Use VCE Exam Simulator to open VCE files
300-620 Cisco Practice Test Questions and Exam Dumps
Question No 1:
An ACI fabric administrator detects an unexpected change in the network’s behavior and suspects that the change might have been introduced by a user. Which method should the administrator use to determine whether human intervention caused the change?
A. Review the event records within the APIC user interface to track all user-performed actions
B. Check the /var/log/audit_messages file on the APIC for a history of user actions
C. Access the audit logs through the APIC UI to view all user-generated events
D. Use the show command history command in the APIC CLI to review executed commands
Correct Answer:
C. Access the audit logs through the APIC UI to view all user-generated events
Explanation:
In Cisco ACI (Application Centric Infrastructure), maintaining visibility and traceability of configuration changes is crucial for troubleshooting and maintaining system integrity. When an administrator notices unexpected behavior in the fabric, it's important to determine whether the issue is due to an internal system process or the result of manual user intervention.
The most appropriate method for identifying user-initiated changes is by viewing the audit logs within the APIC (Application Policy Infrastructure Controller) user interface. These logs are specifically designed to capture all user-related activities such as configuration changes, policy updates, and administrative logins.
The audit log in the APIC UI provides:
Timestamped records of user actions
The username and role of the person who performed each action
The nature and target of each configuration change
This makes it an ideal source for tracking human interaction with the system.
Here’s why the other options are less suitable:
A (event records) primarily show system events, not detailed user actions.
B (/var/log/audit_messages) may contain system-level audit information but requires CLI access and isn’t as user-friendly or complete as the UI logs.
D (show command history) only applies to CLI sessions and doesn't reflect actions performed through the APIC UI or APIs.
In conclusion, for a comprehensive and accessible view of user-generated changes, audit logs in the APIC UI (Option C) provide the most reliable and centralized information to trace human intervention.
Question No 2:
An engineer is configuring a policy for importing settings into a system. The import process should terminate immediately if the configuration being imported is incompatible with the existing system. Which import mode will achieve this result?
A. Merge
B. Atomic
C. Best effort
D. Replace
Correct Answer:
B. Atomic
Explanation:
When importing configurations into a system, ensuring the integrity and compatibility of the new configuration with the existing system is critical. Some import methods allow for partial changes to be applied, while others ensure that the entire process either succeeds or fails. This is especially important when changes must be rolled back if an incompatibility arises.
The atomic import mode is the correct choice when the goal is to ensure that an import is all-or-nothing. In this mode, the system will apply the entire configuration import in a single transaction. If any part of the configuration is found to be incompatible with the existing system setup, the entire import process will terminate and no changes will be applied. This ensures that the system remains in a stable and consistent state.
Let’s review the other options:
A. Merge: In this mode, new configurations are added or updated to the system without affecting the existing settings. If there is an incompatibility, it doesn’t automatically terminate the import; instead, it may skip or apply changes incrementally.
C. Best effort: This mode tries to apply as much of the configuration as possible, even if some changes are incompatible. It does not terminate the process when errors are encountered.
D. Replace: This mode would overwrite the existing configuration with the new one. While it may introduce more drastic changes, it doesn’t specifically ensure that the import will fail if an incompatibility arises—it simply replaces the existing configuration with the new one.
In summary, atomic import mode is the best option to guarantee that the system configuration is not altered unless the entire import is successful, ensuring the system remains consistent and stable.
Question No 3:
Which components must be configured in order for the BGP Route Reflector policy to be applied effectively in an ACI fabric?
A. Spine fabric interface overrides and profiles
B. Access policies and profiles
C. Pod policy groups and profiles
D. Leaf fabric interface overrides and profiles
Correct Answer:
C. Pod policy groups and profiles
Explanation:
In an ACI (Application Centric Infrastructure) fabric, the BGP Route Reflector policy is crucial for optimizing the BGP (Border Gateway Protocol) routing structure, particularly in large-scale networks. This configuration helps reduce the number of BGP peering sessions by allowing routers to reflect routing information between other routers, thus simplifying the management of routing tables in multi-router environments.
For the BGP Route Reflector policy to take effect in ACI, it is necessary to configure pod policy groups and profiles. This is because:
Pod policy groups are the logical containers for policies related to the ACI fabric, including routing protocols like BGP. These groups define the configuration that is applied to all devices within a specific pod.
Profiles within these groups are used to assign specific configurations, such as the Route Reflector configuration, to the devices in the pod. These profiles ensure that the BGP Route Reflector policy is consistently applied across the necessary components of the fabric.
Now, let’s analyze the other options:
A. Spine fabric interface overrides and profiles: While spine switches play an important role in the fabric, they are not directly related to BGP Route Reflector configuration, which is more relevant to the pod level (leaf and border routers).
B. Access policies and profiles: These focus on user access and policy enforcement within the fabric, not on routing or BGP configurations.
D. Leaf fabric interface overrides and profiles: This refers to configurations on leaf switches but does not directly apply to the BGP Route Reflector policy, which is more focused on pod-level configuration.
In conclusion, pod policy groups and profiles are essential components to configure for the BGP Route Reflector policy to take effect in the ACI fabric, ensuring proper routing reflection and optimization across the network.
Question No 4:
Which type of policy is used to suppress faults generated from a port being down in a network environment?
A. Fault Lifecycle Assignment
B. Event Lifecycle Assignment
C. Fault Severity Assignment
D. Event Severity Assignment
Correct Answer:
A. Fault Lifecycle Assignment
Explanation:
In network management systems like Cisco ACI, fault suppression is a critical function to help prevent the overwhelming of system administrators with alerts and events that do not require immediate attention. One common situation that may generate repeated faults is when a port goes down, which may trigger numerous fault notifications. To address this, Fault Lifecycle Assignment policies are used to configure how faults are handled, including whether they should be suppressed or not when a known or expected issue occurs (e.g., a port being administratively down).
Fault Lifecycle Assignment allows administrators to manage the behavior of faults, including whether they should be:
Suppressed temporarily or permanently for known scenarios (such as when a port is deliberately shut down for maintenance).
Acknowledge faults without generating continuous notifications.
This feature helps reduce unnecessary alarms and makes fault management more efficient, especially in environments with large numbers of devices or expected maintenance operations.
Here’s a look at the other options and why they are incorrect:
B. Event Lifecycle Assignment: This focuses on managing events rather than faults. Events can trigger fault generation, but lifecycle assignments for events themselves don’t control the suppression of faults directly.
C. Fault Severity Assignment: This policy is related to defining the severity of faults (critical, major, minor, etc.), not to suppressing them. While severity levels help prioritize issues, they do not control whether faults are suppressed.
D. Event Severity Assignment: Similar to Fault Severity Assignment, this controls the severity of events, but it doesn’t directly relate to suppressing faults caused by specific conditions like a port being down.
In conclusion, Fault Lifecycle Assignment is the correct policy type to configure the suppression of faults from a port being down, ensuring better control and reduction of unnecessary alerts in network management.
Question No 5:
Which type of profile must be created in order to deploy an access port policy group in an ACI fabric?
A. Attachable Entity
B. Pod
C. Module
D. Leaf Interface
Correct Answer:
A. Attachable Entity
Explanation:
In Cisco ACI (Application Centric Infrastructure), a policy group is used to define and enforce consistent configurations across various components of the fabric. When configuring network ports for specific functions, such as access ports (which are used to connect end devices like computers or printers), you must associate them with an appropriate policy group to ensure that the correct settings are applied.
To deploy an access port policy group, you need to configure an Attachable Entity Profile (AEP). This profile is a critical element in ACI that binds physical resources (such as ports) to specific policies, ensuring that the correct behavior is applied when devices are connected to the fabric.
The Attachable Entity Profile (AEP) allows you to define the characteristics and policies for the ports where devices will connect. In this case, the AEP is used to apply an access port policy group to the corresponding physical leaf interfaces that connect to the devices.
Here’s a breakdown of the other options:
B. Pod: In ACI, a pod refers to a physical collection of switches (both leaf and spine). While pods play a role in fabric architecture, they are not directly related to the specific task of creating a profile for access ports.
C. Module: Modules typically refer to hardware components like line cards within a switch. While modules are important for physical infrastructure, they do not directly define access port policies.
D. Leaf Interface: A leaf interface refers to the physical ports on a leaf switch, but the configuration of the Attachable Entity Profile (AEP) is what binds the interface to the access port policy.
In conclusion, the correct profile to deploy an access port policy group is the Attachable Entity Profile (AEP), which ensures that the ports behave according to the defined policy for devices connected to the fabric.
Question No 6:
An ACI administrator notices that a fault is raised on the APIC, but the fault is not relevant to the current environment and does not need to be displayed. Which action should the administrator take to prevent this fault from appearing?
A. Under System -> Faults, right-click on the fault and select Acknowledge Fault so that acknowledged faults will immediately disappear.
B. Create a stats threshold policy with both rising and falling thresholds defined so that the critical severity threshold matches the squelched threshold.
C. Under System -> Faults, right-click on the fault and select Ignore Fault to create a fault severity assignment policy that hides the fault.
D. Create a new global health score policy that ignores specific faults as identified by their unique fault code.
Correct Answer:
C. Under System -> Faults, right-click on the fault and select Ignore Fault to create a fault severity assignment policy that hides the fault.
Explanation:
In Cisco ACI, faults are generated to inform administrators of issues or abnormalities within the fabric. However, not all faults are critical or relevant in every scenario. For example, some faults might be caused by configurations that aren't currently in use or are expected due to certain maintenance procedures. In such cases, administrators may want to suppress the display of these faults to avoid unnecessary clutter or confusion.
The correct action to prevent a fault from appearing is to ignore the fault by creating a fault severity assignment policy. By selecting "Ignore Fault" in the System -> Faults section on the APIC interface, the administrator can suppress the fault's visibility. This action does not resolve the underlying issue but simply prevents the fault from being displayed or raised as a significant event, reducing clutter in the fault management system.
Here’s why the other options are incorrect:
A. Acknowledge Fault: Acknowledging a fault does not hide it; it simply marks it as recognized. The fault will still appear in the system, though it may be marked as acknowledged.
B. Stats threshold policy: This option focuses on creating thresholds for statistics and does not directly address fault suppression. It might be used to monitor specific performance metrics but does not hide faults.
D. Global health score policy: This method helps track the overall health of the system, but it’s not designed to hide or suppress specific faults by fault code. It focuses on the health of the fabric as a whole.
In summary, option C is the correct method to suppress faults from appearing in the APIC by using the "Ignore Fault" action in the Faults section. This ensures that irrelevant or non-critical faults are not displayed in the management interface, keeping the fault list clean and focused.
Question No 7:
A RADIUS user’s role is resolved through the Cisco AV Pair. Which object does the Cisco AV Pair resolve to in Cisco ACI?
A. Tenant
B. Security Domain
C. Primary Cisco APIC
D. Managed Object Class
Correct Answer:
D. Managed Object Class
Explanation:
In Cisco ACI, RADIUS (Remote Authentication Dial-In User Service) is commonly used for authenticating and authorizing users who need to access the fabric. One of the key features of RADIUS in ACI is the ability to assign specific roles to users based on the attributes provided in the RADIUS response. One of these attributes is the Cisco AV Pair (Attribute-Value Pair), which is used to resolve the user's role and access within the ACI fabric.
The Cisco AV Pair typically contains a value that corresponds to specific roles or policies within the fabric. In this context, when a RADIUS user’s role is resolved through the Cisco AV Pair, it maps to a Managed Object Class in ACI.
Managed Object Classes in ACI represent the fundamental objects or entities that are configured in the system, such as tenants, endpoint groups (EPGs), policies, and other components. The AV Pair helps in mapping the user to the appropriate class, ensuring that the user has the correct access rights and role for the tasks they are intended to perform.
Let’s take a look at the other options:
A. Tenant: A tenant is a logical division in ACI representing a customer’s environment. While a user may be assigned roles or permissions based on the tenant, the Cisco AV Pair resolves to a Managed Object Class, not the tenant directly.
B. Security Domain: A security domain is used in ACI for the grouping of similar security policy structures, such as for network segmentation. However, it is not directly related to the resolution of the Cisco AV Pair.
C. Primary Cisco APIC: The APIC (Application Policy Infrastructure Controller) is the central controller in ACI, but it is not the object to which the AV Pair resolves.
In conclusion, when a RADIUS user’s role is resolved via the Cisco AV Pair in ACI, it maps to a Managed Object Class that defines what access and roles the user has within the fabric. This ensures that the user can interact with the system based on the specific policies and roles assigned to them.
Question No 8:
Which feature in Cisco ACI dynamically assigns or modifies the EPG (Endpoint Group) association of virtual machines based on their attributes?
A. vzAny Contracts
B. Standard Contracts
C. Application EPGs
D. uSeg EPGs
Correct Answer:
D. uSeg EPGs
Explanation:
In Cisco ACI (Application Centric Infrastructure), EPGs (Endpoint Groups) are used to define groups of endpoints that share the same policy requirements. For example, endpoints within an EPG may have similar networking requirements, such as virtual machines (VMs) that need to communicate with each other using the same policies.
uSeg EPGs (User-Segmented EPGs) are the feature that dynamically assigns or modifies the EPG association of virtual machines (VMs) based on their attributes. The key advantage of uSeg EPGs is that they allow endpoints, like VMs, to be automatically associated with the appropriate EPG based on specific characteristics or attributes, such as VM name, VM host, IP address, or tags. This makes it easier to dynamically adjust the network configuration without manual intervention when the attributes of VMs change.
In practice, uSeg EPGs integrate with Cisco ACI’s integration with virtualization platforms (like VMware or Hyper-V) to automatically categorize VMs into the correct EPGs as they are spun up or moved across different hosts in the network. This ensures that the network policy remains consistent and updated based on the real-time attributes of the VMs.
Here’s why the other options are incorrect:
A. vzAny Contracts: The vzAny contract is a policy that allows communication between all endpoint groups, regardless of their membership. It does not dynamically assign or modify EPG associations based on VM attributes.
B. Standard Contracts: Standard contracts in ACI are used to define the communication rules between different EPGs, but they do not dynamically assign or modify EPG associations based on VM attributes.
C. Application EPGs: Application EPGs are typically used to represent logical groupings of endpoints related to specific applications. However, they are not designed for dynamically adjusting EPG associations based on attributes.
In summary, uSeg EPGs are the feature in Cisco ACI that allows dynamic assignment and modification of EPGs based on the attributes of virtual machines, making network policy configuration more automated and adaptable.
Top Training Courses
SY0-701
CompTIA Security+
$14.99
AZ-104
Microsoft Azure Administrator
$14.99
200-301
Cisco Certified Network Associate (CCNA)
$14.99
AWS Certified Solutions Architect - Associate SAA-C03
AWS Certified Solutions Architect - Associate SAA-C03
$14.99
AZ-305
Designing Microsoft Azure Infrastructure Solutions
$14.99
PL-300
Microsoft Power BI Data Analyst
$14.99
350-401
Implementing Cisco Enterprise Network Core Technologies (ENCOR)
$14.99
AZ-900
Microsoft Azure Fundamentals
$14.99
CS0-003
CompTIA CySA+ (CS0-003)
$14.99
AI-102
Designing and Implementing a Microsoft Azure AI Solution
$14.99
