Cisco ACI

Question 1

What are Endpoints?

Answer 1

physical or virtual devices, such as servers, virtual machines, or containers, that communicate over a network

Question 2

What is an Endpoint Group (EPG)?

Answer 2

a logical grouping of endpoints that require similar policy settings, such as security, quality of service (QoS), and Layer 4 to Layer 7 services

Question 3

What is a Consumer EPG?

Answer 3

group of endpoints that initiate the communication or consume a service provided by another EPG

Question 4

What is a Provider EPG?

Answer 4

group of endpoints that offer services or respond to the requests initiated by consumer EPGs

Question 5

What is a Contract?

Answer 5

policy that defines the rules and conditions for communication between Endpoint Groups (EPGs)

Question 6

What is a Bridge Domain (BD)?

Answer 6

fundamental construct that acts as a Layer 2 broadcast domain within the fabric

Question 7

What is L3Out?

Answer 7

configuration construct that enables the ACI fabric to connect to external networks

Question 8

What is vzAny?

Answer 8

allows administrators to apply policies across multiple Endpoint Groups (EPGs) without the need to explicitly configure each EPG individually

Question 9

What is Application Policy Infrastructure Controller (APIC)?

Answer 9

centralized management and control software for the ACI fabric

Question 10

What are L4-L7 Services?

Answer 10

insert services like firewalls, load balancers, and intrusion prevention systems (IPS) between EPGs to enhance security and performance

Question 11

What is the role of the Cisco ACI plugin?

Answer 11

insert a firewall between EPGs as a Layer 4 to Layer 7 service

Question 12

What types of traffic can a PA FW secure in Cisco ACI?

Answer 12

• east-west traffic between the application tiers within EPGs
• north-south traffic between users and the applications

Question 13

All the entities in the ACI Fabric are connected to which switches?

Answer 13

leaf switches

Question 14

To what swtiches are leaf switches connected to?

Answer 14

larger spine switches

Question 15

What does a network administrator need to do to secure the traffic between the application tiers?

Answer 15

insert the PA FWs as L4 to L7 services between each EPG

Question 16

What does a network administrator need to create to define what services the L4 to L7 device provide?

Answer 16

service graph

Question 17

When the firewall is integrated with Cisco ACI, what is used to send trafic to the firewall?

Answer 17

Policy-Based Redirect (PBR)

Question 18

How are firewalls deployed in Cisco ACI?

Answer 18

through Service Graphs

Question 19

Do the integrated L4-L7 devices need to be configured as default gateway to be able to inspect the traffic?

Answer 19

no, a service graph allows to integrate Layer 4 - Layer 7 devices, such as a firewall, into the flow of traffic without the need for the L4-L7 device to be the default gateway for the servers in the ACI fabric

Question 20

How is the VM firewall configured in the APIC?

Answer 20

as a device cluster

Question 21

How are the PA VM firewalls represented in the ACI fabric?

Answer 21

L4-L7 device

Question 22

What does it mean that Cisco ACI integration supports physical firewalls divided into contexts that are managed by ACI as individual firewalls?

Answer 22

that vsys is supported in ACI

Question 23

What needs to be configured when deploying a multi-vsys firewall in ACI?

Answer 23

a chassis manager in the tenant, which is assigned to the firewall service

Question 24

What defines the logical interfaces that are assigned to the consumer and provider EPGs?

Answer 24

the service graph template

Question 25

After creating a service graph template, what does it need to be assigned to?

Answer 25

EPGs and contracts