350-401 · topic practice

SD-Access Architecture practice questions

Practise ENCOR 350-401 SD-Access Architecture practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: SD-Access Architecture

What the exam tests

What to know about SD-Access Architecture

SD-Access Architecture questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common SD-Access Architecture exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

SD-Access Architecture questions

20 questions · select your answer, then reveal the explanation

Question 1hardmultiple choice
Study the full SD-Access breakdown →

A network engineer is deploying Cisco SD-Access in a large enterprise campus. The design requires that all user traffic be segmented by Virtual Network (VN) and that the fabric edge nodes perform SGT-based enforcement. The engineer notices that traffic between two endpoints in the same IP subnet but different VNs is being forwarded directly at the fabric edge without any SGT inspection. What is the most likely cause?

Question 2mediummultiple choice
Open the full VLAN trunking answer →

An enterprise is migrating from a traditional three-tier campus network to Cisco SD-Access. The network engineer has deployed a fabric with a single fabric edge node and a single control plane node. Users in VLAN 10 report that they cannot reach the default gateway, which is a virtual IP on the fabric edge. The fabric edge is configured with a VLAN 10 SVI and the anycast gateway feature is enabled. What is the most likely cause of the problem?

Question 3mediummultiple choice
Study the full SD-Access breakdown →

A network architect is designing an SD-Access fabric for a large enterprise campus. The design must support segmentation at Layer 2 and Layer 3 across the fabric, using a centralized control plane and policy enforcement. Which two protocols are essential for the SD-Access overlay to meet these requirements?

Question 4mediummultiple choice
Study the full SD-Access breakdown →

An architect is planning a Cisco SD-Access fabric deployment. The design must support host mobility across multiple fabric edge nodes while ensuring consistent policy enforcement. Which fabric component is responsible for tracking endpoint locations and mapping them to the fabric?

Question 5mediummultiple choice
Study the full SD-Access breakdown →

A company is deploying an SD-Access fabric with multiple sites connected via a WAN. The design must allow inter-site traffic to be forwarded without requiring a full mesh of VXLAN tunnels between all edge nodes. Which fabric role should be used to interconnect the sites?

Question 6mediummultiple choice
Study the full SD-Access breakdown →

An architect is designing an SD-Access fabric for a campus network that requires segmentation of guest, employee, and IoT traffic. The design must use Cisco TrustSec for policy enforcement. Which component is responsible for assigning the Security Group Tag (SGT) to endpoints upon authentication?

Question 7easymultiple choice
Study the full SD-Access breakdown →

A network team is designing the underlay for an SD-Access fabric. The design must use a routing protocol that supports fast convergence and is commonly recommended for the fabric underlay. Which routing protocol should be used?

Question 8mediummultiple choice
Read the full wireless explanation →

An architect is designing an SD-Access fabric for a campus with multiple buildings. The design must support wireless clients seamlessly roaming across fabric edge nodes. Which technology is used in the fabric to provide mobility for wireless endpoints?

Question 9hardmultiple choice
Study the full SD-Access breakdown →

A company is deploying an SD-Access fabric with a centralized policy model. The design must ensure that all traffic between virtual networks (VNs) is inspected by a firewall. Which fabric role should be used to enforce this inter-VN policy?

Question 10mediummultiple choice
Study the full SD-Access breakdown →

An architect is designing an SD-Access fabric for a campus that requires high availability. The design must ensure that if one fabric edge node fails, endpoints can be re-homed to another edge node without manual intervention. Which feature should be implemented?

Question 11easymultiple choice
Study the full SD-Access breakdown →

A network team is designing an SD-Access fabric for a large enterprise. The design must support automated provisioning and policy management. Which management platform is essential for deploying and managing the fabric?

Question 12mediummultiple choice
Open the full VLAN trunking answer →

Examine the following configuration snippet:

interface GigabitEthernet1/0/1
 switchport mode access
 switchport access vlan 100
 spanning-tree portfast
 spanning-tree bpduguard enable

What is the effect of this configuration?

Question 13mediummultiple choice
Study the full EIGRP explanation →

Consider the following configuration:

router eigrp 100
 network 10.0.0.0 0.255.255.255
 passive-interface default
 no passive-interface GigabitEthernet0/0

Which statement is true about this EIGRP configuration?

Question 14mediummultiple choice
Review the full OSPF breakdown →

Given this OSPF configuration:

router ospf 1

router-id 1.1.1.1

network 192.168.1.0 0.0.0.255 area 0
 network 10.0.0.0 0.255.255.255 area 1

default-information originate always

What is the effect of the 'default-information originate always' command?

Question 15mediummultiple choice
Open the full BGP breakdown →

Examine the following BGP configuration:

router bgp 65001

bgp log-neighbor-changes

neighbor 10.1.1.1 remote-as 65002
 neighbor 10.1.1.1 route-map SET_MED out

! route-map SET_MED permit 10 set metric 50

What is the purpose of this configuration?

Question 16mediummultiple choice
Open the full VLAN trunking answer →

Consider this VLAN configuration on a Cisco switch:

vlan 10

name Sales

vlan 20

name Engineering

interface GigabitEthernet0/1
 switchport mode trunk
 switchport trunk allowed vlan 10,20

What is missing if the switch needs to carry VLAN 30 traffic on this trunk?

Question 17mediummultiple choice
Study the full QoS explanation →

Given the following policy-map:

policy-map QOS_POLICY

class VOICE

priority percent 30

class VIDEO

bandwidth percent 20 queue-limit 100 packets

class class-default

fair-queue

What is the effect of the 'priority percent 30' command in the VOICE class?

Question 18easymultiple choice
Review the full OSPF breakdown →

What is the default OSPF hello interval on an Ethernet link?

Question 19easymultiple choice
Open the full BGP breakdown →

Which BGP attribute is preferred when it has the lowest value?

Question 20easymultiple choice
Study the full EIGRP explanation →

What is the maximum hop count for EIGRP?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused SD-Access Architecture sessions

Start a SD-Access Architecture only practice session

Every question in these sessions is drawn from the SD-Access Architecture domain — nothing else.

Related practice questions

Related 350-401 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the 350-401 exam test about SD-Access Architecture?
SD-Access Architecture questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just SD-Access Architecture questions in a focused session?
Yes — the session launcher on this page draws every question from the SD-Access Architecture domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other 350-401 topics?
Use the topic links above to move to related areas, or go back to the 350-401 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the 350-401 exam covers. They are not copied from any real exam or dump site.