20+ practice questions focused on Virtualization — one of the most tested topics on the ENCOR 350-401 exam. Each question includes a detailed explanation so you learn why the right answer is correct.
Start Virtualization PracticeA network engineer is troubleshooting a Cisco IOS-XE router that hosts multiple virtual routing and forwarding (VRF) instances. Users in VRF-A report they cannot reach a server in VRF-B. The engineer verifies that both VRFs have the correct routes and that the router has a route leaking configuration using route-target import/export. However, connectivity still fails. What is the most likely cause?
Explanation: Option D is correct because route leaking between VRFs using route-target import/export requires both an export configuration on the source VRF and an import configuration on the destination VRF. If VRF-B lacks an import map (or the route-target import statement), it will not accept the routes exported from VRF-A, even if VRF-A has the correct export configuration. This is a common misconfiguration in MPLS L3VPN or VRF-lite route leaking scenarios.
A data center uses Cisco Nexus 9000 switches with VXLAN EVPN to provide network virtualization. The operations team notices that VLAN 100 (mapped to VNI 10100) is not reachable across the fabric, although other VLANs work fine. The NVE interface is up, and the EVPN address-family is configured. Which two actions should the engineer take to isolate the issue?
Explanation: Option C is correct because VXLAN EVPN requires consistent VLAN-to-VNI mapping across all VTEPs in the fabric. If VLAN 100 is mapped to VNI 10100 on some switches but not others, traffic for that VNI will not be forwarded correctly, as the mapping is used to associate local VLANs with the VXLAN segment. Option D is correct because the VNI must be explicitly enabled under the NVE interface to participate in VXLAN tunnel termination; without it, the VTEP will not encapsulate or decapsulate traffic for VNI 10100.
A network engineer is deploying a Cisco Catalyst 9300 switch as a virtual switch using StackWise Virtual. The switch will connect to two upstream routers for redundancy. What is the best practice for connecting the uplinks?
Explanation: Option A is correct because in a StackWise Virtual deployment, the two member switches operate as a single logical switch. Bundling the uplinks into an EtherChannel that spans both stack members provides both link redundancy and load balancing, and it ensures that if one member fails, traffic continues to flow through the remaining member without requiring routing protocol convergence or STP reconvergence.
A cloud provider uses Cisco ACI to automate provisioning of tenant networks. A new tenant requires a Layer 2 bridge domain that extends to an external Layer 2 network via a VPC. The engineer creates a bridge domain with the settings: Type: Regular, L2 Unknown Unicast: Flood, L3 Unknown Multicast Flood: Flood, and Multi-Destination Flooding: Flood. The VPC is configured as a virtual port channel. The tenant reports that broadcast traffic is not reaching the external network. What is the most likely cause?
Explanation: The correct answer is C because the bridge domain is configured to flood BUM (Broadcast, Unknown Unicast, and Multicast) traffic internally, but the L2Out (Layer 2 external connection) must also be explicitly configured to flood BUM traffic to the external network. Without this configuration on the L2Out, the ACI fabric will not forward broadcast or multicast frames across the VPC to the external Layer 2 network, even though the bridge domain itself permits flooding.
An enterprise uses VMware vSphere to host multiple virtual machines (VMs). The network team wants to implement a virtual firewall on the hypervisor to inspect traffic between VMs on the same ESXi host. Which technology should be used?
Explanation: Option B is correct because deploying a virtual firewall on a vSphere Distributed Switch (VDS) with a private VLAN (PVLAN) allows the firewall to inspect east-west traffic between VMs on the same ESXi host without sending traffic off the host. The VDS supports PVLANs to isolate VM traffic and redirect it to the virtual firewall for inspection, enabling granular security within the hypervisor.
+15 more Virtualization questions available
Practice all Virtualization questions1. Baseline your knowledge
Start with 10 questions to gauge your current understanding of Virtualization. This tells you whether you need a concept refresher or just practice.
2. Review every explanation
For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.
3. Focus on exam traps
Virtualization questions on the 350-401 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.
4. Reach 80% consistently
Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.
The exact number varies per candidate. Virtualization is tested as part of the ENCOR 350-401 blueprint. Practicing with targeted Virtualization questions ensures you can handle any format or difficulty that appears.
Yes. Courseiva provides free 350-401 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.
Difficulty is subjective, but Virtualization is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.
Launch a full Virtualization practice session with instant scoring and detailed explanations.
Start Virtualization Practice →