AdvancedExam Strategy 9 min read

How to Pass the CCNP ENCOR (350-401) Exam

Master the CCNP ENCOR exam with proven strategies and real CLI practice.

The Cisco CCNP ENCOR (350-401) exam is the core exam for the CCNP Enterprise certification. It covers a wide range of topics including Layer 2 and Layer 3 technologies, VPNs, wireless, automation, and security. With a passing score of 825 out of 1000 and 102 questions in 120 minutes, preparation requires both theoretical knowledge and hands-on CLI proficiency. This guide provides a step-by-step approach to mastering the exam, including real Cisco IOS commands, configuration snippets, and study tips from certified professionals.

1

Understand the Exam Blueprint and Domains

Start by reviewing the official Cisco exam blueprint. The ENCOR exam has six domains: Architecture (15%), Virtualization (10%), Infrastructure (30%), Network Assurance (10%), Security (20%), and Automation (15%). Focus on Infrastructure (OSPF, EIGRP, BGP, STP, VLANs) and Security (CoPP, ACLs, 802.1X). Use the Cisco Learning Network to download the latest exam topics.

Exam Blueprint
Exam domains and weight:
- Architecture: 15%
- Virtualization: 10%
- Infrastructure: 30%
- Network Assurance: 10%
- Security: 20%
- Automation: 15%

Print the blueprint and check off topics as you study. Spend extra time on Infrastructure and Security.

The blueprint is updated periodically. Always verify you have the latest version from Cisco.

2

Master OSPF Configuration and Troubleshooting

OSPF is a core topic. Practice configuring single-area and multi-area OSPF, including passive interfaces, authentication, and route summarization. Use real Cisco IOS commands in a lab environment (e.g., EVE-NG or Packet Tracer). Understand show commands like 'show ip ospf neighbor' and 'show ip route ospf'.

Cisco IOS
! Configure OSPF on a router
router ospf 1
 router-id 1.1.1.1
 network 10.0.0.0 0.255.255.255 area 0
 passive-interface GigabitEthernet0/1
 authentication message-digest
 area 0 authentication message-digest
!
! Verify OSPF neighbors
show ip ospf neighbor

! Output example:
Neighbor ID     Pri   State           Dead Time   Address         Interface
2.2.2.2           1   FULL/DR         00:00:35    10.0.12.2       GigabitEthernet0/0

Use 'debug ip ospf events' sparingly in a lab to understand OSPF adjacency formation.

Never enable OSPF debugging on a production router — it can spike CPU usage.

3

Configure EIGRP with Named Mode

EIGRP named mode is the modern way to configure EIGRP. Practice setting up EIGRP for IPv4 and IPv6, using named configurations, and verifying with 'show eigrp neighbors'. Understand metrics, feasible successors, and route summarization.

Cisco IOS
! Configure EIGRP named mode
router eigrp TEST
 address-family ipv4 unicast autonomous-system 100
  network 192.168.1.0 0.0.0.255
  network 10.0.0.0 0.255.255.255
  eigrp router-id 3.3.3.3
  metric weights 0 1 0 1 0 0
!
! Verify EIGRP neighbors
show eigrp neighbors

! Output example:
H   Address         Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                        (sec)         (ms)       Cnt Num
0   10.0.12.2       Gi0/0           13   00:12:34   12   200  0  45

Named mode is preferred in the exam. Practice converting classic EIGRP to named mode.

EIGRP is being phased out in some networks; focus on OSPF and BGP as primary IGP.

4

Implement BGP for Enterprise Connectivity

BGP is essential for CCNP. Configure eBGP between autonomous systems, set up iBGP with a route reflector, and manipulate path selection using AS-path prepending and MED. Use 'show bgp summary' and 'show bgp neighbors' for verification.

Cisco IOS
! Configure eBGP on router R1
router bgp 65001
 bgp router-id 1.1.1.1
 neighbor 10.0.12.2 remote-as 65002
 neighbor 10.0.12.2 password Cisco123
!
! Configure iBGP with route reflector
router bgp 65001
 neighbor 10.0.1.2 remote-as 65001
 neighbor 10.0.1.2 route-reflector-client
!
! Verify BGP summary
show bgp summary

! Output example:
BGP router identifier 1.1.1.1, local AS number 65001
Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.0.12.2       4        65002    1234    1235        5    0    0 00:34:12        3

Memorize BGP states (Idle, Connect, Active, OpenSent, OpenConfirm, Established) for troubleshooting questions.

BGP timers (keepalive 60, hold 180) are default. Changing them can cause instability.

5

Secure the Network with CoPP and ACLs

Security is 20% of the exam. Practice configuring Control Plane Policing (CoPP) to protect the router CPU, and extended ACLs to filter traffic. Understand 802.1X for port-based authentication and how to configure a RADIUS server.

Cisco IOS
! Configure CoPP
access-list 100 permit udp any any eq 123
access-list 100 deny ip any any
!
class-map match-all COPP-CLASS
 match access-group 100
!
policy-map COPP-POLICY
 class COPP-CLASS
  police 100000 15000 conform-action transmit exceed-action drop
!
control-plane
 service-policy input COPP-POLICY
!
! Configure extended ACL
ip access-list extended BLOCK_SSH
 deny tcp any host 192.168.1.1 eq 22
 permit ip any any
!
interface GigabitEthernet0/0
 ip access-group BLOCK_SSH in

Use 'show policy-map control-plane' to verify CoPP counters.

CoPP can lock you out if misconfigured. Always test in a lab first.

6

Automate with REST API and Python Scripts

Automation is 15% of the exam. Learn to interact with Cisco devices using RESTCONF and NETCONF. Write simple Python scripts using the requests library to retrieve interface statistics. Understand YANG models and how to use Postman for API calls.

Python / RESTCONF
#!/usr/bin/env python3
import requests
import json

url = "https://10.0.0.1/restconf/data/ietf-interfaces:interfaces"
headers = {
    "Accept": "application/yang-data+json",
    "Content-Type": "application/yang-data+json"
}
auth = ("admin", "password")

response = requests.get(url, headers=headers, auth=auth, verify=False)
print(json.dumps(response.json(), indent=2))

Use Cisco DevNet sandboxes for free API practice. They have pre-configured devices.

Disable SSL verification only in lab environments. In production, use proper certificates.

7

Practice with Realistic Mock Exams and Labs

Simulate the exam environment using Boson ExSim or Cisco's official practice exams. Aim for 85%+ on each domain. Use EVE-NG or GNS3 to build complex topologies with OSPF, BGP, and MPLS. Time yourself: 120 minutes for 102 questions means about 70 seconds per question.

Study Plan
Sample mock exam schedule:
- Week 1-2: Domain 1-2 (Architecture, Virtualization)
- Week 3-4: Domain 3 (Infrastructure)
- Week 5: Domain 4-5 (Assurance, Security)
- Week 6: Domain 6 (Automation)
- Week 7: Full-length mock exams
- Week 8: Review weak areas

Join the r/ccnp subreddit for free study groups and recent exam feedback.

Avoid brain dumps — Cisco actively tracks and bans candidates using them.

Key tips

  • Use the Cisco Learning Network's free study groups and webinars — they often cover tricky exam topics.

  • Lab every protocol at least three times: once following a guide, once from memory, and once troubleshooting a broken config.

  • Focus on understanding 'show' commands and their output — many exam questions are based on interpreting CLI output.

  • For automation, practice with DevNet sandboxes daily for at least 30 minutes. RESTCONF and NETCONF are heavily tested.

  • Create a cheat sheet of key commands (e.g., 'show ip ospf neighbor', 'show bgp summary') and review it during your commute.

  • Take the exam within 2-3 months of starting study to keep information fresh. Longer gaps lead to forgetting details.

Frequently asked questions

What is the passing score for the CCNP ENCOR 350-401 exam?

The passing score is 825 out of 1000. The exam has 102 questions (mostly multiple-choice, some drag-and-drop and simlets) and you have 120 minutes. Cisco does not publish the exact number of questions per domain, but the blueprint weights are reliable.

Do I need to pass the CCNA before attempting CCNP ENCOR?

No, Cisco removed the formal prerequisite. However, CCNA-level knowledge (VLANs, STP, basic routing) is assumed. Most candidates find it very difficult without CCNA or equivalent experience. It's recommended to have at least 3-5 years of networking experience.

What lab equipment do I need for CCNP ENCOR?

You don't need physical routers. Use EVE-NG (free community edition) or Cisco Packet Tracer for basic labs. For advanced features like BGP and MPLS, EVE-NG with Cisco IOSv images is best. You can also use Cisco DevNet sandboxes for automation practice.

How long should I study for the ENCOR exam?

Most successful candidates study 8-12 weeks, dedicating 10-15 hours per week. This includes reading official guides (OCG), watching video courses (e.g., INE or CBT Nuggets), and labbing daily. Full-time students may complete it in 6 weeks.

Are there any free resources for CCNP ENCOR preparation?

Yes. Cisco Learning Network offers free study groups, webinars, and a community forum. YouTube channels like Keith Barker and David Bombal have free labs. Also, check the r/ccnp subreddit for shared notes and practice questions.

Related glossary terms

Browse full glossary →

Practice with real exam questions

Apply what you just learned with exam-style practice questions.

Related guides