Prevent Learning of Endpoints from Unconfigured Subnets on Cisco ACI Fabric

D.

The correct answer to the question is D. Enable Enforce Subnet Check.

Explanation: When a Cisco ACI fabric is deployed, the fabric will learn endpoints by default from all subnets that are present in the network. This behavior can be prevented by enabling the "Enforce Subnet Check" feature. When this feature is enabled, the ACI fabric will only learn endpoints from subnets that are explicitly configured on a bridge domain.

Enabling the "Enforce Subnet Check" feature is important for security purposes because it ensures that the fabric only learns endpoints that are explicitly authorized to be present on the network. This prevents unauthorized endpoints from being connected to the network and helps to prevent security breaches.

The other answer options are not correct:

A. Activate Enable Data Plane Endpoint Learning: This option is incorrect because it will enable the ACI fabric to learn endpoints from all subnets in the network. This is the default behavior and will not prevent the fabric from learning endpoints from subnets that are not explicitly configured on a bridge domain.

B. Implement Pervasive Gateway: This option is incorrect because Pervasive Gateway is a feature that allows endpoints to communicate across multiple bridge domains. It does not prevent the ACI fabric from learning endpoints from subnets that are not explicitly configured on a bridge domain.

C. Configure Static Binding: This option is incorrect because Static Binding is a feature that allows administrators to statically assign an IP address to an endpoint. It does not prevent the ACI fabric from learning endpoints from subnets that are not explicitly configured on a bridge domain.