Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certifications›350-401›Objectives›Virtualization
Objective 200.010% of exam

Virtualization

350-401 Practice Questions

Use this page to practise Virtualization questions for this certification. Focus on how the exam tests virtualization in scenario format — understanding the why behind each answer builds more durable knowledge than memorising options.

Full Practice Test →All Objectives

What this objective tests

350-401 Virtualization — Key Topics

Virtualization questions on this certification test your ability to deploy and manage virtualization concepts in scenario-based situations.

  • Core Virtualization concepts and how they apply in real-world cloud scenarios.
  • How to deploy virtualization correctly and verify the outcome.
  • Troubleshooting virtualization issues by interpreting error output and system state.
  • Cloud best practices and Virtualization design trade-offs tested by this certification.

Common exam traps

Where candidates lose marks on Virtualization

  • ⚠Selecting the most expensive service when a simpler managed option meets the requirement.
  • ⚠Forgetting that cloud resources must be explicitly secured — defaults are rarely secure.
  • ⚠Choosing a global service fix when the issue is region-specific.
  • ⚠Overlooking cost implications of cross-region data transfer in architecture questions.

350-401 Virtualization — Practice Questions

22 questions from this objective · 10% of your 350-401 exam

Question 2mediummultiple choice
Read the full VRF explanation →

A network engineer is troubleshooting a Cisco IOS-XE router that hosts multiple virtual routing and forwarding (VRF) instances. Users in VRF-A report they cannot reach a server in VRF-B. The engineer verifies that both VRFs have the correct routes and that the router has a route leaking configuration using route-target import/export. However, connectivity still fails. What is the most likely cause?

Question 3hardmulti select
Open the full VLAN trunking answer →

A data center uses Cisco Nexus 9000 switches with VXLAN EVPN to provide network virtualization. The operations team notices that VLAN 100 (mapped to VNI 10100) is not reachable across the fabric, although other VLANs work fine. The NVE interface is up, and the EVPN address-family is configured. Which two actions should the engineer take to isolate the issue?

Question 4mediummultiple choice
Review the full routing breakdown →

A network engineer is deploying a Cisco Catalyst 9300 switch as a virtual switch using StackWise Virtual. The switch will connect to two upstream routers for redundancy. What is the best practice for connecting the uplinks?

Question 5hardmultiple choice
Study the full multicast explanation →

A cloud provider uses Cisco ACI to automate provisioning of tenant networks. A new tenant requires a Layer 2 bridge domain that extends to an external Layer 2 network via a VPC. The engineer creates a bridge domain with the settings: Type: Regular, L2 Unknown Unicast: Flood, L3 Unknown Multicast Flood: Flood, and Multi-Destination Flooding: Flood. The VPC is configured as a virtual port channel. The tenant reports that broadcast traffic is not reaching the external network. What is the most likely cause?

Question 6easymultiple choice
Study the full virtualization explanation →

An enterprise uses VMware vSphere to host multiple virtual machines (VMs). The network team wants to implement a virtual firewall on the hypervisor to inspect traffic between VMs on the same ESXi host. Which technology should be used?

Question 7mediummultiple choice
Open the full VLAN trunking answer →

A network engineer configured three interfaces on a switch as shown. A host connected to Ethernet1/2 sends an untagged frame. Which VLAN will this frame be placed into when it reaches Ethernet1/3?

Exhibit

Refer to the exhibit.

interface Ethernet1/1
 switchport mode trunk
 switchport trunk allowed vlan 10,20,30
 switchport trunk native vlan 999
 no shutdown
!
interface Ethernet1/2
 switchport mode access
 switchport access vlan 10
 no shutdown
!
interface Ethernet1/3
 switchport mode trunk
 switchport trunk allowed vlan 20,30
 switchport trunk native vlan 1
 no shutdown
Question 8hardmultiple choice
Read the full VPN explanation →

An engineer configures VXLAN EVPN on a Nexus 9000 switch. The configuration is shown. The switch does not advertise any EVPN routes for VNI 10100. Which configuration change is required to fix this issue?

Exhibit

Refer to the exhibit.

! NVE configuration
interface nve1
 no shut
 source-interface Loopback0
 member vni 10100
  mcast-group 239.1.1.100
!
! VRF configuration
vrf context TENANT-A
 rd 65000:1
 address-family ipv4 unicast
  route-target both 65000:100
 exit-address-family
!
! BGP EVPN configuration
router bgp 65000
 neighbor 10.1.1.1 remote-as 65000
 neighbor 10.1.1.1 update-source Loopback0
 address-family l2vpn evpn
  neighbor 10.1.1.1 activate
  neighbor 10.1.1.1 send-community extended
!
! VLAN configuration
vlan 100
 vn-segment 10100
!
! Interface configuration
interface Vlan100
 no shutdown
 vrf member TENANT-A
 ip address 192.168.100.1/24
Question 9easymulti select
Study the full virtualization explanation →

Which TWO of the following are benefits of using network virtualization with VXLAN? (Choose two.)

Question 10easymulti select
Full question →

Which THREE of the following are components of a Cisco ACI fabric? (Choose three.)

Question 11hardmultiple choice
Open the full BGP breakdown →

A financial services company has deployed Cisco UCS servers with VMware vSphere 7.0 to host critical trading applications. The network uses Cisco Nexus 9000 switches in a VXLAN EVPN fabric with BGP as the underlay. The environment includes 50 ESXi hosts, each connected via two 40G interfaces to two different leaf switches in a VPC. The VMs are spread across multiple hosts and communicate over VXLAN. Recently, the operations team migrated a set of VMs from an old VLAN-based network to a new VXLAN segment (VNI 50000). After the migration, users report intermittent connectivity issues and packet loss. The engineering team captures traffic and notices that some VMs send ARP requests that are not being replied to, even though the target VM is active. Further analysis shows that the ARP requests are being flooded to all VTEPs, but the replies are not reaching the source. The team checks the underlay and finds no issues with BGP or routing. The NVE interfaces are up, and the VNI is configured. Which of the following is the most likely cause of the issue?

Question 12mediummultiple choice
Read the full VRF explanation →

A network engineer is troubleshooting connectivity issues in a multi-tenant environment where each tenant's traffic is isolated using VRF-Lite. The engineer notices that tenants in the same VRF cannot communicate with each other across different access switches. Which design change should be implemented to enable inter-switch VRF communication?

Question 13hardmultiple choice
Read the full VPN explanation →

An organization is migrating from a traditional three-tier architecture to a leaf-spine fabric using VXLAN EVPN. The design requires that virtual machines can move between racks without IP address changes. Which technology must be enabled at the leaf switches to support this mobility?

Question 14easymulti select
Full question →

Which TWO statements correctly describe characteristics of virtual device contexts (VDCs) in Cisco Nexus switches?

Question 15hardmultiple choice
Read the full VRF explanation →

A network engineer configured VRF TENANT_A and moved the subinterfaces into the VRF. After the change, the CEF table shows the prefixes but the next-hop addresses are unreachable. What is the most likely cause?

Exhibit

Refer to the exhibit.

CEF table snippet:
Prefix          Next Hop     Interface
10.1.1.0/24     192.168.1.2  Ethernet0/0
10.2.2.0/24     192.168.2.2  Ethernet0/1

CEF table after VRF configuration:
VRF: TENANT_A
Prefix          Next Hop     Interface
10.1.1.0/24     192.168.1.2  Ethernet0/0.100
10.2.2.0/24     192.168.2.2  Ethernet0/1.200
Question 16mediummultiple choice
Open the full BGP breakdown →

A service provider uses a Cisco ASR 1000 router to provide MPLS L3VPN services to multiple customers. Each customer has their own VRF. Recently, a new customer was added with VRF CUSTOMER_C. After configuration, the customer reports that they can reach some remote sites but not others. The network engineer checks the VRF configuration and finds that the route targets for CUSTOMER_C are correctly configured. The engineer also verifies that BGP sessions to the PE routers are up. The missing routes are from a site that uses a different PE router. Which action should the engineer take to resolve the issue?

Question 17easymulti select
Study the full virtualization explanation →

Which TWO statements about virtual switching in a hypervisor environment are correct?

Question 18mediummultiple choice
Read the full VRF explanation →

Refer to the exhibit. A network engineer has configured VRFs on a router. A packet arrives on Gi0/1/0 with destination IP 10.1.1.2. Which VRF is used for routing this packet?

Exhibit

Refer to the exhibit.

! Output from 'show vrf' on a router
VRF-Name       Interfaces
Mgmt-intf      Gi0/0/0
CUSTOMER-A     Gi0/1/0, Gi0/1/1.10
CUSTOMER-B     Gi0/2/0, Gi0/2/1.20

! Output from 'show ip interface brief' for Gi0/1/0
Interface      IP-Address      OK? Method Status      Protocol
Gi0/1/0        10.1.1.1        YES manual up          up

! Output from 'show ip interface brief' for Gi0/1/1.10
Interface      IP-Address      OK? Method Status      Protocol
Gi0/1/1.10     10.1.1.2        YES manual up          up
Question 19hardmultiple choice
Study the full virtualization explanation →

A financial company runs a critical trading application in a virtualized environment on VMware vSphere. The application consists of two VMs: App-1 (web server) and App-2 (database server). Both VMs are on the same ESXi host. Recently, users report intermittent slowness during peak trading hours. Monitoring shows that App-1 experiences high CPU ready time (up to 15%) and App-2 has high disk latency (average 50 ms). The ESXi host has 16 vCPUs total (2 sockets, 8 cores each) and 128 GB RAM. The host runs 10 VMs total. App-1 has 4 vCPUs and 16 GB RAM; App-2 has 8 vCPUs and 32 GB RAM. The storage is a shared NFS datastore connected via 1 Gbps Ethernet. The network is 10 Gbps. What is the MOST effective course of action to resolve the performance issues?

Question 20mediumdrag order
Review the full OSPF breakdown →

Drag and drop the steps to configure OSPF on a Cisco router in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 21mediumdrag order
Read the full VPN explanation →

Drag and drop the steps to configure a site-to-site IPsec VPN on a Cisco router in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 22mediummatching
Full question →

Match each network device to its primary function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Forwards packets between different networks

Forwards frames within the same network

Controls traffic based on security policies

Manages access points centrally

Distributes traffic across multiple servers

Question 23mediummatching
Full question →

Match each Cisco switch security feature to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Limits MAC addresses on a port

Filters untrusted DHCP messages

Validates ARP packets

Prevents IP spoofing

Limits broadcast/multicast traffic

←

Previous objective

QoS Architecture

Next objective

Network Function Virtualization

→

All 350-401 Objectives

  • 100.Architecture15%
  • 101.Enterprise Network Design
  • 102.SD-Access Architecture
  • 103.SD-WAN Architecture
  • 104.QoS Architecture
  • 200.Virtualization10%
  • 201.Network Function Virtualization
  • 202.Virtual Machines and Hypervisors
  • 203.VRF and Path Isolation
  • 300.Infrastructure30%
  • 301.OSPF
  • 302.BGP
  • 303.EIGRP
  • 304.VLANs and Trunking
  • 305.Spanning Tree Protocol
  • 306.EtherChannel
  • 307.Wireless Infrastructure
  • 308.MPLS
  • 309.WAN Technologies
  • 310.NAT and DHCP
  • 311.IP Multicast
  • 312.QoS
  • 400.Network Assurance10%
  • 401.SNMP and Syslog
  • 402.NetFlow and Telemetry
  • 403.SPAN and RSPAN
  • 404.IP SLA
  • 500.Security20%
  • 501.AAA, RADIUS, and TACACS+
  • 502.ACLs and CoPP
  • 503.802.1X and TrustSec
  • 504.VPN Technologies
  • 505.Infrastructure Security
  • 600.Automation15%
  • 601.Python for Network Automation
  • 602.Ansible Automation
  • 603.REST APIs and Data Models
  • 604.Cisco DNA Center
  • 605.Model-Driven Telemetry