Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertifications350-401TopicsVRF and Path Isolation
Free · No Signup RequiredCisco · 350-401

350-401 VRF and Path Isolation Practice Questions

20+ practice questions focused on VRF and Path Isolation — one of the most tested topics on the ENCOR 350-401 exam. Each question includes a detailed explanation so you learn why the right answer is correct.

Start VRF and Path Isolation Practice

Exam Domains

ArchitectureEnterprise Network DesignSD-Access ArchitectureSD-WAN ArchitectureQoS ArchitectureVirtualizationNetwork Function VirtualizationAll domains →

Study Tools

Practice TestMock ExamFlashcardsAll Topics

Sample VRF and Path Isolation Questions

Practice all 20+ →
1.

A network engineer is configuring MPLS L3VPN on a Cisco IOS-XE PE router. The engineer creates a VRF named CUSTOMER_A with route-target import and export 100:1. After configuring the VRF on the interface connected to the CE router, the CE router can ping the PE's VRF interface IP, but cannot reach any remote VPNv4 routes. The BGP session between PE and route reflector is up. What is the most likely cause?

A.The route-target import/export values are mismatched with the route reflector's configuration.
B.The VRF is not activated under BGP using the address-family ipv4 vrf CUSTOMER_A command.
C.The CE router is not configured with a default route pointing to the PE.
D.The PE router needs the mpls ip command on the interface facing the CE router.

Explanation: The CE router can ping the PE's VRF interface IP, confirming Layer 2 and VRF interface configuration are correct. However, the CE cannot reach remote VPNv4 routes, which indicates that the PE is not advertising or installing those routes into the VRF. The most likely cause is that the VRF CUSTOMER_A has not been activated under BGP using the 'address-family ipv4 vrf CUSTOMER_A' command, which is required to exchange IPv4 routes between the PE and CE within the VRF context and to redistribute them into MP-BGP for VPNv4 propagation.

2.

An enterprise uses VRF-lite to isolate guest Wi-Fi traffic from corporate traffic on a Cisco Catalyst 9300 switch. The guest VRF (GUEST) is configured on VLAN 100, and the corporate VRF (CORP) on VLAN 200. Both VRFs use the same default gateway router connected via a trunk. The engineer notices that guest devices can reach the internet but cannot access the guest captive portal hosted on a server in VLAN 100. The server's IP is reachable from the switch itself. What is the issue?

A.The guest server is in a different VLAN than the guest wireless subnet, and inter-VLAN routing is not configured within the GUEST VRF.
B.The trunk between the switch and the router is not allowing VLAN 100.
C.The guest VRF is missing the route-target export command.
D.The captive portal server is configured with a default gateway that points to the corporate VRF.

Explanation: The issue is that the guest captive portal server resides in VLAN 100, but the guest wireless subnet is likely in a different VLAN or subnet within the GUEST VRF. Since VRF-lite provides separate routing tables, inter-VLAN routing within the same VRF must be explicitly configured (e.g., using SVIs with 'ip routing' and proper VRF forwarding). The switch can reach the server because it is directly connected, but guest devices cannot because their traffic is not routed between the wireless subnet and the server's VLAN within the GUEST VRF.

3.

A service provider uses MPLS L3VPN with multiple VRFs on a Cisco ASR 1000 PE router. One customer VRF (RED) has overlapping IP addresses with another VRF (BLUE). The engineer configures route-target import/export as 100:1 for RED and 200:2 for BLUE. Both VRFs have a static default route pointing to the CE. The PE receives VPNv4 routes from the route reflector for both VRFs. However, traffic from RED to its CE is working, but traffic from BLUE to its CE is intermittently failing. What is the most likely cause?

A.The BLUE VRF's interface is not configured with the ip vrf forwarding BLUE command, so the interface is in the global routing table.
B.The route-target import for BLUE is 200:2, but the route reflector exports routes with a different route-target.
C.The PE router has too many VRFs, causing memory exhaustion.
D.The BLUE VRF is missing the rd command.

Explanation: The correct answer is A because if the BLUE VRF's interface is missing the 'ip vrf forwarding BLUE' command, the interface remains in the global routing table. This means traffic from the BLUE VRF will be forwarded using the global routing table instead of the VRF's routing table, causing intermittent failures when the global table does not have a route to the CE or when the CE's IP overlaps with another VRF's subnet. The static default route configured in the BLUE VRF would not be used, leading to connectivity issues.

4.

A network engineer is troubleshooting a VRF-lite deployment on a Cisco Nexus 9000 switch. Two VRFs, PROD and DEV, are configured. The switch has an SVI for VLAN 10 in VRF PROD and VLAN 20 in VRF DEV. A firewall is connected to a Layer 3 port in VRF PROD for internet access. The engineer needs to allow the DEV VRF to reach the internet through the same firewall, but without using a separate physical interface. What should the engineer configure?

A.Configure a static route in VRF DEV pointing to the firewall's IP address in VRF PROD, and use the route-map to leak the route.
B.Place the firewall interface in both VRFs using the ip vrf forwarding command on the same interface.
C.Create a VLAN trunk between the switch and firewall, and assign the same VLAN to both VRFs.
D.Use policy-based routing (PBR) in VRF DEV to forward traffic to the firewall's MAC address.

Explanation: Option A is correct because VRF-lite does not support direct route leaking between VRFs without an external mechanism. By configuring a static route in VRF DEV pointing to the firewall's IP address (which resides in VRF PROD) and using a route-map to leak the route, the engineer enables inter-VRF routing. This allows DEV traffic to reach the firewall's interface in PROD without requiring a separate physical interface, as the route-map controls which prefixes are shared between VRFs.

5.

An engineer is configuring MPLS L3VPN on a Cisco IOS-XR router. The VRF CUSTOMER_B is configured with route-target import 100:1 and export 100:1. The engineer notices that the VRF routes are not being advertised to the route reflector. The BGP session to the route reflector is established and the VPNv4 address family is activated. What is the missing configuration?

A.The VRF is not configured with a route distinguisher.
B.The engineer did not configure the address-family ipv4 unicast vrf CUSTOMER_B under BGP and redistribute the routes.
C.The route-target import/export values are incorrect.
D.The interface in the VRF is not configured with the ipv4 address.

Explanation: Option B is correct because in MPLS L3VPN on Cisco IOS-XR, simply configuring the VRF and establishing the BGP VPNv4 session is insufficient. The engineer must explicitly configure the address-family ipv4 unicast vrf CUSTOMER_B under BGP and use the redistribute command (e.g., redistribute connected or redistribute static) to inject the VRF routes into BGP for advertisement to the route reflector. Without this, the VRF routes remain in the local routing table but are never converted into VPNv4 prefixes.

+15 more VRF and Path Isolation questions available

Practice all VRF and Path Isolation questions

How to master VRF and Path Isolation for 350-401

1. Baseline your knowledge

Start with 10 questions to gauge your current understanding of VRF and Path Isolation. This tells you whether you need a concept refresher or just practice.

2. Review every explanation

For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.

3. Focus on exam traps

VRF and Path Isolation questions on the 350-401 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.

4. Reach 80% consistently

Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.

Frequently asked questions

How many 350-401 VRF and Path Isolation questions are on the real exam?

The exact number varies per candidate. VRF and Path Isolation is tested as part of the ENCOR 350-401 blueprint. Practicing with targeted VRF and Path Isolation questions ensures you can handle any format or difficulty that appears.

Are these 350-401 VRF and Path Isolation practice questions free?

Yes. Courseiva provides free 350-401 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.

Is VRF and Path Isolation one of the harder 350-401 topics?

Difficulty is subjective, but VRF and Path Isolation is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.

Ready to practice?

Launch a full VRF and Path Isolation practice session with instant scoring and detailed explanations.

Start VRF and Path Isolation Practice →

Topic Info

Topic

VRF and Path Isolation

Exam

350-401

Questions available

20+