CCNP Service Provider 300-540 Reddit Questions

Comprehensive and Detailed Explanation From Cisco SP Cloud Network Infrastructure Security Knowledge

Cloud security compliance frameworks (such as ISO 27001, PCI-DSS, GDPR, SOC 2, HIPAA) require:

Evidence of security events

Retention of logs for audit periods

Ability to generate compliance reports

Traceability and accountability

Incident investigation support

Effective log management enables:

Centralized collection of application, network, and system logs

Storage of logs for mandated retention periods

Generation ofaudit-ready reports

Documentation required for compliance assessments

Demonstration that monitoring and security controls are active and functioning

Therefore, the role of log management in regulatory compliance is primarily aboutdocumentation, traceability, auditing, and reporting, which aligns only with Option A.

The other options do not directly serve regulatory compliance requirements:

Brelates to resource optimization, not compliance.

Crefers to interoperability, which is unrelated to regulatory auditing.

Dimproves security but does not directly address compliance documentation.

In a VXLAN BGP EVPNMulti-Siteenvironment:

DCI trackingmonitors the health of the DCI links. If all DCI-tracking interfaces go down, the leaf can incorrectly keep advertising or learning remote MAC/IP reachability, leading to packet loss and sub-optimal forwarding for servers in that VLAN/L2VNI.

For proper operation, eachDCI-facing interfacemust be enabled with evpn multisite dci-tracking so that the Multi-Site border leaf tracks reachability over that link.

When using EVPN Multi-Site, BUM (broadcast, unknown unicast, multicast) traffic toward remote sites is typically handled viaingress replication, not multicast groups, for each L2VNI participating in Multi-Site. The configuration snippet shows an L2VNI (vn-segment 16535) still mapped to mcast-group 239.1.1.0, which is inconsistent with Multi-Site recommendations and contributes to packet loss.

Therefore, to fix the problem:

Enable DCI tracking on the uplink:

interface Ethernet1/1

evpn multisite dci-tracking

This restores proper DCI-link state monitoring for Multi-Site. →Option C

Change the L2VNI behavior from multicast to Multi-Site ingress replication:

Under the VNI for VLAN 11, configure:

evpn

vni 16535 l2

multisite ingress-replication

or the equivalent command for the specific NX-OS release, thereby aligning the L2VNI with EVPN Multi-Site design and eliminating packet loss. →Option D

Options A and B are ELAM (embedded logic analyzer) filters used only for packet capture and do not resolve the forwarding issue.

Option E is an ACL line unrelated to EVPN VXLAN or DCI tracking and does not address the underlying problem.