Cisco braindumps ccnp Data Center 300-620 Exam Dumps by Pia q134 vce pdf

Page: 7 / 18

Exam Name:	Implementing Cisco Application Centric Infrastructure (300-620 DCACI)
Exam Code:	300-620 Dumps
Vendor:	Cisco	Certification:	CCNP Data Center
Questions:	247 Q&A's	Shared By:	pia

Question 28

In the context of VMM, which protocol between ACI leaf and compute hosts ensures that the policies are pushed to the leaf switches for immediate and on demand resolution immediacy?

Options:

VXLAN

LLDP

ISIS

STP

Discussion

Freddy

I passed my exam with flying colors and I'm confident who will try it surely ace the exam.

Aleksander Sep 26, 2024

Thanks for the recommendation! I'll check it out.

Cecilia

Yes, I passed my certification exam using Cramkey Dumps.

Helena Sep 19, 2024

Great. Yes they are really effective

Rosalie

I passed. I would like to tell all students that they should definitely give Cramkey Dumps a try.

Maja Aug 30, 2024

That sounds great. I'll definitely check them out. Thanks for the suggestion!

Pippa

I was so happy to see that almost all the questions on the exam were exactly what I found in their Dumps.

Anastasia Sep 21, 2024

You are right…It was amazing! The Cramkey Dumps were so comprehensive and well-organized, it made studying for the exam a breeze.

Reeva

Wow what a success I achieved today. Thank you so much Cramkey for amazing Dumps. All students must try it.

Amari Sep 1, 2024

Wow, that's impressive. I'll definitely keep Cramkey in mind for my next exam.

Question 29

An engineer is implementing an out-of-band (OOB) management access for the Cisco ACI fabric. The secure access must meet these requirements:

• Only GUI and secure shell must be allowed to access the management interfaces of the ACIs.

• The only IP ranges that must be permitted to connect the fabric will be 10.10.10.0724 and 192.168.15.0/24.

Which configuration set meets these requirements?

Options:

Implement HTTPS and SSH protocol filters in the OOB contract. Add the required subnets to the external network instance profile.

Create an out-of-band EPG in the external management entity. Associate the management profile with the OOB contract.

Set up static IPs on the management interfaces from the required IP range. Add the required subnets to the external network instance profile.

Create an out-of-band EPG in the common tenant. Associate the external network instance profile with the OOB contract.

Discussion

Answer:

Explanation:

The engineer is implementing out-of-band (OOB) management access for the Cisco ACI fabric with the following requirements:

Only GUI (HTTPS) and Secure Shell (SSH) must be allowed to access the management interfaces.

Only IP ranges 10.10.10.0/24 and 192.168.15.0/24 must be permitted to connect.

This requires configuring access control and restricting IP ranges for OOB management.

Requirement Analysis

OOB management in ACI is typically handled via the Management Tenant (mgmt) and an OOB contract to define allowed protocols and sources.

The external network instance profile defines the permitted IP ranges for external access.

Option Evaluation

A. Implement HTTPS and SSH protocol filters in the OOB contract. Add the required subnets to the external network instance profile:

An OOB contract can specify allowed protocols (HTTPS on port 443 and SSH on port 22) to restrict access to GUI and SSH only. Adding the subnets 10.10.10.0/24 and 192.168.15.0/24 to the external network instance profile limits the source IP ranges, meeting both requirements.

[: Cisco APIC Management Guide, "Out-of-Band Management Configuration" and "Contract Configuration.", B. Create an out-of-band EPG in the external management entity. Associate the management profile with the OOB contract: , This approach creates an EPG for OOB management, but it does not specify protocol filters (HTTPS/SSH) or IP range restrictions. The management profile alone does not enforce these requirements., Reference: Cisco ACI External Management Configuration Guide., C. Set up static IPs on the management interfaces from the required IP range. Add the required subnets to the external network instance profile: , Assigning static IPs to management interfaces is a configuration step, but it does not enforce protocol restrictions (HTTPS/SSH) or limit source IP ranges via a contract. This is incomplete., Reference: Cisco APIC Interface Configuration Guide., D. Create an out-of-band EPG in the common tenant. Associate the external network instance profile with the OOB contract: , The common tenant can host an OOB EPG, but this option lacks explicit protocol filtering (HTTPS/SSH) and relies on the external network instance profile, which may not fully address the GUI/SSH restriction., Reference: Cisco ACI Tenant Configuration Guide., Final Answer Justification, A is correct because it directly addresses both requirements: using an OOB contract to filter HTTPS and SSH protocols and adding the specified subnets to the external network instance profile to restrict IP ranges., Primary Cisco References: , Cisco APIC Management Tenant Configuration Guide, "OOB Management Access.", Cisco ACI Security Guide, "Contract-Based Access Control.", , ]

Question 30

A company is implementing a new security policy to track system access, configuration, and changes. The network engineer must enable the log collection to track user login and logout attempts. In addition, any configuration changes such as a fabric node failure must be collected in the logs. The syslog policy is configured to send logs to the company SEIM appliance.

Which two log types must be enabled to meet the security requirements? (Choose two.)

Options:

error

audit

event

health

fault

Discussion

Question 31

A Cisco APIC is configured with RADIUS authentication as the default The network administrator must ensure that users can access the APIC GUI with a local account if the RADIUS server is unreachable. Which action must be taken to accomplish this goal?

Options:

Create an additional login domain that references local accounts

Enable the fallback check with the default authentication domain

Associate console authentication with the "RADIUS" realm.

Reference the local realm in the fallback domain