dc dotCreds
Menu
Cisco Certified Network Professional Enterprise

CCNP Practice Test

Start today's 10-question CCNP set with source-backed explanations, local progress, and a fresh rotation every morning.

10 daily web questions Source-backed explanations 7-day score history Questions updated at Jun 2, 2026, 11:33 AM CDT
Start today’s 10 free questions
CCNP icon

CCNP

Cisco Certified Network Professional Enterprise

Why this page works

  • Daily exam-aligned questions
  • Source links on every explanation
  • Local progress saved automatically
  • Email sync path ready for later
  • Apps provide deeper drills when available
One-time unlock

Unlock the full 350-401 ENCOR bank

Get 120 verified questions, every choice explained, Exam Mode, Practice Mode, random tests, readiness tracking, previous scores, and no ads.

Secure checkout by Stripe. Instant unlock on this page. No subscription.

See bundle and PDF options Already Pro? Open dashboard

Choose an unlock option to continue. We will confirm your site email in one quick checkout step.

Today's 10 CCNP questions

Use this CCNP practice test to review CCNP Enterprise 350-401 ENCOR. Questions rotate daily and each explanation links to the source used to validate the answer.

Today’s Set
10 questions
Rotates at 10:00 AM local time
Progress
0/10
Answered on this page
Accuracy
0%
Loading countdown…

120 verified questions are in the live bank. Free daily questions are selected from a rotating sample set. Unlock Pro to access the full question bank.

Question 1 of 10
Objective ENCOR-automation Automation

What is the safest study takeaway for Automation?

Concept tested: Automation (ENCOR-automation)
Source:Cisco 350-401 ENCOR exam topics
Question 2 of 10
Objective ENCOR-infrastructure Infrastructure

A learner is reviewing ENCOR-infrastructure. What should they remember?

Concept tested: Infrastructure (ENCOR-infrastructure)
Source:Cisco 350-401 ENCOR exam topics
Question 3 of 10
Objective ENCOR-assurance Network Assurance

A learner is reviewing ENCOR-assurance. What should they remember?

Concept tested: Network Assurance (ENCOR-assurance)
Source:Cisco 350-401 ENCOR exam topics
Question 4 of 10
Objective ENCOR-security Security

When practicing CCNP, which option belongs under Security?

Concept tested: Security (ENCOR-security)
Source:Cisco 350-401 ENCOR exam topics
Question 5 of 10
Objective ENCOR-virtualization Virtualization

In a VXLAN-based data center network fabric, which component is responsible for encapsulating Layer 2 ethernet frames into Layer 4 UDP packets, and what destination UDP port is reserved by IANA for VXLAN traffic?

Concept tested: Virtualization (ENCOR-virtualization)
Source:VXLAN Overview: Cisco Nexus Platforms
Question 6 of 10
Objective ENCOR-architecture Architecture

You are designing a QoS policy for a WAN edge router to guarantee bandwidth for critical business applications while keeping real-time voice latency below 20ms. Which queuing mechanism should you implement to satisfy both requirements?

Concept tested: Architecture (ENCOR-architecture)
Source:Low Latency Queuing Configuration Guide
Question 7 of 10
Objective ENCOR-automation Automation

Which answer is the best source-backed summary of Automation for this Cisco Certified Network Professional Enterprise topic?

Concept tested: Automation (ENCOR-automation)
Source:Cisco 350-401 ENCOR exam topics
Question 8 of 10
Objective ENCOR-infrastructure Infrastructure

You are configuring a link aggregation bundle between a Cisco Catalyst switch and a non-Cisco server. The channel must dynamic negotiate states and use an open standard. Which protocol and configuration modes should you use?

Concept tested: Infrastructure (ENCOR-infrastructure)
Source:Configuring EtherChannels
Question 9 of 10
Objective ENCOR-assurance Network Assurance

Which statement best matches Network Assurance for CCNP practice?

Concept tested: Network Assurance (ENCOR-assurance)
Source:Cisco 350-401 ENCOR exam topics
Question 10 of 10
Objective ENCOR-security Security

Which answer is the best source-backed summary of Security for this Cisco Certified Network Professional Enterprise topic?

Concept tested: Security (ENCOR-security)
Source:Cisco 350-401 ENCOR exam topics
Locked preview

You are viewing today’s free 10. Unlock 110 more questions.

Unlock full bank
Daily sample Rotating practice Free daily questions are selected from a rotating sample set.
Pro bank Full access Unlock Pro to access the full question bank, Exam Mode, Practice Mode, and random tests.
350-401 ENCOR Pro $4.99 one-time

Unlock all 120 CCNP questions, explanations, review tools, and exam-style practice.

50 Exam Practice Test $1.99 one-time

A 50-question 350-401 ENCOR PDF for short review sessions. Questions come first, then the answer review and explanations later in the file.

We will ask for your site email in a quick checkout step, remember it on this browser, and use it again for restore.

Choose an unlock option to continue. We will confirm your site email in one quick checkout step.

Secure checkout powered by Stripe. Source-backed questions. Not brain dumps. Checkout stays on this page and unlocks the same Pro builder on this practice page.
Already Pro? Open dashboard

Purchase options

Unlock the full 350-401 ENCOR bank. No ads.

Get the full bank, Exam Mode, Practice Mode, question sets, random tests, readiness tracking, saved box scores, and review tools for this exam.

The PDF versions keep questions first and move the answer review, explanations, and distractor notes to the back of the file.

120 full-bank questions Every choice explained Exam Mode and Practice Mode Question sets and random tests Readiness score and trends Previous test box scores

You've answered 0/10 questions in today's set.

Locked: 110 more questions in the full bank.

Locked: exam simulation mode, practice mode, readiness tracking, and saved review history.

Checkout stays on this page, so you can keep practicing, unlock the full bank, and start Exam Mode or Practice Mode when you are ready.

No ads

7-day score keeper

Answer questions today and this will become a rolling 7-day scorecard.

Local history
Optional progress sync

Keep today’s practice moving

Guest progress saves automatically on this device. Add an email later when you want a magic link that keeps your daily 350-401 ENCOR practice in sync across browsers.

Guest progress saves on this device automatically

Guest progress is available without an account.

Official exam resources

Use these official Cisco resources alongside the daily practice set. They cover the provider's own exam page, study guide, or prep material.

Certification Cisco CCNP Enterprise Exam Cisco 350-401 ENCOR exam

Need adjacent Cisco practice pages too? Cisco practice hub.

Source-backed answer review

The free daily CCNP set includes crawlable question text, answer choices, the correct answer explanation, wrong-answer distractor explanations when the reviewed bank provides them, objective mapping, and source links. Pro-only bank questions stay locked; this section mirrors only the 10 free daily questions already shown on this page.

Question 1 What is the safest study takeaway for Automation?

Answer choices

  1. A. Network automation requires hand-editing every packet.
  2. B. Network automation uses APIs, data models, templates, and programmatic workflows to reduce manual change risk.
  3. C. Templates prevent repeatable network changes.
  4. D. APIs and data models are unrelated to configuration workflows.

Correct answer

Network automation uses APIs, data models, templates, and programmatic workflows to reduce manual change risk.

Correct answer: Network automation uses APIs, data models, templates, and programmatic workflows to reduce manual change risk. Automation is part of ENCOR because enterprise networks increasingly rely on repeatable, programmatic operations.

Wrong-answer review

  • A. Network automation requires hand-editing every packet.: This distractor describes the idea that Network automation requires hand-editing every packet. In "What is the safest study takeaway for Automation?", that misses the required action because the correct response is "Network automation uses APIs, data models, templates, and programmatic workflows to reduce manual change risk.". On the job, mixing up that distractor with "Network automation uses APIs, data models, templates, and programmatic workflows to reduce manual change risk." can lead to the wrong automation action or troubleshooting path.
  • C. Templates prevent repeatable network changes.: This distractor describes the idea that Templates prevent repeatable network changes. In "What is the safest study takeaway for Automation?", that misses the required action because the correct response is "Network automation uses APIs, data models, templates, and programmatic workflows to reduce manual change risk.". On the job, mixing up that distractor with "Network automation uses APIs, data models, templates, and programmatic workflows to reduce manual change risk." can lead to the wrong automation action or troubleshooting path.

Objective/domain: Automation (ENCOR-automation)

Source: Cisco 350-401 ENCOR exam topics

Question 2 A learner is reviewing ENCOR-infrastructure. What should they remember?

Answer choices

  1. A. Enterprise infrastructure questions cover routing, switching, wireless, IP services, and forwarding behavior.
  2. B. Routing and switching never affect application reachability.
  3. C. Infrastructure topics only cover spreadsheet formatting.
  4. D. Wireless design is unrelated to enterprise infrastructure.

Correct answer

Enterprise infrastructure questions cover routing, switching, wireless, IP services, and forwarding behavior.

Correct answer: Enterprise infrastructure questions cover routing, switching, wireless, IP services, and forwarding behavior. ENCOR includes core enterprise infrastructure technologies across wired and wireless networks.

Wrong-answer review

  • B. Routing and switching never affect application reachability.: This distractor describes the idea that Routing and switching never affect application reachability. In "A learner is reviewing ENCOR-infrastructure. What should they remember?", that misses the required action because the correct response is "Enterprise infrastructure questions cover routing, switching, wireless, IP services, and forwarding behavior.". On the job, mixing up that distractor with "Enterprise infrastructure questions cover routing, switching, wireless, IP services, and forwarding behavior." can lead to the wrong infrastructure action or troubleshooting path.
  • C. Infrastructure topics only cover spreadsheet formatting.: This distractor describes the idea that Infrastructure topics only cover spreadsheet formatting. In "A learner is reviewing ENCOR-infrastructure. What should they remember?", that misses the required action because the correct response is "Enterprise infrastructure questions cover routing, switching, wireless, IP services, and forwarding behavior.". On the job, mixing up that distractor with "Enterprise infrastructure questions cover routing, switching, wireless, IP services, and forwarding behavior." can lead to the wrong infrastructure action or troubleshooting path.

Objective/domain: Infrastructure (ENCOR-infrastructure)

Source: Cisco 350-401 ENCOR exam topics

Question 3 A learner is reviewing ENCOR-assurance. What should they remember?

Answer choices

  1. A. Telemetry is unrelated to troubleshooting.
  2. B. Network assurance uses telemetry, logging, monitoring, and troubleshooting data to verify behavior.
  3. C. Network assurance means deleting logs after every change.
  4. D. Monitoring replaces the need to understand symptoms.

Correct answer

Network assurance uses telemetry, logging, monitoring, and troubleshooting data to verify behavior.

Correct answer: Network assurance uses telemetry, logging, monitoring, and troubleshooting data to verify behavior. Assurance topics test whether engineers can observe, verify, and troubleshoot enterprise networks.

Wrong-answer review

  • A. Telemetry is unrelated to troubleshooting.: This distractor describes the idea that Telemetry is unrelated to troubleshooting. In "A learner is reviewing ENCOR-assurance. What should they remember?", that misses the required action because the correct response is "Network assurance uses telemetry, logging, monitoring, and troubleshooting data to verify behavior.". On the job, mixing up that distractor with "Network assurance uses telemetry, logging, monitoring, and troubleshooting data to verify behavior." can lead to the wrong network assurance action or troubleshooting path.
  • C. Network assurance means deleting logs after every change.: This distractor describes the idea that Network assurance means deleting logs after every change. In "A learner is reviewing ENCOR-assurance. What should they remember?", that misses the required action because the correct response is "Network assurance uses telemetry, logging, monitoring, and troubleshooting data to verify behavior.". On the job, mixing up that distractor with "Network assurance uses telemetry, logging, monitoring, and troubleshooting data to verify behavior." can lead to the wrong network assurance action or troubleshooting path.

Objective/domain: Network Assurance (ENCOR-assurance)

Source: Cisco 350-401 ENCOR exam topics

Question 4 When practicing CCNP, which option belongs under Security?

Answer choices

  1. A. Enterprise network security includes device hardening, secure access, segmentation, and threat-aware controls.
  2. B. Segmentation makes every system publicly reachable.
  3. C. Device hardening is unrelated to production networks.
  4. D. Enterprise network security requires enabling unauthenticated management access.

Correct answer

Enterprise network security includes device hardening, secure access, segmentation, and threat-aware controls.

Correct answer: Enterprise network security includes device hardening, secure access, segmentation, and threat-aware controls. ENCOR security topics connect access control, segmentation, and operational protection.

Wrong-answer review

  • B. Segmentation makes every system publicly reachable.: This distractor describes the idea that Segmentation makes every system publicly reachable. In "When practicing CCNP, which option belongs under Security?", that misses the required action because the correct response is "Enterprise network security includes device hardening, secure access, segmentation, and threat-aware controls.". On the job, mixing up that distractor with "Enterprise network security includes device hardening, secure access, segmentation, and threat-aware controls." can lead to the wrong security action or troubleshooting path.
  • C. Device hardening is unrelated to production networks.: This distractor describes the idea that Device hardening is unrelated to production networks. In "When practicing CCNP, which option belongs under Security?", that misses the required action because the correct response is "Enterprise network security includes device hardening, secure access, segmentation, and threat-aware controls.". On the job, mixing up that distractor with "Enterprise network security includes device hardening, secure access, segmentation, and threat-aware controls." can lead to the wrong security action or troubleshooting path.

Objective/domain: Security (ENCOR-security)

Source: Cisco 350-401 ENCOR exam topics

Question 5 In a VXLAN-based data center network fabric, which component is responsible for encapsulating Layer 2 ethernet frames into Layer 4 UDP packets, and what destination UDP port is reserved by IANA for VXLAN traffic?

Answer choices

  1. A. Virtual Tunnel Endpoint (VTEP); UDP port 4789
  2. B. Fabric Control Node; TCP port 4789
  3. C. LISP Map-Server; UDP port 8472
  4. D. VXLAN Gateway Router; TCP port 8472

Correct answer

Virtual Tunnel Endpoint (VTEP); UDP port 4789

Correct answer: Virtual Tunnel Endpoint (VTEP); UDP port 4789. In a VXLAN fabric, the Virtual Tunnel Endpoint (VTEP) performs the encapsulation of Layer 2 frames into Layer 4 UDP packets (and the reverse decapsulation). The standard IANA-assigned UDP destination port for VXLAN is 4789 (while Cisco's pre-standard deployments sometimes used 8472).

Wrong-answer review

  • B. Fabric Control Node; TCP port 4789: Fabric Control Node; TCP port 4789 is incorrect because VXLAN uses UDP (not TCP) for transit load-balancing capabilities, and the encapsulation is done by VTEPs (switches), not a centralized control node.
  • C. LISP Map-Server; UDP port 8472: LISP Map-Server; UDP port 8472 is incorrect because the LISP Map-Server is a control plane database, not a data-plane VXLAN encapsulator, and port 8472 is the pre-standard Cisco port, not the official IANA standard.
  • D. VXLAN Gateway Router; TCP port 8472: VXLAN Gateway Router; TCP port 8472 is incorrect because VXLAN uses UDP (not TCP) and the standard IANA port is 4789.

Objective/domain: Virtualization (ENCOR-virtualization)

Source: VXLAN Overview: Cisco Nexus Platforms

Question 6 You are designing a QoS policy for a WAN edge router to guarantee bandwidth for critical business applications while keeping real-time voice latency below 20ms. Which queuing mechanism should you implement to satisfy both requirements?

Answer choices

  1. A. Low Latency Queuing (LLQ)
  2. B. Class-Based Weighted Fair Queuing (CBWFQ)
  3. C. Weighted Round Robin (WRR)
  4. D. Priority Queuing (PQ) without bandwidth limits

Correct answer

Low Latency Queuing (LLQ)

Correct answer: Low Latency Queuing (LLQ). LLQ brings a strict priority queue to Class-Based Weighted Fair Queuing (CBWFQ). The strict priority queue is designed for real-time delay-sensitive traffic like voice, while the other classes use CBWFQ to get guaranteed minimum bandwidth allocation.

Wrong-answer review

  • B. Class-Based Weighted Fair Queuing (CBWFQ): Class-Based Weighted Fair Queuing (CBWFQ) is incorrect because CBWFQ alone does not provide a strict priority queue, meaning real-time voice packets could experience jitter and unacceptable delay during congestion.
  • C. Weighted Round Robin (WRR): Weighted Round Robin (WRR) is incorrect because it is a hardware-level scheduling mechanism used primarily on switches, not a flexible class-based WAN queuing mechanism that guarantees low-latency priority voice queues.
  • D. Priority Queuing (PQ) without bandwidth limits: Priority Queuing (PQ) without bandwidth limits is incorrect because it can starve non-priority queues during high-volume priority traffic bursts, violating the requirement to guarantee bandwidth for other business applications.

Objective/domain: Architecture (ENCOR-architecture)

Source: Low Latency Queuing Configuration Guide

Question 7 Which answer is the best source-backed summary of Automation for this Cisco Certified Network Professional Enterprise topic?

Answer choices

  1. A. APIs and data models are unrelated to configuration workflows.
  2. B. Network automation uses APIs, data models, templates, and programmatic workflows to reduce manual change risk.
  3. C. Templates prevent repeatable network changes.
  4. D. Network automation requires hand-editing every packet.

Correct answer

Network automation uses APIs, data models, templates, and programmatic workflows to reduce manual change risk.

Correct answer: Network automation uses APIs, data models, templates, and programmatic workflows to reduce manual change risk. Automation is part of ENCOR because enterprise networks increasingly rely on repeatable, programmatic operations.

Wrong-answer review

  • A. APIs and data models are unrelated to configuration workflows.: This distractor describes the idea that APIs and data models are unrelated to configuration workflows. In "Which answer is the best source-backed summary of Automation for this Cisco Certified Network Professional Enterprise topic?", that misses the required action because the correct response is "Network automation uses APIs, data models, templates, and programmatic workflows to reduce manual change risk.". On the job, mixing up that distractor with "Network automation uses APIs, data models, templates, and programmatic workflows to reduce manual change risk." can lead to the wrong automation action or troubleshooting path.
  • C. Templates prevent repeatable network changes.: This distractor describes the idea that Templates prevent repeatable network changes. In "Which answer is the best source-backed summary of Automation for this Cisco Certified Network Professional Enterprise topic?", that misses the required action because the correct response is "Network automation uses APIs, data models, templates, and programmatic workflows to reduce manual change risk.". On the job, mixing up that distractor with "Network automation uses APIs, data models, templates, and programmatic workflows to reduce manual change risk." can lead to the wrong automation action or troubleshooting path.

Objective/domain: Automation (ENCOR-automation)

Source: Cisco 350-401 ENCOR exam topics

Question 8 You are configuring a link aggregation bundle between a Cisco Catalyst switch and a non-Cisco server. The channel must dynamic negotiate states and use an open standard. Which protocol and configuration modes should you use?

Answer choices

  1. A. LACP; 'Active' on the switch and 'Passive' or 'Active' on the server.
  2. B. PAgP; 'Desirable' on the switch and 'Auto' on the server.
  3. C. LACP; 'Desirable' on the switch and 'Active' on the server.
  4. D. PAgP; 'Active' on the switch and 'Passive' on the server.

Correct answer

LACP; 'Active' on the switch and 'Passive' or 'Active' on the server.

Correct answer: LACP; 'Active' on the switch and 'Passive' or 'Active' on the server. LACP (Link Aggregation Control Protocol) is the open-standard (IEEE 802.3ad) protocol for dynamic EtherChannel negotiation, making it suitable for interoperability with non-Cisco equipment. PAgP is Cisco-proprietary. LACP uses the modes 'Active' (initiates negotiation) and 'Passive' (responds). For a channel to form, at least one side must be Active.

Wrong-answer review

  • B. PAgP; 'Desirable' on the switch and 'Auto' on the server.: PAgP; 'Desirable' on the switch and 'Auto' on the server is incorrect because PAgP is Cisco-proprietary and cannot be used to negotiate with a non-Cisco server.
  • C. LACP; 'Desirable' on the switch and 'Active' on the server.: LACP; 'Desirable' on the switch and 'Active' on the server is incorrect because 'Desirable' is a PAgP mode, not an LACP mode.
  • D. PAgP; 'Active' on the switch and 'Passive' on the server.: PAgP; 'Active' on the switch and 'Passive' on the server is incorrect because 'Active' and 'Passive' are LACP modes, not PAgP modes.

Objective/domain: Infrastructure (ENCOR-infrastructure)

Source: Configuring EtherChannels

Question 9 Which statement best matches Network Assurance for CCNP practice?

Answer choices

  1. A. Network assurance uses telemetry, logging, monitoring, and troubleshooting data to verify behavior.
  2. B. Telemetry is unrelated to troubleshooting.
  3. C. Monitoring replaces the need to understand symptoms.
  4. D. Network assurance means deleting logs after every change.

Correct answer

Network assurance uses telemetry, logging, monitoring, and troubleshooting data to verify behavior.

Correct answer: Network assurance uses telemetry, logging, monitoring, and troubleshooting data to verify behavior. Assurance topics test whether engineers can observe, verify, and troubleshoot enterprise networks.

Wrong-answer review

  • B. Telemetry is unrelated to troubleshooting.: This distractor describes the idea that Telemetry is unrelated to troubleshooting. In "Which statement best matches Network Assurance for CCNP practice?", that misses the required action because the correct response is "Network assurance uses telemetry, logging, monitoring, and troubleshooting data to verify behavior.". On the job, mixing up that distractor with "Network assurance uses telemetry, logging, monitoring, and troubleshooting data to verify behavior." can lead to the wrong network assurance action or troubleshooting path.
  • C. Monitoring replaces the need to understand symptoms.: This distractor describes the idea that Monitoring replaces the need to understand symptoms. In "Which statement best matches Network Assurance for CCNP practice?", that misses the required action because the correct response is "Network assurance uses telemetry, logging, monitoring, and troubleshooting data to verify behavior.". On the job, mixing up that distractor with "Network assurance uses telemetry, logging, monitoring, and troubleshooting data to verify behavior." can lead to the wrong network assurance action or troubleshooting path.

Objective/domain: Network Assurance (ENCOR-assurance)

Source: Cisco 350-401 ENCOR exam topics

Question 10 Which answer is the best source-backed summary of Security for this Cisco Certified Network Professional Enterprise topic?

Answer choices

  1. A. Device hardening is unrelated to production networks.
  2. B. Enterprise network security requires enabling unauthenticated management access.
  3. C. Enterprise network security includes device hardening, secure access, segmentation, and threat-aware controls.
  4. D. Segmentation makes every system publicly reachable.

Correct answer

Enterprise network security includes device hardening, secure access, segmentation, and threat-aware controls.

Correct answer: Enterprise network security includes device hardening, secure access, segmentation, and threat-aware controls. ENCOR security topics connect access control, segmentation, and operational protection.

Wrong-answer review

  • A. Device hardening is unrelated to production networks.: This distractor describes the idea that Device hardening is unrelated to production networks. In "Which answer is the best source-backed summary of Security for this Cisco Certified Network Professional Enterprise topic?", that misses the required action because the correct response is "Enterprise network security includes device hardening, secure access, segmentation, and threat-aware controls.". On the job, mixing up that distractor with "Enterprise network security includes device hardening, secure access, segmentation, and threat-aware controls." can lead to the wrong security action or troubleshooting path.
  • B. Enterprise network security requires enabling unauthenticated management access.: This distractor describes the idea that Enterprise network security requires enabling unauthenticated management access. In "Which answer is the best source-backed summary of Security for this Cisco Certified Network Professional Enterprise topic?", that misses the required action because the correct response is "Enterprise network security includes device hardening, secure access, segmentation, and threat-aware controls.". On the job, mixing up that distractor with "Enterprise network security includes device hardening, secure access, segmentation, and threat-aware controls." can lead to the wrong security action or troubleshooting path.

Objective/domain: Security (ENCOR-security)

Source: Cisco 350-401 ENCOR exam topics

Where to go after the daily web set

How are CCNP questions generated?

dotCreds builds CCNP practice questions from public exam objectives and Cisco exam and documentation references. The questions are written for realistic study practice, not copied from exam dumps.

How are explanations sourced?

Each question includes an explanation and, when available, a source link back to the provider documentation or reference used to validate the answer. That keeps the practice tied to study material you can actually review.

What score do I get?

The page tracks today's answered count and accuracy for the 10-question daily set, then saves a 7-day score history on this device so you can see your recent practice trend.

Why use this site?

The site is the fastest way to start CCNP practice without installing anything. It is built for daily recall, quick weak-topic discovery, and source-backed explanations you can review immediately.

Why use the app when available?

The web page is the quick daily practice layer. If a dotCreds app is available for CCNP, the app is better for larger banks, focused weak-domain drills, longer review sessions, and mobile study routines.

More Cisco practice tests

If you're studying adjacent Cisco certs, these pages use the same daily-question format with source-backed explanations.

CCNA Practice Test