Implementing Cisco ACI Advanced (DCACIA) — Question 52

An engineer deployed a Cisco ACI fabric and noticed that the fabric learns endpoints from subnets that are not configured on a bridge domain. To meet strict security requirements, the engineer must prevent this behavior. Which action must be taken to prevent this behavior?

Answer options

• A. Activate Enable Data Plane Endpoint Learning
• B. Implement Pervasive Gateway
• C. Configure Static Binding
• D. Enable Enforce Subnet Check

Correct answer: D

Explanation

The correct answer is D, 'Enable Enforce Subnet Check', as it restricts endpoint learning to only those subnets that are configured on the bridge domain, thus enhancing security. The other options do not address the issue of preventing endpoint learning from unauthorized subnets and may even allow it to continue.