Cisco 300‑620 DCACI — Implementing Cisco Application Centric Infrastructure Practice Exams

About the Cisco 300-620 DCACI exam

Exam at a glance

Professional tier (CCNP DC Concentration). The ACI-specific Concentration alongside the 350-601 DCCOR core. 55-65 questions, 90 min, scaled passing score (Cisco does not publish a cut score), $300. Valid 3 years and renewable via Cisco's Continuing Education credit program.

Domain weighting

• ACI Fabric Infrastructure — 20%
• ACI Packet Forwarding — 15%
• External Network Connectivity — 20%
• Integrations — 15%
• ACI Management — 20%
• ACI Anywhere — 10%

Where 300-620 sits in the Cisco Data Center track

300-620 DCACI is the ACI-specific Concentration of the CCNP Data Center certification. You earn CCNP Data Center by passing the core 350-601 DCCOR plus one Concentration — DCACI for ACI, 300-610 DCID for design, 300-615 DCIT for troubleshooting, 300-635 DCAUI for automation, or 300-625 DCSAN for SAN. Passing 300-620 alone also grants the Cisco Certified Specialist - Data Center ACI Implementation credential.

Prerequisites

No formal prerequisites, but Cisco recommends 3-5 years of hands-on data-center networking experience with Nexus switching and at least basic APIC familiarity. Most candidates pass 350-601 DCCOR first because it covers ACI fundamentals that DCACI assumes.

Why take this certification

• The defining ACI credential. 300-620 is Cisco's only Professional-level exam dedicated to ACI implementation. Network engineers responsible for production APIC clusters and leaf-spine fabrics are expected to hold it.
• Strong salary signal. ACI-skilled data-center engineers in the United States average around $130,000-$155,000 per year — above the general network-engineer market — because ACI deployments concentrate in large enterprises and service providers with budget to match.
• Counts toward CCNP DC. Combined with the 350-601 core, 300-620 completes the CCNP Data Center certification, opening the door to CCIE Data Center and senior data-center roles.
• Operational, not theoretical. The exam is heavy on real APIC tasks — VLAN pool / AEP / domain configuration, EPG / BD / contract design, L3Out with BGP and OSPF, L4-L7 service graphs with Cisco Secure Firewall, and VMM integration with vCenter. Skills transfer directly to day-to-day fabric operations.

For the authoritative blueprint, see Cisco's 300-620 DCACI exam topics page.

What you'll learn in the 300-620 DCACI exam

DCACI validates that you can stand up, operate, and extend a production Cisco ACI fabric end-to-end. The exam is intensely hands-on — most questions describe an APIC configuration scenario and ask you to choose the correct policy hierarchy, packet path, or integration design.

Core ACI topics you'll be tested on

• APIC controller cluster: initial fabric discovery, APIC bootstrap, cluster sizing (3-node vs 5-node), Cluster ID, controller replacement, and out-of-band vs in-band management.
• Leaf-spine fabric provisioning: registering leaves and spines, fabric upgrades, IS-IS underlay, COOP database, MP-BGP EVPN within the fabric, and pod profile / firmware policies.
• Access policies: interface profiles, switch profiles, VLAN pools (static vs dynamic), Attachable Access Entity Profiles (AEPs), physical domains, L3 domains, VMM domains — and the order in which APIC stitches them together.
• Tenant policies: VRFs, Bridge Domains (BDs), Endpoint Groups (EPGs), application profiles, contracts, filters, subjects, scope, and the difference between enforced and unenforced VRFs.
• L3Out and external connectivity: BGP, OSPF, and static routes between ACI and external networks; route maps; route control; SVI / routed / routed sub-interface modes; transit routing; and shared L3Out across tenants.
• L4-L7 service graphs: integration with firewalls (Cisco Secure Firewall) and load balancers, service graph templates, device packages vs unmanaged mode, PBR (Policy-Based Redirect), and one-arm vs two-arm topologies.
• Virtual Machine Manager (VMM) integration: VMware vCenter, Microsoft Hyper-V, and OpenStack — including dynamic VLAN allocation, DVS/AVS, EPG-to-port-group mapping, and resolution / deployment immediacy.
• ACI Multi-Pod and Multi-Site: IPN (Inter-Pod Network), ISN (Inter-Site Network), single fabric across pods vs separate fabrics joined by Multi-Site, and cross-site EPG stretching.
• ACI Anywhere: extending policy to public cloud, and the Nexus Dashboard Orchestrator (NDO, the successor to MSO) for managing multiple sites from one pane of glass.
• Monitoring: Nexus Insights, APIC faults / health scores / audit logs, SPAN, ERSPAN, syslog, SNMP, NetFlow, and integration with Nexus Dashboard.

Architectural patterns you'll need to recognize

• Designing tenant / VRF / BD / EPG hierarchies that match application boundaries without leaking traffic.
• Choosing between contracts vs vzAny vs preferred groups vs unenforced VRF for east-west policy.
• Picking the right L3Out style (SVI vs routed vs sub-interface) for a given physical topology and routing protocol.
• Inserting a firewall service graph with PBR vs in the data path — and knowing when each is required.
• Selecting Multi-Pod (single APIC cluster, shared policy) vs Multi-Site (separate APICs, NDO-orchestrated) based on RPO, blast radius, and bandwidth between sites.
• Choosing immediate vs on-demand resolution / deployment immediacy on VMM EPGs to balance leaf-switch TCAM against VM mobility.

How the practice exams help

Each free question and every premium exam mirrors the APIC-configuration scenario format Cisco uses — long stem describing a fabric, four to six plausible policy options, one correct answer. Detailed explanations cover not just why the right answer is right but why the distractors break the fabric, so you learn the trade-offs rather than memorizing screenshots.

How to prepare for the 300-620 DCACI exam

A successful DCACI preparation strategy combines deep ACI study with extensive APIC hands-on time. Recommended approach:

1. Study ACI architecture (4-5 weeks). Review the official 300-620 DCACI exam topics and Cisco's ACI design guides on cisco.com. Focus first on the fabric infrastructure and tenant policy model — VRFs, BDs, EPGs, contracts — because every other topic builds on that hierarchy.
2. Hands-on labs (4-5 weeks). Use Cisco dCloud's free ACI sandboxes to build real fabrics. Stand up an APIC cluster, register leaves/spines, configure access policies end-to-end, deploy tenants with multiple EPGs and contracts, set up an L3Out with BGP, and insert a service graph. Hands-on APIC time is the single biggest predictor of passing — DCACI scenarios assume you have clicked through the UI dozens of times.
3. External connectivity and integrations (2-3 weeks). Practice L3Out configurations with all three routing protocols (BGP, OSPF, static), service graphs with Cisco Secure Firewall, and VMM integration with vCenter. Build a Multi-Pod lab in dCloud if available, and read the Multi-Site / NDO design guide even if you can't lab it.
4. Practice exams (2-3 weeks). Take timed practice tests to identify weak areas — most candidates discover their gap is in L3Out route control or service-graph PBR. Detailed explanations on every answer option help you learn the configuration reasoning, not just memorize policy names. Aim for consistent 80%+ scores before scheduling your exam.

Recommended timeline

12-16 weeks of focused study (10-15 hours per week) for engineers with strong CCNP-level networking and some Nexus / data-center exposure. Engineers without prior ACI hands-on should plan toward the upper end.

Official resources

Download the official 300-620 DCACI exam topics and review the ACI Design Guide and ACI Fundamentals book on cisco.com. The Cisco dCloud portal hosts free ACI sandbox labs that mirror the configurations DCACI tests on. The Cisco Press CCNP and CCIE Data Center Core DCCOR 350-601 Official Cert Guide covers the ACI fundamentals that DCACI assumes you already know — a useful prerequisite read.

Frequently asked questions