Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertifications300-410Flashcards
Free — No Signup RequiredCisco· Updated 2026

300-410 Flashcards — Free Cisco CCNP ENARSI 300-410 Study Cards

Reinforce 300-410 concepts with active-recall study cards covering all 33 blueprint domains. Each card shows the question on the front and the correct answer with a full explanation on the back.

2152+ study cards33 domains coveredActive recall methodFull explanations included
Start 30-card session50-card shuffle
Exam OverviewPractice TestMock ExamStudy GuideFlashcards

Study Sessions

300-410 Flashcards

Pick a session size:

⚡Quick 10📝20 Cards🎯30 Cards📊50 Cards💪100 Cards
2,152+ cards · All free

Domains

Layer 3 Technologies35%
EIGRP Troubleshooting
OSPF Troubleshooting (v2/v3)
BGP Troubleshooting
Route Redistribution
Policy-Based Routing (PBR)

How to use 300-410 flashcards effectively

Flashcards work through active recall — the process of retrieving information from memory rather than passively re-reading it. Research consistently shows that active recall produces stronger, longer-lasting memory than re-reading study guides. For 300-410 preparation, this means flashcards are one of the highest-return study tools available.

Attempt recall first

Read the 300-410 question on each card, pause, and attempt to formulate the answer in your own words before revealing. This retrieval attempt — even if wrong — dramatically strengthens memory compared to immediately reading the answer.

Review wrong cards again

When you get a card wrong, note it and add it back to your review pile. Spaced repetition — seeing difficult cards more frequently — is the mechanism that makes flashcard study far more efficient than linear reading.

Study by domain

Group your 300-410 flashcard sessions by domain for the first 3–4 weeks. Master one domain before moving to the next. In the final week, shuffle all cards together to test cross-domain recall — which is what the real 300-410 exam requires.

Short sessions beat marathon reviews

20–30 flashcard cards per session, done daily, produces better retention than a single 200-card marathon session. Five short daily sessions per week over 4 weeks gives you over 400 total card reviews — enough to reliably pass 300-410.

300-410 flashcard preview

Sample cards from the 300-410 flashcard bank. Read the question, think of the answer, then read the explanation below.

1

A network engineer is troubleshooting an EIGRP adjacency issue between two directly connected routers, R1 and R2. Both routers are configured with the same autonomous system number, but the adjacency fails to come up. The engineer checks the interfaces and verifies that they are up/up. On R1, the output of 'show ip eigrp neighbors' shows nothing. What is the most likely cause of this problem?

EIGRP Troubleshooting

The interfaces are configured with IP addresses from different subnets.

EIGRP requires that the primary IP addresses of the interfaces on the same link belong to the same subnet. If the subnet masks do not match, the routers will not form an adjacency because they will consider the other router to be on a different network.

2

A network engineer is troubleshooting an OSPFv2 adjacency issue between two directly connected routers, R1 and R2, both running IOS-XE. The link is a point-to-point Ethernet link. The engineer issues 'show ip ospf neighbor' on R1 and sees no neighbors. 'show ip ospf interface GigabitEthernet0/0' on R1 shows 'Network Type BROADCAST', but the link is actually a point-to-point link. Both routers have 'ip ospf 1 area 0' configured on the interface. What is the most likely cause of the adjacency not forming?

OSPF Troubleshooting (v2/v3)

The routers have duplicate OSPF router IDs.

The default OSPF network type on Ethernet interfaces is BROADCAST, which requires a DR/BDR election and uses multicast 224.0.0.5 and 224.0.0.6. On a point-to-point link, if both routers do not agree on the network type, they may not form an adjacency because the hello packets are sent differently. However, since both are BROADCAST, they should form an adjacency. The real issue is likely a mismatch in OSPF network type if one side is manually set to POINT-TO-POINT, but here both are BROADCAST. A more common cause is that the interface is administratively down or there is a Layer 1 issue, but the stem indicates the interface is up. Another common cause is that the router IDs are not configured, leading to OSPF not starting. The most likely cause in this scenario is that the routers have duplicate router IDs, which prevents adjacency formation. The stem does not mention router IDs, so the best answer is that the engineer should check for duplicate router IDs.

3

A network engineer is troubleshooting a BGP peering issue between two directly connected routers, R1 and R2. R1 is configured with 'neighbor 10.1.1.2 remote-as 65002' and 'neighbor 10.1.1.2 update-source Loopback0', while R2 uses 'neighbor 10.1.1.1 remote-as 65001' and 'neighbor 10.1.1.1 update-source Loopback0'. The loopback interfaces are not advertised into any IGP, and there is no static route for the loopback addresses. The BGP session remains in Idle state. What is the most likely cause?

BGP Troubleshooting

The BGP session is stuck in Idle because the neighbor statements reference loopback interfaces that are not reachable.

BGP requires reachability to the neighbor's update-source address. Since the loopback addresses are not reachable via any routing protocol or static route, the TCP connection fails, keeping the session in Idle state.

4

A network engineer is troubleshooting a route redistribution issue between OSPF and EIGRP. Routers R1 (OSPF) and R2 (EIGRP) are redistributing routes into each other. The engineer notices that some OSPF external routes are not appearing in the EIGRP topology table on R2, although the redistribution is configured. The show ip eigrp topology command on R2 does not list the missing prefixes. What is the most likely cause?

Route Redistribution

The redistribute ospf command under EIGRP is missing the match external keyword.

When redistributing from OSPF into EIGRP, by default only OSPF internal routes are redistributed; external OSPF routes (type 5 or 7) are not included unless the match external keyword is specified. This explains why some routes are missing.

5

A network engineer is troubleshooting a PBR configuration on a Cisco router. The engineer has configured a route map named 'PBR-MAP' with a match statement matching traffic from source IP 10.1.1.0/24 and a set statement to forward the traffic to next-hop 192.168.1.2. The engineer applies the route map to the incoming interface GigabitEthernet0/0 using 'ip policy route-map PBR-MAP'. However, traffic from 10.1.1.0/24 is still being forwarded using the routing table instead of the PBR next-hop. What is the most likely cause?

Policy-Based Routing (PBR)

The route map is applied to the outgoing interface instead of the incoming interface.

The 'ip policy route-map' command must be applied to the incoming interface where the traffic is received. If it is applied to the outgoing interface, PBR will not function. The symptom indicates the route map is not being evaluated, which typically occurs when the policy is applied to the wrong interface or not applied at all.

6

A network engineer is troubleshooting a VRF-Lite setup where two customer VRFs (VRF_A and VRF_B) are configured on a router. The engineer notices that routes from VRF_A are appearing in the routing table of VRF_B, causing traffic misdirection. The router is running IOS-XE 17.3. What is the most likely cause of this issue?

VRF-Lite

The 'route-target import' and 'route-target export' commands are misconfigured, causing VRF_A routes to be imported into VRF_B.

The issue is caused by route leaking between VRFs, which can occur if VRF route import/export configurations are misapplied or if routes are accidentally redistributed between VRFs. In VRF-Lite, VRFs are isolated by default, and any cross-VRF route sharing must be explicitly configured.

7

A network engineer is troubleshooting a BGP route filtering issue. Router R1 is advertising a prefix 10.1.1.0/24 to its eBGP neighbor R2, but R2 is not receiving it. The engineer checks R1's BGP configuration and sees a route-map named FILTER-OUT applied outbound to the neighbor. The route-map references an ACL that permits 10.1.1.0/24, but the prefix is still not being sent. What is the most likely cause?

Route Maps and Route Filtering

The route-map is missing a 'permit' statement; the default action is deny.

The route-map must have an explicit permit statement; if the route-map is missing the permit clause, or if the sequence number is incorrect, the implicit deny at the end of the route-map will filter all routes. The ACL permitting the prefix is necessary but not sufficient if the route-map itself does not have a permit action.

8

A network engineer is troubleshooting a BGP route reachability issue. R1 learns the prefix 10.1.1.0/24 via eBGP from R2 with an AD of 20, and via OSPF from R3 with an AD of 110. The engineer notices that R1 installs the OSPF route in the routing table instead of the eBGP route, even though the eBGP route is preferred by default. What is the most likely cause of this behavior?

Administrative Distance

The distance bgp 20 200 200 command is configured under the BGP process, increasing the AD of eBGP routes to 200.

The default administrative distance for eBGP is 20, and for OSPF is 110, so eBGP should be preferred. However, if the distance command is applied to the eBGP neighbor or the BGP process, it can increase the AD of eBGP routes, making them less preferred than OSPF.

9

A network engineer is troubleshooting a connectivity issue between two branches connected via a WAN link. Router R1 (10.1.0.0/16) is summarizing its directly connected subnets (10.1.1.0/24, 10.1.2.0/24, 10.1.3.0/24) as a single 10.1.0.0/16 route to Router R2 via EIGRP. Users at R2 report that they cannot reach the 10.1.4.0/24 subnet, which was recently added to R1. What is the most likely cause of the problem?

Route Summarization

The new subnet 10.1.4.0/24 was not advertised because the summary address command suppresses more specific routes, but the summary itself is not being generated due to a missing network statement under the EIGRP process.

The summary route 10.1.0.0/16 includes the new subnet 10.1.4.0/24, but the issue indicates that the summary is not being updated or is too broad, causing a mismatch. The most likely cause is that the summary address was configured manually and does not automatically include new subnets unless the summary range is adjusted.

10

A network engineer is troubleshooting an OSPF adjacency that is flapping between two routers. The adjacency forms and then drops repeatedly. Both routers are configured for BFD on the OSPF interface. The engineer checks the BFD session and sees it is up, but the OSPF neighbor state transitions from FULL to DOWN every few seconds. What is the most likely cause of this issue?

Bidirectional Forwarding Detection (BFD)

The OSPF dead interval is mismatched between the two routers.

The BFD session is up, so BFD is not causing the flap. The issue is likely a mismatch in OSPF parameters that causes the adjacency to reset independently of BFD.

11

A network engineer is troubleshooting an MPLS L3VPN where CE1 cannot reach CE2. The PE routers are running OSPF as the IGP and LDP for label distribution. On PE1, the engineer sees that the VRF route for CE2's subnet is present, but the corresponding MPLS label is missing in the LFIB. The show mpls ldp neighbor command shows LDP neighbors are up. What is the most likely cause of the missing label?

MPLS Operations

LDP is not enabled on the interface facing the next-hop router.

The missing label in the LFIB despite the VRF route being present indicates that LDP is not binding a label to the BGP next-hop of the VPN route. Since the IGP route to the BGP next-hop is present but LDP has not assigned a label for it, the issue is likely that LDP is not enabled on the interface facing the next-hop router.

12

A network engineer is troubleshooting an MPLS L3VPN where CE1 (192.168.1.0/24) cannot reach CE2 (192.168.2.0/24). The PE routers are running OSPF with the CEs. On PE1, the VRF configuration includes route-target import and export 100:100. The show ip vrf detail command on PE1 shows the VRF is active, but the CE1 loopback is not present in the VRF routing table. The show ip route vrf CUSTOMER command on PE1 shows only directly connected interfaces. What is the most likely cause?

MPLS L3VPN

The OSPF process on PE1 is not configured under the VRF.

The CE routes are not being learned via OSPF into the VRF because OSPF process is not associated with the VRF. Without the 'router ospf <pid> vrf <name>' command, OSPF runs in the global routing table and does not populate the VRF.

13

A network engineer is troubleshooting a DMVPN phase 2 hub-and-spoke deployment. The hub router has mGRE and NHRP configured, and spokes register successfully. However, spoke-to-spoke traffic is not being encrypted, even though IPsec profiles are applied to the mGRE tunnel interface on both the hub and spokes. The engineer verifies that the crypto map is not applied to the tunnel interface. What is the most likely cause of this issue?

DMVPN

The IPsec profile is not applied to the mGRE tunnel interface on the hub and spokes.

In DMVPN phase 2, spoke-to-spoke dynamic tunnels require IPsec protection. The IPsec profile must be applied to the tunnel interface, not a crypto map. If the crypto map is missing or misapplied, IPsec will not be triggered for spoke-to-spoke traffic.

14

A network engineer is troubleshooting an IPsec site-to-site VPN between two routers. The tunnel interface is up/up, but traffic from the local LAN to the remote LAN is not passing. The engineer checks the crypto map and sees it is applied to the outside interface. What is the most likely cause of the traffic failure?

IPsec Site-to-Site VPN

The access list in the crypto map does not match the LAN-to-LAN traffic.

The tunnel interface being up/up indicates the GRE tunnel is operational, but traffic may still fail if the crypto map is not correctly triggering IPsec encryption for the actual data traffic. The most common cause is a missing or incorrect access list in the crypto map that defines interesting traffic.

15

A network engineer is troubleshooting an IPv6 connectivity issue between two sites connected via a 6to4 tunnel. The tunnel is configured on both routers and shows as up/up, but the engineer cannot ping the IPv6 address of the remote tunnel endpoint. The engineer checks the routing table and sees no route to the remote IPv6 prefix. What is the most likely cause of this problem?

IPv6 Tunneling Techniques

The tunnel source interface is configured with a private IPv4 address, causing the 6to4 prefix to be invalid.

For a 6to4 tunnel, the IPv6 address on the tunnel interface must be derived from the tunnel source's public IPv4 address using the 2002:IPv4-address::/48 prefix format. If the tunnel source interface has a private IPv4 address (e.g., 10.0.0.1), the resulting 6to4 prefix (2002:0a00:0001::/48) is non-routable over the public Internet because private addresses are not globally unique. This causes the remote router to have no route to the invalid prefix, breaking connectivity even though the tunnel interface is up/up.

16

A network engineer is troubleshooting a site-to-site VPN between two Cisco routers. The tunnel is up, but traffic is not passing. On R1, the engineer issues the command 'show crypto map' and sees that the crypto map is applied to the outbound interface. What is the most likely cause of the traffic failure?

Device Access Control

The crypto map is applied to the wrong interface.

The crypto map must be applied to the interface through which VPN traffic exits. If it is applied to the wrong interface (e.g., a loopback or a LAN interface instead of the WAN-facing interface), the router will not encrypt outbound traffic or decrypt inbound traffic for the VPN, even though the tunnel (ISAKMP/IPsec SA) may be established. The show crypto map output confirming the map is on the outbound interface indicates a misapplication, as the correct interface is the one facing the remote peer.

17

A network engineer runs the following command on Router R1: R1# show access-lists Extended IP access list 101 10 permit tcp 192.168.1.0 0.0.0.255 any eq 80 (10 matches) 20 deny tcp any host 10.1.1.1 eq 22 (5 matches) 30 permit icmp any any (2 matches) 40 deny ip any any (1 match) Based on this output, which statement is correct?

IPv4 Access Control Lists

Traffic matching line 10 is permitted and counted correctly. / Line 20 denies SSH traffic to host 10.1.1.1, and 5 packets matched.

Option A is correct because the ACL shows 10 matches for line 10, which permits TCP traffic from the 192.168.1.0/24 network to any destination on port 80 (HTTP). The match counter accurately reflects the number of packets that have matched this specific entry, confirming that permitted traffic is being counted correctly.

18

A network engineer is troubleshooting a connectivity issue between two routers R1 and R2 connected via GigabitEthernet0/0. The engineer notices that R1 can ping its own IPv6 address 2001:db8:1::1/64, but cannot ping R2's interface address 2001:db8:1::2/64. The output of 'show ipv6 interface GigabitEthernet0/0' on R1 indicates that IPv6 is enabled and the interface is up/up. The engineer checks the access list applied to the interface and sees an inbound IPv6 ACL that permits only ICMPv6 echo requests from a specific source. What is the most likely cause of the ping failure?

IPv6 Traffic Filtering and uRPF

The ACL is applied inbound on R1 and does not permit ICMPv6 echo replies from R2.

The inbound ACL on R1 is blocking the ICMPv6 echo reply from R2, because the ACL only permits echo requests from a specific source, not replies. For a successful ping, both the echo request and echo reply must be permitted. The reply is sourced from R2's address, which is not matched by the permit statement.

Study all 2152+ 300-410 cards

300-410 flashcards by domain

The 300-410 flashcard bank covers all 33 official blueprint domains published by Cisco. Cards are distributed proportionally, so domains with higher exam weight have more cards.

Domain Coverage

Layer 3 Technologies

~753 cards
35%

EIGRP Troubleshooting

~1 cards

OSPF Troubleshooting (v2/v3)

~1 cards

BGP Troubleshooting

~1 cards

Route Redistribution

~1 cards

Policy-Based Routing (PBR)

~1 cards

VRF-Lite

~1 cards

Route Maps and Route Filtering

~1 cards

Administrative Distance

~1 cards

Route Summarization

~1 cards

Bidirectional Forwarding Detection (BFD)

~1 cards

VPN Technologies

~430 cards
20%

MPLS Operations

~1 cards

MPLS L3VPN

~1 cards

DMVPN

~1 cards

IPsec Site-to-Site VPN

~1 cards

IPv6 Tunneling Techniques

~1 cards

Infrastructure Security

~430 cards
20%

Device Access Control

~1 cards

IPv4 Access Control Lists

~1 cards

IPv6 Traffic Filtering and uRPF

~1 cards

Control Plane Policing (CoPP)

~1 cards

IPv6 First Hop Security

~1 cards

Infrastructure Services

~538 cards
25%

Device Management

~1 cards

SNMP Troubleshooting

~1 cards

Network Logging and Syslog

~1 cards

Embedded Event Manager (EEM)

~1 cards

IP SLA

~1 cards

NetFlow and Flexible NetFlow

~1 cards

SPAN, RSPAN, and ERSPAN

~1 cards

DHCP (IPv4 and IPv6)

~1 cards

NAT and PAT

~1 cards

Flashcards vs practice tests: which is better for 300-410?

Both flashcards and practice questions are evidence-based study tools. The difference is in what they train:

Flashcards — concept retention

Best for memorising definitions, acronyms, protocol behaviours, command syntax, and conceptual distinctions. Use flashcards to build the foundational vocabulary that 300-410 questions assume you know.

Best in: weeks 1–3

Practice tests — application

Best for applying concepts to realistic scenarios, eliminating distractors, and building exam stamina.300-410 questions test scenario reasoning — not just recall — so practice tests are essential.

Best in: weeks 3–6

The most effective 300-410 study plan combines both: use flashcards for the first 2–3 weeks to build conceptual foundations, then shift to practice tests and mock exams in the final 2–3 weeks to apply and benchmark that knowledge. Most candidates who pass on their first attempt use both tools.

300-410 flashcards — frequently asked questions

Are the 300-410 flashcards free?

Yes. Courseiva provides free 300-410 flashcards across all official exam domains. Every card includes the correct answer and a full explanation of why it is right and why the distractors are wrong. The platform also includes topic-based practice, mock exams, and readiness tracking — no account required.

How many 300-410 flashcards are on Courseiva?

Courseiva has 2152+ original 300-410 flashcards across all 33 exam blueprint domains. New cards are added regularly as the question bank grows. All cards are written by certified engineers against the official Cisco exam objectives.

How are Courseiva flashcards different from Anki or Quizlet?

Courseiva flashcards are purpose-built for IT certification exams. Unlike generic flashcard platforms where content quality varies, every Courseiva card is mapped to the official 300-410 exam blueprint, written by engineers who hold the certification, and includes a full explanation of the correct answer and why the distractors are wrong. This explanation quality is what separates genuine learning from rote memorisation.

Can I use 300-410 flashcards offline?

Courseiva is a web platform — an internet connection is required. For offline study, we recommend creating free Courseiva account, using the platform in your browser, and using your device's offline capabilities if your browser supports offline web apps.

Free forever · No credit card required

Track your 300-410 flashcard progress

Save your results, see which domains need more work, and get spaced repetition recommendations — all free.

Sign Up Free

Free forever · Every certification included

Start Studying

⚡Quick 10 cards📝20-card session🎯30-card session📊50-card shuffle💪100-card marathon

Also Study With

Practice TestMock ExamStudy GuideExam Domains