300-410 · topic practice

Policy-Based Routing (PBR) practice questions

Practise Cisco CCNP ENARSI 300-410 Policy-Based Routing (PBR) practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Policy-Based Routing (PBR)

What the exam tests

What to know about Policy-Based Routing (PBR)

Routing questions usually test route selection (administrative distance, metric), how static routes are configured and when they are preferred over dynamic routing.

Administrative distance comparing routing sources.

Static route configuration: next-hop vs exit interface.

Default route propagation and the gateway of last resort.

Recursive routing table lookups.

Watch out for

Common Policy-Based Routing (PBR) exam traps

  • Lower administrative distance wins when two routing sources have the same prefix.
  • A static route with an exit interface creates a directly-connected dependency.
  • The gateway of last resort is set by the default route, not automatically.
  • Metric is only compared within the same routing protocol.

Practice set

Policy-Based Routing (PBR) questions

20 questions · select your answer, then reveal the explanation

Question 1mediummultiple choice
Review the full routing breakdown →

A network engineer is troubleshooting a PBR configuration on a Cisco router. The engineer has configured a route map named 'PBR-MAP' with a match statement matching traffic from source IP 10.1.1.0/24 and a set statement to forward the traffic to next-hop 192.168.1.2. The engineer applies the route map to the incoming interface GigabitEthernet0/0 using 'ip policy route-map PBR-MAP'. However, traffic from 10.1.1.0/24 is still being forwarded using the routing table instead of the PBR next-hop. What is the most likely cause?

Question 2mediummultiple choice
Open the full VLAN trunking answer →

A network engineer is troubleshooting PBR on a Cisco router where traffic from VLAN 100 (192.168.10.0/24) should be forwarded to next-hop 10.10.10.2 via a route map named 'VLAN100-PBR'. The engineer has applied the route map to interface GigabitEthernet0/0.100 (subinterface) using 'ip policy route-map VLAN100-PBR'. The engineer verifies that the route map is correctly configured with 'match ip address 100' and 'set ip next-hop 10.10.10.2', and the access list 100 matches the source subnet. However, traffic from VLAN 100 is still forwarded using the routing table. What is the most likely cause?

Question 3hardmultiple choice
Study the full ACL explanation →

A network engineer is troubleshooting PBR on a Cisco router where traffic from source 10.1.2.0/24 should be forwarded to next-hop 192.168.1.2. The route map 'PBR-TEST' is configured with 'match ip address 101' and 'set ip next-hop 192.168.1.2'. The engineer applies the route map to interface GigabitEthernet0/0. The engineer notices that PBR works for most traffic, but traffic from a specific host (10.1.2.100) is not being policy-routed. The engineer checks the ACL 101 and confirms it includes 10.1.2.0/24. What is the most likely cause?

Question 4mediummultiple choice
Study the full ACL explanation →

A network engineer is troubleshooting PBR on a Cisco router where traffic from subnet 172.16.1.0/24 should be forwarded to next-hop 10.10.10.2. The route map 'PBR-172' is applied to interface GigabitEthernet0/0. The engineer notices that the PBR policy is not working at all. The engineer checks the route map configuration and sees 'match ip address 110' and 'set ip next-hop 10.10.10.2'. The engineer also checks the ACL 110 and confirms it matches 172.16.1.0/24. The engineer then checks the interface configuration and sees 'ip policy route-map PBR-172' applied. What should the engineer do next to isolate the issue?

Question 5mediummultiple choice
Review the full subnetting walkthrough →

A network engineer is troubleshooting PBR on a Cisco router where traffic from subnet 192.168.20.0/24 should be forwarded to next-hop 10.20.20.2. The route map 'PBR-20' is configured with 'match ip address 120' and 'set ip next-hop 10.20.20.2'. The engineer applies the route map to interface GigabitEthernet0/0. The engineer notices that PBR works for traffic from 192.168.20.0/24, but traffic from other subnets is also being forwarded to 10.20.20.2. What is the most likely cause?

Question 6hardmultiple choice
Study the full ACL explanation →

A network engineer is troubleshooting PBR on a Cisco router where traffic from subnet 10.10.10.0/24 should be forwarded to next-hop 192.168.100.2. The route map 'PBR-10' is configured with 'match ip address 130' and 'set ip next-hop 192.168.100.2'. The engineer applies the route map to interface GigabitEthernet0/0. The engineer notices that PBR is not working, and the router is dropping packets instead of forwarding them. The engineer checks the ACL 130 and confirms it matches 10.10.10.0/24. What is the most likely cause?

Question 7hardmultiple choice
Study the full ACL explanation →

A network engineer is troubleshooting PBR on a Cisco router where traffic from subnet 172.16.0.0/16 should be forwarded to next-hop 10.10.10.2. The route map 'PBR-172' is configured with 'match ip address 140' and 'set ip next-hop 10.10.10.2'. The engineer applies the route map to interface GigabitEthernet0/0. The engineer notices that PBR works for traffic from 172.16.1.0/24 but not for traffic from 172.16.2.0/24. The engineer checks the ACL 140 and confirms it includes the entire 172.16.0.0/16 subnet. What is the most likely cause?

Question 8mediummultiple choice
Study the full ACL explanation →

A network engineer is troubleshooting PBR on a Cisco router where traffic from subnet 10.1.1.0/24 should be forwarded to next-hop 192.168.1.2. The route map 'PBR-10' is configured with 'match ip address 150' and 'set ip next-hop 192.168.1.2'. The engineer applies the route map to interface GigabitEthernet0/0. The engineer notices that PBR is not working, and the router is using the routing table to forward traffic. The engineer checks the ACL 150 and confirms it matches 10.1.1.0/24. The engineer also checks the interface configuration and sees 'ip policy route-map PBR-10' applied. What is the most likely cause?

Question 9hardmultiple choice
Study the full ACL explanation →

A network engineer is troubleshooting PBR on a Cisco router where traffic from subnet 192.168.50.0/24 should be forwarded to next-hop 10.50.50.2. The route map 'PBR-50' is configured with 'match ip address 160' and 'set ip next-hop 10.50.50.2'. The engineer applies the route map to interface GigabitEthernet0/0. The engineer notices that PBR works for traffic from 192.168.50.0/24, but the router is also policy-routing traffic from other subnets that should not be affected. The engineer checks the ACL 160 and confirms it only matches 192.168.50.0/24. What is the most likely cause?

Question 10mediummultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show route-map

route-map PBR-ROUTE, permit, sequence 10 Match clauses:

ip address (access-lists): ACL-PBR

Set clauses:

ip next-hop 192.168.1.2

Policy routing matches: 0 packets, 0 bytes

route-map PBR-ROUTE, permit, sequence 20 Match clauses: Set clauses:

ip next-hop 192.168.2.2

Policy routing matches: 0 packets, 0 bytes

R1# show ip policy
Interface     Route-map

GigabitEthernet0/0 PBR-ROUTE

Based on this output, what is the most likely problem?

Question 11mediummultiple choice
Review the full routing breakdown →

A network engineer runs the following command on Router R1:

R1# show ip policy
Interface     Route-map

GigabitEthernet0/1 PBR-MAP

R1# show route-map PBR-MAP

route-map PBR-MAP, permit, sequence 10 Match clauses:

ip address (access-lists): 101

Set clauses:

ip next-hop verify-availability 10.1.1.2 10 track 1

Policy routing matches: 150 packets, 12000 bytes

R1# show track 1
Track 1
  IP SLA 1 reachability

Reachability is Down 1 change, last change 00:05:20 Latest operation return code: timeout

Tracked by:

ROUTE-MAP 0

Based on this output, what is the most likely outcome?

Question 12mediummultiple choice
Review the full OSPF breakdown →

A network engineer runs the following command on Router R1:

R1# show ip policy
Interface     Route-map

GigabitEthernet0/0 PBR-TEST

R1# show route-map PBR-TEST

route-map PBR-TEST, permit, sequence 10 Match clauses:

ip address (access-lists): 110

Set clauses:

ip next-hop 192.168.100.1

Policy routing matches: 0 packets, 0 bytes

R1# show access-lists 110

Extended IP access list 110

10 permit tcp 10.0.0.0 0.255.255.255 any eq 80
    
20 permit tcp 10.0.0.0 0.255.255.255 any eq 443

R1# show ip route 192.168.100.1

Routing entry for 192.168.100.1/32 Known via "ospf 1", distance 110, metric 20 Last update from 10.1.1.2 on GigabitEthernet0/1

Based on this output, what is the most likely reason for zero policy routing matches?

Question 13hardmultiple choice
Study the full QoS explanation →

A network engineer runs the following command on Router R1:

R1# show ip policy
Interface     Route-map

GigabitEthernet0/0 PBR-QOS

R1# show route-map PBR-QOS

route-map PBR-QOS, permit, sequence 10 Match clauses:

ip address (access-lists): 120

Set clauses:

ip next-hop 10.0.0.2

Policy routing matches: 500 packets, 45000 bytes

R1# show access-lists 120

Extended IP access list 120

10 permit ip 192.168.1.0 0.0.0.255 any

R1# debug ip policy

Policy routing debugging is on

*Mar  1 00:05:23.123: IP: s=192.168.1.100 (GigabitEthernet0/0), d=8.8.8.8, len 100, policy match
*Mar  1 00:05:23.123: IP: s=192.168.1.100 (GigabitEthernet0/0), d=8.8.8.8, len 100, policy rejected

Based on this output, what is the most likely problem?

Question 14mediummultiple choice
Review the full routing breakdown →

A network engineer runs the following command on Router R1:

R1# show ip policy
Interface     Route-map

GigabitEthernet0/0 PBR-VOICE

R1# show route-map PBR-VOICE

route-map PBR-VOICE, permit, sequence 10 Match clauses:

ip address (access-lists): 130

Set clauses:

ip next-hop 192.168.10.1

Policy routing matches: 0 packets, 0 bytes

R1# show access-lists 130

Extended IP access list 130

10 permit udp any any range 16384 32767

R1# show interfaces GigabitEthernet0/0

GigabitEthernet0/0 is up, line protocol is up Internet address is 10.1.1.1/24

R1# show ip route 192.168.10.1

% Network not in routing table

Based on this output, what is the most likely problem?

Question 15hardmultiple choice
Study the full EIGRP explanation →

A network engineer runs the following command on Router R1:

R1# show ip policy
Interface     Route-map

GigabitEthernet0/0 PBR-MULTI

R1# show route-map PBR-MULTI

route-map PBR-MULTI, permit, sequence 10 Match clauses:

ip address (access-lists): 140

Set clauses:

ip next-hop 10.0.0.2 10.0.0.3

Policy routing matches: 200 packets, 18000 bytes

R1# show ip route 10.0.0.2

Routing entry for 10.0.0.2/32 Known via "eigrp 1", distance 90, metric 28160 Last update from 192.168.1.2 on GigabitEthernet0/1

R1# show ip route 10.0.0.3

% Network not in routing table

Based on this output, what is the most likely behavior for packets matching ACL 140?

Question 16mediummultiple choice
Review the full OSPF breakdown →

A network engineer runs the following command on Router R1:

R1# show ip policy
Interface     Route-map

GigabitEthernet0/0 PBR-DEFAULT

R1# show route-map PBR-DEFAULT

route-map PBR-DEFAULT, permit, sequence 10 Match clauses:

ip address (access-lists): 150

Set clauses:

ip next-hop 10.0.0.2

Policy routing matches: 0 packets, 0 bytes

route-map PBR-DEFAULT, deny, sequence 20 Match clauses: Set clauses: Policy routing matches: 0 packets, 0 bytes

R1# show access-lists 150

Extended IP access list 150

10 permit ip 192.168.1.0 0.0.0.255 any

R1# show ip route 10.0.0.2

Routing entry for 10.0.0.2/32 Known via "ospf 1", distance 110, metric 20 Last update from 10.1.1.2 on GigabitEthernet0/1

Based on this output, what is the most likely problem?

Question 17mediummultiple choice
Read the full NAT/PAT explanation →

A network engineer runs the following command on Router R1:

R1# show ip policy
Interface     Route-map

GigabitEthernet0/0 PBR-SET

R1# show route-map PBR-SET

route-map PBR-SET, permit, sequence 10 Match clauses:

ip address (access-lists): 160

Set clauses:

ip next-hop 192.168.1.2
    ip tos 184

Policy routing matches: 300 packets, 24000 bytes

R1# show access-lists 160

Extended IP access list 160

10 permit ip 10.0.0.0 0.255.255.255 any

R1# show interfaces GigabitEthernet0/0

GigabitEthernet0/0 is up, line protocol is up Internet address is 10.0.0.1/24

Based on this output, a packet from source 10.0.0.5 to destination 8.8.8.8 arrives on GigabitEthernet0/0. What is the most likely behavior?

Question 18mediummultiple choice
Study the full EIGRP explanation →

A network engineer runs the following command on Router R1:

R1# show ip policy
Interface     Route-map

GigabitEthernet0/0 PBR-TRACK

R1# show route-map PBR-TRACK

route-map PBR-TRACK, permit, sequence 10 Match clauses:

ip address (access-lists): 170

Set clauses:

ip next-hop verify-availability 10.0.0.2 10 track 2

Policy routing matches: 100 packets, 8000 bytes

R1# show track 2
Track 2
  IP SLA 2 reachability

Reachability is Up 2 changes, last change 00:01:30 Latest operation return code: ok

Tracked by:

ROUTE-MAP 0

R1# show ip route 10.0.0.2

Routing entry for 10.0.0.2/32 Known via "eigrp 1", distance 90, metric 28160 Last update from 192.168.1.2 on GigabitEthernet0/1

Based on this output, what is the most likely behavior for packets matching ACL 170?

Question 19mediummultiple choice
Review the full routing breakdown →
Router R1 has the following configuration:

```

interface GigabitEthernet0/1
 ip address 10.1.1.1 255.255.255.0
 ip policy route-map PBR-OUT

! route-map PBR-OUT permit 10 match ip address 100 set ip next-hop 192.168.1.1 !

access-list 100 permit ip host 10.1.1.100 any

``` What is the effect of this configuration?

Question 20mediummultiple choice
Review the full routing breakdown →
Router R2 has the following configuration:

```

interface GigabitEthernet0/2
 ip address 10.2.2.2 255.255.255.0
 ip policy route-map CHECK

! route-map CHECK permit 10 match ip address 101 set interface GigabitEthernet0/3 !

access-list 101 permit tcp any any eq 80

``` What is the effect of this configuration?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Policy-Based Routing (PBR) sessions

Start a Policy-Based Routing (PBR) only practice session

Every question in these sessions is drawn from the Policy-Based Routing (PBR) domain — nothing else.

Related practice questions

Related 300-410 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the 300-410 exam test about Policy-Based Routing (PBR)?
Routing questions usually test route selection (administrative distance, metric), how static routes are configured and when they are preferred over dynamic routing.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Policy-Based Routing (PBR) questions in a focused session?
Yes — the session launcher on this page draws every question from the Policy-Based Routing (PBR) domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other 300-410 topics?
Use the topic links above to move to related areas, or go back to the 300-410 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the 300-410 exam covers. They are not copied from any real exam or dump site.