Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certifications›350-401›Objectives›SD-Access Architecture
Objective 102.0

SD-Access Architecture

350-401 Practice Questions

Full Practice Test →All Objectives

350-401 SD-Access Architecture — Practice Questions

30 questions from this objective

Question 2hardmultiple choice
Study the full SD-Access breakdown →

A network engineer is deploying Cisco SD-Access in a large enterprise campus. The design requires that all user traffic be segmented by Virtual Network (VN) and that the fabric edge nodes perform SGT-based enforcement. The engineer notices that traffic between two endpoints in the same IP subnet but different VNs is being forwarded directly at the fabric edge without any SGT inspection. What is the most likely cause?

Question 3mediummultiple choice
Open the full VLAN trunking answer →

An enterprise is migrating from a traditional three-tier campus network to Cisco SD-Access. The network engineer has deployed a fabric with a single fabric edge node and a single control plane node. Users in VLAN 10 report that they cannot reach the default gateway, which is a virtual IP on the fabric edge. The fabric edge is configured with a VLAN 10 SVI and the anycast gateway feature is enabled. What is the most likely cause of the problem?

Question 4mediummultiple choice
Study the full SD-Access breakdown →

A network architect is designing an SD-Access fabric for a large enterprise campus. The design must support segmentation at Layer 2 and Layer 3 across the fabric, using a centralized control plane and policy enforcement. Which two protocols are essential for the SD-Access overlay to meet these requirements?

Question 5mediummultiple choice
Study the full SD-Access breakdown →

An architect is planning a Cisco SD-Access fabric deployment. The design must support host mobility across multiple fabric edge nodes while ensuring consistent policy enforcement. Which fabric component is responsible for tracking endpoint locations and mapping them to the fabric?

Question 6mediummultiple choice
Study the full SD-Access breakdown →

A company is deploying an SD-Access fabric with multiple sites connected via a WAN. The design must allow inter-site traffic to be forwarded without requiring a full mesh of VXLAN tunnels between all edge nodes. Which fabric role should be used to interconnect the sites?

Question 7mediummultiple choice
Study the full SD-Access breakdown →

An architect is designing an SD-Access fabric for a campus network that requires segmentation of guest, employee, and IoT traffic. The design must use Cisco TrustSec for policy enforcement. Which component is responsible for assigning the Security Group Tag (SGT) to endpoints upon authentication?

Question 8easymultiple choice
Study the full SD-Access breakdown →

A network team is designing the underlay for an SD-Access fabric. The design must use a routing protocol that supports fast convergence and is commonly recommended for the fabric underlay. Which routing protocol should be used?

Question 9mediummultiple choice
Read the full wireless explanation →

An architect is designing an SD-Access fabric for a campus with multiple buildings. The design must support wireless clients seamlessly roaming across fabric edge nodes. Which technology is used in the fabric to provide mobility for wireless endpoints?

Question 10hardmultiple choice
Study the full SD-Access breakdown →

A company is deploying an SD-Access fabric with a centralized policy model. The design must ensure that all traffic between virtual networks (VNs) is inspected by a firewall. Which fabric role should be used to enforce this inter-VN policy?

Question 11mediummultiple choice
Study the full SD-Access breakdown →

An architect is designing an SD-Access fabric for a campus that requires high availability. The design must ensure that if one fabric edge node fails, endpoints can be re-homed to another edge node without manual intervention. Which feature should be implemented?

Question 12easymultiple choice
Study the full SD-Access breakdown →

A network team is designing an SD-Access fabric for a large enterprise. The design must support automated provisioning and policy management. Which management platform is essential for deploying and managing the fabric?

Question 13mediummultiple choice
Open the full VLAN trunking answer →

Examine the following configuration snippet:

interface GigabitEthernet1/0/1
 switchport mode access
 switchport access vlan 100
 spanning-tree portfast
 spanning-tree bpduguard enable

What is the effect of this configuration?

Question 14mediummultiple choice
Study the full EIGRP explanation →

Consider the following configuration:

router eigrp 100
 network 10.0.0.0 0.255.255.255
 passive-interface default
 no passive-interface GigabitEthernet0/0

Which statement is true about this EIGRP configuration?

Question 15mediummultiple choice
Review the full OSPF breakdown →

Given this OSPF configuration:

router ospf 1

router-id 1.1.1.1

network 192.168.1.0 0.0.0.255 area 0
 network 10.0.0.0 0.255.255.255 area 1

default-information originate always

What is the effect of the 'default-information originate always' command?

Question 16mediummultiple choice
Open the full BGP breakdown →

Examine the following BGP configuration:

router bgp 65001

bgp log-neighbor-changes

neighbor 10.1.1.1 remote-as 65002
 neighbor 10.1.1.1 route-map SET_MED out

! route-map SET_MED permit 10 set metric 50

What is the purpose of this configuration?

Question 17mediummultiple choice
Open the full VLAN trunking answer →

Consider this VLAN configuration on a Cisco switch:

vlan 10

name Sales

vlan 20

name Engineering

interface GigabitEthernet0/1
 switchport mode trunk
 switchport trunk allowed vlan 10,20

What is missing if the switch needs to carry VLAN 30 traffic on this trunk?

Question 18mediummultiple choice
Study the full QoS explanation →

Given the following policy-map:

policy-map QOS_POLICY

class VOICE

priority percent 30

class VIDEO

bandwidth percent 20 queue-limit 100 packets

class class-default

fair-queue

What is the effect of the 'priority percent 30' command in the VOICE class?

Question 19easymultiple choice
Review the full OSPF breakdown →

What is the default OSPF hello interval on an Ethernet link?

Question 20easymultiple choice
Open the full BGP breakdown →

Which BGP attribute is preferred when it has the lowest value?

Question 21easymultiple choice
Study the full EIGRP explanation →

What is the maximum hop count for EIGRP?

Question 22mediumdrag order
Study the full SD-Access breakdown →

Drag and drop the steps of SD-Access fabric node onboarding into DNA Center into the correct order, from first to last.

Question 23mediumdrag order
Study the full SD-Access breakdown →

Drag and drop the steps of SD-Access fabric border handoff configuration into the correct order, from first to last.

Question 24mediumdrag order
Study the full SD-Access breakdown →

Drag and drop the steps of SD-Access fabric endpoint registration into the correct order, from first to last.

Question 25mediumdrag order
Study the full SD-Access breakdown →

Drag and drop the steps of SD-Access underlay provisioning via LAN Automation into the correct order, from first to last.

Question 26mediumdrag order
Full question →

Drag and drop the steps of Cisco ISE profiling and policy assignment flow into the correct order, from first to last.

Question 27mediumdrag order
Study the full SD-Access breakdown →

Drag and drop the steps of SD-Access fabric border node configuration steps into the correct order, from first to last.

Question 28mediumdrag order
Full question →

Drag and drop the steps of LISP EID-to-RLOC mapping resolution process into the correct order, from first to last.

Question 29mediumdrag order
Full question →

Drag and drop the steps of micro-segmentation via SGT policy application into the correct order, from first to last.

Question 30mediummatching
Study the full SD-Access breakdown →

Drag and drop each SD-Access fabric role on the left to its matching function on the right.

Question 31mediummatching
Full question →

Drag and drop each LISP message type on the left to its matching purpose on the right.

More SD-Access Architecture questions available in the full practice test.

Continue Practising →
←

Previous objective

Enterprise Network Design

Next objective

SD-WAN Architecture

→

All 350-401 Objectives

  • 100.Architecture15%
  • 101.Enterprise Network Design
  • 102.SD-Access Architecture
  • 103.SD-WAN Architecture
  • 104.QoS Architecture
  • 200.Virtualization10%
  • 201.Network Function Virtualization
  • 202.Virtual Machines and Hypervisors
  • 203.VRF and Path Isolation
  • 300.Infrastructure30%
  • 301.OSPF
  • 302.BGP
  • 303.EIGRP
  • 304.VLANs and Trunking
  • 305.Spanning Tree Protocol
  • 306.EtherChannel
  • 307.Wireless Infrastructure
  • 308.MPLS
  • 309.WAN Technologies
  • 310.NAT and DHCP
  • 311.IP Multicast
  • 312.QoS
  • 400.Network Assurance10%
  • 401.SNMP and Syslog
  • 402.NetFlow and Telemetry
  • 403.SPAN and RSPAN
  • 404.IP SLA
  • 500.Security20%
  • 501.AAA, RADIUS, and TACACS+
  • 502.ACLs and CoPP
  • 503.802.1X and TrustSec
  • 504.VPN Technologies
  • 505.Infrastructure Security
  • 600.Automation15%
  • 601.Python for Network Automation
  • 602.Ansible Automation
  • 603.REST APIs and Data Models
  • 604.Cisco DNA Center
  • 605.Model-Driven Telemetry