Cisco Certification
59 practice questions with correct answers and detailed explanations. Use this guide to review concepts before taking the practice exam.
The Cisco ENCOR CCNP Enterprise (350-401) certification validates professional expertise in Cisco technologies. This study guide covers all 59 practice questions from our 350-401 practice test, complete with correct answers and explanations to help you understand each concept thoroughly.
Review each question and explanation below, then test yourself with the full interactive practice exam to measure your readiness.
Which wireless standard operates at both 2.4 GHz and 5 GHz frequencies and is commonly used in enterprise deployments?
802.11n is the standard that operates at both 2.4 GHz and 5 GHz, making it widely compatible with enterprise environments. 802.11ac operates only at 5 GHz.
In a fabric-based network architecture, what is the primary function of spine switches?
Spine switches form the backbone of a fabric network and interconnect all leaf switches, providing the core switching capacity and scalability. Leaf switches handle edge connectivity.
Which QoS mechanism marks traffic at the network layer using the Differentiated Services Code Point field?
DSCP (Differentiated Services Code Point) marks traffic at Layer 3 using the Type of Service field in the IP header. 802.1p operates at Layer 2.
What is the maximum number of VLANs that can be created on a standard enterprise switch?
The standard 802.1Q VLAN specification supports VLAN IDs 1-4094, with VLAN 1 being the default and IDs 4095 reserved. This allows for 4094 usable VLANs.
In OSPF, what does a Type 5 LSA represent?
Type 5 LSAs (Autonomous System External LSAs) represent routes external to the OSPF autonomous system that have been redistributed into OSPF.
Which encryption standard is recommended for securing WPA2 enterprise wireless networks?
AES-CCMP (Counter Mode with CBC-MAC Protocol) is the encryption standard used in WPA2 Enterprise and provides strong security for wireless networks. WEP and TKIP are deprecated.
What is the primary purpose of implementing network segmentation using micro-segmentation?
Micro-segmentation divides a network into smaller zones to maintain separate access control and prevent lateral movement of threats, significantly improving security posture.
In BGP, what is the purpose of the AS_PATH attribute?
The AS_PATH attribute in BGP contains a list of ASNs that a route has passed through, used for loop detection and path selection. It directly prevents routing loops.
Which technology allows multiple physical switches to operate as a single logical switch unit?
Virtual Switching System (VSS) or Cisco StackWise technology allows multiple physical switches to function as a single logical switch, simplifying management and increasing availability.
What is the primary difference between unicast and multicast routing in terms of group membership?
Multicast allows one source to send to multiple receivers who have subscribed to a multicast group, whereas unicast sends to a single specific destination address.
In EIGRP, what metric is used by default to calculate the route cost?
EIGRP uses a composite metric by default that incorporates bandwidth, delay, reliability, load, and MTU, providing more intelligent path selection than simple hop count.
Which protocol is used to synchronize time across network devices and is critical for security operations?
NTP (Network Time Protocol) synchronizes time across network devices, which is essential for accurate logging, certificate validation, and security event correlation.
What is the primary function of the Control Plane in a software-defined network architecture?
The Control Plane in SDN makes network-wide decisions about traffic routing and behavior, while the Data Plane handles actual packet forwarding based on Control Plane decisions.
In a highly secure enterprise environment, which access control method combines multiple authentication factors?
Multi-factor authentication (MFA) requires at least two of three factors: something you know (password), something you have (token), and something you are (biometric), significantly improving security.
Which SNMP version introduced encryption and authentication features for secure network monitoring?
SNMPv3 introduced User-Based Security Model (USM) with encryption and authentication capabilities, addressing security limitations of earlier SNMP versions.
What is the primary advantage of using VXLAN for data center network virtualization?
VXLAN encapsulates Ethernet frames within UDP packets, enabling Virtual Network Identifiers (VNI) with 24-bit space supporting over 16 million segments, far exceeding VLAN's 4094 limit.
In a redundant network design, what is the purpose of implementing an Spanning Tree Protocol bridge priority value?
Bridge priority values in STP allow administrators to manually control which switch becomes the root bridge, ensuring predictable and optimal network topology design.
Which IPv6 address type is used for communication within a single link and has a scope limited to the local segment?
Link-local addresses in IPv6 (starting with fe80::/10) are automatically configured and used for communication on the same physical link, similar to APIPA in IPv4.
What does the Cisco Enterprise Architecture framework recommend for separating network functions into logical tiers?
The Cisco three-tier hierarchical model defines Access (user connectivity), Distribution (policy enforcement and aggregation), and Core (high-speed backbone) layers, each with specific functions.
In network monitoring, what is the primary difference between NetFlow and sFlow?
NetFlow is flow-based monitoring technology that aggregates traffic flows, while sFlow performs statistical packet sampling at the interface level, providing different granularity levels.
Which routing protocol metric is considered the slowest to converge when a network topology change occurs?
RIP has the slowest convergence due to its 15-hop limit, lack of sophisticated routing decisions, and reliance on periodic updates, making it unsuitable for large networks.
In a software-defined WAN architecture, what is the primary function of a SD-WAN edge device?
SD-WAN edge devices apply application-aware policies to intelligently route traffic across multiple WAN connections (MPLS, broadband, LTE), optimizing performance and reducing costs.
What is the primary security risk associated with allowing SSH version 1 connections on network devices?
SSHv1 has known cryptographic vulnerabilities that make it susceptible to man-in-the-middle attacks; therefore, SSHv2 should be enforced on all enterprise network devices.
In MPLS, what is the primary purpose of a Label Switch Path (LSP)?
An LSP in MPLS defines a predetermined path through the network, allowing traffic engineering and explicit routing that can optimize network resource utilization and guarantees.
Which routing protocol is recommended for use within a single autonomous system and supports VLSM and CIDR?
OSPF is an Interior Gateway Protocol (IGP) that operates within a single AS and fully supports VLSM and CIDR. BGP is an exterior protocol, while EGP is obsolete.
In OSPF, what is the default hello interval on a broadcast network?
The default hello interval in OSPF on broadcast networks is 10 seconds. The dead interval is 40 seconds (4 times the hello interval).
Which OSPF LSA type is used to advertise networks within an area and is generated by routers within that area?
Type 1 LSAs (Router LSAs) are generated by each OSPF router to advertise all interfaces and networks directly connected to that router within the same area.
What is the primary function of a designated router (DR) in OSPF on a broadcast network segment?
The DR serves as a central point for OSPF routers on a broadcast network, reducing the number of full adjacencies and controlling LSA flooding. All routers form adjacencies with the DR (and BDR) rather than with each other.
In an OSPF environment, which metric is used to calculate the cost of a route?
OSPF uses a cost metric calculated as the reference bandwidth (default 100 Mbps) divided by the interface bandwidth. This allows OSPF to prefer higher-bandwidth paths.
Which Cisco IOS command is used to verify OSPF neighbor adjacencies?
The 'show ip ospf neighbors' command displays all OSPF neighbors and their adjacency states. The other commands show different OSPF information but not neighbor status.
What is the purpose of the OSPF Area Border Router (ABR)?
An ABR connects multiple OSPF areas and controls the flow of routing information between them. ABRs generate Type 3 LSAs to advertise networks from one area to another, effectively filtering and summarizing routing information.
In a dual-stack IPv4 and IPv6 network, what is the primary advantage of using OSPFv3?
OSPFv3 can route IPv6 traffic while still using IPv4 for its control plane adjacencies and messaging, allowing for gradual migration to IPv6. This provides flexibility during dual-stack transitions.
Which BGP attribute is used to indicate the list of AS numbers that the route has traversed?
The AS_PATH attribute contains the sequence of AS numbers that a BGP route has traversed, and is used to prevent routing loops. Each AS adds its number when the route passes through.
What is the default BGP local preference value, and which direction does a higher value prefer?
BGP's default local preference is 100. Higher local preference values are preferred for outbound traffic (egress), making them preferred over lower values when multiple paths exist.
In BGP, what is the purpose of the MULTI_EXIT_DISC (MED) attribute?
The MED attribute is used to influence the path selection of incoming traffic into an AS by indicating preference for entry points. Lower MED values are preferred when comparing routes from the same neighboring AS.
Which BGP path selection criterion is evaluated first when comparing routes learned from different eBGP neighbors?
Local preference is evaluated early in BGP's path selection process and influences outbound traffic direction. It has higher priority than AS_PATH length when selecting among valid routes.
What does the BGP 'next-hop-self' command accomplish in a route reflector or confederation setup?
The 'next-hop-self' command modifies the NEXT_HOP attribute to the router's own IP address when advertising routes to iBGP neighbors. This is critical in non-full-mesh iBGP topologies or when using route reflectors.
In EIGRP, what does the 'K' value represent and how does it affect metric calculation?
EIGRP K values are constants (K1 through K5) used in the metric calculation formula. Routers must have matching K values to form adjacencies and calculate compatible metrics.
Which EIGRP metric component is calculated using bandwidth and delay, and represents the preferred path metric?
The Feasible Distance (FD) is the metric to reach a destination through the best known path and is calculated using bandwidth, delay, and K values. The Reported Distance (RD) is the metric reported by a neighbor.
In EIGRP, what condition must be met for a backup route to be considered a feasible successor?
For a route to be a feasible successor in EIGRP, its Reported Distance (RD) must be less than the Feasible Distance (FD) of the current successor. This ensures loop-free backup paths.
What is the primary benefit of using EIGRP's Diffusing Update Algorithm (DUAL)?
DUAL provides fast convergence by computing loop-free alternate paths before a failure occurs. If the successor fails, a feasible successor can be used immediately without recomputing the entire topology.
In a network using MPLS, what is the primary function of a Label Switch Router (LSR)?
An LSR forwards packets based on MPLS labels rather than examining the IP header, enabling efficient forwarding along predetermined Label Switched Paths (LSPs).
What is the purpose of the Label Distribution Protocol (LDP) in an MPLS network?
LDP is responsible for dynamically discovering adjacent LSRs and distributing label-to-Forwarding Equivalence Class (FEC) mappings between them, enabling proper MPLS forwarding.
In a Multiprotocol BGP (MP-BGP) deployment for MPLS-based VPNs, what is the primary purpose of Route Distinguishers (RDs)?
Route Distinguishers are used in MP-BGP to uniquely identify routes from different customers, allowing VPN customers to use overlapping or identical IP address spaces.
Which QoS queuing mechanism is recommended for real-time applications like VoIP and provides strict priority to specified traffic?
Priority Queuing (PQ) provides strict priority handling and empties the high-priority queue before processing lower-priority traffic, making it ideal for time-sensitive applications like VoIP.
In Cisco's Modular QoS Command-Line Interface (MQC), which command is used to match traffic based on an IP access list?
In MQC, the 'match ip address' command in a class-map matches traffic against a named or numbered IP access list. This is used to classify traffic for policy enforcement.
What is the primary purpose of implementing traffic policing in a QoS policy?
Traffic policing enforces a rate limit by dropping or remarking traffic that exceeds the configured rate, ensuring traffic does not exceed the specified threshold.
In a network implementing policy-based routing (PBR), what is the primary advantage over destination-based routing?
Policy-based routing enables forwarding decisions based on multiple criteria including source IP, protocol type, application port, and QoS markers, not just destination address.
Which Cisco IOS command is used to configure a route policy for BGP to set the local preference attribute?
Route maps with the 'set local-preference' command are used in BGP to modify the local preference attribute. The syntax is 'route-map name permit/deny sequence' followed by match and set conditions.
Which OSPF network type requires manual configuration of neighbors and does not support multicast?
Non-broadcast networks (such as X.25 and Frame Relay) require manual neighbor configuration and do not support multicast, necessitating unicast updates.
In a hub-and-spoke MPLS L3VPN topology, what is the primary function of the route target community?
Route targets are BGP extended communities used to control which VRF instances import and export specific VPN routes, enabling the separation of customer traffic.
Which spanning tree protocol feature allows rapid transition to forwarding without waiting for the forward delay timer?
Portfast enables immediate transition to forwarding state on edge ports by skipping the listening and learning states, suitable for end-device connections.
What is the primary advantage of using BGP graceful restart capability in a network undergoing maintenance?
BGP graceful restart allows a router to recover its BGP state from its peers after a restart, maintaining forwarding while control plane recovers.
In an EIGRP deployment, which metric component would be most affected by adding a second WAN link with half the bandwidth of the primary link?
Bandwidth metric in EIGRP is based on the slowest link in the path; adding a slower link would decrease composite metric due to the inverse bandwidth calculation.
Which QoS mechanism is most appropriate for preventing TCP global synchronization in a congested network?
RED/WRED randomly drops packets before queue overflow occurs, preventing all TCP flows from backing off simultaneously and recovering at the same time.
When implementing a hub-and-spoke topology with DMVPN, what is the primary function of the NHRP protocol?
NHRP (Next Hop Resolution Protocol) provides dynamic mapping of NBMA addresses to IP addresses, enabling spoke-to-spoke tunnel establishment without central configuration.
In a network running OSPF, which command output would best indicate that a router has become the designated router for a segment?
The output of 'show ip ospf interface' displays the DR state and network type, directly confirming whether a router is the designated router.
Which BGP path attribute has the highest priority in the BGP best path selection algorithm according to Cisco implementations?
Weight is a Cisco-specific attribute with highest preference in BGP best path selection, evaluated before checking AS_PATH, origin, or MED attributes.
In an environment where multicast traffic must traverse multiple VLANs and switches, which protocol must be configured to ensure proper multicast group management across the switched network?
IGMP snooping allows switches to intelligently forward multicast traffic only to ports with interested receivers by monitoring IGMP membership messages.
You've reviewed all 59 questions. Take the interactive practice exam to simulate the real test environment.
▶ Start Practice Exam — Free