These are the questions most candidates get wrong. They require connecting multiple concepts, reading tricky output, or knowing edge-case behaviour that isn't on most study cards. Practising them trains you to operate under uncertainty — a necessary skill on the real exam.
Start Scenario PracticeRefer to the exhibit. A network engineer is troubleshooting a routing issue. The route for 10.0.0.0/8 is learned via EIGRP with metric 2560512. Which change would most likely cause the metric to increase?
Explanation: The EIGRP metric is calculated using the formula: metric = (K1 * bandwidth + (K2 * bandwidth) / (256 - load) + K3 * delay) * 256, with default K values (K1=1, K3=1, others=0). Increasing the delay on the outgoing interface (GigabitEthernet0/0) directly increases the delay component in the composite metric, causing the overall metric to increase. Option D is correct because delay is a key variable in the EIGRP metric calculation.
Refer to the exhibit. R1 has two equal-cost OSPF E2 routes to 10.1.1.0/24 via two different next hops. However, when tracing to 10.1.1.1, all traffic uses the path through 10.0.1.2. What is the most likely reason?
Explanation: OSPF E2 routes do not include the internal cost to the ASBR; the cost shown in the routing table is the external metric only. When two E2 routes have the same external metric, Cisco IOS uses the interface cost as a tie-breaker to select the best next hop. In this scenario, the interface to 10.0.1.2 has a lower cost than the interface to 10.0.2.2, so all traffic is forwarded via 10.0.1.2.
Your company has deployed a Cisco Catalyst 9300 switch stack as the distribution layer for a campus network. The network uses VLANs 10 (data), 20 (voice), and 30 (management). The switch stack is configured with DHCP snooping, Dynamic ARP Inspection (DAI), and IP Source Guard (IPSG) on access ports. Recently, users in VLAN 10 report intermittent connectivity issues. You notice that some users receive duplicate IP addresses from the DHCP server. The DHCP server is connected to a trunk port on the switch stack. After reviewing logs, you see that DHCPACK messages are being dropped on the trunk port. The DHCP snooping binding table shows entries for legitimate clients, but also some entries with MAC addresses from a different vendor. Which action should you take to resolve the issue?
Explanation: The DHCP snooping feature treats all ports as untrusted by default, which means DHCP server messages (DHCPOFFER, DHCPACK, DHCPNAK) are dropped on untrusted ports. Since the DHCP server is connected to a trunk port and DHCPACK messages are being dropped, that trunk port must be explicitly configured as a trusted port for DHCP snooping using the 'ip dhcp snooping trust' interface command. This allows legitimate DHCP server responses to reach clients, resolving the duplicate IP address issue caused by clients not receiving their assigned addresses.
Which TWO statements are true about RESTCONF and NETCONF in a Cisco IOS XE environment? (Choose two.)
Explanation: Option A is correct because RESTCONF is designed to use standard HTTP methods (GET, POST, PUT, DELETE, PATCH) for CRUD operations on YANG-defined data, and it supports both JSON and XML encoding formats. This aligns with its goal of providing a simpler, web-friendly interface compared to NETCONF.
An organization is migrating from a traditional three-tier architecture to a leaf-spine fabric using VXLAN EVPN. The design requires that virtual machines can move between racks without IP address changes. Which technology must be enabled at the leaf switches to support this mobility?
Explanation: VXLAN with EVPN control plane (B) is correct because it provides a Layer 2 overlay network that extends VLANs across the leaf-spine fabric, enabling virtual machine mobility without IP address changes. EVPN uses BGP to distribute MAC and IP address information, allowing the leaf switches to learn and forward traffic to VMs regardless of their physical location, which is essential for seamless VM migration between racks.
+15 more scenario questions available
Practice all Hard Difficulty QuestionsThese are the questions most candidates get wrong. They require connecting multiple concepts, reading tricky output, or knowing edge-case behaviour that isn't on most study cards. Practising them trains you to operate under uncertainty — a necessary skill on the real exam. These appear throughout the 350-401 and require you to apply your knowledge, not just recall facts.
Cisco doesn't publish an exact breakdown, but scenario-based questions (especially exhibit and command-output formats) make up a significant portion of the 350-401. Practicing each scenario type ensures you're ready for any format.
Yes. Courseiva provides free 350-401 scenario practice across all official exam domains. The platform includes scenario-based questions, command-output interpretation, topic-based practice, mock exams, and readiness tracking — no account required.
Launch a full Hard Difficulty Questions session with instant scoring and detailed explanations.
Start Scenario Practice →