Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertifications350-401DomainsEnterprise Network Design
350-401Free — No Signup

Enterprise Network Design

Practice 350-401 Enterprise Network Design questions with full explanations on every answer.

44questions

Start practicing

Enterprise Network Design — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

350-401 Domains

ArchitectureEnterprise Network DesignSD-Access ArchitectureSD-WAN ArchitectureQoS ArchitectureVirtualizationNetwork Function VirtualizationVirtual Machines and HypervisorsVRF and Path IsolationInfrastructureOSPFBGPEIGRPVLANs and TrunkingSpanning Tree ProtocolEtherChannelWireless InfrastructureMPLSWAN TechnologiesNAT and DHCPIP MulticastQoSNetwork AssuranceSNMP and SyslogNetFlow and TelemetrySPAN and RSPANIP SLASecurityAAA, RADIUS, and TACACS+ACLs and CoPP802.1X and TrustSecVPN TechnologiesInfrastructure SecurityAutomationPython for Network AutomationAnsible AutomationREST APIs and Data ModelsCisco DNA CenterModel-Driven Telemetry

Practice Enterprise Network Design questions

10Q20Q30Q50Q

All 350-401 Enterprise Network Design questions (44)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A large enterprise is redesigning its campus network to support 5000 users across three buildings. The design must provide high availability and fast convergence in case of a link failure. The network engineer is considering using Spanning Tree Protocol (STP) in the access layer. What is the primary design concern with using STP in this scenario?

2

A company is deploying a new data center and needs to choose between a three-tier (core, aggregation, access) and a spine-leaf architecture. The network engineer is concerned about east-west traffic patterns for server virtualization. Which architecture is most suitable and why?

3

An enterprise network is experiencing high CPU utilization on the distribution layer switches. The design uses VLANs with SVIs for inter-VLAN routing, and HSRP for first-hop redundancy. The engineer notices that the standby switch is also experiencing high CPU. What is the most likely cause?

4

A network engineer is designing a WAN connection for a branch office that requires high availability and bandwidth aggregation. The branch has two internet connections from different ISPs. The engineer wants to use both links actively for load balancing and failover. Which design approach should be used?

5

A campus network uses a collapsed core design with two distribution switches and multiple access switches. The engineer wants to ensure that if one distribution switch fails, the access switches can still reach the core. The access switches are connected to both distribution switches. What additional configuration is required on the access switches?

6

An enterprise is migrating from a traditional three-tier campus design to a software-defined access (SD-Access) fabric. The engineer needs to ensure that the existing wireless infrastructure integrates seamlessly. Which component of SD-Access is responsible for integrating wireless and wired policies?

7

A network engineer is designing a data center network using Cisco ACI. The design must support multiple tenants with isolated policies. The engineer needs to ensure that traffic between endpoints in different tenants is blocked by default. Which ACI construct provides this isolation?

8

A company is deploying a new branch office with 50 users. The branch needs to connect to the headquarters via a WAN link. The engineer wants to use a design that minimizes the need for routing protocol configuration at the branch while still providing redundancy. Which design is most appropriate?

9

An enterprise network uses OSPF in the core and EIGRP in the campus distribution layer. The engineer needs to redistribute routes between the two protocols. Which design consideration is most important to prevent routing loops?

10

An architect is designing an SD-Access fabric for a campus network that must support dynamic endpoint grouping based on user identity and device type. The design must minimize manual policy configuration and allow the fabric to enforce access policies at the edge. Which combination of components and protocols is required to meet these requirements?

11

A network team is designing an SD-WAN overlay for a multinational enterprise with 500+ branch sites. The design must ensure that control plane traffic (e.g., OMP updates) is encrypted and authenticated between all vSmart controllers and vEdge routers, while allowing data plane traffic to use IPsec tunnels between branch sites directly. Which architectural element is responsible for orchestrating the initial authentication and certificate enrollment of all SD-WAN devices?

12

An enterprise is redesigning its WAN QoS architecture to support real-time voice, video, and critical data applications over a limited bandwidth link. The architect must ensure that voice traffic receives strict priority queuing and that video traffic is guaranteed a minimum bandwidth, while allowing best-effort traffic to use remaining capacity. Which queuing strategy should be deployed on the WAN edge routers?

13

A service provider is deploying NFV to host virtual network functions (VNFs) such as firewalls, routers, and WAN optimizers on a single server. The design must support service chaining, where traffic flows through multiple VNFs in a specific order, and must allow dynamic insertion of new VNFs without re-cabling. Which technology should be used to implement the service chain?

14

A data center architect is designing a virtualized environment to host critical applications. The design must maximize performance by allowing virtual machines (VMs) to directly access physical CPU cores and memory without hypervisor overhead for latency-sensitive workloads. Which hypervisor configuration should be used?

15

A network architect is designing a campus network for a large university with 10,000+ users. The design must provide high availability, minimize failure domains, and allow for easy scaling of the access layer. The core layer should be resilient and support fast convergence. Which hierarchical design model best meets these requirements?

16

An enterprise is deploying Cisco SD-WAN and must ensure that data plane traffic between branch sites is encrypted and authenticated. The design must also allow the use of application-aware routing to steer traffic based on real-time performance metrics. Which component is responsible for establishing and managing the IPsec tunnels between branch routers?

17

A network architect is designing QoS for a converged network carrying voice, video, and data. The design must use the DiffServ model and ensure that voice traffic is marked with the highest priority and that video traffic is marked with a lower priority but still above data. Which DSCP markings should be assigned to voice and video traffic, respectively, to comply with the standard Per-Hop Behavior (PHB) definitions?

18

An enterprise is migrating its data center to a leaf-spine architecture to support high east-west traffic between servers. The design must provide non-blocking forwarding and allow for easy scaling by adding more spines. Which characteristic is essential for the spine switches in this design?

19

Examine the following configuration snippet: interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip ospf network point-to-point ip ospf hello-interval 10 ip ospf dead-interval 40 ! router ospf 1 network 192.168.1.0 0.0.0.255 area 0 What is the effect of this configuration?

20

Consider this configuration: interface GigabitEthernet0/2 switchport mode trunk switchport trunk native vlan 10 switchport trunk allowed vlan 10,20,30 ! interface Vlan10 ip address 192.168.10.1 255.255.255.0 Which statement is true about this configuration?

21

Given the following configuration: router eigrp TEST network 10.0.0.0 0.255.255.255 network 192.168.1.0 ! interface GigabitEthernet0/0 ip address 10.1.1.1 255.255.255.0 ip summary-address eigrp TEST 10.0.0.0 255.0.0.0 5 What is the effect of the ip summary-address command?

22

Examine this configuration: policy-map QOS_POLICY class VOICE priority percent 10 class VIDEO bandwidth percent 30 class class-default fair-queue ! interface GigabitEthernet0/0 service-policy output QOS_POLICY What is the effect of this policy-map?

23

Consider the following configuration: router bgp 65000 bgp router-id 192.168.0.1 neighbor 10.0.0.2 remote-as 65001 neighbor 10.0.0.2 ebgp-multihop 2 neighbor 10.0.0.2 update-source Loopback0 ! interface Loopback0 ip address 192.168.0.1 255.255.255.255 What is missing for this BGP session to establish?

24

Given this configuration: interface GigabitEthernet0/0 ip address 172.16.1.1 255.255.255.0 ip pim sparse-mode ! interface GigabitEthernet0/1 ip address 172.16.2.1 255.255.255.0 ip pim sparse-mode ! ip pim rp-address 172.16.1.1 What is the effect of this configuration?

25

What is the default OSPF hello interval on an Ethernet broadcast network?

26

Which BGP attribute is preferred when the local preference is equal?

27

What is the maximum hop count for EIGRP?

28

Drag and drop the steps of the PPDIOO network lifecycle into the correct order, from first to last.

29

Drag and drop the steps of the hierarchical campus network design process into the correct order, from first to last.

30

Drag and drop the steps of the SD-Access fabric deployment sequence into the correct order, from first to last.

31

Drag and drop the steps of hierarchical LAN design implementation phases into the correct order, from first to last.

32

Drag and drop the steps of network documentation and change management workflow into the correct order, from first to last.

33

Drag and drop the steps of IP addressing scheme design and subnetting steps into the correct order, from first to last.

34

Drag and drop the steps of disaster recovery failover process into the correct order, from first to last.

35

Drag and drop the steps of network audit and gap analysis steps into the correct order, from first to last.

36

Drag and drop each network design tier on the left to its matching function on the right.

37

Drag and drop each PPDIOO phase on the left to its matching activity on the right.

38

Drag and drop each First Hop Redundancy Protocol on the left to its matching function on the right.

39

Drag and drop each Cisco campus design model component on the left to its matching description on the right.

40

Drag and drop each WAN topology type on the left to its matching characteristic on the right.

41

Which two statements about the Cisco Enterprise Campus Architecture are true? (Choose two.)

42

Which three statements about the Cisco Enterprise WAN design principles are true? (Choose three.)

43

Which two statements about network design for high availability are true? (Choose two.)

44

Which three statements about Cisco SD-Access design are true? (Choose three.)

Practice all 44 Enterprise Network Design questions

Other 350-401 exam domains

ArchitectureSD-Access ArchitectureSD-WAN ArchitectureQoS ArchitectureVirtualizationNetwork Function VirtualizationVirtual Machines and HypervisorsVRF and Path IsolationInfrastructureOSPFBGPEIGRPVLANs and TrunkingSpanning Tree ProtocolEtherChannelWireless InfrastructureMPLSWAN TechnologiesNAT and DHCPIP MulticastQoSNetwork AssuranceSNMP and SyslogNetFlow and TelemetrySPAN and RSPANIP SLASecurityAAA, RADIUS, and TACACS+ACLs and CoPP802.1X and TrustSecVPN TechnologiesInfrastructure SecurityAutomationPython for Network AutomationAnsible AutomationREST APIs and Data ModelsCisco DNA CenterModel-Driven Telemetry

Frequently asked questions

What does the Enterprise Network Design domain cover on the 350-401 exam?

The Enterprise Network Design domain covers the key concepts tested in this area of the 350-401 exam blueprint published by Cisco. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all 350-401 domains — no account required.

How many Enterprise Network Design questions are in the 350-401 question bank?

The Courseiva 350-401 question bank contains 44 questions in the Enterprise Network Design domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Enterprise Network Design for 350-401?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Enterprise Network Design questions for 350-401?

Yes — the session launcher on this page draws questions exclusively from the Enterprise Network Design domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your 350-401 domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

200-301350-701SY0-701