in use in the fcdomain are saved across reboots.
Correct Answer: CE
Explanation
QUESTION 111
Refer the exhibit. Some time ago you enabled statistics collection with the internal stats database and
received a report that the /bootflash partition is full. Which two options to resolve the issue are true?
(Choose two.)
A. Stop pmon and drop PostgreSQL DB.
B. Add additional physical volume to VOlGroup01.
C. Configure external statistics DB.
D. Unmount and format/ bootflash
E. Add logical volume to LogicalVol01
Correct Answer: AC
Explanation
QUESTION 112
Which two options are valid span configurations for a Cisco Nexus 1000 Series Switch? (Choose two.)
A.
B.
C.
D.
E.
Correct Answer: BD
Explanation
QUESTION 113
Which two statements about the ACI BGP route reflector policy are true? (Choose two.)
A. Route reflectors need not configure connectivity to external networks, but slight performance
degradation can occur between border leaf and compute node leafs.
B. Configuring route reflectors requires designating spines as route reflectors and providing the AS
number.
C. The ACI Fabric route reflectors use multiprotocol BGP to distribute external routes within the fabric.
D. The BGP route reflector domain policy autonomous system number is configured during initial the APIC
setup script, but it can be modified afterward.
E. The BGP route reflector policy is configured under Fabric > Access Policies.
Correct Answer: CD
Explanation
QUESTION 114
Which two statements about IP Source Guard are true? (Choose two.)
A. IP Source Guard limits IP traffic on an interface to only those sources that have an IP-MAC address
binding table entry or static IP source entry.
B. By default, IP Source Guard is enabled on all interfaces.
C. When you first enable IP Source Guard on an interface, you may experience disruption in IP traffic, until
the hosts on the interface receive a new IP address from a DHCP server.
D. IP Source Guard requires that DHCP snooping is disabled.
E. IP Source Guard is independent of DHCP snooping to build and maintain the IP-MAC address binding
table.
Correct Answer: AC
Explanation
QUESTION 115
Which statement about switch policies and leaf profiles in the ACI Fabric is true?
A. Switch leaf profiles are configured under Fabric > Fabric Policies.
B. Leaf and spine profiles can be part of the same switch policy switch profile when the ports on the leafs
and spines have similar characteristics.
C. Each leaf profile in the ACI fabric must have a unique policy that identifies each single leaf.
D. Manually configuring leaf profiles is not required because they are dynamically configured after new
devices come online that are connected to the front panel ports of the leaf.
E. Leaf profiles are associated to interface selector profiles that identify ports on the leaf.
Correct Answer: E
Explanation
QUESTION 116
Which video migration flow is the best choice when implementing a fully Connected Public Safety vehicle?
A. In-vehicle video storage, enterprise wireless, enterprise video storage, handheld devices, body
cameras.
B. Body cameras, handheld devices, in-vehicle video storage, enterprise wireless, enterprise video
storage.
C. In vehicle video storage, enterprise wireless, body cameras, handheld devices, enterprise video storage.
D. Enterprise wireless, enterprise video storage, in-vehicle video storage, handheld devices, body
cameras, enterprise video storage.
Correct Answer: B
Explanation
QUESTION 117
Refer to the exhibit. This cobra code extract is expected to create a BD object. Assume that fvTenantmo
has been populated with the correct tenant object and all module prerequisites have been met. Which
statement is true?
A. The BD is bd.
B. The BD name is kept in the dictionary tenant.
C. The BD name is name.
D. The code does not work because you also must import module fvTenantMo.
Correct Answer: B
Explanation
QUESTION 118
Which two parameters must be identical per interface while configuring virtual port channels. (Choose two.)
A. network access control

B. Bridge Assurance setting
C. IP Source Guard
D. maximum transmission unit
E. Protocol Independent Multicast
Correct Answer: AB
Explanation
QUESTION 119
Which two statements about FabricPath are true? (Choose two.)
A. FabricPath does not require an Enhanced Layer 2 Package license.

B. The F-Series modules do not support multiple SPAN destination ports or virtual SPAN.
C. FabricPath interfaces carry only FabricPath-encapsulated traffic.
D. Traffic can only be forwarded from the root switch in First-Hop Redundancy Protocols
E. STP does run inside a FabricPath network
Correct Answer: BC
Explanation
QUESTION 120
Which statement about hard pinning is true?
A. When the VLAN validation fails, a VLAN Mismatch fault with a severity of Warning appears.
B. If no uplink Ethernet port or port channel is configured with all VLANs on the vNIC, Cisco UCS Manager
brings the link down.
C. When the VLAN validation fails, a VIF down fault is raised.
D. If no uplink Ethernet port or port channel is configured with all VLANs on the vNIC, Cisco UCS Manager
drops the traffic for all of the VLANs on the vNIC.
Correct Answer: A
Explanation
QUESTION 121
When designing a FabricPath environment, which option is considered best practice for the interface
connection type between a set of leaf and spine nodes?
A. port channel
B. routed interface
C. routed port channel
D. port channel
E. single interfaces
Correct Answer: D
Explanation
QUESTION 122
Refer to the exhibit. When configuring enhanced vPC for a dual-homed server, where vPC port-channel
command must be configured?
A. A, B, and C
B. A and B
C. C only
D. vPC configuration is not required when using dual-homed FEX
Correct Answer: B
Explanation
QUESTION 123
In a Cisco UCS B-Series environment, which option must the network adapters support to enable iSCSI
boot?
A. UEFI
B. MPIO
C. vNIC
D. CIMC
E. iBFT
Correct Answer: E
Explanation
QUESTION 124
Which two statistic classes can be used to define a threshold policy for a compute resource? (Choose two.)
A. memory failures
B. Ethernet port CRC stats
C. Ethernet port stats
D. processor runtime
E. processor lock ups
Correct Answer: AE
Explanation
QUESTION 125
Which two statements about enhanced zoning are true? (Choose two.)
A. When you begin a session, the switch locks the entire fabric to implement the change.
B. References to the zone are used by the zone sets as required after you define the zone.
C. It retrieves the activation results and the nature of the problem of the local switch only.
D. It does not enforce the default zone setting throughout the fabric.
E. It performs all configurations with multiple configuration sessions.
Correct Answer: AB
Explanation
QUESTION 126
Refer to the exhibit. Which feature is shown in this configuration?
A. performance routing
B. policy-based routing
C. quality of service
D. Optimized Edge Routing
Correct Answer: B
Explanation
QUESTION 127
Which three functions are key characteristics of the data center access layer in a three-tier architecture?
(Choose three.)
A. must support routing protocols such as OSPF and BGP

B. provides connectivity to network based services (load balancer and firewall)
C. segment workgroups
D. implement in top-of-rack or end-of-row topology
E. provides connectivity to the servers
F. performs QoS marking
Correct Answer: DEF

Explanation
QUESTION 128
Refer to the exhibit. ITD is configured as shown on a Cisco Nexus 7000 switch. Why is a ping to the VIP
address still not working?
A. VIP must be from the same subnet as the ingress interface

B. To ping VIP, you must add a probe to the device group.
C. Fail action is set to the wrong mode.
D. This behavior is normal.
Correct Answer: B
Explanation
QUESTION 129
A user requests one primary VLAN, two community VLANs, and two isolated VLANs for multicast capable
servers that must transmit multicast traffic and receive multicast traffic through the use of IGMPv2.
On which VLAN must the IGMP querier be configured?
A. only the primary VLAN

B. Layer 2 multicast is not supported when using private VLANs
C. isolated VLAN and both community VLANs
D. primary and secondary VLANs
Correct Answer: C
Explanation
QUESTION 130
Refer to the exhibit. When adding an ASAv to the APIC, the user notices a fault raised on the device.
Which cause of this fault is the most likely?
A. The configuration specified HTTP and not HTTPS.

B. The incorrect username and password was used.
C. The configuration did not specify “apic” as the username.
D. The device package was never uploaded.
Correct Answer: B
Explanation
QUESTION 131
After you deploy a Layer 4 – Layer 7 service graph in Cisco ACI, where do you modify the parameters of the
Layer 4 – Layer 7 device(s)?
A. under the Service Graph Template

B. under the Provider EPG > L4-L7 Service Parameters
C. under the Consumer EPG > L4-L7 Service Parameters
D. under the Deployed Graph Instance
Correct Answer: A
Explanation
QUESTION 132
Refer to the exhibit. You have been investigating an issue with your Cisco UCS blade booting from remote
Fibre Channel storage. Upon inspection, you see the output in the exhibit. Which two statements are true?
(Choose two.)
A. FC_ID 0x5e01ef is that of the storage array

B. FC_ID 0x5e01ef is that of the MDS or Cisco Nexus 5000 Series Switch
C. FC_ID 0x5e003c is that of the storage array
D. FC_ID 0x5e003c is that of the HBA
E. FC_ID 0x5e003c is that of the MDS or Cisco Nexus 5000 Series Switch
Correct Answer: BC
Explanation
QUESTION 133
Which routing protocol is implemented between leaf and spine switches to propagate external routes within
the ACI fabric?
A. Intermediate System-to-Intermediate System

B. Multiprotocol Border Gateway Protocol
C. Border Gateway Protocol
D. Open Shortest Path First
Correct Answer: B
Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/ACI_Best_Practices/
b_ACI_Best_Practices/b_ACI_Best_Practices_chapter_010010.pdf
QUESTION 134
Which option describes the main purpose of the XML message?
A. Delete an existing port group profile.

B. Create a new port group profile.
C. Shut down an existing port group profile.
D. Modify an existing port group profile.
Correct Answer: B
Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/4_2_1_s_v_1_5_1/
xml_api/configuration/guide/n1000v_xml_api/n1000v_xml_api_3request.pdf
QUESTION 135
vPC+ is configured between two Cisco Nexus 5600 Series Switches. Which type of VLANs can be added to
a trunk on a vPC port channel?
A. only FabricPath encapsulated frames can be sent out of the interface

B. classical Ethernet VLANs only
C. native VLANs only
D. fabricPath VLANs only
Correct Answer: B
Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5600/sw/fabricpath/7x/
fp_n5600_config/fp_n5600_interfaces.html#52299
QUESTION 136
Refer to the exhibit. Using which method has the host with MAC address (002a.6a5c.0d44) learned?
A. remote router running NVE

B. local physical port
C. remote FabricPath node
D. remote VTEP
Correct Answer: D
Explanation
QUESTION 137
This output is observed when troubleshooting a blade that is unable to boot from SAN. Which action must
the Cisco UCS administrator take to resolve this issue?
A. Check the LUN masking configuration on the storage array.

B. Check the zoning configuration on the Fibre Channel switch.
C. Check the boot LUN ID in Cisco UCS boot order.
D. Check the vHBA VSAN configuration in service profile.
Correct Answer: B
Explanation
QUESTION 138
Which goal of peer-gateway in vPC is true?
A. Use the same bridge ID when sending BPDUs from switches in a vPC pair.
B. Configure the MAC address of the vPC peer as a gateway MAC.
C. Transmit BPDUs from the secondary and primary vPC switch.
D. Act as a single router when peering dynamic routing protocols over a vPC.
Correct Answer: D
Explanation
QUESTION 139
Which two statements about spanning tree are true? (Choose two.)
A. BPDUs from a VPC are processed on this switch.

B. This switch generates BPDUs for a VPC.
C. BPDUs are sent to the peer switch for processing.
D. This switch cannot generate BPDUs for a VPC.
E. BPDUs received on this switch are dropped because Type 2 inconsistency issues.
Correct Answer: CD
Explanation
QUESTION 140
What is the correct location where the DPDK libraries run?
A. Disk Space
B. Kernel Space
C. Network Space
D. User space
Correct Answer: D
Explanation
QUESTION 141
A user is presented with the underlying hardware and software needed to develop and offer applications via
the Internet from a cloud service provider. Which cloud model is this user consuming?
A. Infrastructure as a Service
B. Platform as a Service
C. Software as a Service
D. Application as a Service
Correct Answer: B
Explanation
QUESTION 142
Which statement about TAP and TUN devices, which are used in a Linux/KVM cloud deployment model, is
true?
A. TUN is for tunneling IP packets, but TAP is for tapping IP packets.

B. TUN is for handling Ethernet frames, but TAP is for handling IP packets.
C. TUN is for tunneling Ethernet frames, but TAP is for tapping Ethernet frames.
D. TUN is for handling IP packets, but TAP is for handling Ethernet frames.
Correct Answer: D
Explanation
QUESTION 143
A cloud service provider is designing a large multitenant data center to support thousands of tenants. The
provider is concerned about the scalability of the Layer 2 network and providing Layer 2 segmentation to
potentially thousands of tenants. Which Layer 2 technology is best suited in this scenario?
A. VXLAN
B. VRF
C. extended VLAN ranges
D. LDP
Correct Answer: A
Explanation
QUESTION 144
Which two prerequisites for BFD are true? (Choose two.)
A. For Layer 2 port channels used by BFD, you must disable LACP on the port channel.
B. Install NETWORK_SERVICES_PKG license.
C. For Layer 3 port channels used by BFD, you must enable LACP on the port channel.
D. Enable ICMP redirect messages on BFD-enabled interfaces.
E. Disable the IP packet verification check for identical IP source and destination addresses.
Correct Answer: CE
Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/nx-os/interfaces/configuration/
guide/b-Cisco-Nexus-7000-Series-NX-OS-Interfaces-Configuration-Guide-Book/configuring-bidirectional-
forwarding-detection.pdf
QUESTION 145
Which three options can be used to determine REST API code to create an EPG? (Choose three.)
A. using the APIC management information tree

B. by downloading the xml configuration file and looking up an EPG configuration
C. using the API inspector when creating a test EPG
D. using the show EPG configuration on the CLI of the APIC
E. Call epgCreate() function in Cobra API standard library
F. Perform HTTP GET method on https://<apic IP>/doc/epg.xml which will return you necessary data to
create EPG
Correct Answer: ABC

Explanation
QUESTION 146
How do multicast routes in the same segment choose the DR?
A. PIM exchanges unicast hello messages between all routers advertised by the any cast RP.
B. Cisco Nexus stitches do not have a concept of DR due to vPC.
C. PIM hello messages are sent to 224.0.0.13 and the router with the lowest priority is selected as the DR.
D. PIM hello messages are sent to 224.0.0.13 and router with the highest priority is selected as the DR.
Correct Answer: D
Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/multicast/
configuration/guide/n7k_multic_cli_5x/pim.html#76296
QUESTION 147
Which way to configure a redundant rendezvous point for BIDIR multicast is valid?
A. phantom RP
B. anycast RP
C. auto RP
D. MSDP
Correct Answer: B
Explanation
Reference: https://www.cisco.com/c/dam/en/us/products/collateral/ios-nx-os-software/multicast-enterprise/
prod_white_paper0900aecd80310db2.pdf
QUESTION 148
Using GET method with this XML code, which two pieces of information about Application Policy
Infrastructure Controllers shows the output? (Choose two.)
A. APIC version installed on each node

B. serial number of each APIC in the cluster
C. hard disks status for each APIC in the cluster
D. ports of the leaves where the APICs are connected.
E. number of network interfaces of each APIC
F. admin status of each APIC in the cluster
Correct Answer: DE
Explanation
QUESTION 149
Which statement about the displayed ACI Fabric is true?
A. This fabric configured for VMM integration.

B. Integrated Layer 4 – Layer 7 services are not in use.
C. Too many endpoints are connected to nodes 121 and 122.
D. The number of user-defined tenants is 26.
E. The capacity information shown is typical of multipod deployments.
Correct Answer: D
Explanation
QUESTION 150
Which of the following are two possible upgrade states for a node in ACI? (Choose two.)
A. CompleteNOK
B. upgrading
C. CompleteOK
D. failed
E. aborted
Correct Answer: AC
Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/Operating_ACI/
guide/b_Cisco_Operating_ACI/b_Cisco_Operating_ACI_chapter_0101.html
QUESTION 151
While using HSRP, if you see the active devices constantly changing, which parameter may need to be
adjusted?
A. hold time
B. delay
C. standby group
D. priority
Correct Answer: A
Explanation
QUESTION 152
When the administrator uses the commit command to activate the changes to the call home configuration,
it results in an error.
Which statement is true?
A. Cisco Fabric Services must be disabled for this command to work.

B. The commit command is not required.
C. Cisco Fabric Services must be enabled for this command to work.
D. The commit callhome command must be used.
Correct Answer: C
Explanation
QUESTION 153
Which sequence of QoS actions is taken on egress traffic on egress traffic on the Cisco Nexus 7000 Series
Switches?
A. classification, marking, policing, mutation, queuing and scheduling

B. queuing and scheduling, classification, marking, policing, mutation
C. classification, marking, policing, queuing and scheduling, mutation
D. marking, policing, mutation, classification, queuing and scheduling
Correct Answer: A
Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/nx-os/qos/configuration/guide/b-
Cisco-Nexus-7000-Series-NX-OS-QOS-Configuration-Guide/b-Cisco-Nexus-7000-Series-NX-OS-QOS-
Configuration-Guide-6x_chapter_01.html
QUESTION 154
Which two parameters are needed to do route peering with a Layer 4-Layer 7 service device in Cisco ACI?
(Choose two.)
A. A valid router configuration must be set under the service graph template.
B. The connector type must be set to “Layer 2 peering”.
C. Under the device interface, the path must be selected.
D. A router ID must be assigned under the Layer 4-layer 7 device
E. Under the device interface, the L3 Out must be selected.
Correct Answer: AD
Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/L4-
L7_Services_Deployment/guide/b_L4L7_Deploy_ver201/b_L4L7_Deploy_ver201_chapter_01000.html
QUESTION 155
Which of the following statements regarding Multi-Pod deployment is true?
A. Each Pod is assigned s separate and not overlapping TEP pool.

B. TEP pools are used for layer 2 communication between the pods.
C. TEP pool are not redistributed to the leaf nodes as they are only limited to spines.
D. Each Pod selects its own TEP pool as its locally significant.
Correct Answer: A
Explanation
QUESTION 156
Which two options must be configured on the Layer 3 Gateway switches to isolate the HSRP between the
two data centers? (Choose two.)
A. routed access control list on the DCI on the SVIs that blocks the HSRP control traffic.
B. VLAN access control list that blocks the HSRP control traffic.
C. ARP inspection filter that blocks the HSRP GARPs
D. disable HSRP GARP on the SVIs for the VLANs that move across the DCI
E. port access control list on the DCI port-channel that blocks the HSRP control traffic
Correct Answer: BC
Explanation
Reference: https://www.cisco.com/c/en/us/support/docs/switches/nexus-7000-series-switches/118934-
configure-nx7k-00.html
QUESTION 157
Object configJob contains which of the following information?
A. passphrase
B. field lastStepDescr
C. next object name
D. admin state
Correct Answer: B
Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/basic-config/
b_ACI_Config_Guide/b_ACI_Config_Guide_chapter_010.pdf
QUESTION 158
Which multicast destination MAC address is assigned to LACP?
A. 01:80:c2:00:00:03
B. 01:80:c2:00:00:02
C. 01:80:c2:00:00:04
D. 01:80:c2:00:00:01
Correct Answer: B
Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/ios/cether/configuration/guide/ce_cfm-
ieee_802_1ad.html
QUESTION 159
Which protocol does NX-API use as its transport?
A. SSH
B. HTTP/HTTPS
C. SFTP
D. FTP
E. SCP
Correct Answer: B
Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/programmability/
guide/b_Cisco_Nexus_9000_Series_NX-OS_Programmability_Guide/b_Cisco_Nexus_9000_Series_NX-
OS_Programmability_Configuration_Guide_chapter_0101.pdf
QUESTION 160
Which three of the following are key components to provide network connectivity to an IoT Solution?
(Choose three.)
A. Firewalling
B. Service Provider
C. Switching
D. Voice
E. Routing
F. Wireless
Correct Answer: AEF

Explanation
QUESTION 161
Which description of Cisco Virtual Topology System is true?
A. package that contains an entire environment

B. web server hosting for Cisco NX-OS
C. overlay provisioning and management solution
D. agent that resides on physical devices
Correct Answer: C
Explanation
Reference: https://www.cisco.com/c/en/us/products/cloud-systems-management/virtual-topology-system/
index.html
QUESTION 162
Which two components are the responsibility of the customers in a Platform as a Service offering? (Choose
two.)
A. infrastructure connectivity
B. data
C. applications
D. hardware
E. APIs
Correct Answer: BC
Explanation
QUESTION 163
An IoT Solution is more likely to generate a lot of analytics and data. Which of the following enables this
information to be analyzed and managed through integration with 3rd party devices and applications?
A. API
B. IP67
C. ASR
D. Prime Infrastructure
Correct Answer: D
Explanation
QUESTION 164
Which description of a virtual private cloud is true?
A. an on-demand configurable pool of shared data resources allocated within a private cloud environment,
which provides assigned DMZ zones.
B. an on-demand configurable pool of shared networking resources allocated within a private cloud
environment, which provides tenant isolation.
C. an on-demand configurable pool of shared networking resources allocated within a public cloud
D. an on-demand configurable pool of shared software resources allocated within a private cloud
Correct Answer: C
Explanation
QUESTION 165
Which technology, implemented on aggregation-edge nodes at the aggregation layer, provides per-tenant
isolation at Layer 3, with separate dedicated per-tenant routing and forwarding tables on the inside
interfaces of firewall contexts?
A. VRF-lite
B. VDC
C. VXLAN
D. VLAN
Correct Answer: A
Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Center/VMDC/3-0-1/DG/
VMDC_3-0-1_DG/VMDC301_DG3.pdf page 19.
QUESTION 166
Which Docker orchestration tool replaced Fig?
A. Docker List
B. Docker Link
C. Docker Compose
D. Docker Swarm
E. Docker Hub
Correct Answer: C
Explanation
QUESTION 167
Under which two policies is ACI allowed to configure management protocols such as SNMP and SYSLOG?
(Choose two.)
A. Visibility & Troubleshooting

B. Fabric
C. Trunk
D. VMM Domain
E. Tenant
Correct Answer: BE
Explanation
QUESTION 168
In which three ways can you house Edge Transport servers on their perimeter network in ACI without
investing extra cost in buying additional hardware? (Choose three.)
A. Create an L3Out to route peer with an ASA firewall to isolate traffic with security rules
B. Create a private VRF with default enforcement policy. Configure a bridge domain with a subnet
assigned to a private VRF.
C. No need to create Contracts. A default enforcement policy allows all traffic to forward.
D. Choose options “Shared Route Control Subnet” and “Shared Import Security Subnet”.
E. Create Contracts to enforce policy between Edge Transport servers EPG and backend mailbox servers
EPG.
Correct Answer: ABC

Explanation
QUESTION 169
Where is the recommended QoS best practice to classify and mark traffic?
A. closest to the traffic source

B. core layer
C. at the destination
D. distribution layer
Correct Answer: A
Explanation
QUESTION 170
Refer to the exhibit. Which statement is true?
A. The script adds a range ports to one EPG (from 20 to 30) from both leaves.
B. The script has an error: the intf attribute should equal “Interface(‘eth’, ‘1’, port[0], port[1])”.
C. The script adds to the EPG four static ports, ports 20 and 30 from leaf 101 and port 20 and 30 form leaf
102 using as “port encap” the vlan 100.
D. The script adds to the EPG four static ports, ports 20 from leaf 101 and port 30 from leaf 102 using as
“port encap” the vlan 100.
Correct Answer: A
Explanation
QUESTION 171
Which two statements about ASM and SSM are correct? (Choose two.)
A. By default, the SSM group range for PIM is 232.0.0.0/8 and for PIM6 is FF3x/96.
B. PIM ASM is not fully supported on a vPC.
C. In ASM mode, only the last-hop router switches from the shared tree to the SPT.
D. RP configuration is not required in the ASM mode.
E. If you want to use the default SSM group range, you must configure the SSM group range.
Correct Answer: AC
Explanation
QUESTION 172
Which upgrade sequence is correct for Cisco CloudCenter components?
A. CCM, AMQP, CCO, Health Monitor

B. CCM, Health Monitor, AMQP, CCO
C. CCM, CCO, Health Monitor, AMQP
D. CCM, CCO, AMQP, Health Monitor
Correct Answer: A
Explanation
QUESTION 173
Which statement about VXLAN is true?
A. Control-plane traffic traverses the underlay network.

B. Control-plane traffic traverses the overlay network.
C. Data-plan traffic traverse the overlay network.
D. Data-plan traffic traverse the underlay network.
Correct Answer: D
Explanation
QUESTION 174
Your IT company has been tasked to automate their view of the environment. The CTO has instructed you
to use Ansible to focus on value-added tasks. Which four integrations do you use to achieve this outcome?
(Choose four.)
A. virtualization
B. containers
C. networks
D. management applications
E. Kubernetes
F. DevOps tools
G. infrastructure
Correct Answer: ABCF
Explanation
QUESTION 175
Refer to the exhibit. What is the cause of this error message?
A. The local zone mode is advanced and the remote zone mode is enhanced.
B. The local zone mode is default and the remote zone mode is basic.
C. The local zone mode is basic and the remote zone is advanced.
D. The local zone mode is enhanced and the remote zone mode is basic.
Correct Answer: D
Explanation
QUESTION 176
How do you configure the Message of the Day in an ACI environment?
A. apic1(config)# banner motd #Welcome to APIC#

B. In the APIC GUI, go to System/Controllers/Controller Policies and set banner #Welcome to APIC#
C. apic1(config)# aaa banner ‘Welcome to APIC’
D. apic1(config)# aaa banner “Welcome to APIC”
Correct Answer: C
Explanation
QUESTION 177
Which statement about microsegmentation with ACI is true?
A. It is supported only for physical devices.

B. It enables to automatically assign endpoints to one centralized security zone that is created by default
for the whole fabric
C. It enables to automatically assign endpoints to logical security zones called endpoint groups.
D. It is supported only for virtual devices.
Correct Answer: C
Explanation
QUESTION 178
Which three modes of management models for the Layer 4 – Layer 7 Service Graph are true? (Choose
three.)
A. network-centric mode
B. application-centric mode
C. service policy mode
D. standalone mode
E. service manager mode
F. service-integrated mode
G. network policy mode
Correct Answer: CEG

Explanation
QUESTION 179
Which statement about when VMware vSphere Distributed Switch is created is true?
A. A quarantine port group is created by default.

B. The quarantine port group default policy is to allow all ports.
C. When a service graph is deleted, the service VMs are manually moved to the quarantine port group by
administrator of APIC.
D. Port group assignments are retained in the quarantine port group.
Correct Answer: A
Explanation
QUESTION 180
What is SD-Access LAN Automation?
A. LAN Automation configures the fabric overlay using NETCONF and SNMP
B. LAN Automation configures the fabric overlay using Cisco Plug and Play
C. LAN Automation configures the fabric underlay using NETCONF and SNMP
D. LAN Automation configures the fabric underlay using Cisco Plug and Play
Correct Answer: D
Explanation
QUESTION 181
Which three differences between hybrid and multicloud networking are true? (Choose three.)
A. Network Transport from hybrid to multiple cloud providers

B. Network Transport from on-premises to multiple public cloud providers
C. Network Transport from on-premises to hybrid cloud providers
D. Network Transport from private cloud provider to multiple cloud providers
E. Network Transport from on-premises to a single public cloud provider
F. Network Transport from on-premises to multiple public cloud providers and between public cloud
providers
Correct Answer: BEF

Explanation
Reference: https://www.openstack.org/assets/presentation-media/shmcfarl-multicloud-net-over-berlin.pdf
QUESTION 182
Which three statements correctly describe the encoding formats for NETCONF, RESTCONF, and gRPC?
(Choose three.)
A. NETCONF uses JSON encoding

B. RESTCONF uses GPB encoding
C. gRPC uses XML encoding
D. RESTCONF uses JSON encoding
E. gRPC uses GPB encoding
F. NETCONF uses XML encoding
Correct Answer: CDF

Explanation
QUESTION 183
Which two statements about ACI border leaf are true? (Choose two.)
A. The border leaf can also be used to connect to compute, IP storage, and service appliances.
B. There can only be 2 border leaves in an ACI fabric. The first two leaves that are discovered in an ACI
fabric are always selected as border leaves.
C. Only 32 border leaves are supported in an ACI fabric.
D. The border leaves are ACI leaves that provide Layer 3 connections to outside networks.
E. The border leaves are dedicated leaf switches that support only Layer 2 and Layer 3 out in an ACI
fabric.
Correct Answer: AD
Explanation
Explanation:
The border leaves are ACI leaves that provide layer 3 connections to outside networks. Any ACI leaf can be
a border leaf. These can also simply be called leaf switches. There is no limitation in the number of leaf
switches that can be used as border leaves. The border leaf can also be used to connect to compute, IP
storage, and service appliances. In large-scale design scenarios it may be preferred to have border leaf
switches separated from the leaves that connect to compute and service appliances for scalability reasons.
Reference: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-
infrastructure/white-paper-c07-732033.pdf
QUESTION 184
Which three advantages of connecting on-premises private cloud-to-cloud VPN versus a direct connection
are true? (Choose three.)
A. flexibility
B. latency
C. time to provision
D. QoS
E. cost
F. throughput
Correct Answer: ACE

Explanation
QUESTION 185
Which three functional roles of the container networking interface in CNCF reference architecture are true?
(Choose three.)
A. provisioning
B. provides information of network namespace
C. orchestration and management
D. application deployment
E. networking and IPAM
F. provides container create/delete events
Correct Answer: ACD

Explanation
QUESTION 186
Which two data formats correctly describe the purpose of YANG data models in relation to NETCONF and
RESCONF? (Choose two.)
A. YANG data models are used to generate XML data for NETCONF
B. YANG data models are used to generate HTML data RESTCONF
C. YANG data models are used to generate CSV data for RESTCONF
D. YANG data models are used to generate JSON data for RESTCONF
E. YANG data models are used to generate YAML data for NETCONF
Correct Answer: AD
Explanation
QUESTION 187
Which three parameters must be identical for two or more bridges in the same MST region? (Choose
three.)
A. MST name
B. MST revision number
C. MST hello-time
D. MST diameter
E. VLAN-to-instance mapping
F. MST instance priority
Correct Answer: ABE
Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/layer2/configuration/
guide/Cisco_Nexus_7000_Series_NX-OS_Layer_2_Switching_Configuration_Guide_Release_5-
x_chapter8.html
QUESTION 188
Which feature is required for Dynamic ARP Inspection?
A. ARP
B. first-hop-security
C. DIA
D. DHCP
Correct Answer: D
Explanation
QUESTION 189
Which action during the previous change window is a possible cause of the access issue to the Exchange
application?
A. Another Operations Engineer associated a different Bridge Domain to Exchange application EPG
mistakenly.
B. Another Operations Engineer deleted the Exchange application filter mistakenly.
C. Another Operations Engineer assigned a different Physical Domain to Exchange application EPG
mistakenly.
D. Another Operations Engineer deleted the Physical Domain from Exchange application EPG mistakenly.
Correct Answer: A
Explanation
QUESTION 190
When you attempt to apply a new service profile in Cisco UCS Manager, you are presented with this error
messages. Which cause is the most probable?
A. The service profile is using more vHBAs than the physical adapter can support.
B. The service profile is using more vNICs than the physical adapter can support.
C. No more UUIDs are available in the pool to be assigned.
D. The service profile is tied to a server pool that has no available blades.
Correct Answer: D
Explanation
QUESTION 191
Which two statements about connecting spines to the Inter-Site Network are true? (Choose two.)
A. Only spines connecting to the ISN must be EX or later HW.

B. Spine-facing interfaces on the ISN must be configured using subinterface VLAN 4.
C. Spine to ISN links can be configured with OSPF or static routes.
D. All spines in a site must be EX or later HW.
E. Sites must have two or more spines connected to the ISN.
Correct Answer: AE
Explanation
QUESTION 192
Which statement about network ports in a UCS fabric interconnect is true?
A. Network ports do not trunk any VLANs unless they are overridden in a pin group.
B. Network ports have BPDU Guard enabled.
C. Network ports trunk all VLANs unless they are overridden in VLAN Manager.
D. Network ports are placed into a port channel automatically.
E. Network ports do not trunk any VLANs unless they are overridden in VLAN Manager.
Correct Answer: C
Explanation
QUESTION 193
Where are the logs that identify issues found in the APIC graphical user interface?
A. under Admin > External Data Collectors > Syslog

B. under System > Faults
C. under Operations > Visibility & Troubleshooting
D. under Tenant > Faults
Correct Answer: B
Explanation
QUESTION 194
Which type of IPv6 address is 2001:DB8::FFFF:FFFF/32?
A. anycast address
B. broadcast address
C. host address
D. multicast address
Correct Answer: C
Explanation

400-151 v2019-09-12 PDF

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

400-151 v2019-09-12 PDF

Transféré par

Droits d'auteur :

Formats disponibles

400-151

A. VXLAN uses a UDP destination port of 4987.

Correct Answer: CDE

A. packet fragmentation and reassembly

A. Outer S-IP = IP-1 ; Outer D-IP = IP-2.

A. requirement to disable multicast for underlay forwarding

Correct Answer: BDE

Correct Answer: CDE

Correct Answer: ADE

A. The chassis must be specified when the L4-L7 device is created.

A. Nexus 7000 and Nexus 9000 only

A. does not require authentication or certificates

A. Enable auto-sync in the servers > inventory > storage subtab

A. Configure a memory policy in the equipment > policy subtab.

Refer to the exhibit. Which outcome of this configuration is true?

A. Fabric interconnects can view neighbor switches.

A. immediately after the next change

Correct Answer: ABD

A. Use theset identity dymanic-maccommand.

A. /data/<device package name>/logs

A. Configure and apply a custom LAN connectivity policy.

A. Configure server pool policies for the chassis.

A. vNIC template must be converted to updating.

Correct Answer: BCE

Which network script automation option or tool is used in the exhibit?

A. Each task in workflow designer is built using Python script.

A. orchestration feature set

A. REST API Browser

A. Enable report metadata.

A. Local Switching: VXLAN

A. The condition ceases by itself and automatically clears the fault.

A. Extend the bridge domain out of the ACI fabric.

Correct Answer: ABD

A. Prefixes learned from BGP L3outs cannot be filtered inbound.

Correct Answer: ABD

A. Ethernet header, transport header, and application header

A. It is a commercial distribution based on the OpenFlow controller.

Correct Answer: CDE

A. Indirectly connected. Only Layer 3 adjacent.

Correct Answer: BCD

Infrastructure as a Service (IaaS)

A. show npv status

Number of External Interfaces: 2

A. Application Policy Infrastructure Controller

Correct Answer: BCDE

A. switchport mode adapter-fex

Correct Answer: DEF

Correct Answer: AEGH

Which statement is true?

A. Interface veth10164 is up.

A. Outputs shown are redirected to the logging flash.

A. Your session cookie expires in 5 minutes.

Correct Answer: EFG

A. Open Network Operating System

A. Configure fabric interconnect A and B to Ethernet switching mode.

Correct Answer: ABC

A. Server 7 in chassis 4 has been associated with the profile circuit.

Refer to the exhibit. On which VLAN does VLAN Discovery occur?

A. Decommission the switch and remove from the controller.

Correct Answer: BCE

A. n1000v(config)#monitor session 3n1000v(config-monitor)#source interface ethernet 2/1-3n1000v

A. This device supports FCoE.

A. using the same primary IP addresses