Cisco ENCOR 350-401 Practice Test

Cisco ENCOR 350-401 is the core exam used for CCNP Enterprise and related enterprise-networking paths. It tests enterprise architecture, virtualization, infrastructure, network assurance, security, and automation judgment at a deeper level than CCNA.

This page includes 12 original sample questions for initial review. Full IT Mastery practice for Cisco ENCOR is not live yet; use the preview to test fit and use the Notify me form if this is your target route.

What this route should test

• selecting enterprise designs for campus, WAN, wireless, and cloud-connected networks
• troubleshooting routing, switching, redundancy, multicast, QoS, and network-assurance symptoms
• applying infrastructure security, segmentation, device-hardening, and access-control reasoning
• recognizing automation, programmability, telemetry, and controller-based design choices

Sample Exam Questions

These questions are original IT Mastery preview items. They are written for ENCOR-style enterprise networking judgment, not as official Cisco exam questions.

Question 1

Topic: enterprise architecture

An enterprise campus design must support predictable growth, clear fault isolation, and consistent policy boundaries between access blocks. Which design principle is most useful?

• A. Put every endpoint in one large VLAN
• B. Use a modular hierarchical design with defined access, distribution, and core responsibilities
• C. Disable routing between buildings
• D. Replace all redundancy with one uplink

Best answer: B

Explanation: Modular hierarchical design improves scalability, policy placement, failure isolation, and operational clarity. A flat network or single uplink can make troubleshooting and growth harder.

Question 2

Topic: routing behavior

Two routing protocols advertise the same prefix with the same prefix length. What does the router normally compare first when choosing between different routing sources?

• A. Interface description
• B. ACL sequence number
• C. VLAN name
• D. Administrative distance

Best answer: D

Explanation: When prefix length is equal but routes come from different sources, administrative distance helps choose the more trusted source. Metrics are compared within the same routing protocol after route source is selected.

Question 3

Topic: first-hop redundancy

Hosts in a VLAN need default-gateway resilience without changing their configured gateway during a router failure. Which concept applies?

• A. First-hop redundancy using a shared virtual gateway
• B. DNS round robin only
• C. Static ARP entries on every host
• D. SNMP polling

Best answer: A

Explanation: First-hop redundancy protocols provide a virtual gateway that remains available when one physical gateway fails. DNS and SNMP do not provide default-gateway failover for local hosts.

Question 4

Topic: network assurance

After a change window, application latency rises only for one branch. Which evidence is most useful before reversing unrelated changes?

• A. The branch office logo file
• B. A list of unused VLAN names
• C. Path, interface, QoS, routing, and telemetry data before and after the change
• D. The number of switch LEDs in the building

Best answer: C

Explanation: Enterprise troubleshooting should use objective evidence. Path changes, interface counters, QoS behavior, routing state, and telemetry can isolate whether the change affected traffic handling.

Question 5

Topic: virtualization

A data center uses multiple virtual networks over shared physical infrastructure. What problem does network virtualization primarily help solve?

• A. It removes the need for IP addressing
• B. It lets logical network segments share physical infrastructure while preserving separation
• C. It makes every packet public
• D. It disables routing

Best answer: B

Explanation: Network virtualization supports logical segmentation over shared physical resources. It helps scale tenant, application, or service separation without requiring fully separate hardware for every segment.

Question 6

Topic: infrastructure security

A network team wants to reduce unauthorized management access to infrastructure devices. Which control set is most appropriate?

• A. Telnet from any source and shared local passwords
• B. Public SNMP write access
• C. One administrative account for all engineers
• D. AAA, SSH, management-plane ACLs, role-based access, and logging

Best answer: D

Explanation: Device management should use authenticated, encrypted, authorized, and logged access. AAA, SSH, restricted management sources, RBAC, and logging reduce exposure and improve accountability.

Question 7

Topic: wireless design

A wireless deployment suffers from roaming delays for voice clients moving between access points. What should be reviewed?

• A. RF design, controller settings, authentication method, roaming support, and client behavior
• B. The color of access point labels
• C. Whether wired ports use descriptions
• D. The name of the help desk queue

Best answer: A

Explanation: Roaming performance depends on RF coverage, controller design, authentication, fast-roaming capabilities, and client behavior. Voice workloads are sensitive to delay and packet loss.

Question 8

Topic: automation

An operations team wants network changes to be repeatable, reviewed, and version controlled. Which practice is most aligned?

• A. Manual console-only changes with no record
• B. Random changes during outages
• C. Infrastructure-as-code with peer review, testing, and source control
• D. Disabling configuration backups

Best answer: C

Explanation: Infrastructure-as-code can make changes repeatable and auditable. Review, testing, and source control reduce drift and support safer operations.

Question 9

Topic: multicast

A video application sends one stream that multiple receivers need to watch. What is the primary benefit of multicast?

• A. It can reduce duplicate traffic by delivering one stream to many interested receivers
• B. It encrypts all traffic automatically
• C. It replaces all routing protocols
• D. It works only on a single host

Best answer: A

Explanation: Multicast supports one-to-many delivery without sending separate unicast copies to every receiver. It still requires proper routing, group management, and design.

Question 10

Topic: QoS

Voice traffic becomes choppy during large file transfers. Which design action is most relevant?

• A. Remove all markings
• B. Disable queuing
• C. Treat all traffic identically during congestion
• D. Classify and prioritize delay-sensitive voice traffic while policing or shaping where appropriate

Best answer: D

Explanation: QoS helps manage congestion by classifying, marking, queuing, shaping, or policing traffic based on requirements. Voice requires low delay, jitter, and loss.

Question 11

Topic: segmentation

An enterprise wants contractors to reach a limited set of internal applications without accessing employee-only systems. Which design direction is most appropriate?

• A. Segmentation with explicit policy controlling permitted flows
• B. One unrestricted flat network
• C. Shared administrator access
• D. Public access to all internal applications

Best answer: A

Explanation: Segmentation and policy enforcement limit blast radius and support least privilege. Contractor access should be constrained to authorized applications and monitored.

Question 12

Topic: telemetry

Why might streaming telemetry be preferred over periodic manual CLI collection?

• A. It removes all need for monitoring
• B. It disables troubleshooting
• C. It provides structured, continuous operational data for faster analysis and automation
• D. It can only report device hostnames

Best answer: C

Explanation: Streaming telemetry can provide structured near-real-time data for dashboards, alerting, baselining, and automation. It is more scalable than manual screen scraping.

ENCOR readiness checklist

Related pages

• Cisco CCNA 200-301
• Cisco DevNet Associate 200-901
• Cisco SCOR 350-701