Implementing Cisco Enterprise Network Core Technologies (350-401 ENCOR)

This page breaks 350-401 ENCOR (Implementing and Administering Cisco Solutions) into 10 focused sections aligned to the official exam topics. Work through the sections in order, then switch to mixed practice to simulate real test conditions.

Vendor: Cisco Credential: Cisco Certified Specialist – Enterprise Core (Core exam for CCNP Enterprise) Exam: 350-401 ENCOR Practice: domain then mixed
Start practicing Back to hub ↗

350-401 ENCOR coverage (10 sections)

Use the practice button on each card to open the quiz set for that domain in a new tab.

Enterprise Network Design Principles and High Availability

S01

What you will practice:

  • Enterprise design principles
  • High-level enterprise designs 2-tier, 3-tier, fabric, cloud
  • What problems each model solves
  • Enterprise design principles
  • High-level enterprise designs: 2-tier, 3-tier, fabric, cloud
  • What problems each model solves (scale, segmentation, resiliency, operational simplicity)
  • Where each is typically used (campus vs DC vs hybrid/cloud edge)
  • Key design tradeoffs (cost vs complexity vs convergence vs fault domains)
  • High availability techniques: redundancy, FHRP, SSO
  • Redundancy patterns: device redundancy, link redundancy, path diversity
  • First Hop Redundancy Protocols (conceptual role in HA, gateway resiliency)
  • Stateful Switchover (SSO) concept and why it matters for uptime
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

Cisco Catalyst SD-WAN Architecture and Working Principles

S02

What you will practice:

  • Catalyst SD-WAN working principles
  • Control plane vs data plane elements
  • Control-plane roles and how policies/intent are distributed
  • Catalyst SD-WAN working principles
  • Control plane vs data plane elements (what each plane does, who participates)
  • Control-plane roles and how policies/intent are distributed
  • Data-plane forwarding behavior and traffic engineering intent
  • Benefits and limitations of Catalyst SD-WAN
  • Why SD-WAN is adopted (policy at scale, path selection, app awareness, centralized control)
  • Limitations/constraints (operational dependencies, design constraints, migration considerations)
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

Cisco SD-Access Architecture and Interoperability with Traditional Campus

S03

What you will practice:

  • SD-Access working principles
  • Control plane vs data plane elements in SD-Access
  • How fabric intent is built, distributed, and enforced
  • SD-Access working principles
  • Control plane vs data plane elements in SD-Access
  • How fabric intent is built, distributed, and enforced (high-level)
  • How endpoints are learned/segmented in a fabric design (conceptual)
  • Traditional campus interoperating with SD-Access
  • Coexistence patterns: where traditional switching/routing ends and fabric begins
  • Migration and boundary considerations (segmentation, routing handoff, operational workflows)
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

QoS Interpretation (Enterprise QoS Configurations)

S04

What you will practice:

  • Interpret QoS configurations
  • Identify QoS building blocks in configurations
  • Classification and marking concepts
  • Interpret QoS configurations
  • Identify QoS building blocks in configurations (recognize intent from CLI)
  • Classification and marking concepts (how traffic is identified and labeled)
  • Queuing and congestion management concepts (how priority and fairness are enforced)
  • Policing vs shaping concepts (rate enforcement vs smoothing)
  • Map QoS configuration intent to outcomes (latency/jitter-sensitive vs bulk traffic)
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

Virtualization Fundamentals: Hypervisors, VMs, Virtual Switching

S05

What you will practice:

  • Device virtualization technologies
  • Hypervisors Type 1 vs Type 2
  • Architectural difference and typical enterprise usage implications
  • Device virtualization technologies
  • Hypervisors: Type 1 vs Type 2
  • Architectural difference and typical enterprise usage implications
  • Virtual machines (VM concepts relevant to network engineers)
  • VM resource abstraction (vCPU, vNICs, virtual disks) and impact on networking
  • Virtual switching
  • Switching inside a hypervisor and how traffic hits the physical network (high-level)
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

Data-Path Virtualization: VRF, GRE, IPsec Tunneling

S06

What you will practice:

  • Configure and verify data-path virtualization
  • VRF
  • Segregated routing tables, overlapping IP addressing use cases
  • Configure and verify data-path virtualization
  • VRF (Virtual Routing and Forwarding)
  • Segregated routing tables, overlapping IP addressing use cases
  • Route leaking concepts (controlled inter-VRF communication)
  • Verification mindset (confirming isolation and correct table usage)
  • GRE tunneling
  • Encapsulation purpose and common design scenarios
  • IPsec tunneling
  • Why encrypt tunnels, basic components and verification intent (conceptual)
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

Network Virtualization Concepts: LISP and VXLAN

S07

What you will practice:

  • Network virtualization concepts
  • LISP
  • Separation conceptsand why it helps in scalable mobility/segmentation designs
  • Network virtualization concepts
  • LISP
  • Separation concepts (identity vs location) and why it helps in scalable mobility/segmentation designs (high-level)
  • VXLAN
  • Overlay network concept, why overlays scale segmentation across L3 underlays
  • Where VXLAN shows up (campus/DC overlays, fabric-style designs)
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

Infrastructure Core: Layer 2 Technologies (Troubleshooting + STP Enhancements)

S08

What you will practice:

  • Layer 2core operations
  • Troubleshoot 802.1Q trunking
  • Mismatches and misconfig patterns
  • Layer 2 (L2) core operations
  • Troubleshoot 802.1Q trunking (static and dynamic)
  • Mismatches and misconfig patterns (allowed VLANs, native VLAN, encapsulation expectations)
  • How to validate trunk state and VLAN propagation from outputs
  • Troubleshoot EtherChannel (static and dynamic)
  • Typical causes of bundle failure (inconsistent config, LACP negotiation issues)
  • Verification approach (port-channel state, member consistency)
  • Configure and verify STP (RSTP, MST) + enhancements
  • RSTP vs MST: why MST exists and what it changes operationally
  • Enhancements: root guard and BPDU guard (what each protects against)
  • Interpret STP states/roles and convergence expectations
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

Infrastructure Core: Layer 3 Routing + Enterprise IP Services

S09

What you will practice:

  • Layer 3routing core
  • Compare EIGRP and OSPF routing concepts
  • Advanced distance-vector vs link-state
  • Layer 3 (L3) routing core
  • Compare EIGRP and OSPF routing concepts
  • Advanced distance-vector vs link-state (how they compute paths)
  • Load balancing approaches and path selection logic
  • Metrics, operations, and (for OSPF) the importance of area concepts
  • Configure OSPFv2/v3 with multiple normal areas
  • Neighbor adjacency requirements and common failure causes
  • Network types: point-to-point and broadcast; passive-interface use
  • Summarization and filtering (where applied and why)
  • Configure and verify eBGP (directly connected neighbors)
  • Neighbor relationships and what must be true for peering
  • Best-path selection algorithm (high-level reasoning to predict route choice)
  • Policy-based routing (PBR)
  • Use cases: steer traffic by source/app/ACL match rather than destination-only logic
  • IP Services
  • Time services: interpret NTP and PTP configurations
  • NAT/PAT configuration
  • FHRP configuration: HSRP, VRRP
  • Multicast protocol awareness: RPF check, PIM SM, IGMP v2/v3, SSM, bidir, MSDP
  • Recognize what each component is used for in enterprise multicast designs
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

Network Assurance + Security + Automation and AI (Operations + Programmability)

S10

What you will practice:

  • A) Network Assurance
  • Diagnose network problems using debugs, conditional debugs, traceroute, ping, SNMP, syslog
  • Configure/verify Flexib…
  • A) Network Assurance
  • Diagnose network problems using: debugs, conditional debugs, traceroute, ping, SNMP, syslog
  • Configure/verify Flexible NetFlow
  • Configure SPAN/RSPAN/ERSPAN
  • Configure/verify IP SLA
  • Describe how Cisco Catalyst Center (DNA Center) is used for configuration/monitoring/management using traditional + AI-powered workflows
  • Configure/verify NETCONF and RESTCONF
  • B) Security
  • Device access control:
  • Lines and local user authentication
  • AAA authentication/authorization
  • Infrastructure security features:
  • ACLs
  • Control Plane Policing (CoPP)
  • REST API security (high-level)
  • Components of network security design: threat defense, endpoint security, NGFW, TrustSec, MACsec
  • C) Automation and Artificial Intelligence
  • Interpret basic Python components/scripts
  • Construct valid JSON files
  • Principles/benefits of data modeling (e.g., YANG)
  • APIs for Cisco Catalyst Center and SD-WAN Manager
  • Interpret REST API response codes + payload results (Catalyst Center + RESTCONF)
  • Construct an EEM applet for automation (config, troubleshooting, data collection)
  • Compare agent vs agentless orchestration tools
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

FAQ

How should I use the 10 sections on this page for 350-401 ENCOR?

Work section-by-section. For each section, complete the practice set, review explanations, then repeat until you can configure, verify, and troubleshoot without notes. After all sections, switch to mixed practice that blends technologies (routing, switching, wireless, security, and automation) because ENCOR scenarios often span multiple domains.

Is this outline aligned to the real 350-401 ENCOR exam topics?

Yes. The sections are organized around the current ENCOR blueprint themes: enterprise network architecture and design, virtualization and overlays, infrastructure services, security, assurance, wireless, and automation/programmability.

What is the relationship between ENCOR and CCNP Enterprise?

ENCOR (350-401) is the core exam for the CCNP Enterprise track. To earn the CCNP Enterprise certification, you pass ENCOR and one Enterprise concentration exam (for example, ENARSI or an SD-WAN/SD-Access concentration). ENCOR is also used for the Cisco Certified Specialist – Enterprise Core credential.

What score do I need to pass 350-401 ENCOR?

Cisco does not publish a fixed passing score. Treat ENCOR as an applied exam: prioritize hands-on configuration and verification, understand why each feature is used, and practice troubleshooting and interpreting outputs under time pressure.

Do the practice buttons open in a new tab?

Yes. Each section includes a Practice button that opens the quiz set for that section in a new tab so you can keep this blueprint page available while you work.