Duration: 120 minutes
Languages: English and Japanese
Associated certifications
CCNP Enterprise
CCIE Enterprise Infrastructure
CCIE Enterprise Wireless
Cisco Certified Specialist – Enterprise Core
Exam overview
This exam tests your knowledge and skills related to implementing core enterprise network technologies, including:
Dual stack (IPv4 and IPv6) architecture
Virtualization
Infrastructure
Network assurance
Security
Automation
Examkingdom Cisco 350-401 Exam pdf,
Best Cisco 350-401 Downloads, Cisco 350-401 Dumps at Certkingdom.com
Exam Description:
Implementing Cisco Enterprise Network Core Technologies v1.0 (ENCOR 350-401) is a 120-minute exam associated with the CCNP and CCIE Enterprise Certifications. This exam tests a candidate’s knowledge of implementing core enterprise network technologies including dual stack (IPv4 and IPv6) architecture, virtualization, infrastructure, network assurance, security and automation. The course, Implementing Cisco Enterprise Network Core Technologies, helps candidates to prepare for this exam.
The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. To better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.
15% 1.0 Architecture 1.1 Explain the different design principles used in an enterprise network 1.1.a Enterprise network design such as Tier 2, Tier 3, and Fabric Capacity planning 1.1.b High availability techniques such as redundancy, FHRP, and SSO 1.2 Analyze design principles of a WLAN deployment 1.2.a Wireless deployment models (centralized, distributed, controller-less, controller based, cloud, remote branch) 1.2.b Location services in a WLAN design 1.3 Differentiate between on-premises and cloud infrastructure deployments 1.4 Explain the working principles of the Cisco SD-WAN solution 1.4.a SD-WAN control and data planes elements 1.4.b Traditional WAN and SD-WAN solutions 1.5 Explain the working principles of the Cisco SD-Access solution 1.5.a SD-Access control and data planes elements 1.5.b Traditional campus interoperating with SD-Access 1.6 Describe concepts of wired and wireless QoS 1.6.a QoS components 1.6.b QoS policy 1.7 Differentiate hardware and software switching mechanisms 1.7.a Process and CEF 1.7.b MAC address table and TCAM 1.7.c FIB vs. RIB 10% 2.0 Virtualization 2.1 Describe device virtualization technologies 2.1.a Hypervisor type 1 and 2 2.1.b Virtual machine 2.1.c Virtual switching 2.2 Configure and verify data path virtualization technologies 2.2.a VRF 2.2.b GRE and IPsec tunneling 2.3 Describe network virtualization concepts 2.3.a LISP 2.3.b VXLAN 30% 3.0 Infrastructure 3.1 Layer 2 3.1.a Troubleshoot static and dynamic 802.1q trunking protocols 3.1.b Troubleshoot static and dynamic EtherChannels 3.1.c Configure and verify common Spanning Tree Protocols (RSTP and MST) 3.2 Layer 3 3.2.a Compare routing concepts of EIGRP and OSPF (advanced distance vector vs. link state, load balancing, path selection, path operations, metrics) 3.2.b Configure and verify simple OSPF environments, including multiple normal areas, summarization, and filtering (neighbor adjacency, point-to-point and broadcast network types, and passive interface) 3.2.c Configure and verify eBGP between directly connected neighbors (best path selection algorithm and neighbor relationships) 3.3 Wireless 3.3.a Describe Layer 1 concepts, such as RF power, RSSI, SNR, interference noise, band and channels, and wireless client devices capabilities 3.3.b Describe AP modes and antenna types 3.3.c Describe access point discovery and join process (discovery algorithms, WLC selection process) 3.3.d Describe the main principles and use cases for Layer 2 and Layer 3 roaming 3.3.e Troubleshoot WLAN configuration and wireless client connectivity issues 3.4 IP Services 3.4.a Describe Network Time Protocol (NTP) 3.4.b Configure and verify NAT/PAT 3.4.c Configure first hop redundancy protocols, such as HSRP and VRRP 3.4.d Describe multicast protocols, such as PIM and IGMP v2/v3 | 10% 4.0 Network Assurance 4.1 Diagnose network problems using tools such as debugs, conditional debugs, trace route, ping, SNMP, and syslog 4.2 Configure and verify device monitoring using syslog for remote logging 4.3 Configure and verify NetFlow and Flexible NetFlow 4.4 Configure and verify SPAN/RSPAN/ERSPAN 4.5 Configure and verify IPSLA 4.6 Describe Cisco DNA Center workflows to apply network configuration, monitoring, and management 4.7 Configure and verify NETCONF and RESTCONF 20% 5.0 Security 5.1 Configure and verify device access control 5.1.a Lines and password protection 5.1.b Authentication and authorization using AAA 5.2 Configure and verify infrastructure security features 5.2.a ACLs 5.2.b CoPP 5.3 Describe REST API security 5.4 Configure and verify wireless security features 5.4.a EAP 5.4.b WebAuth 5.4.c PSK 5.5 Describe the components of network security design 5.5.a Threat defense 5.5.b Endpoint security 5.5.c Next-generation firewall 5.5.d TrustSec, MACsec 5.5.e Network access control with 802.1X, MAB, and WebAuth 15% 6.0 Automation 6.1 Interpret basic Python components and scripts 6.2 Construct valid JSON encoded file 6.3 Describe the high-level principles and benefits of a data modeling language, such as YANG 6.4 Describe APIs for Cisco DNA Center and vManage 6.5 Interpret REST API response codes and results in payload using Cisco DNA Center and RESTCONF 6.6 Construct EEM applet to automate configuration, troubleshooting, or data collection 6.7 Compare agent vs. agentless orchestration tools, such as Chef, Puppet, Ansible, and SaltStack |
Sample Question and Answers
QUESTION 1
What are two benefits of YANG? (Choose two.)
A. It enforces the use of a specific encoding format for NETCONF.
B. It collects statistical constraint analysis information.
C. It enables multiple leaf statements to exist within a leaf list.
D. It enforces configuration semantics.
E. It enforces configuration constraints.
Answer: A, E
QUESTION 3
Refer to the exhibit.
An engineer must create a configuration that executes the show run command and then terminates the session when user CCNP legs in. Which configuration change is required?
A. Add the access-class keyword to the username command
B. Add the access-class keyword to the aaa authentication command
C. Add the autocommand keyword to the username command
D. Add the autocommand keyword to the aaa authentication command
Answer: C
Explanation:
The •autocommand– causes the specified command to be issued automatically after the user logs
in. When the command is complete, the session is terminated. Because the command can be any
length and can contain embedded spaces, commands using the autocommand keyword must be the
last option on the line. In this specific question, we have to enter this line •username CCNP
autocommand show running-config–.
QUESTION 4
Wireless users report frequent disconnections from the wireless network.
While troubleshooting a network engineer finds that after the user a disconnect, the connection re-establishes automatically
without any input required. The engineer also notices these message logs .
Which action reduces the user impact?
A. increase the AP heartbeat timeout
B. increase BandSelect
C. enable coverage hole detection
D. increase the dynamic channel assignment interval
Answer: D
Explanation:
These message logs inform that the radio channel has been reset (and the AP must be down briefly). With dynamic channel assignment (DCA), the radios can
frequently switch from one channel to another but it also makes disruption. The default DCA interval is 10 minutes,
which is matched with the time of the message logs. By increasing the DCA interval, we can reduce the number of times our users are disconnected for changing radio channels.
QUESTION 6
What is used to perform OoS packet classification?
A. the Options field in the Layer 3 header
B. the Type field in the Layer 2 frame
C. the Flags field in the Layer 3 header
D. the TOS field in the Layer 3 header
Answer: D
Explanation:
Type of service, when we talk about PACKET, means layer 3
QUESTION 7
What is the recommended MTU size for a Cisco SD-Access Fabric?
A. 1500
B. 9100
C. 4464
D. 17914
Answer: B
QUESTION 8
Refer to the Exhibit.
Refer to the exhibit. After configurating an IPsec VPN, an engineer enters the show command to verify the ISAKMP SA status. What does the status show?
A. ISAKMP SA is authenticated and can be used for Quick Mode.
B. Peers have exchanged keys, but ISAKMP SA remains unauthenticated.
C. VPN peers agreed on parameters for the ISAKMP SA
D. ISAKMP SA has been created, but it has not continued to form.
Answer: B
Explanation:
The ISAKMP SA has been authenticated. If the router initiated this exchange, this state transitions
immediately to QM_IDLE, and a Quick Mode exchange begins.
QUESTION 9
Refer to the exhibit.
Which configuration allows Customer2 hosts to access the FTP server of Customer1 that has the IP
address of 192.168.1.200?
A. ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 global
ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 global
ip route 192.168.1.0 255.255.255.0 VlanlO
ip route 172.16.1.0 255.255.255.0 Vlan20
B. ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 Customer2
ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 Customerl
C. ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 Customerl
ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 Customer2
D. ip route vrf Customerl 172.16.1.1 255.255.255.255 172.16.1.1 global
ip route vrf Customer 192.168.1.200 255.255.255.0 192.168.1.1 global
ip route 192.168.1.0 255.255.255.0 VlanlO
ip route 172.16.1.0 255.255.255.0 Vlan20
Answer: A
QUESTION 10
A customer requests a network design that supports these requirements:
Which protocol does the design include?
A. HSRP version 2
B. VRRP version 2
C. GLBP
D. VRRP version 3
Answer: D
QUESTION 11
Which two network problems Indicate a need to implement QoS in a campus network? (Choose two.)
A. port flapping
B. excess jitter
C. misrouted network packets
D. duplicate IP addresses
E. bandwidth-related packet loss
Answer: B, E