700-702 Cisco Application Centric Infrastructure for System Engineers

Page 1   
Question 1

What is the function of the OpFlex protocol policy element?

  • A. Stores statistical information
  • B. Learns and knows every device in the network
  • C. Resolves policy and configures network hardware/software
  • D. Captures and stores the user intent in policy
  • E. Limits device features


Answer : C

Reference: http://blogs.cisco.com/tag/opflex/ Policy Repository The policy repository (PR) is a logically centralized entity containing the definition of all policies governing the behavior of the system. In Cisco ACI, this function is performed by the Cisco APIC or by the leaf nodes of the network fabric. The policy authority handles policy resolution requests from each policy element. Policy Element (Policy Agent) A policy element (PE) is a logical abstraction for a physical or virtual device that implements and enforces policy. This is where the Policy Agent describe in detail herein resides. Policy elements are responsible for requesting portions of the policy from the policy authority as new endpoints connect, disconnect, or change. Additionally, policy elements are responsible for rendering that policy from an abstract form into a concrete form that maps to their internal capabilities. This process is a local operation and can function differently on each device as long as the semantics of the policy are honored. Endpoint Registry The endpoint registry (ER) stores the current operation state (identity, location, etc.) of each endpoint (EP) in the system. The endpoint registry receives information about each endpoint from the local policy element and then can share it with other policy elements in the system. The endpoint registry may be physically co-located with the policy authority, but it may also be distributed in the network fabric itself. In Cisco's ACI solution, the endpoint registry actually lives in a distributed database within the network itself to provide additional performance and resiliency.

Question 2

With which option can the Cisco Application Policy Infrastructure Controller be configured?

  • A. With the Cisco UCS Manager GUI
  • B. With a service level agreement
  • C. With the Cisco UCS Central interface
  • D. With the application programming interface
  • E. With the CLI


Answer : E

Question 3

Which option describes the Cisco ACI end point group?

  • A. A collection of users that require the same policy
  • B. A collection of switches that require the same policy
  • C. A collection of business goals that require the same policy
  • D. A collection of hosts/devices that require the same policy
  • E. A collection of routers interfaces that require the same policy


Answer : D

Reference: http://www.cisco.com/c/en/us/solutions/collateral/data-center- virtualization/unified-fabric/white-paper-c11-730021.html (see Endpoint groups: building blocks of policy and automation, first sentence)

Question 4

Which three statements about a controller based on imperative control are true? (Choose
three.)

  • A. User intent is captured and implemented.
  • B. It uses abstract policies rather than a device-specific configuration.
  • C. Knowledge of infrastructure device specific commands is needed to deploy applications.
  • D. Set of device features is broad because scale is not an issue.
  • E. Device features are limited.
  • F. No knowledge of infrastructure device specific commands is needed to deploy applications.
  • G. User intent is difficult to capture and implement.


Answer : C,E,G

Question 5

Which option does the Cisco ACI fabric distributed proxy mapping database map the
internal tenant MAC or IP address to?

  • A. Spine port
  • B. VxLAN tunnel endpoint address
  • C. Distinguished name
  • D. IPv6 address
  • E. Cisco APIC policy


Answer : B

Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/aci- fundamentals/b_ACI-Fundamentals/b_ACI_Fundamentals_BigBook_chapter_0100.pdf Forwarding within the fabric is between VTEPs. The mapping of the internal tenant MAC or IP address to a location is performed by the VTEP using a distributed mapping database. After a lookup is done, the VTEP sends the original data packet encapsulated in VXLAN with the Destination Address (DA) of the VTEP on the destination leaf. The packet is then de-encapsulated on the destination leaf and sent down to the receiving host. With this model, we can have a full mesh, loop-free topology without the need to use the spanning- tree protocol to prevent loops.

Question 6

Which VTEP does the Cisco ACI fabric forward traffic to for unknown unicast?

  • A. Multicast group
  • B. Spine proxy
  • C. Leaf vPC
  • D. Border leaf
  • E. Leaf
  • F. Cisco ARC


Answer : B

Question 7

What is needed to forward IP multicast between bridge domains?

  • A. Forwarding IP multicast between bridge domains is not possible
  • B. External rendezvous point
  • C. External PIM router
  • D. External Layer 2 switch
  • E. External OSPF router


Answer : E

Question 8

Which three challenges can the Cisco ACI integration of Layer 4 to Layer 7 services help a
customer solve? (Choose three.)

  • A. Operational challenge of waiting on specialized administrators to configure individual devices
  • B. Limited device features
  • C. Chain of network services that includes multiple vendors
  • D. Costly and error-prone change control
  • E. Politics within an IT management organization


Answer : A,C,D

Question 9

With which option can the Cisco Application Policy Infrastructure Controller be configured?

  • A. With the Cisco UCS Central interface
  • B. With the Cisco UCS Manager GUI
  • C. With the graphical user interface
  • D. With the CLI
  • E. With a service level agreement


Answer : D

Question 10

Which two statements about the Cisco ACI Layer 4 to Layer 7 service integration are true?
(Choose two.)

  • A. Cisco ACI fabric cannot detect when a server detaches from the network.
  • B. Cisco ACI fabric cannot detect when a new server attaches to the network.
  • C. When an endpoint detaches from the Cisco ACI fabric, the Cisco APIC cannot notify the Layer 4 to Layer 7 service to dynamically remove configuration.
  • D. When an endpoint detaches from the Cisco ACI fabric, the Cisco APIC can notify the Layer 4 to Layer 7 service to dynamically remove configuration.
  • E. When a new endpoint attaches to the Cisco ACI fabric, the Cisco APIC can notify the Layer 4 to Layer 7 service to dynamically add additional configuration.
  • F. When a new endpoint attaches to the Cisco ACI fabric, the Cisco APIC cannot notify the Layer 4 to Layer 7 service to dynamically add additional configuration.


Answer : D,E

Explanation: Endpoint and Network Event APIs The following APIs are called when an endpoint or a network configuration changes for endpoint groups (EPGs) that are associated with the graph: def attachEndpoint( device, configuration, endpoints ) def detachEndpoint( device, configuration, endpoints ) def attachNetwork( device, configuration, networks) def detachNetwork( device, configuration, networks ) These APIs are called only if the device specification supports an endpoint or network attach notification and you have enabled a notification on the function connector. The AttachEndpoint and DetachEndpoint events are called when an endpoint within an EPG attaches or detaches. The network APIs are called when you modify the subnet configuration under the bridge domain or EPG. These APIs provide information to enable the automation of any service function configuration that should be modified on an endpoint or network configuration change. An example would be if you dynamically add and remove a server from a pool that is attached to a load balancer or dynamically update a subnet within an access list defined for a firewall. The device specification file can define an empty function that returns success in the return format that is required by the APIC. It is not mandatory to support endpoint or network event handling functionality.

Question 11

What is a Cisco ACI VMM?

  • A. Virtual Machine Mobility
  • B. Virtual Machine Controller
  • C. Virtual Machine Monitor
  • D. Virtual Machine Manager


Answer : D

Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/aci- fundamentals/b_ACI- Fundamentals/b_ACI_Fundamentals_BigBook_chapter_0111.html#concept_D579A82E92 4643F58C64EC7D63E7D9E3

Question 12

Which action extends an EPG outside of the Cisco ACI fabric?

  • A. Enable a routing protocol on the border leaf.
  • B. Extend the bridge domain to an outside network.
  • C. Create a Layer 3 port.
  • D. Manually assign a port to a VLAN and map the VLAN to an EPG


Answer : D

Explanation: http://www.cisco.com/c/en/us/solutions/collateral/data-center- virtualization/application-centric-infrastructure/white-paper-c07- 732033.html#_Toc395143569

Question 13

Which three types of system information are contained in the Cisco Application Policy
Infrastructure Controller? (Choose three.)

  • A. API status
  • B. Policy configuration
  • C. Discovered topology
  • D. Operational status
  • E. Agent configuration
  • F. Policy enforcement


Answer : B,C,D

Question 14

Which Cisco Application Centric Infrastructure component is responsible for policy
instantiation?

  • A. Database tier
  • B. Logical model
  • C. Leaf
  • D. Application network profile
  • E. Application tier
  • F. Controller


Answer : D

Reference: http://www.cisco.com/c/en/us/solutions/collateral/data-center- virtualization/application-centric-infrastructure/white-paper-c11-731860.html (see figure 10)

Question 15

Which two statements about connecting the Cisco ACI fabric to an outside Layer 2 network
are true? (Choose two)

  • A. The BPDU frame is flooded within a bridge domain.
  • B. Policy must be created to allow BPDU frames to be flooded within an EPG
  • C. The BPDU frame is not flooded within an EPG.
  • D. The BPDU frame is automatically flooded within an EPG.
  • E. The Cisco ACI fabric does not run the Spanning Tree Protocol.
  • F. The Cisco ACI fabric runs the Spanning Tree Protocol.


Answer : A,D,E

Page 1