• Home
  • Articles
  • [Apr 19, 2026] Latest 300-620 PDF Dumps & Real Tests Free Updated Today [Q126-Q146]

[Apr 19, 2026] Latest 300-620 PDF Dumps & Real Tests Free Updated Today [Q126-Q146]

Share

[Apr 19, 2026] Latest 300-620 PDF Dumps & Real Tests Free Updated Today

300-620 Dumps With 100% Verified Q&As - Pass Guarantee or Full Refund


Cisco 300-620 certification exam is designed for IT professionals who want to demonstrate their knowledge and skills in implementing Cisco Application Centric Infrastructure (ACI). Implementing Cisco Application Centric Infrastructure certification is ideal for network engineers, systems administrators, and other professionals who work with data center networks. 300-620 exam covers a range of topics including ACI architecture, policies, automation, and troubleshooting.


Cisco 300-620 exam comprises 60-70 questions and has a duration of 90 minutes. 300-620 exam format includes multiple choice and simulation questions that test candidates' knowledge of ACI architecture, fabric infrastructure, automation, and policy-based networking. The passing score for the exam is 825 out of 1000 points. Candidates who pass the exam demonstrate their expertise in implementing Cisco ACI solutions and are recognized as skilled professionals in the field of data center networking.

 

NEW QUESTION # 126
When does the Cisco ACI leaf learn a source IP or MAC as a remote endpoint?

  • A. When VXLAN traffic arrives on a leaf fabric port from the spine and outer source IP is in the Layer 3 Out EPG subnet range.
  • B. When VXLAN traffic arrives on a leaf fabric port from the spine and outer source IP is in the bridge domain subnets range.
  • C. When VXLAN traffic arrives on a leaf fabric port from the spine and inner source IP is in the Layer 3 Out EPG subnet range.
  • D. When VXLAN traffic arrives on a leaf fabric port from the spine and inner source IP is in the bridge domain subnets range.

Answer: D


NEW QUESTION # 127
Which description regarding the initial APIC cluster discovery process is true?

  • A. The APIC uses an internal IP address from a pool to communicate with the nodes.
  • B. The APIC discovers the IP address of the other APIC controllers by using Cisco Discovery Protocol.
  • C. Every switch is assigned a unique AV by the APIC.
  • D. The ACI fabric is discovered starting with the spine switches.

Answer: A

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/aci-fundamentals/ b_ACI-Fundamentals/b_ACI-Fundamentals_chapter_010011.html


NEW QUESTION # 128
Which feature dynamically assigns or modifies the EPG association of virtual machines based on their attributes?

  • A. application EPGs
  • B. vzAny contracts
  • C. standard contracts
  • D. uSeg EPGs

Answer: B


NEW QUESTION # 129
Refer to the exhibit.

Refer to the exhibit. What must be configured in the service graph to redirect HTTP traffic between the EPG client and EPG server to go through the Cisco ASA firewall?

  • A. permit-all contract filter
  • B. contract with no filter
  • C. contract filter to allow ARP and HTTP.
  • D. precise filter to allow only HTTP traffic

Answer: C


NEW QUESTION # 130
An organization has encountered many STP-related issues in the past due to failed hardware components. They are in the process of long-term migration to a newly deployed ACI fabric. Senior engineers are worried that spanning-tree loops in the existing network may be extended to the ACI fabric. Which feature must be enabled on the ACI leaf ports to protect the fabric from spanning-tree loops?

  • A. Storm Control
  • B. BPDU Filter
  • C. per-VLANMCP
  • D. BPDU Guard

Answer: D


NEW QUESTION # 131
Refer to the exhibit. A Cisco ACI fabric displays this fault. Which set of actions modifies the event to be displayed as a warning in the future?

  • A. Navigate to the ACI Events tab.
    Create a new record.
  • B. Navigate to the ACI Fault tab.
    Create a new record.
  • C. Navigate to the ACI Events tab.
    Change the severity level.
  • D. Navigate to the ACI Fault tab.
    Change the severity level.

Answer: D


NEW QUESTION # 132
Refer to the exhibit.

Refer to the exhibit A customer must back up the current Cisco ACl configuration securely to the remote location using encryption and authentication. The backup job must run once per day The customer s security policy mandates that any sensitive information including passwords, must not be exported from the device Which set of steps meets these requirements?

  • A. Option C
  • B. Option B
  • C. Option A
  • D. Option D

Answer: B


NEW QUESTION # 133
A Cisco ACI endpoint group must have its gateway address migrated out of the ACI fabric. An engineer configures EPG-TEST with a static port binding and configures the encap VLAN with the required VLAN. Which configuration set must be used on the bridge domain to meet these requirements?

  • A. L2 Unknown Unicast: Hardware Proxy
    Unicast Routing: Disabled
    ARP Flooding: Enabled
  • B. L2 Unknown Unicast: Hardware Proxy
    Unicast Routing: Disabled
    ARP Flooding: Disabled
  • C. L2 Unknown Unicast: Flood
    Unicast Routing: Enabled
    ARP Flooding: Enabled
  • D. L2 Unknown Unicast: Flood
    Unicast Routing: Disabled
    ARP Flooding: Enabled

Answer: A

Explanation:
To migrate the gateway address out of the ACI fabric for an endpoint group (EPG), the bridge domain configuration must ensure that routing is contained within the ACI fabric and that ARP requests are managed efficiently. The correct configuration set is:
L2 Unknown Unicast: Set to Hardware Proxy. This setting allows the ACI fabric to use the spine proxy function to handle unknown unicast traffic, which helps to reduce flooding within the fabric.
Unicast Routing: Set to Disabled. Since the gateway is being migrated out of the ACI fabric, unicast routing should be disabled to prevent the ACI fabric from attempting to route traffic for the EPG.
ARP Flooding: Set to Enabled. This allows ARP requests to be flooded within the bridge domain, which is necessary when the unicast routing is disabled, to ensure that ARP requests can still be resolved.
Reference:
Cisco ACI Bridge Domain Configuration Guide
Cisco ACI Best Practices Guide


NEW QUESTION # 134
Which feature dynamically assigns or modifies the EPG association of virtual machines based on their attributes?

  • A. application EPGs
  • B. standard contracts
  • C. vzAny contracts
  • D. uSeg EPGs

Answer: D

Explanation:
Microsegmented EPGs (uSeg) works based on attribute.


NEW QUESTION # 135
Which feature should be disabled on a bridge domain when a default gateway for endpoints is on an external device instead of a Cisco ACI bridge domain SVI?

  • A. proxy ARP
  • B. ARP flooding
  • C. unknown unicast flooding
  • D. unicast routing

Answer: D


NEW QUESTION # 136
A Cisco ACI fabric is connected to an external Cisco Catalyst switch. Which set of actions must be taken for Cisco ACI leaf and spine switches to be managed from the management port?

  • A. Provide default/common contract by external management network under tenant mgmt.
    Consume default/common contract by out-of-band EPG.
  • B. Provide default/mgmt contract by out-of-band EPG.
    Consume default/mgmt contract by external management network under tenant common.
  • C. Provide default/common contract by out-of-band EPG.
    Consume default/common contract by external management network under tenant mgmt.
  • D. Provide default/mgmt contract by external management network under tenant common.
    Consume default/mgmt contract by out-of-band EPG.

Answer: C

Explanation:
https://www.cisco.com/c/dam/en/us/solutions/collateral/data-center-virtualization/application- centric-infrastructure/aci-guide-configuring-out-of-band-access-for-your-fabric.pdf


NEW QUESTION # 137
The unicast routing feature is enabled on the bridge domain. Which two conditions enable the Cisco ACI leaf to learn a source IP as a local endpoint? (Choose two.)

  • A. IP traffic routed through an SVI.
  • B. Through VXLAN traffic received on the uplink.
  • C. IP traffic routed through a Layer 3 Out.
  • D. Through ARP received on an SVI.
  • E. Through Ethernet traffic received in a bridge domain.

Answer: A,D

Explanation:
https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739989.html


NEW QUESTION # 138
A data center administrator is upgrading an ACI fabric. There are 3 APIC controllers in the fabric and all the servers are dual-homed to pairs of leaf switches configured in VPC mode. How should the fabric be upgraded to minimize possible traffic impact during the upgrade?

  • A. 1. Create two maintenance groups for APIC controllers: VPC left and VPC right.
    2.Upgrade the leaf switches.
    3.Upgrade the first group of controllers.
    4.Upgrade the second group of controllers.
  • B. 1. Create two maintenance groups for the leaf switches: VPC left and VPC right.
    2.Upgrade the APIC controllers.
    3.Upgrade the first group of leaf switches.
    4.Upgrade the second group of leaf switches.
  • C. 1. Create two maintenance groups for the APIC controllers: VPC left and VPC right.
    2.Upgrade the first group of controllers.
    3.Upgrade the second group of controllers.
    4.Upgrade the leaf switches.
  • D. 1. Create two maintenance groups for the leaf switches: VPC left and VPC right.
    2.Upgrade the first group of switches.
    3.Upgrade the second group of switches.
    4.Upgrade the APIC controllers.

Answer: B


NEW QUESTION # 139
Refer to the exhibit.

A Cisco ACI fabric is newly deployed, and the security team requires more visibility of all inter-EPG traffic flows. All traffic in a VRF must be forwarded to an existing firewall pair. During fallover, the standby firewall must continue to use the same IP and MAC as the primary firewall. Drag and drop the steps from the left Into the Implementation order on the right to configure the service graph that meets the requirements. (Not all steps are used.)

Answer:

Explanation:

Explanation
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/L4-L7_Services_Deployment/guide/b
* Create a service bridge domain and a layer 4 to layer 7 device within one cluster interface.


NEW QUESTION # 140
Which new construct must a user create when configuring in-band management?

  • A. VLAN pool
  • B. bridge domain
  • C. management tenant
  • D. management contract

Answer: C


NEW QUESTION # 141
Refer to the exhibit. VM1 and VM2 are in Cisco ACI POD1 and communication takes place.
Which event is triggered when VM2 is live migrated from POD1 to POD2?

  • A. Leaf 102 installs a bounce entry for VM2 pointing to the PTEP address of leaf 201.
  • B. Spines from POD2 send an MP-BGP EVPN update to the leaves in POD1 about the new location of VM2.
  • C. Leaf 201 creates a tunnel with leaf 102 because of the bounced traffic that is destined to VM2.
  • D. An MP-BGP EVPN update is received by spines in POD1 announcing the reachability of VM2 via the proxy VTEP address of the spines in POD2.

Answer: C


NEW QUESTION # 142
When the subnet is configured on a bridge domain, on which physical devices is the gateway IP address configured?

  • A. only leaf switches where the bridge domain of the tenant is present
  • B. all border leaf nodes where the bridge domain of the tenant is present
  • C. all leaf switches and all spine nodes
  • D. only spine switches where the bridge domain of the tenant is present

Answer: A

Explanation:
http://www.netdesignarena.com/index.php/2016/06/16/aci-tenant-building-blocks-forwarding-logic/
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1- x/Operating_ACI/guide/b_Cisco_Operating_ACI/b_Cisco_Operating_ACI_chapter_0111.html


NEW QUESTION # 143
Drag and drop the Cisco ACI filter entry options from the left onto the correct categories on the right indicating what are required or optional parameters.

Answer:

Explanation:

Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/Operating_ACI/guide/ b_Cisco_Operating_ACI/b_Cisco_Operating_ACI_chapter_01000.html


NEW QUESTION # 144
An engineer configured a bridge domain with the hardware-proxy option for Layer 2 unknown unicast traffic. Which statement is true about this configuration?

  • A. The leaf switch drops the Layer 2 unknown unicast packet if it is unable to find the MAC address in the local forwarding tables.
  • B. The spine switch drops the Layer 2 unknown unicast packet if it is unable to find the MAC address in the proxy database.
  • C. The leaf switch forwards the Layers 2 unknown unicast packets to all other leaf switches if it is unable to find the MAC address in its local forwarding tables.
  • D. The Layer 2 unknown hardware proxy lacks support of the topology change notification.

Answer: A


NEW QUESTION # 145
Which role do interfaces Ethernet 1/49-50 have in this output?

  • A. server fabric ports
  • B. leaf fabric ports
  • C. leaf access ports
  • D. server uplink ports

Answer: B


NEW QUESTION # 146
......

2026 Valid 300-620 test answers & Cisco Exam PDF: https://pass4sure.testvalid.com/300-620-valid-exam-test.html

Related Articles

more
Cisco 300-620 Certification Practice Exam

Copyright © 2026 TestValid NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy