20+ practice questions focused on Network — one of the most tested topics on the Cisco DCCOR / CCNP Data Center Core 350-601 exam. Each question includes a detailed explanation so you learn why the right answer is correct.
Start Network PracticeA data center engineer is troubleshooting intermittent connectivity between two servers in different VLANs. The servers are connected to different leaf switches in a VXLAN EVPN fabric. When checking the fabric, the engineer notices that the NVE interface on one leaf is up/up but the VNI for the server VLAN is not listed in 'show nve vni'. What is the most likely cause?
Explanation: The NVE interface being up/up indicates the overlay tunnel is operational, but the absence of the VNI in 'show nve vni' means the VNI is not instantiated on the NVE. This typically occurs when the VLAN-to-VNI mapping is missing under the VLAN configuration (e.g., 'vlan 100' then 'vn-segment 10100'), which prevents the VNI from being associated with the NVE interface and advertised via BGP EVPN.
An organization is deploying a new ACI fabric. The design requires that traffic between EPGs in the same bridge domain be allowed by default, but traffic between EPGs in different bridge domains must be denied unless explicitly permitted. Which contract scope configuration meets this requirement?
Explanation: The VRF (private L3 context) is the correct scope because contract scope determines the boundary within which a contract is effective. By setting the contract scope to VRF, the contract applies only to EPGs within the same VRF. Since EPGs in different bridge domains are typically in the same VRF, you must explicitly configure contracts to permit inter-EPG traffic; otherwise, it is denied by default. This matches the requirement that traffic between EPGs in the same bridge domain is allowed by default (via the default intra-EPG and intra-bridge domain forwarding), while traffic between EPGs in different bridge domains requires an explicit contract.
A network engineer is configuring OSPF on a Cisco Nexus switch for a data center network. The requirement is to ensure that the switch does not become the Designated Router (DR) on a multi-access segment. Which OSPF configuration achieves this?
Explanation: Setting the OSPF priority to 0 on the interface prevents the switch from participating in the DR/BDR election process, ensuring it will never become the Designated Router (DR) or Backup Designated Router (BDR) on a multi-access segment. This is the standard method per RFC 2328 to make a router ineligible for DR/BDR status while still allowing it to form full adjacencies with the DR and BDR.
During a maintenance window, a network engineer plans to upgrade the NX-OS software on a pair of Nexus 9000 switches configured as vPC peers. The engineer wants to minimize traffic disruption. Which upgrade sequence is recommended?
Explanation: In a vPC pair, the secondary peer is upgraded first to preserve the primary's role as the forwarding anchor. Upgrading the secondary peer allows it to reboot and rejoin the vPC domain without disrupting the data plane because the primary peer continues to forward traffic. Once the secondary is stable, the primary is upgraded, ensuring minimal traffic loss.
A data center uses Cisco ACI with multiple tenants. The security policy requires that all traffic between EPGs must be explicitly allowed via contracts. However, the operations team reports that communication between two EPGs in the same bridge domain is working even though no contract is applied. What is the most likely reason?
Explanation: In Cisco ACI, the default behavior for EPGs within the same bridge domain (BD) is that they can communicate without a contract. This is because EPGs in the same BD share the same Layer 2 domain, and ACI does not enforce contract-based filtering for intra-BD traffic unless a contract is explicitly applied. The security policy requiring contracts applies only to inter-BD or inter-VRF traffic, not to intra-BD communication.
+15 more Network questions available
Practice all Network questions1. Baseline your knowledge
Start with 10 questions to gauge your current understanding of Network. This tells you whether you need a concept refresher or just practice.
2. Review every explanation
For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.
3. Focus on exam traps
Network questions on the 350-601 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.
4. Reach 80% consistently
Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.
The exact number varies per candidate. Network is tested as part of the Cisco DCCOR / CCNP Data Center Core 350-601 blueprint. Practicing with targeted Network questions ensures you can handle any format or difficulty that appears.
Yes. Courseiva provides free 350-601 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.
Difficulty is subjective, but Network is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.
Launch a full Network practice session with instant scoring and detailed explanations.
Start Network Practice →