Practice 350-401 SD-Access Architecture questions with full explanations on every answer.
Start practicing
SD-Access Architecture — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A network engineer is deploying Cisco SD-Access in a large enterprise campus. The design requires that all user traffic be segmented by Virtual Network (VN) and that the fabric edge nodes perform SGT-based enforcement. The engineer notices that traffic between two endpoints in the same IP subnet but different VNs is being forwarded directly at the fabric edge without any SGT inspection. What is the most likely cause?
2An enterprise is migrating from a traditional three-tier campus network to Cisco SD-Access. The network engineer has deployed a fabric with a single fabric edge node and a single control plane node. Users in VLAN 10 report that they cannot reach the default gateway, which is a virtual IP on the fabric edge. The fabric edge is configured with a VLAN 10 SVI and the anycast gateway feature is enabled. What is the most likely cause of the problem?
3A network architect is designing an SD-Access fabric for a large enterprise campus. The design must support segmentation at Layer 2 and Layer 3 across the fabric, using a centralized control plane and policy enforcement. Which two protocols are essential for the SD-Access overlay to meet these requirements?
4An architect is planning a Cisco SD-Access fabric deployment. The design must support host mobility across multiple fabric edge nodes while ensuring consistent policy enforcement. Which fabric component is responsible for tracking endpoint locations and mapping them to the fabric?
5A company is deploying an SD-Access fabric with multiple sites connected via a WAN. The design must allow inter-site traffic to be forwarded without requiring a full mesh of VXLAN tunnels between all edge nodes. Which fabric role should be used to interconnect the sites?
6An architect is designing an SD-Access fabric for a campus network that requires segmentation of guest, employee, and IoT traffic. The design must use Cisco TrustSec for policy enforcement. Which component is responsible for assigning the Security Group Tag (SGT) to endpoints upon authentication?
7A network team is designing the underlay for an SD-Access fabric. The design must use a routing protocol that supports fast convergence and is commonly recommended for the fabric underlay. Which routing protocol should be used?
8An architect is designing an SD-Access fabric for a campus with multiple buildings. The design must support wireless clients seamlessly roaming across fabric edge nodes. Which technology is used in the fabric to provide mobility for wireless endpoints?
9A company is deploying an SD-Access fabric with a centralized policy model. The design must ensure that all traffic between virtual networks (VNs) is inspected by a firewall. Which fabric role should be used to enforce this inter-VN policy?
10An architect is designing an SD-Access fabric for a campus that requires high availability. The design must ensure that if one fabric edge node fails, endpoints can be re-homed to another edge node without manual intervention. Which feature should be implemented?
11A network team is designing an SD-Access fabric for a large enterprise. The design must support automated provisioning and policy management. Which management platform is essential for deploying and managing the fabric?
12Examine the following configuration snippet: interface GigabitEthernet1/0/1 switchport mode access switchport access vlan 100 spanning-tree portfast spanning-tree bpduguard enable What is the effect of this configuration?
13Consider the following configuration: router eigrp 100 network 10.0.0.0 0.255.255.255 passive-interface default no passive-interface GigabitEthernet0/0 Which statement is true about this EIGRP configuration?
14Given this OSPF configuration: router ospf 1 router-id 1.1.1.1 network 192.168.1.0 0.0.0.255 area 0 network 10.0.0.0 0.255.255.255 area 1 default-information originate always What is the effect of the 'default-information originate always' command?
15Examine the following BGP configuration: router bgp 65001 bgp log-neighbor-changes neighbor 10.1.1.1 remote-as 65002 neighbor 10.1.1.1 route-map SET_MED out ! route-map SET_MED permit 10 set metric 50 What is the purpose of this configuration?
16Consider this VLAN configuration on a Cisco switch: vlan 10 name Sales vlan 20 name Engineering interface GigabitEthernet0/1 switchport mode trunk switchport trunk allowed vlan 10,20 What is missing if the switch needs to carry VLAN 30 traffic on this trunk?
17Given the following policy-map: policy-map QOS_POLICY class VOICE priority percent 30 class VIDEO bandwidth percent 20 queue-limit 100 packets class class-default fair-queue What is the effect of the 'priority percent 30' command in the VOICE class?
18What is the default OSPF hello interval on an Ethernet link?
19Which BGP attribute is preferred when it has the lowest value?
20What is the maximum hop count for EIGRP?
21Drag and drop the steps of SD-Access fabric node onboarding into DNA Center into the correct order, from first to last.
22Drag and drop the steps of SD-Access fabric border handoff configuration into the correct order, from first to last.
23Drag and drop the steps of SD-Access fabric endpoint registration into the correct order, from first to last.
24Drag and drop the steps of SD-Access underlay provisioning via LAN Automation into the correct order, from first to last.
25Drag and drop the steps of Cisco ISE profiling and policy assignment flow into the correct order, from first to last.
26Drag and drop the steps of SD-Access fabric border node configuration steps into the correct order, from first to last.
27Drag and drop the steps of LISP EID-to-RLOC mapping resolution process into the correct order, from first to last.
28Drag and drop the steps of micro-segmentation via SGT policy application into the correct order, from first to last.
29Drag and drop each SD-Access fabric role on the left to its matching function on the right.
30Drag and drop each LISP message type on the left to its matching purpose on the right.
31Drag and drop each SD-Access layer on the left to its matching technology on the right.
32Drag and drop each Cisco DNA Center workflow on the left to its matching component on the right.
33Drag and drop each SGT value range on the left to its matching policy type on the right.
34Which two statements about the Cisco SD-Access fabric roles are true? (Choose two.)
35Which three statements about VXLAN encapsulation in Cisco SD-Access are true? (Choose three.)
36Which two statements about LISP in Cisco SD-Access are true? (Choose two.)
37Which three statements about Cisco SD-Access policy enforcement are true? (Choose three.)
38Which two statements about the Cisco SD-Access fabric roles are true? (Choose two.)
39Which three statements about VXLAN in Cisco SD-Access are true? (Choose three.)
40Which two statements about Cisco SD-Access fabric wireless integration are true? (Choose two.)
41Which three statements about Cisco SD-Access policy enforcement are true? (Choose three.)
The SD-Access Architecture domain covers the key concepts tested in this area of the 350-401 exam blueprint published by Cisco. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all 350-401 domains — no account required.
The Courseiva 350-401 question bank contains 41 questions in the SD-Access Architecture domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the SD-Access Architecture domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included