Building the Cisco Cloud with Application Centric Infrastructure

325 Questions and Answers

The Cisco 300-475 exam

Building the Cisco Cloud with Application Centric Infrastructure (ACI) Practice Exam

Prepare confidently for the Building the Cisco Cloud with Application Centric Infrastructure (ACI) certification exam with Exam Sage’s comprehensive practice test. This expertly crafted exam simulation is designed to closely mimic the actual Cisco exam, helping you master the essential concepts and practical skills required to design, deploy, and manage Cisco ACI environments.

What Is This Exam?

The Building the Cisco Cloud with ACI exam validates your ability to implement Cisco’s Application Centric Infrastructure, a cutting-edge software-defined networking (SDN) solution for data center automation and management. ACI enables efficient policy-based application deployment and end-to-end network visibility, making it a key skill for network engineers and architects working with Cisco’s modern data center solutions.

What You Will Learn

This practice exam covers a broad spectrum of critical topics, including:

  • Understanding ACI architecture and fabric components

  • Configuring tenants, VRFs, bridge domains, and endpoint groups (EPGs)

  • Defining and applying contracts to control inter-EPG communication

  • Managing fabric policies, VLAN pools, and overlays

  • Integrating ACI with external networks via L3Out configurations

  • Implementing micro-segmentation and endpoint mobility

  • Troubleshooting common ACI fabric issues and interpreting fault management

Through this practice test, you’ll not only reinforce your theoretical knowledge but also gain hands-on readiness to face real-world scenarios encountered in Cisco ACI deployments.

Why Choose Exam Sage for This Exam?

At Exam Sage, we specialize in providing high-quality, carefully researched practice exams that empower candidates to succeed. Our Building the Cisco Cloud with ACI practice test offers:

  • Up-to-date, accurate questions reflecting the latest Cisco exam objectives

  • Detailed explanations for each answer to deepen your understanding

  • A user-friendly interface optimized for desktop and mobile study

  • Continuous updates aligned with Cisco’s evolving certification standards

Whether you are a network professional seeking certification or a student aiming to build expertise in SDN technologies, Exam Sage is your trusted partner for exam success.

Start your journey to becoming a Cisco ACI certified professional today with Exam Sage’s comprehensive practice exam — the smart, efficient way to prepare and pass.

Sample Questions and Answers

1. Which of the following best describes the Application Centric Infrastructure (ACI) policy model?

A. It is VLAN-based and port-centric
B. It separates the control plane from the data plane
C. It uses an intent-based, application-centric approach
D. It only supports Layer 2 forwarding

Answer: C
Explanation: Cisco ACI uses a policy-driven, intent-based networking model where the network is configured based on the needs of applications rather than traditional network constructs.

2. What is the primary function of the APIC in an ACI fabric?

A. Acting as a core switch
B. Managing endpoint traffic
C. Centralized management and policy orchestration
D. Controlling hardware cooling functions

Answer: C
Explanation: The Cisco Application Policy Infrastructure Controller (APIC) serves as the central management engine for the ACI fabric, providing policy enforcement, fabric provisioning, and health monitoring.

3. In Cisco ACI, what component is responsible for data forwarding?

A. APIC
B. Leaf switch
C. Spine switch
D. Application Gateway

Answer: B
Explanation: Leaf switches handle data plane operations and connect to both endpoints and spine switches, performing packet forwarding based on policies.

4. Which protocol is used for APIC to Leaf/Spine communication?

A. BGP
B. OSPF
C. OpFlex
D. EIGRP

Answer: C
Explanation: OpFlex is the protocol used for communication between APIC and policy elements (like leaf switches), enabling a declarative model of policy enforcement.

5. What is a Bridge Domain in Cisco ACI?

A. A Layer 3 boundary
B. A VLAN group in a VTP domain
C. A Layer 2 forwarding construct within a VRF
D. A policy group for switch ports

Answer: C
Explanation: A Bridge Domain (BD) provides Layer 2 isolation within a VRF and defines the scope of Layer 2 forwarding in the fabric.

6. What does an Endpoint Group (EPG) do in ACI?

A. Assigns IP addresses
B. Groups endpoints with similar policy requirements
C. Monitors leaf switch health
D. Controls BGP advertisements

Answer: B
Explanation: EPGs allow grouping of endpoints (such as VMs, servers) based on their policy needs, enabling fine-grained control of network behavior.

7. Which ACI component typically connects to servers and hypervisors?

A. APIC
B. Fabric Interconnect
C. Leaf Switch
D. Spine Switch

Answer: C
Explanation: Leaf switches connect directly to endpoints (servers, hypervisors), acting as access layer devices.

8. What ACI construct encapsulates policies for network traffic between EPGs?

A. Filter
B. VRF
C. Contract
D. Tenant

Answer: C
Explanation: Contracts define the rules for communication between EPGs, including protocols and ports allowed.

9. In ACI, what does a Filter specify?

A. Server MAC addresses
B. IP subnet routing
C. Protocol and port conditions
D. User login policies

Answer: C
Explanation: Filters specify Layer 4 traffic matching conditions (protocols, source/destination ports) used in contracts.

10. What is the purpose of a Tenant in ACI?

A. Acts as a physical server
B. Represents a logical boundary for policies and network objects
C. Controls SNMP settings
D. Handles DNS resolution

Answer: B
Explanation: A tenant provides a secure, logical container for policies, applications, and network services, often used to represent different business units.

11. Which feature allows integration of ACI with VMware vCenter?

A. ACI DNS Service
B. VMM Domain
C. Bridge Assurance
D. VXLAN Termination

Answer: B
Explanation: A VMM (Virtual Machine Manager) domain enables integration with hypervisors like VMware vCenter to dynamically provision networking for VMs.

12. Which encapsulation method does Cisco ACI use for tenant isolation?

A. GRE
B. VXLAN
C. MPLS
D. ISL

Answer: B
Explanation: ACI uses VXLAN for overlay networking and tenant separation across the fabric.

13. What is the default Layer 3 gateway for hosts in an ACI fabric?

A. Leaf switch
B. Spine switch
C. APIC
D. Border Leaf

Answer: A
Explanation: In ACI, leaf switches serve as the default gateway (first-hop router) for connected endpoints using anycast gateway functionality.

14. What happens if no contract exists between two EPGs?

A. Communication is allowed
B. Traffic is redirected to APIC
C. Communication is denied
D. Fabric loop occurs

Answer: C
Explanation: By default, ACI denies traffic between EPGs unless a contract explicitly permits it.

15. What does the term “Intra-EPG communication” refer to?

A. Communication between tenants
B. Communication between APICs
C. Communication within the same EPG
D. Communication between VRFs

Answer: C
Explanation: Endpoints within the same EPG can communicate freely without a contract.

16. Which component enforces the forwarding policy in ACI?

A. APIC
B. Fabric modules
C. Leaf switches
D. DHCP Relay Agent

Answer: C
Explanation: Leaf switches enforce policies defined by the APIC, handling packet forwarding and access control.

17. What ACI construct defines the scope of IP routing?

A. Contract
B. Bridge Domain
C. VRF
D. Filter

Answer: C
Explanation: A VRF (Virtual Routing and Forwarding instance) isolates routing tables, enabling multi-tenancy and overlapping IPs.

18. What is a key benefit of ACI’s centralized policy model?

A. High power consumption
B. Reduced flexibility
C. Simplified management and consistency
D. Higher OPEX costs

Answer: C
Explanation: Centralized policy control via APIC simplifies configuration, ensures consistency, and reduces operational complexity.

19. Which ACI role is responsible for fabric discovery?

A. Border leaf
B. Spine
C. APIC
D. Aggregation switch

Answer: C
Explanation: The APIC initiates fabric discovery, registering and bringing up leaf and spine switches into the fabric.

20. What ensures loop prevention in the ACI fabric?

A. Spanning Tree Protocol
B. BGP
C. VXLAN with ECMP
D. STP over VXLAN

Answer: C
Explanation: ACI uses VXLAN with Equal Cost Multi-Pathing (ECMP), eliminating the need for STP and preventing loops inherently.

21. What allows dynamic endpoint learning in ACI?

A. Static routes
B. Fabric membership tokens
C. Source learning from packet inspection
D. DHCP snooping

Answer: C
Explanation: ACI uses real-time packet inspection to dynamically learn endpoint information like MAC/IP bindings.

22. How does ACI handle multicast traffic?

A. Using GRE tunnels
B. PIM-SM in the underlay
C. VLAN flooding
D. Static routes

Answer: B
Explanation: Protocol Independent Multicast Sparse Mode (PIM-SM) is used in the underlay to support efficient multicast traffic forwarding.

23. In ACI, where are policies applied?

A. At the APIC only
B. In the hypervisor kernel
C. At the leaf switch
D. On the fabric interconnect

Answer: C
Explanation: Policies are enforced at the leaf switches, ensuring traffic is handled per defined contracts and filters.

24. What is the role of the spine switch in ACI?

A. Default gateway
B. Endpoint connection
C. Interconnect leaf switches
D. Management plane

Answer: C
Explanation: Spine switches provide high-speed Layer 3 connectivity between all leaf switches in the fabric.

25. What is a Contract Subject in ACI?

A. The EPG source of a contract
B. Defines which filters are used in a contract
C. Specifies tenant priority
D. Controls APIC power settings

Answer: B
Explanation: A contract subject defines the scope of communication and links filters to contracts.

26. What is one function of an L3Out in ACI?

A. Provide DNS resolution
B. Define Layer 3 external connectivity
C. Enable VXLAN within a tenant
D. Backup leaf switch roles

Answer: B
Explanation: An L3Out provides external routing from the ACI fabric to outside networks using traditional routing protocols.

27. Which protocol is commonly used with ACI L3Outs for routing?

A. RIP
B. BGP
C. IGRP
D. IS-IS

Answer: B
Explanation: BGP is the preferred protocol for dynamic routing in L3Outs due to its scalability and policy control.

28. Which tool provides a graphical view of fabric topology and health?

A. Cisco SecureX
B. DNA Center
C. APIC GUI Dashboard
D. UCS Manager

Answer: C
Explanation: The APIC GUI includes dashboards and visualization tools for topology, endpoint learning, and health metrics.

29. What is a fabric access policy?

A. A policy applied to BGP neighbors
B. Controls global DNS access
C. Defines port policies for leaf switches
D. APIC software update schedule

Answer: C
Explanation: Fabric access policies configure interface behavior, AEPs, and other access-level settings for leaf switch ports.

30. Which of the following best describes a GOLF configuration in ACI?

A. Global Offline Filtering
B. Gateway Outside Leaf Fabric
C. Gateway-Oriented Layer Forwarding
D. Generic Overlay Leaf Fabric

Answer: B
Explanation: GOLF allows external routers (outside of ACI fabric) to connect and act as L3Outs for ACI tenants via BGP.

Question 31:

What is the primary function of the Cisco Application Policy Infrastructure Controller (APIC) in a Cisco ACI fabric?

A. Acts as a core router in the data plane
B. Enforces L2 and L3 forwarding decisions
C. Provides centralized automation and policy management
D. Performs encryption and decryption for east-west traffic

Answer: C
Explanation:
The Cisco APIC is the central management controller in the Cisco ACI architecture. It provides centralized automation, fabric provisioning, and policy enforcement, enabling users to define application requirements in the form of policies.

Question 32:

In Cisco ACI, which of the following represents a group of endpoints with similar policy requirements?

A. EPG (Endpoint Group)
B. BD (Bridge Domain)
C. VRF (Virtual Routing and Forwarding)
D. L3Out

Answer: A
Explanation:
An Endpoint Group (EPG) is a fundamental object in Cisco ACI. It groups endpoints (like VMs or bare-metal servers) that share the same policy rules, which simplifies management and enhances security.

Question 33:

Which two protocols are commonly used by the Cisco APIC to discover spine and leaf switches during the initial fabric discovery? (Choose two)

A. LLDP
B. BGP
C. IS-IS
D. DHCP

Answer: A, D
Explanation:
Cisco APIC uses LLDP (Link Layer Discovery Protocol) to discover directly connected switches and DHCP to assign IP addresses during fabric discovery.

Question 34:

What is the role of a Bridge Domain (BD) in Cisco ACI?

A. It isolates routing instances
B. It defines Layer 2 forwarding scope
C. It represents an L3Out configuration
D. It enforces tenant-specific ACLs

Answer: B
Explanation:
A Bridge Domain in Cisco ACI defines the Layer 2 boundary and forwarding scope. It is associated with a subnet and determines how Layer 2 traffic is handled within the fabric.

Question 35:

In Cisco ACI, how are security policies enforced between EPGs?

A. Through IPsec tunnels
B. By configuring ACLs on each leaf
C. Using contracts between EPGs
D. Via VLAN-based segmentation

Answer: C
Explanation:
Contracts in Cisco ACI define communication rules between EPGs. These policies determine what kind of traffic (e.g., TCP, UDP, specific ports) can flow between endpoint groups.

Question 36:

What mechanism allows external Layer 3 networks to connect to a Cisco ACI fabric?

A. VRF
B. L2Out
C. L3Out
D. VTEP

Answer: C
Explanation:
L3Out enables the ACI fabric to connect to external Layer 3 networks. It facilitates routing between ACI and traditional network infrastructures using protocols like BGP or OSPF.

Question 37:

Which of the following best describes a tenant in Cisco ACI?

A. A physical server
B. A logical container for policy and network resources
C. A subnet associated with a bridge domain
D. A service appliance in the ACI fabric

Answer: B
Explanation:
A tenant in Cisco ACI is a logical container that holds its own policies, EPGs, BDs, and contracts. It allows for multi-tenancy by providing logical separation of network and security policies.

Question 38:

What is the purpose of the ACI fabric overlay?

A. To provide Layer 1 connectivity
B. To carry VXLAN-encapsulated traffic
C. To serve as a backup control plane
D. To perform high-level application analytics

Answer: B
Explanation:
The ACI fabric overlay uses VXLAN to encapsulate traffic between endpoints across the spine and leaf architecture. It enables scalable and segmented Layer 2 over Layer 3 transport.

Question 39:

Which protocol does Cisco ACI use for fabric discovery and topology building?

A. OSPF
B. BGP
C. LLDP
D. IS-IS

Answer: D
Explanation:
IS-IS is used by the ACI fabric to build and maintain its topology across the spine and leaf switches. It helps in maintaining a loop-free Layer 3 fabric underlay.

Question 40:

In Cisco ACI, which object binds an EPG to a specific set of ports or VLANs?

A. Bridge Domain
B. Interface Policy
C. Access Policy
D. Domain Association

Answer: D
Explanation:
A Domain Association binds an EPG to a physical or virtual domain (like a VMM domain). This mapping defines where and how the EPG’s policies are applied, linking it to specific ports or VLANs.

Question 41:

Which of the following is true about the Cisco ACI fabric’s underlay network?

A. It runs over an IP-based infrastructure using VXLAN overlays only
B. It is a Layer 2 switched fabric
C. It is a Layer 3 routed fabric using IS-IS
D. It requires manual configuration of all spine and leaf switches

Answer: C
Explanation:
Cisco ACI uses a Layer 3 routed underlay network where IS-IS is the routing protocol that helps establish communication across spine and leaf switches. This underlay supports the VXLAN-based overlay.

Question 42:

What is the purpose of a contract filter in Cisco ACI?

A. It provides DHCP services to tenants
B. It applies NAT between EPGs
C. It specifies Layer 4 rules for allowed traffic
D. It defines VLAN translation between domains

Answer: C
Explanation:
Contract filters in Cisco ACI define rules that specify which traffic (based on protocol and port) is allowed between EPGs. It’s part of the contract model that enforces security policies.

Question 43:

Which tool in Cisco ACI allows administrators to visualize application dependencies?

A. APIC GUI Dashboard
B. Application Dependency Mapping (ADM)
C. Fabric Discovery Tool
D. ACI TraceRoute

Answer: B
Explanation:
Application Dependency Mapping (ADM) enables administrators to visualize relationships between application components. This helps in migrating applications into the ACI fabric with the correct policies.

Question 44:

How does Cisco ACI support microsegmentation?

A. By assigning a separate VLAN per host
B. By using VM tags or security groups
C. Through firewall appliances
D. By dynamically creating L3Outs

Answer: B
Explanation:
ACI supports microsegmentation by using attributes such as VM tags or security groups to classify endpoints within the same EPG and enforce granular policies between them.

Question 45:

Which feature ensures consistent configuration and reuse in Cisco ACI tenant configuration?

A. JSON automation templates
B. Fabric Access Policies
C. Application Network Profiles (ANPs)
D. GUI import/export

Answer: C
Explanation:
An Application Network Profile (ANP) is a reusable logical construct that organizes EPGs and the contracts between them, helping enforce consistent policy across applications in a tenant.

Question 46:

In Cisco ACI, what function does the Inband Management EPG serve?

A. Provides internet access to VMs
B. Enables SSH access to fabric switches
C. Manages out-of-band interfaces
D. Connects the APIC to the L3Out

Answer: B
Explanation:
The Inband Management EPG is used to manage and provide IP connectivity to the fabric switches over the ACI fabric itself, allowing SSH and SNMP access via in-band interfaces.

Question 47:

Which component is essential to connect hypervisors to the ACI fabric in a VMM integration?

A. Fabric Extender
B. Leaf Node Interface Profile
C. Virtual Switch Manager (VSM)
D. Virtual Machine Manager (VMM) Domain

Answer: D
Explanation:
A VMM domain represents the integration between Cisco ACI and a virtualization platform (like VMware vCenter), allowing automated policy provisioning to virtual switches and workloads.

Question 48:

What is the benefit of using policy-based forwarding in Cisco ACI?

A. Automates fabric discovery
B. Allows specific traffic to bypass routing tables
C. Assigns MAC addresses to endpoints
D. Enables DNS resolution between EPGs

Answer: B
Explanation:
Policy-Based Forwarding (PBF) in ACI allows traffic to be redirected based on policy, rather than standard routing logic. This is useful for service chaining or enforcing security paths.

Question 49:

What does a L2Out connection provide in Cisco ACI?

A. Layer 3 routing to external devices
B. Integration with VMware VDS
C. Layer 2 extension to external switches
D. Direct connection to APIC controller

Answer: C
Explanation:
L2Out connections in ACI extend Layer 2 connectivity from the fabric to external switches or networks, allowing traditional bridging between ACI and legacy environments.

Question 50:

Which Cisco ACI feature allows grouping of policies for simpler management?

A. Subject Group
B. Policy Set
C. Contract Scope
D. Policy Group

Answer: D
Explanation:
A Policy Group in ACI combines multiple interface-related policies (like speed, CDP, LLDP, STP) into a single group that can be applied to interfaces for consistency and simplicity.

You may also like...