300-320 · Question #489
300-320 Question #489: Real Exam Question with Answer & Explanation
The correct answer is A: Taboo contract entries are looked up with higher priority than entries in regular contracts. Taboo contracts in Cisco ACI are deny-based contracts that are evaluated with higher priority than regular (permit-based) contracts, ensuring that explicit deny rules are enforced before any allow rules are matched (A). Like regular contracts, taboo contracts are applied between
Question
Options
- ATaboo contract entries are looked up with higher priority than entries in regular contracts
- BTaboo contract entries are looked up with lower priority than entries in regular contracts.
- CThey are not associated with one EPG
- DThey are not associated with EPGs
- ETaboo contract entries are looked up based on administrator configured priority
- FThey are associated with pair of EPGs
Explanation
Taboo contracts in Cisco ACI are deny-based contracts that are evaluated with higher priority than regular (permit-based) contracts, ensuring that explicit deny rules are enforced before any allow rules are matched (A). Like regular contracts, taboo contracts are applied between a pair of EPGs - a provider EPG and a consumer EPG - so they are indeed associated with a pair of EPGs (F). Options C and D are incorrect because taboo contracts are associated with EPGs. Option B is incorrect because taboo contracts have higher, not lower, priority. Option E is incorrect because the priority is fixed (higher than regular contracts), not administrator-configured.
Community Discussion
No community discussion yet for this question.