Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertifications350-501Exam Questions

Cisco · Free Practice Questions · Last reviewed May 2026

350-501 Exam Questions and Answers

36real exam-style questions organised by domain, each with the correct answer highlighted and a plain-English explanation of why it's right — and why the others are wrong.

90 exam questions
120 min time limit
Pass: Variable
6 exam domains
OverviewDomain BlueprintStudy GuideAll QuestionsSample by Domain
1. Architecture2. Networking3. MPLS and Segment Routing4. Automation and Quality of Service5. Services6. Automation and Assurance
1

Domain 1: Architecture

All Architecture questions
Q1
mediumFull explanation →

A service provider is designing a new MPLS L3VPN service. The customer requires that their VPN traffic be isolated from other customers and that the provider edge routers maintain separate routing tables for each VPN. Which architectural component is essential for this separation?

A

MPLS label stacking

B

VRF (Virtual Routing and Forwarding)

VRF creates separate routing tables per VPN instance, enabling isolation.

C

VLAN tagging on the customer-facing interfaces

D

BGP route reflectors

Why: VRF (Virtual Routing and Forwarding) is the essential architectural component that enables a provider edge router to maintain separate, isolated routing tables for each VPN customer. Each VRF instance contains its own routing table, CEF (Cisco Express Forwarding) table, and associated interfaces, ensuring that traffic from one customer is never forwarded using another customer's routing information. This per-VPN isolation is fundamental to MPLS L3VPN services as defined in RFC 4364.
Q2
hardFull explanation →

An operator notices that a new MPLS-TE tunnel is not being established. The tunnel configuration includes a dynamic path option and a bandwidth of 100 Mbps. The network uses RSVP-TE with CSPF. The link-state database shows sufficient reservable bandwidth on all links along the calculated path. What is the most likely cause of the tunnel establishment failure?

A

RSVP-TE is not enabled on the transit interfaces

RSVP-TE must be enabled on each interface along the path for signaling.

B

The path option is misconfigured with a strict explicit path

C

MPLS LDP is not enabled on the core routers

D

The tunnel source interface is not configured with an IP address

Why: RSVP-TE must be explicitly enabled on every interface that will participate in MPLS-TE label-switched path (LSP) signaling. Even if the link-state database shows sufficient reservable bandwidth, without RSVP-TE enabled on transit interfaces, the PATH messages cannot be processed, and the tunnel will fail to establish. This is a common misconfiguration when deploying MPLS-TE.
Q3
easyFull explanation →

Which network architecture model separates the control plane and data plane in a way that allows for centralized control and distributed forwarding?

A

SDN architecture

SDN centralizes control while keeping forwarding distributed.

B

MPLS architecture

C

VPN architecture

D

QoS architecture

Why: Software-Defined Networking (SDN) architecture explicitly separates the control plane from the data plane, centralizing network intelligence in a controller while leaving packet forwarding to distributed switches and routers. This decoupling enables programmatic, centralized control of the network, with the controller (e.g., OpenDaylight, Cisco APIC) making forwarding decisions and pushing flow entries to devices via protocols like OpenFlow or OpFlex. The result is a logically centralized brain with physically distributed forwarding, which is the defining characteristic of SDN.
Q4
mediumFull explanation →

A service provider is troubleshooting a BGP route advertisement issue. Routes from a customer are not being advertised to the upstream provider. The PE router is configured with 'neighbor 10.0.0.1 route-map RMAP out'. The route-map RMAP permits the customer prefix. However, the BGP table on the PE shows the prefix as valid but not advertised. What is a likely cause?

A

The next-hop is not reachable from the upstream provider

If next-hop-self is not used, the next-hop might be a customer-facing interface not reachable upstream.

B

The BGP session to the upstream provider is flapping

C

The prefix is not in the global routing table

D

The route-map is applied inbound instead of outbound

Why: The BGP table shows the prefix as valid but not advertised, which indicates that BGP has the route but is not sending it to the upstream neighbor. A common cause is that the next-hop for the customer prefix is not reachable from the PE router via the interface used to reach the upstream provider. BGP will not advertise a route if the next-hop is not reachable in the routing table (unless 'neighbor x.x.x.x next-hop-self' is configured), because the upstream router would be unable to forward traffic to that next-hop.
Q5
hardFull explanation →

In a carrier's network, MPLS-TE tunnels are used to steer traffic away from congested links. The operator configures a tunnel with a bandwidth of 200 Mbps and a dynamic path. The CSPF computation shows a path with sufficient bandwidth, but the tunnel fails to come up. The RSVP neighbor is established. What is the most likely cause?

A

The tunnel destination is not reachable via IGP

B

The path message is rejected due to resource reservation failure

RSVP-TE reserves bandwidth; if not available, tunnel fails.

C

The tunnel interface is down

D

MPLS LDP is not configured

Why: The tunnel fails to come up because the CSPF-computed path cannot reserve the requested 200 Mbps bandwidth. Even though the path has sufficient bandwidth on paper, the RSVP resource reservation process may fail due to a lack of available bandwidth at the exact time of reservation, or due to a mismatch in bandwidth pool configuration (e.g., global vs. subpool). Since the RSVP neighbor is established, the issue is specifically with the reservation step, not with reachability or LDP.
Q6
easyFull explanation →

A service provider wants to offer Layer 2 VPN services using MPLS. Which technology should be used to transport Ethernet frames across the MPLS core?

A

Pseudowire

Pseudowire provides point-to-point Layer 2 transport over MPLS.

B

LDP

C

VPLS

D

L3VPN

Why: Pseudowire (A) is the correct technology because it provides a point-to-point Layer 2 circuit over an MPLS core, allowing Ethernet frames to be encapsulated and transported transparently. This is defined in RFC 4448 (Ethernet over MPLS) and enables service providers to offer E-Line services. Pseudowire uses MPLS labels to forward frames across the core without requiring the core routers to participate in the customer's Layer 2 control plane.

Want more Architecture practice?

Practice this domain
2

Domain 2: Networking

All Networking questions
Q1
mediumFull explanation →

A service provider is deploying MPLS L3VPN over an OSPF backbone. The PE routers are configured with OSPF as the IGP. The CE router of customer A is connected to two PEs for redundancy. Which configuration is required on the PE routers to ensure that the CE router can load-balance traffic across both PEs without loops?

A

Use OSPF sham-links between the two PEs.

B

Use the BGP cost community to adjust the path selection on the CE.

C

Configure OSPF with the capability vrf-lite and enable the down-bit on the PE-CE link.

The down-bit prevents the CE from re-advertising routes learned from one PE to the other PE, avoiding loops.

D

Disable the DN-bit on the PE-CE OSPF interface.

Why: Option C is correct because configuring OSPF with the capability vrf-lite and enabling the down-bit on the PE-CE link prevents routing loops in a multi-homed CE scenario. The down-bit is set by the PE when redistributing routes into OSPF, ensuring that the CE does not re-advertise those routes back to another PE, which would cause a loop. The vrf-lite capability allows the CE to understand the down-bit without requiring full MPLS/VPN functionality, enabling load-balancing across both PEs safely.
Q2
easyFull explanation →

An ISP is designing an MPLS core network and needs to choose an IGP that supports fast convergence. Which IGP meets this requirement and is most commonly used in MPLS core networks?

A

IS-IS

IS-IS provides fast convergence and is the predominant IGP in service provider MPLS cores.

B

OSPFv3

C

EIGRP

D

RIPng

Why: IS-IS is the correct choice because it is a link-state IGP that inherently supports fast convergence through mechanisms like incremental SPF (iSPF) and prefix-independent convergence (PIC). It is widely deployed in MPLS core networks due to its scalability, extensibility via TLVs, and native support for MPLS Traffic Engineering (MPLS-TE) without requiring additional protocol extensions like OSPF's opaque LSA.
Q3
hardFull explanation →

A network engineer is troubleshooting an MPLS L3VPN where the CE router is receiving the correct VPN prefixes from the PE, but traffic from the CE to those prefixes is being dropped. The PE has a default route pointing to the CE. What is the most likely cause?

A

The VRF on the PE is not configured with the correct route-target import.

B

The PE does not have a specific route for the destination in its global routing table.

Without a specific route, the PE may not push the correct MPLS label, causing the core to drop the packet.

C

The CE does not have a route back to the PE's loopback.

D

The PE-CE link MTU is smaller than the packet size.

Why: The CE is receiving the correct VPN prefixes from the PE, so the VRF import/export is working. However, when the CE sends traffic to those prefixes, the PE must forward the packets. The PE has a default route pointing to the CE, but if the PE's global routing table lacks a specific route for the destination prefix (which is normal for L3VPN, as VPN routes are in the VRF, not the global table), the PE will drop the traffic because it cannot find a valid next hop in the global table for the outer IP header. This is a classic issue where the PE's global table must have a route to the CE's loopback or the PE-CE link subnet to enable recursive forwarding.
Q4
mediumFull explanation →

A service provider is deploying segment routing in its MPLS core. Which label allocation method is used by segment routing to distribute prefix SIDs?

A

LDP

B

BGP

C

RSVP-TE

D

IGP (IS-IS or OSPF)

Segment routing encodes prefix SIDs in IGP updates.

Why: Segment routing uses the IGP (IS-IS or OSPF) to distribute prefix SIDs. The IGP extensions for segment routing (RFC 8665 for OSPF, RFC 8667 for IS-IS) carry the prefix SID sub-TLV within the prefix reachability information, allowing each router to allocate and advertise the SID associated with a prefix. This is the native label allocation method for segment routing, as it leverages the existing IGP database without requiring a separate label distribution protocol.
Q5
hardFull explanation →

An engineer is configuring an MPLS L3VPN and needs to ensure that the PE router installs VPNv4 routes from a remote PE into the VRF of a customer. The remote PE sends a VPNv4 route with route-target 100:1. Which configuration on the local PE causes the route to be imported into the VRF?

A

router bgp 100 address-family ipv4 vrf CUSTOMER route-target import 100:1

B

vrf definition CUSTOMER rd 100:1 route-target both 100:1 route-map IMPORT

C

vrf definition CUSTOMER rd 100:1 route-target import 100:1

This imports routes with RT 100:1 into the VRF.

D

vrf definition CUSTOMER rd 100:1 route-target export 100:1

Why: Option C is correct because the `route-target import 100:1` command under the VRF definition configures the local PE to accept VPNv4 routes that carry the specified route-target (100:1) from the remote PE. This import RT must match the export RT of the remote PE for the route to be installed into the VRF's routing table. The `rd 100:1` defines the route distinguisher, which is separate from the RT and ensures uniqueness of the VPNv4 prefix.
Q6
mediumFull explanation →

Which TWO of the following are characteristics of MPLS-TE (Traffic Engineering)?

A

Uses explicit paths to route traffic away from shortest-path IGP.

MPLS-TE can specify explicit paths for traffic engineering.

B

Uses LDP for label distribution along the TE tunnel.

C

Allows bandwidth reservation and priority.

MPLS-TE supports bandwidth reservation and preemption.

D

Requires per-platform label space for TE tunnels.

E

Requires all routers in the TE tunnel to be in the same OSPF area.

Why: MPLS-TE uses explicit paths (either strict or loose) to direct traffic away from the shortest path determined by the IGP (e.g., OSPF or IS-IS). This allows network operators to engineer traffic flows based on administrative policies, such as load balancing or avoiding congested links, rather than relying solely on the IGP's metric-based shortest path.

Want more Networking practice?

Practice this domain
3

Domain 3: MPLS and Segment Routing

All MPLS and Segment Routing questions
Q1
mediumFull explanation →

An engineer is troubleshooting an MPLS L3VPN where customers behind CE1 cannot reach a specific prefix behind CE2. The PE routers are using OSPF as the IGP and LDP for label distribution. On PE2, the prefix is present in the VRF routing table, but not in the VRF forwarding table. What is the most likely cause?

A

MTU mismatch is causing the VPN label to be dropped.

B

OSPF is not redistributing the BGP routes into the IGP on PE2.

C

The VRF is not properly configured on PE2's interface toward CE2.

D

The route is missing a label in the LFIB on PE2.

If the label is missing, the route cannot be installed in the VRF forwarding table.

Why: The prefix is present in the VRF routing table (RIB) but missing from the VRF forwarding table (FIB) on PE2. This indicates that the route has been learned via BGP and installed in the RIB, but the MPLS VPN label (the inner label) required to forward the packet across the MPLS core is absent. Without a valid label in the LFIB, the CEF (FIB) cannot install the route, causing the reachability failure. Option D correctly identifies this missing label in the LFIB as the root cause.
Q2
hardFull explanation →

A service provider is designing a new MPLS core network using Segment Routing with MPLS data plane. They require traffic engineering capabilities to optimize bandwidth utilization. Which technology should be used to compute optimal paths based on IGP link attributes and bandwidth constraints?

A

RSVP-TE with FRR

B

LDP over SR

C

SR-TE (Segment Routing Traffic Engineering)

SR-TE computes paths using segment lists and can enforce bandwidth constraints.

D

OSPF with MPLS-TE extensions

Why: SR-TE (Segment Routing Traffic Engineering) is the correct choice because it uses a centralized or distributed controller to compute optimal paths based on IGP link attributes (such as metric, TE metric, affinity) and bandwidth constraints, encoding the path as a segment list in the packet header. Unlike RSVP-TE, SR-TE does not require per-flow state in the core routers, making it more scalable for bandwidth optimization in an MPLS Segment Routing network.
Q3
easyFull explanation →

An engineer is deploying MPLS in the core and wants to ensure that all core routers use the same label for a specific prefix, regardless of which router originated it. Which MPLS label allocation mode should be used?

A

Per-interface label mode

B

Per-next-hop label mode

C

Per-prefix label mode

Per-prefix allocates one label per prefix, ensuring same label across all routers.

D

Per-VRF label mode

Why: Per-prefix label mode (option C) is correct because it assigns a single label for a specific prefix across all core routers, regardless of which router originated the route. This ensures label consistency, which is critical for proper MPLS forwarding and troubleshooting. In contrast, per-next-hop or per-interface modes would create different labels for the same prefix based on the next hop or interface, breaking the requirement for uniform label allocation.
Q4
mediumFull explanation →

During an MPLS network migration from LDP to Segment Routing, an engineer notices that some routers are not advertising Prefix-SIDs for certain loopbacks. The IGP is OSPF. What configuration is required on these routers to advertise Prefix-SIDs?

A

Enable 'mpls ldp autoconfig' on the loopback interface.

B

Enable 'segment-routing mpls' globally and configure 'prefix-sid index' under the loopback interface.

C

Configure 'segment-routing mpls set-adjacency-sid' on the loopback.

D

Configure 'segment-routing mpls' globally and assign a SID index under the OSPF router process for the loopback.

This enables SR globally and assigns the Prefix-SID under OSPF.

Why: In OSPF, Prefix-SIDs for loopbacks are advertised by configuring 'segment-routing mpls' globally and then assigning a SID index under the OSPF router process using the 'prefix-sid index' command for the specific loopback network. This ties the SID to the OSPF prefix advertisement, enabling SR-MPLS forwarding without LDP.
Q5
hardFull explanation →

A service provider is deploying a new MPLS core with Segment Routing and requires fast convergence upon link failure. They plan to use TI-LFA (Topology Independent Loop-Free Alternate). What is a prerequisite for TI-LFA to provide protection against any single link failure?

A

IGP must be a link-state protocol with complete topology information (OSPF or IS-IS).

TI-LFA uses the link-state database to compute backup paths.

B

BGP-LU must be enabled for label distribution.

C

LDP must be enabled on all interfaces.

D

RSVP-TE must be configured with FRR.

Why: TI-LFA relies on the IGP having a complete view of the network topology to compute a post-convergence path that avoids the failed link. OSPF and IS-IS are link-state protocols that flood link-state advertisements (LSAs) or link-state packets (LSPs) to provide this full topology database, which is essential for TI-LFA to calculate a loop-free backup path for any single link failure.
Q6
mediumFull explanation →

Which TWO statements about MPLS label switching are correct? (Choose two.)

A

The transit LSR performs label swapping.

Correct: Transit routers swap the incoming label with an outgoing label.

B

The CE receives a frame with an MPLS label.

C

The ingress LSR imposes a label on the packet.

Correct: Ingress does label imposition (push).

D

PHP (Penultimate Hop Popping) causes the egress router to pop the label.

E

The egress LSR performs label swapping before forwarding.

Why: Option A is correct because a transit Label Switch Router (LSR) in an MPLS network performs label swapping: it receives a labeled packet, replaces the incoming label with an outgoing label from its LFIB (Label Forwarding Information Base), and forwards the packet toward the egress LSR. This is the fundamental operation of an LSR in the core of an MPLS domain, as defined in RFC 3031.

Want more MPLS and Segment Routing practice?

Practice this domain
4

Domain 4: Automation and Quality of Service

All Automation and Quality of Service questions
Q1
easyFull explanation →

A service provider is implementing QoS on an MPLS network to support voice, video, and data traffic. Which queuing mechanism provides the lowest latency for real-time traffic?

A

FIFO

B

WRED

C

LLQ

LLQ provides a strict priority queue that ensures low latency and jitter for real-time traffic.

D

CBWFQ

Why: LLQ (Low Latency Queuing) is the correct choice because it provides a strict priority queue specifically designed for real-time traffic like voice and video. By placing delay-sensitive packets into a dedicated priority queue that is serviced before all other queues, LLQ ensures minimal and predictable latency, which is essential for maintaining voice quality in an MPLS network.
Q2
mediumFull explanation →

An engineer is troubleshooting a QoS policy on a Cisco router. The policy is intended to mark voice traffic with DSCP EF and video traffic with DSCP AF41. After applying the policy, voice traffic is correctly marked, but video traffic is marked as DSCP 0. What is the most likely cause?

A

The class map for video traffic does not match the traffic correctly.

A misconfigured match statement would cause video traffic to fall into the default class, resulting in DSCP 0.

B

The video traffic is being policed and dropped.

C

The trust boundary is set to 'trust dscp' and the incoming video traffic is not marked.

D

The policy is not applied to the correct interface direction.

Why: Option A is correct because the most common reason for video traffic being marked as DSCP 0 (default) while voice traffic is correctly marked is that the class map for video traffic fails to match the intended packets. This could be due to an incorrect match statement (e.g., using the wrong ACL, protocol, or DSCP value) or a misconfigured match criterion that does not capture the video flows. Since voice traffic is marked correctly, the policy itself is applied and functional, isolating the issue to the video class map's matching logic.
Q3
hardFull explanation →

A service provider uses an MPLS-TE tunnel to carry voice and data traffic. The tunnel is experiencing packet loss during congestion. The engineer wants to ensure that voice traffic receives guaranteed bandwidth and low latency while data traffic uses remaining bandwidth. Which QoS configuration should be applied on the tunnel interface?

A

LLQ with a priority queue for voice and a default class for data

LLQ ensures low latency for voice, and the default class uses remaining bandwidth for data.

B

CBWFQ with bandwidth allocation for voice and data

C

Policing on voice traffic to limit its rate

D

Shaping on the tunnel to 75% of bandwidth with no queuing

Why: Option A is correct because Low Latency Queuing (LLQ) allows you to place voice traffic into a strict priority queue, ensuring guaranteed bandwidth and low latency during congestion, while the default class uses CBWFQ to allocate remaining bandwidth to data traffic. This matches the requirement of prioritizing voice without starving data entirely, as the priority queue is policed to prevent voice from consuming all bandwidth.
Q4
easyFull explanation →

An engineer is configuring MPLS VPN and needs to ensure that customer traffic is automatically marked with a specific QoS policy based on the VPN. Which method should be used to propagate QoS markings across the MPLS network?

A

Use 802.1p CoS on the CE-PE link and preserve it across the MPLS backbone

B

Use MPLS EXP bits to mark traffic at the ingress PE and map to QoS at egress

MPLS EXP bits are designed to carry QoS information across the MPLS network.

C

Use IP ToS bits to mark traffic and rely on MPLS to preserve them

D

Set DSCP at the ingress PE and preserve it across the MPLS backbone

Why: In an MPLS VPN environment, QoS markings must be preserved across the MPLS backbone. MPLS EXP (Experimental) bits are the standard mechanism to carry QoS information within the MPLS label stack. At the ingress PE, customer traffic is classified and marked with the appropriate EXP bits based on the VPN or other criteria. The egress PE then uses these EXP bits to map traffic to the correct QoS policy, ensuring end-to-end QoS treatment.
Q5
mediumFull explanation →

A network administrator configures a class map to match VoIP traffic using 'match ip dscp ef' on a Cisco router. However, the QoS policy is not applying the expected marking to VoIP packets. What is a possible reason?

A

The policy is applied in the output direction instead of input.

B

The VoIP traffic is not marked with DSCP EF from the source.

If the source does not set DSCP EF, the match will fail and the traffic will not be classified.

C

The policy is applied to the wrong interface.

D

The class map uses the wrong match type.

Why: Option B is correct because the 'match ip dscp ef' command in the class map checks the DSCP value already present in the incoming VoIP packets. If the source device (e.g., an IP phone) does not mark the packets with DSCP EF (46), the class map will not match, and the QoS policy will not apply the expected marking. The policy can only re-mark packets that are already matched by the class map.
Q6
mediumFull explanation →

Which TWO QoS mechanisms are used to provide congestion avoidance? (Choose two.)

A

Policing

B

RED

RED (Random Early Detection) is a congestion avoidance mechanism.

C

CBWFQ

D

LLQ

E

WRED

WRED (Weighted Random Early Detection) drops packets probabilistically to avoid congestion.

Why: RED (Random Early Detection) and WRED (Weighted Random Early Detection) are congestion avoidance mechanisms that proactively drop packets before a queue becomes full, signaling TCP senders to reduce their transmission rate. Unlike congestion management tools (like CBWFQ or LLQ) that queue packets during congestion, RED/WRED monitor average queue depth and drop packets probabilistically to prevent tail drops and global TCP synchronization.

Want more Automation and Quality of Service practice?

Practice this domain
5

Domain 5: Services

All Services questions
Q1
mediumFull explanation →

A service provider is deploying MPLS Layer 3 VPN and needs to ensure that BGP next-hop resolution works correctly for VPNv4 prefixes learned from a route reflector. The PE routers are directly connected to the RR via iBGP, and there is an IGP running within the MPLS core. Which condition must be met for the PE to install the VPNv4 prefix into its routing table?

A

The next-hop must be reachable via the IGP with an MPLS label.

MPLS LSP must exist to the next-hop for label imposition.

B

The next-hop must be a directly connected interface.

C

The PE must have a VPN label for the next-hop.

D

The IGP must be IS-IS, not OSPF.

Why: For a PE router to install a VPNv4 prefix learned from a route reflector into its routing table, the BGP next-hop (typically the remote PE) must be reachable via the IGP with an associated MPLS label. This ensures that the transport LSP exists to forward traffic toward the next-hop, which is required for MPLS L3VPN operation. Without an MPLS label in the IGP for the next-hop, the PE cannot build the necessary label stack and will not install the VPNv4 route.
Q2
hardFull explanation →

A service provider is designing a multicast solution for a Layer 3 VPN. They want to use MVPN with BGP signaling (draft-rosen). The PE routers are configured with VRF and multicast routing enabled. Which BGP address family must be enabled between PE routers to carry multicast routing information?

A

MCAST-VPN address family

The MCAST-VPN address family is used for MVPN signaling.

B

MVPN does not use BGP; it uses PIM.

C

VPNv4 address family

D

IPv4 multicast address family

Why: In a draft-rosen MVPN (Multicast VPN) implementation, BGP is used to signal multicast routing information between PE routers. The MCAST-VPN address family (AFI 25, SAFI 5) is specifically defined to carry multicast VPN routes, including Intra-AS I-PMSI A-D routes and S-PMSI A-D routes, enabling the exchange of multicast state and tunnel information across the MPLS/VPN backbone.
Q3
easyFull explanation →

A network engineer is troubleshooting an MPLS TE tunnel that is not coming up. The tunnel is configured with a strict explicit path, and the path includes an interface that is currently down. Which action should the engineer take to allow the tunnel to use an alternative path?

A

Increase the path-option preference value.

B

Disable path protection on the tunnel.

C

Change the explicit path to 'loose' for the down interface.

Loose hops allow the tunnel to traverse other interfaces.

D

Configure an affinity constraint to exclude the down interface.

Why: Option C is correct because changing the explicit path from 'strict' to 'loose' for the down interface allows the MPLS TE tunnel to use an alternative next-hop that is reachable, even if the specified interface is down. A strict explicit path requires every hop to be directly connected, so a down interface prevents the tunnel from coming up. By making the hop loose, the router can route around the failed link using the IGP's best path to the next specified node.
Q4
mediumFull explanation →

Which TWO statements about BGP FlowSpec (RFC 8955) are correct?

A

FlowSpec can be deployed in BGP sessions between a route reflector and a client.

FlowSpec routes can be propagated via BGP within the service provider network.

B

FlowSpec uses a separate BGP session from the regular IPv4 unicast session.

C

FlowSpec is designed to replace ACLs on provider edge routers.

D

FlowSpec requires MPLS forwarding to operate.

E

FlowSpec uses the IPv4 unicast or VPNv4 address family.

FlowSpec uses SAFI 133 (IPv4) or 134 (VPNv4) under the IPv4 AFI.

Why: Option A is correct because BGP FlowSpec (RFC 8955) can be deployed between a route reflector and its clients. The route reflector propagates FlowSpec NLRI (Network Layer Reachability Information) to its clients, allowing the clients to install traffic filtering rules without requiring a full BGP mesh. This is a common deployment model in service provider networks to distribute flow-spec routes efficiently.
Q5
hardFull explanation →

Which THREE characteristics apply to the BGP-LS (BGP Link State) protocol?

A

It supports only IS-IS, not OSPF.

B

It uses a separate address family from VPNv4.

BGP-LS uses AFI 16388, SAFI 71.

C

It distributes link-state information from IGPs like OSPF and IS-IS.

BGP-LS collects topology from IGPs.

D

It uses BGP as the transport protocol.

BGP-LS is an address family within BGP.

E

It carries traffic-engineering parameters in the NLRI.

Why: BGP-LS uses a separate address family (AFI 16388 / SAFI 71) from VPNv4 (AFI 1 / SAFI 128) to carry link-state information. This separation allows BGP-LS to operate independently from VPNv4 routes, enabling the collection and distribution of IGP topology data without interfering with MPLS VPN signaling.
Q6
hardFull explanation →

Refer to the exhibit. A service provider is applying this QoS policy on a PE-CE interface. The business customer complains that voice traffic (marked with DSCP EF) experiences drops during congestion. What is the likely cause?

A

The police rate under the REALTIME class is limiting voice traffic to 10% of bandwidth.

Policing drops traffic exceeding 10%.

B

The priority level is set too low; voice should be priority level 4.

C

The 'bandwidth remaining ratio' command under class-default is starving the priority queue.

D

The policy is applied in the output direction; it should be input.

Why: The REALTIME class uses the 'police' command to enforce a rate of 10% of the interface bandwidth. When voice traffic marked DSCP EF exceeds this policed rate, packets are dropped, even though the class is configured with priority queuing. The police rate is the bottleneck, not the priority queue itself.

Want more Services practice?

Practice this domain
6

Domain 6: Automation and Assurance

All Automation and Assurance questions
Q1
mediumFull explanation →

A service provider is implementing network automation using YANG data models. They need to ensure that the automation solution supports both configuration and operational state data retrieval. Which NETCONF operation should be used to retrieve operational state data?

A

<edit-config>

B

<get-config>

C

<get>

Retrieves both configuration and operational state data.

D

<lock>

Why: The <get> NETCONF operation retrieves both configuration and operational state data from a device, making it the correct choice for this requirement. Unlike <get-config>, which only returns configuration data, <get> accesses the running datastore and includes state data such as interface statistics, routing tables, and system status. This aligns with RFC 6241, where <get> is defined as the operation to retrieve combined config and state information.
Q2
easyFull explanation →

Which tool is used to validate YANG data models against device capabilities and to generate Python bindings for automation scripts?

A

RESTCONF

B

pyang

Validates YANG models and can generate Python bindings.

C

Ansible

D

NETCONF

Why: B is correct because pyang is a YANG data modeling language validator and converter that can validate YANG modules against device capabilities (e.g., via RFC 7895 YANG Library) and generate Python bindings (e.g., using the `--plugindir` or `pyang --format pybind` options) for use in automation scripts. It directly supports the task of validating YANG models and producing Python code, unlike the other options which are protocols or automation frameworks.
Q3
hardFull explanation →

A network engineer is automating BGP configuration using the Cisco IOS-XE YANG model. They want to enable the 'always-compare-med' feature under BGP. Which XPath expression correctly targets this leaf?

A

/bgp/global/always-compare-med

B

/native/router/bgp/scope/global/always-compare-med

Correct path according to Cisco IOS-XE YANG model.

C

/native/router/bgp/always-compare-med

D

/router/bgp/global/always-compare-med

Why: Option B is correct because the Cisco IOS-XE native YANG model (urn:cisco:params:xml:ns:yang:cisco-native) structures BGP configuration under /native/router/bgp/scope/global/always-compare-med. The 'scope' container is required to differentiate between global and VRF-specific BGP settings, and 'always-compare-med' is a leaf within the global scope. This path accurately reflects the hierarchical model used by Cisco for BGP automation.
Q4
mediumFull explanation →

A service provider uses RESTCONF to automate interface configuration. They need to add a new IPv4 address to an existing interface. Which HTTP method and URI should be used?

A

DELETE /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/1

B

PATCH /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/1/ietf-ip:ipv4/address

PATCH merges the new address into the list.

C

POST /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/1/ietf-ip:ipv4

D

PUT /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/1/ietf-ip:ipv4/address

Why: Option B is correct because PATCH is the appropriate HTTP method for a partial update to an existing resource, and the URI targets the IPv4 address list under the specific interface. This allows adding a new IPv4 address without replacing the entire interface configuration, which aligns with RESTCONF's support for partial resource modification as defined in RFC 8040.
Q5
easyFull explanation →

What is the primary benefit of using model-driven telemetry over traditional SNMP polling for network assurance?

A

Provides real-time data streaming without polling overhead

Push-based telemetry eliminates polling.

B

Reduces the need for YANG models

C

Increases security by using SSH

D

Simplifies device configuration

Why: Model-driven telemetry uses a push model where network devices continuously stream structured data (e.g., YANG-encoded) to a collector, eliminating the need for periodic SNMP polling. This provides real-time visibility with minimal CPU overhead on the device, as the device itself initiates the data export based on configured subscriptions, rather than responding to repeated GET requests.
Q6
hardFull explanation →

A network operator uses gRPC Network Management Interface (gNMI) to collect telemetry data from routers. They notice that some updates are missing. Which gNMI mode should be used to ensure that all state changes are captured?

A

ON_CHANGE

Sends updates only when a value changes, capturing all changes.

B

TARGET_DEFINED

C

POLL

D

SAMPLE

Why: ON_CHANGE mode in gNMI ensures that the target device sends a telemetry update immediately whenever a state change occurs, guaranteeing that no updates are missed. This is in contrast to SAMPLE mode, which only sends periodic snapshots and can miss transient changes between intervals. Therefore, to capture all state changes, ON_CHANGE is the correct subscription mode.

Want more Automation and Assurance practice?

Practice this domain

Frequently asked questions

How many questions are on the 350-501 exam?

The 350-501 exam has 90 questions and must be completed in 120 minutes. Cisco passing scores vary by exam version and are not always publicly listed. Check the official Cisco exam page before booking.

What types of questions appear on the 350-501 exam?

CLI output interpretation, network topology analysis, routing behaviour, switching concepts, troubleshooting, and configuration questions.

How are 350-501 questions organised by domain?

The exam covers 6 domains: Architecture, Networking, MPLS and Segment Routing, Automation and Quality of Service, Services, Automation and Assurance. Questions are weighted by domain — higher-weight domains appear more on your actual exam.

Are these the actual 350-501 exam questions?

No. These are original exam-style practice questions written against the official Cisco 350-501 exam objectives. They are not copied from the real exam. Courseiva focuses on genuine understanding, not memorisation of braindumps.

Ready to practice all 90 350-501 questions?

Courseiva tracks your accuracy per domain and routes you toward weak areas automatically. Free, no account required.

Browse all 350-501 questionsTake a timed practice test