Exam: 350-401

Duration: 120 minutes
Languages: English and Japanese

Associated certifications
CCNP Enterprise
CCIE Enterprise Infrastructure
CCIE Enterprise Wireless
Cisco Certified Specialist - Enterprise Core

Exam overview

This exam tests your knowledge and skills related to implementing core enterprise network technologies, including:

Dual stack (IPv4 and IPv6) architecture
Virtualization
Infrastructure
Network assurance
Security
Automation

Exam Description:
Implementing Cisco Enterprise Network Core Technologies v1.0 (ENCOR 350-401) is a 120-minute exam associated with the CCNP and CCIE Enterprise Certifications. This exam tests a candidate's knowledge of implementing core enterprise network technologies including dual stack (IPv4 and IPv6) architecture, virtualization, infrastructure, network assurance, security and automation. The course, Implementing Cisco Enterprise Network Core Technologies, helps candidates to prepare for this exam.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. To better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

15% 1.0 Architecture 1.1 Explain the different design principles used in an enterprise network 1.1.a Enterprise network design such as Tier 2, Tier 3, and Fabric Capacity planning 1.1.b High availability techniques such as redundancy, FHRP, and SSO 1.2 Analyze design principles of a WLAN deployment 1.2.a Wireless deployment models (centralized, distributed, controller-less, controller based, cloud, remote branch) 1.2.b Location services in a WLAN design 1.3 Differentiate between on-premises and cloud infrastructure deployments 1.4 Explain the working principles of the Cisco SD-WAN solution 1.4.a SD-WAN control and data planes elements 1.4.b Traditional WAN and SD-WAN solutions 1.5 Explain the working principles of the Cisco SD-Access solution 1.5.a SD-Access control and data planes elements 1.5.b Traditional campus interoperating with SD-Access 1.6 Describe concepts of wired and wireless QoS 1.6.a QoS components 1.6.b QoS policy 1.7 Differentiate hardware and software switching mechanisms 1.7.a Process and CEF 1.7.b MAC address table and TCAM 1.7.c FIB vs. RIB 10% 2.0 Virtualization 2.1 Describe device virtualization technologies 2.1.a Hypervisor type 1 and 2 2.1.b Virtual machine 2.1.c Virtual switching 2.2 Configure and verify data path virtualization technologies 2.2.a VRF 2.2.b GRE and IPsec tunneling 2.3 Describe network virtualization concepts 2.3.a LISP 2.3.b VXLAN 30% 3.0 Infrastructure 3.1 Layer 2 3.1.a Troubleshoot static and dynamic 802.1q trunking protocols 3.1.b Troubleshoot static and dynamic EtherChannels 3.1.c Configure and verify common Spanning Tree Protocols (RSTP and MST) 3.2 Layer 3 3.2.a Compare routing concepts of EIGRP and OSPF (advanced distance vector vs. link state, load balancing, path selection, path operations, metrics) 3.2.b Configure and verify simple OSPF environments, including multiple normal areas, summarization, and filtering (neighbor adjacency, point-to-point and broadcast network types, and passive interface) 3.2.c Configure and verify eBGP between directly connected neighbors (best path selection algorithm and neighbor relationships) 3.3 Wireless 3.3.a Describe Layer 1 concepts, such as RF power, RSSI, SNR, interference noise, band and channels, and wireless client devices capabilities 3.3.b Describe AP modes and antenna types 3.3.c Describe access point discovery and join process (discovery algorithms, WLC selection process) 3.3.d Describe the main principles and use cases for Layer 2 and Layer 3 roaming 3.3.e Troubleshoot WLAN configuration and wireless client connectivity issues 3.4 IP Services 3.4.a Describe Network Time Protocol (NTP) 3.4.b Configure and verify NAT/PAT 3.4.c Configure first hop redundancy protocols, such as HSRP and VRRP 3.4.d Describe multicast protocols, such as PIM and IGMP v2/v3

10% 4.0 Network Assurance 4.1 Diagnose network problems using tools such as debugs, conditional debugs, trace route, ping, SNMP, and syslog 4.2 Configure and verify device monitoring using syslog for remote logging 4.3 Configure and verify NetFlow and Flexible NetFlow 4.4 Configure and verify SPAN/RSPAN/ERSPAN 4.5 Configure and verify IPSLA 4.6 Describe Cisco DNA Center workflows to apply network configuration, monitoring, and management 4.7 Configure and verify NETCONF and RESTCONF 20% 5.0 Security 5.1 Configure and verify device access control 5.1.a Lines and password protection 5.1.b Authentication and authorization using AAA 5.2 Configure and verify infrastructure security features 5.2.a ACLs 5.2.b CoPP 5.3 Describe REST API security 5.4 Configure and verify wireless security features 5.4.a EAP 5.4.b WebAuth 5.4.c PSK 5.5 Describe the components of network security design 5.5.a Threat defense 5.5.b Endpoint security 5.5.c Next-generation firewall 5.5.d TrustSec, MACsec 5.5.e Network access control with 802.1X, MAB, and WebAuth 15% 6.0 Automation 6.1 Interpret basic Python components and scripts 6.2 Construct valid JSON encoded file 6.3 Describe the high-level principles and benefits of a data modeling language, such as YANG 6.4 Describe APIs for Cisco DNA Center and vManage 6.5 Interpret REST API response codes and results in payload using Cisco DNA Center and RESTCONF 6.6 Construct EEM applet to automate configuration, troubleshooting, or data collection 6.7 Compare agent vs. agentless orchestration tools, such as Chef, Puppet, Ansible, and SaltStack

350-401 Brain Dumps Exam + Online / Offline and Android Testing Engine & 4500+ other exams included
$50 - $25 (you save $25)
Buy Now

Sample Question:

QUESTION 1
What are two benefits of YANG? (Choose two.)

A. It enforces the use of a specific encoding format for NETCONF.
B. It collects statistical constraint analysis information.
C. It enables multiple leaf statements to exist within a leaf list.
D. It enforces configuration semantics.
E. It enforces configuration constraints.

Answer: A, E

QUESTION 3
Refer to the exhibit.
An engineer must create a configuration that executes the show run command and then terminates the session when user CCNP legs in. Which configuration change is required?

A. Add the access-class keyword to the username command
B. Add the access-class keyword to the aaa authentication command
C. Add the autocommand keyword to the username command
D. Add the autocommand keyword to the aaa authentication command

Answer: C

Explanation:
The •autocommand– causes the specified command to be issued automatically after the user logs
in. When the command is complete, the session is terminated. Because the command can be any
length and can contain embedded spaces, commands using the autocommand keyword must be the
last option on the line. In this specific question, we have to enter this line •username CCNP
autocommand show running-config–.

QUESTION 4
Wireless users report frequent disconnections from the wireless network.
While troubleshooting a network engineer finds that after the user a disconnect, the connection re-establishes automatically
without any input required. The engineer also notices these message logs .
Which action reduces the user impact?

A. increase the AP heartbeat timeout
B. increase BandSelect
C. enable coverage hole detection
D. increase the dynamic channel assignment interval

Answer: D

Explanation:
These message logs inform that the radio channel has been reset (and the AP must be down briefly). With dynamic channel assignment (DCA), the radios can
frequently switch from one channel to another but it also makes disruption. The default DCA interval is 10 minutes,
which is matched with the time of the message logs. By increasing the DCA interval, we can reduce the number of times our users are disconnected for changing radio channels.

QUESTION 6
What is used to perform OoS packet classification?

A. the Options field in the Layer 3 header
B. the Type field in the Layer 2 frame
C. the Flags field in the Layer 3 header
D. the TOS field in the Layer 3 header

Answer: D

Explanation:
Type of service, when we talk about PACKET, means layer 3

QUESTION 7
What is the recommended MTU size for a Cisco SD-Access Fabric?

A. 1500
B. 9100
C. 4464
D. 17914

Answer: B

QUESTION 8
Refer to the Exhibit.
Refer to the exhibit. After configurating an IPsec VPN, an engineer enters the show command to verify the ISAKMP SA status. What does the status show?

A. ISAKMP SA is authenticated and can be used for Quick Mode.
B. Peers have exchanged keys, but ISAKMP SA remains unauthenticated.
C. VPN peers agreed on parameters for the ISAKMP SA
D. ISAKMP SA has been created, but it has not continued to form.

Answer: B

Explanation:
The ISAKMP SA has been authenticated. If the router initiated this exchange, this state transitions
immediately to QM_IDLE, and a Quick Mode exchange begins.

QUESTION 9
Refer to the exhibit.
Which configuration allows Customer2 hosts to access the FTP server of Customer1 that has the IP
address of 192.168.1.200?

A. ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 global
ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 global
ip route 192.168.1.0 255.255.255.0 VlanlO
ip route 172.16.1.0 255.255.255.0 Vlan20
B. ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 Customer2
ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 Customerl

C. ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 Customerl
ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 Customer2

D. ip route vrf Customerl 172.16.1.1 255.255.255.255 172.16.1.1 global
ip route vrf Customer 192.168.1.200 255.255.255.0 192.168.1.1 global
ip route 192.168.1.0 255.255.255.0 VlanlO
ip route 172.16.1.0 255.255.255.0 Vlan20

Answer: A

QUESTION 10
A customer requests a network design that supports these requirements:
Which protocol does the design include?

A. HSRP version 2
B. VRRP version 2
C. GLBP
D. VRRP version 3

Answer: D

QUESTION 11
Which two network problems Indicate a need to implement QoS in a campus network? (Choose two.)

A. port flapping
B. excess jitter
C. misrouted network packets
D. duplicate IP addresses
E. bandwidth-related packet loss

Answer: B, E

350-401 Brain Dumps Exam + Online / Offline and Android Testing Engine & 4500+ other exams included
$50 - $25 (you save $25)
Buy Complete

Students Feedback / Reviews/ Discussion

Bandile Ndlela Voted 2 weeks ago
Hello, with the new version released at 20th september, if this update all questions?
upvoted 32 times

AGUIDI MAHAMAT Highly 4 months ago - Chad
95% of the questions are valid. Review the answers. Review discussions of why some answers are inaccurate. This will provide better study and understanding of content.
upvoted 32 times

Mahendrie Dwarika Most Recent 1 week - South Africa
More than 90% of the question on the exam were from here. Thxs Exam Topics
upvoted 5 times

valisetti ravishankar 3 weeks, 2 days ago - USA
Thank you so much for providing excellent study material. I prepared for my 350-501 exam and aced the exam with 950 marks
upvoted 7 times

Dos Santos Daniel 1 month, 1 week ago - Brazil
Passed My Exam on 19th , 91 multiple choice question , 5 new question and 86 question in here.
upvoted 23 times

logged members Can Post comments / review and take part in Discussion

Enter Email

Enter Subject

Enter Comment

Certkingdom Offline Testing Engine Simulator Download

Prepare with yourself how CertKingdom Offline Exam Simulator it is designed specifically for any exam preparation. It allows you to create, edit, and take practice tests in an environment very similar to an actual exam.


Supported Platforms: Windows-7 64bit or later - EULA | How to Install?


FAQ's: Windows-8 / Windows 10 if you face any issue kinldy uninstall and reinstall the Simulator again.



Download Offline Simulator-Beta

Certkingdom Testing Engine Features

• Certkingdom Testing Engine simulates the real exam environment.
• Interactive Testing Engine Included
• Live Web App Testing Engine
• Offline Downloadable Desktop App Testing Engine
• Testing Engine App for Android
• Testing Engine App for iPhone
• Testing Engine App for iPad
• Working with the Certkingdom Testing Engine is just like taking the real tests, except we also give you the correct answers.
• More importantly, we also give you detailed explanations to ensure you fully understand how and why the answers are correct.

Certkingdom Android Testing Engine Simulator Download

Take your learning mobile android device with all the features as desktop offline testing engine. All android devices are supported.
Supported Platforms: All Android OS EULA

Install the Android Testing Engine from google play store and download the app.ck from certkingdom website android testing engine download

Certkingdom Android Testing Engine Features

• CertKingdom Offline Android Testing Engine
• Make sure to enable Root check in Playstore
• Live Realistic practice tests
• Live Virtual test environment
• Live Practice test environment
• Mark unanswered Q&A
• Free Updates
• Save your tests results
• Re-examine the unanswered Q & A
• Make your own test scenario (settings)
• Just like the real tests: multiple choice questions
• Updated regularly, always current