Find a practice exam
Flexible search understands AI-901, ai901, ai 901, 901, ai, network plus, and saa c03.
No matching practice exams yet.
CCNP Practice Test
Start a free 10-question CCNP daily set with source-backed explanations, local progress, and a fresh rotation every morning.
What 350-401 ENCOR covers: Automation and Programmability (27%) • Security Controls (17%) • Architecture and Virtualization (13%)
New set every day. Start today's questions before they rotate.
CCNP
Cisco Certified Network Professional Enterprise
What you get immediately
- A real 350-401 ENCOR question first, not a wall of copy
- Correct answer plus per-choice explanation
- Source link for follow-up study
- Free daily set, then full-bank Pro when you want more
In a VXLAN overlay, what does the VNI identify?
A. Correct: VXLAN Network Identifier maps traffic to a specific virtual Layer 2 segment inside the overlay.
B. Incorrect: A VNI does not identify a physical interface on a leaf switch.
C. Incorrect: The underlay routing protocol or autonomous system is separate from VXLAN segment identification.
D. Incorrect: Spanning-tree instances are not what VXLAN uses to distinguish overlay segments.
Pro turns this bank into a study plan.
Unlock the full bank, then use Exam Mode, Practice Mode, fixed question sets, random tests, readiness tracking, previous-test box scores, and source-backed review to decide what to study next.
- Readiness scoreSee your 7-day trend, bank coverage, and confidence on this browser.
- Previous test box scoresReview score, domains, right answers, wrong answers, and every explanation.
- Question sets and random testsRun Set 1, Set 2, or a random session so you can eventually see the whole bank.
Secure checkout powered by Stripe. 48 verified questions are currently in this bank.
Pro is active. Use the full bank, Exam mode, and saved box scores when you want deeper review.
What does stratum 1 mean in NTP?
A. Correct: Stratum 1 systems obtain time directly from a reference source such as a radio, GPS, or atomic clock.
B. Incorrect: Stratum does not count the number of clients.
C. Incorrect: Multicast delivery is unrelated to what stratum 1 means.
D. Incorrect: Lower stratum numbers are closer to the reference clock, not less accurate by definition.
What must be present before a Cisco device can use SSH for secure remote administration?
A. Correct: Cisco SSH configuration requires locally generated RSA keys before the SSH server can operate.
B. Incorrect: TACACS+ can support AAA, but it does not replace the key material required for SSH itself.
C. Incorrect: Native VLAN settings do not enable secure shell access.
D. Incorrect: NetFlow export is unrelated to establishing SSH service.
In JSON, which structure contains name/value pairs enclosed in curly braces?
A. Correct: JSON object is an unordered collection of name/value pairs enclosed in curly braces.
B. Incorrect: Arrays are ordered lists of values enclosed in square brackets.
C. Incorrect: Path parameters are an API concept, not a native JSON structure.
D. Incorrect: RPC methods are protocol operations and are not one of JSON's basic data structures.
What makes a static route a floating static route?
A. Correct: Floating static route is configured with a higher administrative distance so it stays in reserve until the primary route disappears.
B. Incorrect: The concept is tied to administrative distance, not to having the lowest metric in every case.
C. Incorrect: Virtual MAC addresses are associated with first-hop redundancy protocols such as HSRP, not static-route preference.
D. Incorrect: Redistributing a route into OSPF is a separate routing action and does not define a floating static route.
In 802.1X access control, what device acts as the authenticator?
A. Correct: The authenticator sits on the network edge and controls the port while relaying authentication messages.
B. Incorrect: The endpoint is the supplicant, not the authenticator.
C. Incorrect: The AAA server authenticates the request but is not the port-controlling authenticator.
D. Incorrect: Time synchronization does not make a device the 802.1X authenticator.
On a broadcast multiaccess network, which OSPF role forms full adjacencies with DROther routers to reduce LSA flooding overhead?
A. Correct: The DR becomes the primary exchange point for link-state information on a broadcast segment.
B. Incorrect: An ABR connects OSPF areas and is not the special role chosen per broadcast segment.
C. Incorrect: An ASBR injects external routes and is unrelated to DR election.
D. Incorrect: A stub router is not the role that centralizes adjacency exchange on the segment.
According to RFC 4364, how does a service provider use VRFs to maintain separate routing tables for different customer networks on the same physical hardware?
A. Correct: VRFs enable multiple routing tables on a single device, isolating each customer's network traffic.
B. Incorrect: Overlapping address space can be managed with VRFs without requiring unique IP addresses for each customer.
C. Incorrect: Using ACLs alone does not provide the isolation and separate routing required by VRFs.
D. Incorrect: CE routers do not peer directly; they send routes to PE routers which manage VRFs.
Why is SSH preferred over Telnet for Cisco device administration?
A. Correct: SSH protects credentials and command traffic with encryption, while Telnet does not.
B. Incorrect: SSH and Telnet are management access methods, not routing-update carriers.
C. Incorrect: First-hop redundancy is unrelated to the transport used for remote CLI access.
D. Incorrect: SNMP polling and syslog export are separate management protocols and do not define why SSH is preferred.
Why would an enterprise router or firewall use a VRF?
A. Correct: VRF creates separate routing and forwarding instances so traffic and routes stay isolated even on shared hardware.
B. Incorrect: VLAN extension over a routed fabric is an overlay function, not the purpose of VRFs.
C. Incorrect: OSPF DR election is unrelated to VRF route-table separation.
D. Incorrect: Exporting telemetry is a monitoring function, not a VRF function.
Unlock 48 350-401 ENCOR questions. No ads.
Get the full bank, Exam Mode, Practice Mode, question sets, random tests, readiness tracking, previous-test box scores, and review tools for this exam.
You've answered 0/10 free questions today.
Locked: 38 more questions in the full bank.
Locked: exam simulation mode and end-of-exam review.
Today's free set refreshes soon. Upgrade to continue with the full bank.
Go Pro for this exam or get sitewide access to every dotCreds practice bank.
Build a 350-401 ENCOR session
Choose the question count, question set, mode, and timer for your full-bank practice.
Tell dotCreds what you are aiming for.
Set a target once. We will keep the next study action visible before every Pro session.
Answer more questions to start your readiness trend on this browser.
Box scores, domain breakdowns, and full answer explanations for Pro exam attempts on this browser.
7-day score keeper
Answer questions today and this will become a rolling 7-day scorecard.
Keep today’s practice moving
Guest progress saves automatically on this device. Add an email later when you want a magic link that keeps your daily 350-401 ENCOR practice in sync across browsers.
Guest progress saves on this device automatically
48 verified questions are currently in the live bank. Questions updated at Apr 30, 2026, 7:32 AM CDT. The daily set rotates at 10:00 AM local time, and each explanation links back to the source used to write it. Use the web set for quick practice, then switch to the app when available for larger banks and deeper review.
CCNP is aimed at people already past the entry network stage and working toward more serious enterprise design, routing, switching, and infrastructure ownership.
- Role examples: senior network engineer, enterprise network administrator, infrastructure lead, and network architect track.
- Where it shows up: enterprise networking, large-scale routing and switching, resilience planning, and advanced operations.
- On-the-job payoff: the job already expects stronger design and troubleshooting depth than CCNA covers.
- Typical next step: It usually comes after CCNA and supports movement toward higher-level architecture or specialist Cisco tracks.
CCNP Enterprise leans harder on design tradeoffs, enterprise routing behavior, and operational depth than CCNA. The exam likes the answer that holds up in a larger production network, not the first Cisco term you recognize.
- Current emphasis in this bank: Automation and Programmability (27%).
- Expect more scenario wording where multiple answers are technically possible but only one scales, converges, or isolates failure the way an enterprise design should.
- Best official starting point: CCNP Enterprise certification.
The fastest path is to turn this exam into a repeatable pattern-recognition loop instead of a one-time cram session.
- Start with the free daily set closed-book so you can see which parts of the cloud and it lane still feel weak.
- Use every explanation as a checkpoint for why the right answer fits the scenario and why the other answer choices do not.
- Open the official Cisco source when a concept keeps missing so you fix the gap at the source instead of rereading generic notes.
- Use the nearby cert pages when you need broader context around the same job path or technology stack.
The usual misses happen when learners recognize keywords but do not slow down enough to match the scenario to the exact decision the exam is testing.
- Reading for one familiar keyword and skipping the deeper clue that tells you which cloud and it concept actually fits.
- Memorizing isolated terms without checking why the right answer wins over the other answer choices in the same scenario.
- Ignoring the official Cisco source after a miss and hoping the next question will feel easier on its own.
- Studying this page in isolation when one nearby cert page could clear up the broader pattern much faster.
The fastest path is simple: answer the set, review the reasoning, then use the score history and source links to decide what to hit next.
- Answer the free set first without looking anything up so the score reflects what is actually sticking.
- Read every explanation, especially the wrong answer choices, so the weaker options stop looking plausible next time.
- Open the linked source when a concept feels weak, then come back and repeat the question flow while the wording is fresh.
- Use the 7-day score keeper, related cert links, and comparison pages to decide what to study next instead of guessing.
- Move into Pro when you want the full bank, timed reps, readiness tracking, and previous-test review.
Use these official Cisco resources alongside the daily practice set. They cover the provider's own exam page, study guide, or prep material.
Need adjacent Cisco practice pages too? Cisco practice hub.
How are CCNP questions generated?
dotCreds builds CCNP practice questions from Cisco documentation and source-backed references, with official or primary sources preferred first. The questions are written for realistic study practice, not copied from exam dumps.
How are explanations sourced?
Each question includes a source-backed explanation and a link to the documentation or reference used to validate the answer. If an official page is too broad, dotCreds uses a reputable answer-level reference instead of pretending a generic page proves the answer.
What score do I get?
The page tracks today's answered count and accuracy for the 10-question daily set, then saves a 7-day score history on this device so you can see your recent practice trend.
Why use this site?
The site is the fastest way to start CCNP practice without installing anything. It is built for daily recall, quick weak-topic discovery, and source-backed explanations you can review immediately.
Why use the app when available?
The web page is the quick free sampler. If a dotCreds app is available for CCNP, the app is better for larger banks, focused weak-domain drills, longer review sessions, and mobile study routines.