ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-620 All Questions

View all questions & answers for the 300-620 exam
Go to Exam

Exam 300-620 topic 1 question 140 discussion

Actual exam question from Cisco's 300-620
Question #: 140
Topic #: 1
[All 300-620 Questions]



Refer to the exhibit. A Cisco ACI environment hosts two e-commerce applications. The default contract from a common tenant between different application tiers is used, and the applications work as expected. The customer wants to move to more specific contracts to prevent unwanted traffic between EPGs. A network administrator creates the app-to-db contract to meet this objective for the application and database tiers. The application EPGs must communicate only with their respective database EPGs. How should this contract be configured to meet this requirement?

  • A. Set the app-to-db scope to Global.
  • B. Set the app-to-db scope to Application Profile.
  • C. Implement the app-to-db scope as VRF.
  • D. Implement the app-to-db as a Taboo contract.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by frzzt at March 10, 2023, 9:43 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
zelya19
9 months, 3 weeks ago
Selected Answer: B
Scope: VRF would allow cross-AP comminucation
upvoted 1 times
...
Mr_Certifiable
1 year, 6 months ago
B Taboo contracts can be used to deny specific traffic that is otherwise allowed by contracts. The traffic to be dropped matches a pattern (such as, any EPG, a specific EPG, or traffic matching a filter). Taboo rules are unidirectional, denying any matching traffic coming toward an EPG that provides the contract. With Cisco APIC Release 3.2(x) and switches with names that end in EX or FX, you can alternatively use a subject Deny action or Contract or Subject Exception in a standard contract to block traffic with specified patterns. https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/4-x/security/Cisco-APIC-Security-Configuration-Guide-401/b_Cisco_APIC_Security_Guide_chapter_01010.html
upvoted 1 times
...
Icarus7322
1 year, 7 months ago
Selected Answer: B
Application: A contract will only program rules between EPGs that are defined within the same application profile. Use of the same contract across other application profile EPGs will not allow for crosstalk between them.
upvoted 1 times
...
Lorygru
1 year, 7 months ago
Selected Answer: B
"The application EPGs must communicate only with their respective database EPGs" B is correct, setting the scope to application profile allow the communication between app and db on the same AP only
upvoted 4 times
...
frzzt
1 year, 9 months ago
Shouldn't this be C? apply the contract to appropriate EPG's inside the VRF. Why use taboo in this case if it only denies traffic?
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel