ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-601 All Questions

View all questions & answers for the 350-601 exam
Go to Exam

Exam 350-601 topic 1 question 252 discussion

Actual exam question from Cisco's 350-601
Question #: 252
Topic #: 1
[All 350-601 Questions]

A host in EPG Client wants to talk to a webserver in EPG Web. A contract with default settings is defined between EPG Client and EPG Web, which allows TCP communication initiated by the client toward the webserver with TCP destination port 80.
Which statement describes this scenario?

  • A. If EPG Web is made a preferred group member, a contract between EPG Client and EPG Web is no longer required for the host in EPG Client to reach the webserver in EPG Web.
  • B. If vzAny is configured to consume and provide a "deny all" contract, traffic between EPG Client and EPG Web is no longer allowed.
  • C. The host in EPG Client is allowed to connect to TCP destination port 80 on the webserver in EPG Web. The webserver will not be allowed to initiate a separate TCP connection to a host port with TCP source port 80.
  • D. The host in EPG Client is allowed to connect to TCP destination port 80 on the webserver in EPG Web. The webserver is allowed to initiate a separate TCP connection to a host port with TCP source port 80.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Here_comes_MrLamb at March 25, 2021, 6:31 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
DC4000
Highly Voted 3 years, 11 months ago
D is correct : Apply Both Direction and Reverse Filter Port in the subject for the filter. These two options are by default enabled...This means that if the provider EPG initiates traffic toward the consumer EPG, the Cisco ACI fabric allows it for any destination ports if the source port is 80. https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/Operating_ACI/guide/b_Cisco_Operating_ACI/b_Cisco_Operating_ACI_chapter_01000.html
upvoted 16 times
Llitam
3 years, 10 months ago
I agree D is correct, because by default : Apply Both Direction and Reverse Filter Port are enabled. But not the "stateful" option in the filter However, Cisco ACI contracts are not stateful and packets from the provider EPG to the consumer EPG does not have to be a return packet. This means that if the provider EPG initiates traffic toward the consumer EPG, the Cisco ACI fabric allows it for any destination ports if the source port is 80. The Stateful option in the filter can be used to avoid such an issue for TCP traffic. When the Stateful option is enabled, the rule for the return direction (provider to consumer) will check the TCP ACK flag on top of the TCP ports (any destination port and source port 80 in this example) to block traffic initiated from the provider EPG.
upvoted 7 times
...
...
Here_comes_MrLamb
Highly Voted 3 years, 11 months ago
Correct is C "Cisco ACI fabric allows a packet from the consumer EPG to the provider EPG with the destination port 80 and source port any. However, a return packet from the provider to the consumer is not allowed yet" https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/Operating_ACI/guide/b_Cisco_Operating_ACI/b_Cisco_Operating_ACI_chapter_01000.html#concept_B767BAC8A4F2438E9B1D9D00F28D9D48
upvoted 10 times
HN6366
3 years, 4 months ago
It is mentioned in the questions a contract with DEFAULT settings. Reverse traffic is checked by default.
upvoted 2 times
...
...
25e4462
Most Recent 3 days, 17 hours ago
Selected Answer: D
With the question saying default settings, Answer is D. Be default the following options are enabled "apply both direction" and "reverse filter" and the "stateful" option is disabled under the port filter in the contract. With Stateful disabled, ACI will simply allow any traffic regardless of TCP flags is the source port is 80 from the provider. Only if the Stateful flag is set, ACI will deny new connections from provider with source port 80 as with stateful flag ACI will only allow TCP/ACK packets from provider to consumer.
upvoted 1 times
...
PHLTHS
5 months, 1 week ago
Answer is C. Accepted Solution details as to why: https://community.cisco.com/t5/application-centric-infrastructure/aci-contract/td-p/3855931
upvoted 1 times
...
Rollizo
6 months ago
Selected Answer: C
It is C: - New separate TCP connection - Contract defaults options: Apply both directions + Reverse Filter Ports Then the destination has to be TCP80, no the origin. The Webserver cannot start a new connection with origin TCP80, but destination TCP80.
upvoted 1 times
...
Huberttheman
1 year, 7 months ago
Selected Answer: D
D is correct, both direction is the default option.
upvoted 1 times
...
C4rlos
2 years, 2 months ago
Selected Answer: C
I agree with mauchi, the key words are "initiate a SEPARATE TCP connection"
upvoted 2 times
...
hazemsalah87
2 years, 4 months ago
Selected Answer: D
a response will be allowed using reverse contract, even if session is initiated by the destination
upvoted 1 times
...
GuyThatTakesDumps
2 years, 4 months ago
Selected Answer: C
i will go with C!
upvoted 2 times
...
Thenji0202
2 years, 5 months ago
The answer is C. Even though the Apply in Both Directions, Reverse Filter Ports are checked by default, the source or consumer is the only initiator of traffic. This is because the contract is not stateful. A reverse contract will need to be applied in order to achieve webserver as initiator.
upvoted 1 times
...
cypher9
2 years, 8 months ago
Selected Answer: D
Apply Both Direction and Reverse Filter Port are enabled by default D is correct.
upvoted 3 times
...
mauchi
2 years, 9 months ago
Selected Answer: C
I disagree with D and think its C. Indeed because of the default apply both directions and reverse filter ports enabled, the web server (source 80) will be able to re RESPOND to the client, however the question says "initiate a SEPARATE tcp connection", and this would need that another contract exists with the web server as the consumer, and the client as the provider. Thus for me its clearly C.
upvoted 3 times
mauchi
2 years, 9 months ago
check figures 2 and 3 here: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-743951.html
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago