Find a practice exam
Flexible search understands AI-901, ai901, ai 901, 901, ai, network plus, and saa c03.
No matching practice exams yet.
Free CCNP practice test
Know why every answer is right or wrong.
What 350-401 ENCOR covers: Infrastructure Routing and Resiliency (20%) • Architecture and Virtualization (17%) • Automation and Programmability (15%)
New set every day. Start today's questions before they rotate.
CCNP
Cisco Certified Network Professional Enterprise
What you get immediately
- A real 350-401 ENCOR question first, not a wall of copy
- Correct answer plus per-choice explanation
- Source link for follow-up study
- Free daily set, then full-bank Pro when you want more
In an enterprise fabric, VXLAN is used to address which of the following issues related to multi-tenant environments?
A. Correct: Improving VLAN range limitations because VXLAN encapsulates Layer 2 traffic over a Layer 3 network, thereby overcoming the constraints of limited VLAN ranges in multi-tenant environments.
B. Incorrect: Facilitating broadcast communication between VMs because VXLAN primarily addresses unicast and multicast communications rather than broadening broadcast capabilities.
C. Incorrect: Increasing table sizes at Top-of-Rack (ToR) switches because VXLAN does not directly address switch table size limitations but instead focuses on network encapsulation techniques.
D. Incorrect: Enhancing physical infrastructure requirements because VXLAN operates above the physical layer, focusing on virtualization and overlay networking rather than changing physical hardware needs.
What does a YANG model describe in network automation?
A. Correct: YANG is a data modeling language used to define the schema and hierarchy of configuration and operational data.
B. Incorrect: SSH encryption is unrelated to the purpose of YANG.
C. Incorrect: Spanning-tree root election uses bridge IDs, not YANG models.
D. Incorrect: VXLAN encapsulation is an overlay networking topic rather than a data-modeling definition.
In a network management system, what component is responsible for querying an SNMP agent to retrieve information about the managed device's status?
A. Correct: SNMP manager because it queries the SNMP agent to retrieve information about managed devices.
B. Incorrect: SNMP agent because it collects and reports management information but does not query for data.
C. Incorrect: MIB because it defines variables used by managers and agents, but does not perform polling.
D. Incorrect: Trap because it refers to an unsolicited notification sent from the agent to the manager.
You're 3 questions in. Want the full bank?
Unlock the full question set, timed exam mode, practice mode, saved progress, previous tests, and readiness scoring.
115 more questions, timed exam mode, and saved history are waiting in the full unlock.
Pro is active. Use the full bank, Exam mode, and saved box scores when you want deeper review.
When implementing Control Plane Policing (CoPP) on a Cisco router, which of the following is the primary method to ensure that traffic destined for the control plane does not overload the CPU? ?
A. Incorrect: This is incorrect as CoPP specifically targets the control plane, not just the management interface.
B. Incorrect: QoS policies are typically used for data plane traffic shaping and not directly for control plane protection.
C. Correct: CoPP is designed to protect the control plane by rate-limiting or filtering traffic destined for it, thus preventing CPU overload.
D. Incorrect: Adaptive QoS over DMVPN tunnels is unrelated to protecting the control plane from excessive traffic.
In a network configuration, which type of static route is set up with an administrative distance higher than the primary route to act as a backup when the main route fails?
A. Incorrect: A primary static route has a lower administrative distance and does not serve as a backup.
B. Correct: A floating static route uses a higher administrative distance to act as a fallback option when the main route fails.
C. Incorrect: S are learned through routing protocols, not manually configured with an elevated administrative distance.
D. Incorrect: A default route has a lower administrative distance and does not serve as a backup for primary static routes.
In HSRP, which device forwards user traffic sent to the virtual IP address during normal operation?
A. Correct: HSRP presents a virtual gateway, and the active router is the one currently forwarding traffic for that virtual address.
B. Incorrect: The standby router listens and waits to take over but does not normally forward as the virtual gateway.
C. Incorrect: HSRP is not an equal-cost forwarding model where any group member may answer.
D. Incorrect: The DHCP relay agent is unrelated to HSRP forwarding.
In a VXLAN overlay, what does the VNI identify?
A. Correct: VXLAN Network Identifier maps traffic to a specific virtual Layer 2 segment inside the overlay.
B. Incorrect: A VNI does not identify a physical interface on a leaf switch.
C. Incorrect: The underlay routing protocol or autonomous system is separate from VXLAN segment identification.
D. Incorrect: Spanning-tree instances are not what VXLAN uses to distinguish overlay segments.
When configuring a trunk port between two Cisco Catalyst 9200 switches, which command is used to specify the native VLAN for untagged traffic on the interface? Is it 'switchport trunk allowed vlan', 'switchport mode trunk', or 'switchport trunk native vlan'? What should be done if you want VLAN 15 to carry untagged traffic on this trunk port?
A. Incorrect: This command is used to define the allowed VLANs on a trunk but not for specifying the native VLAN.
B. Incorrect: This command sets the switchport mode to trunk but does not specify the native VLAN.
C. Correct: To specify the native VLAN for untagged traffic, this command should be used with the appropriate VLAN number.
D. Incorrect: Configuring an interface as an access port is unrelated to configuring a 802.1Q trunk.
In 802.1X access control, what device acts as the authenticator?
A. Correct: The authenticator sits on the network edge and controls the port while relaying authentication messages.
B. Incorrect: The endpoint is the supplicant, not the authenticator.
C. Incorrect: The AAA server authenticates the request but is not the port-controlling authenticator.
D. Incorrect: Time synchronization does not make a device the 802.1X authenticator.
Which statement correctly compares containers and virtual machines?
A. Correct: Containers isolate applications while sharing the host kernel, whereas virtual machines package a full guest OS on top of virtualization.
B. Incorrect: Hypervisors are associated with virtual machines, not with standard Linux containers.
C. Incorrect: Containers package application dependencies and runtime components, not hardware drivers.
D. Incorrect: The opposite is generally true: virtual machines carry more operating system overhead because each one includes its own guest OS.
You've reached the free preview.
Go beyond sample questions with the full source-backed bank, objective practice, exam mode, saved progress, and readiness scoring.
125 verified questions are ready behind the full unlock.
Pro is active. Use the full bank, readiness score, and saved exams when you want deeper reps.
Unlock the full 350-401 ENCOR bank.
Get the full source-backed bank, timed exam mode, practice mode, saved progress, previous tests, and readiness scoring for this exam.
You've answered 0/10 free questions today.
Locked: 115 more questions in the full bank.
Locked: exam simulation mode and end-of-exam review.
Today's free set refreshes soon. Upgrade to continue with the full bank.
Unlock this exam, or compare the career path and bundle options when you want a broader guided route.
Build a 350-401 ENCOR session
Choose the question count, question set, mode, and timer for your full-bank practice.
Tell dotCreds what you are aiming for.
Set a target once. We will keep the next study action visible before every Pro session.
Answer more questions to start your readiness trend on this browser.
Box scores, domain breakdowns, and full answer explanations for Pro exam attempts on this browser.
7-day score keeper
Answer questions today and this will become a rolling 7-day scorecard.
Keep today’s practice moving
Guest progress saves automatically on this device. Add an email later when you want a magic link that keeps your daily 350-401 ENCOR practice in sync across browsers.
Guest progress saves on this device automatically
125 verified questions are currently in the live bank. Questions updated at May 13, 2026, 12:15 PM CDT. The daily set rotates at 10:00 AM local time, and each explanation links back to the source used to write it. Use the web set for quick practice, then switch to the app when available for larger banks and deeper review.
CCNP is aimed at people already past the entry network stage and working toward more serious enterprise design, routing, switching, and infrastructure ownership.
- Role examples: senior network engineer, enterprise network administrator, infrastructure lead, and network architect track.
- Where it shows up: enterprise networking, large-scale routing and switching, resilience planning, and advanced operations.
- On-the-job payoff: the job already expects stronger design and troubleshooting depth than CCNA covers.
- Typical next step: It usually comes after CCNA and supports movement toward higher-level architecture or specialist Cisco tracks.
CCNP Enterprise leans harder on design tradeoffs, enterprise routing behavior, and operational depth than CCNA. The exam likes the answer that holds up in a larger production network, not the first Cisco term you recognize.
- Current emphasis in this bank: Infrastructure Routing and Resiliency (20%).
- Expect more scenario wording where multiple answers are technically possible but only one scales, converges, or isolates failure the way an enterprise design should.
- Best official starting point: CCNP Enterprise certification.
The fastest path is to turn this exam into a repeatable pattern-recognition loop instead of a one-time cram session.
- Start with the free daily set closed-book so you can see which parts of the cloud and it lane still feel weak.
- Use every explanation as a checkpoint for why the right answer fits the scenario and why the other answer choices do not.
- Open the official Cisco source when a concept keeps missing so you fix the gap at the source instead of rereading generic notes.
- Use the nearby cert pages when you need broader context around the same job path or technology stack.
The usual misses happen when learners recognize keywords but do not slow down enough to match the scenario to the exact decision the exam is testing.
- Reading for one familiar keyword and skipping the deeper clue that tells you which cloud and it concept actually fits.
- Memorizing isolated terms without checking why the right answer wins over the other answer choices in the same scenario.
- Ignoring the official Cisco source after a miss and hoping the next question will feel easier on its own.
- Studying this page in isolation when one nearby cert page could clear up the broader pattern much faster.
The fastest path is simple: answer the set, review the reasoning, then use the score history and source links to decide what to hit next.
- Answer the free set first without looking anything up so the score reflects what is actually sticking.
- Read every explanation, especially the wrong answer choices, so the weaker options stop looking plausible next time.
- Open the linked source when a concept feels weak, then come back and repeat the question flow while the wording is fresh.
- Use the 7-day score keeper, related cert links, and comparison pages to decide what to study next instead of guessing.
- Move into Pro when you want the full bank, timed reps, readiness tracking, and previous-test review.
Use these official Cisco resources alongside the daily practice set. They cover the provider's own exam page, study guide, or prep material.
Need adjacent Cisco practice pages too? Cisco practice hub.
How are CCNP questions generated?
dotCreds builds CCNP practice questions from Cisco documentation and source-backed references, with official or primary sources preferred first. The questions are written for realistic study practice, not copied from exam dumps.
How are explanations sourced?
Each question includes a source-backed explanation and a link to the documentation or reference used to validate the answer. If an official page is too broad, dotCreds uses a reputable answer-level reference instead of pretending a generic page proves the answer.
What score do I get?
The page tracks today's answered count and accuracy for the 10-question daily set, then saves a 7-day score history on this device so you can see your recent practice trend.
Why use this site?
The site is the fastest way to start CCNP practice without installing anything. It is built for daily recall, quick weak-topic discovery, and source-backed explanations you can review immediately.
Why use the app when available?
The web page is the quick free sampler. If a dotCreds app is available for CCNP, the app is better for larger banks, focused weak-domain drills, longer review sessions, and mobile study routines.