300-320 Question #565: Real Exam Question with Answer & Explanation

The correct answer is A: Contract. In Cisco ACI (Application Centric Infrastructure), the fabric uses a default-deny (whitelist) model - EPGs (End Point Groups) cannot communicate with each other unless explicitly permitted. Contracts are the ACI policy construct that define which communications are allowed betwee

Question

An engineer has been requested to utilize a method in an ACI network that will ensure only permitted communications are transmitted between each End Point Group tier in a three tier application. Which element would be utilized to accomplish this within the fabric?

Options

AContract
BSubject
CLabel
DFilter

Explanation

In Cisco ACI (Application Centric Infrastructure), the fabric uses a default-deny (whitelist) model - EPGs (End Point Groups) cannot communicate with each other unless explicitly permitted. Contracts are the ACI policy construct that define which communications are allowed between EPGs (e.g., between the web tier, app tier, and DB tier). A Contract is applied between a provider EPG and a consumer EPG. While the other options are related ACI constructs - Subjects (B) are components within a Contract that reference Filters, Filters (D) define the actual traffic matching criteria (protocol, port), and Labels (C) are used for scope and matching - none of them alone enforce inter-EPG communication policy. The Contract is the top-level element that ties together subjects and filters to control traffic between EPGs.

Community Discussion

No community discussion yet for this question.

Full 300-320 Practice