Cisco

CCNP Enterprise

Cisco Certified Network Professional Enterprise

Professional 350-401 ENCOR (core required) + one concentration exam Content Available

The definitive professional-level enterprise networking certification from Cisco.

Practice CCNP Enterprise Questions Study Notes Exam Topics
Exam Code
350-401 ENCOR (core required) + one concentration exam
Duration
120 min (core) / 90 min (concentration)
Questions
90–110
Passing Score
825 / 1000
Validity
3 years
Exam Cost
$400 USD (core) + $300 USD (concentration)
Overview

About CCNP Enterprise

The Cisco CCNP Enterprise certification validates advanced skills in enterprise networking across architecture, design, implementation, and troubleshooting. It requires passing the 350-401 ENCOR core exam plus one concentration exam of your choice, covering specialisations such as SD-WAN, advanced routing, wireless, automation, or design. CCNP Enterprise is the natural progression after CCNA and positions you for senior network engineer, infrastructure architect, and pre-sales roles. It bridges the gap between foundational networking skills and the expert-level CCIE credential. The certification covers a broad technology stack — from advanced routing protocols (OSPF, BGP, EIGRP) and enterprise switching to SD-WAN, wireless LAN design, network automation with Python and Ansible, and network security including 802.1X and TrustSec.

Prerequisites
CCNA certification (recommended) or equivalent knowledge Solid understanding of IPv4/IPv6 routing and switching fundamentals Familiarity with basic network security concepts Some hands-on experience with Cisco IOS/IOS-XE devices
Exam Domains

What you need to know

6 domains, 69 objectives. Click a domain to expand its topics.

🏗️
Architecture
Enterprise network design including campus hierarchical models, SD-WAN, WAN connectivity, and cloud integration.
15%
  • Explain the different design principles used in an enterprise network (two-tier, three-tier, fabric, small office)
  • Describe the Cisco SD-WAN solution, including WAN edge, vManage, vSmart, and vBond components
  • Compare traditional WAN vs SD-WAN including overlay/underlay concepts
  • {'Describe the working principles of the Cisco SD-WAN solution': 'control plane, data plane, orchestration plane'}
  • Explain Cisco SD-WAN deployment models (on-premises, cloud-hosted, hybrid)
  • Describe characteristics of spine-leaf and CLOS fabric architectures
  • Describe the components and concepts of cloud connectivity (IaaS, PaaS, SaaS, VPC, direct connect)
  • Explain the Cisco SD-Access solution including fabric roles, overlays, and underlay design
  • Describe network design considerations for high availability (redundancy, failover, load balancing)
  • Compare SOHO and branch office WAN connectivity options (MPLS, broadband, LTE, SD-WAN)
  • Describe the role of QoS policies in enterprise WAN architecture
☁️
Virtualization
Network virtualisation technologies including VRF, GRE, IPsec, LISP, and VXLAN.
10%
  • Describe device virtualisation technologies (Hypervisor type 1 and 2, VMs, containers)
  • Configure and verify VRF-Lite (IP VRF, route leaking)
  • Describe the purpose and use of GRE tunnels and their packet structure
  • Describe the concepts of LISP including EID, RLOC, map server, and map resolver
  • Describe VXLAN concepts including VNI, VTEP, and overlay/underlay relationships
  • Configure and verify generic GRE tunnel interfaces
  • Describe IPsec concepts (IKEv1, IKEv2, ESP, AH, transport vs tunnel mode)
  • Explain the use of Network Function Virtualisation (NFV) in enterprise deployments
  • Describe the role of overlay networks in SD-Access and SD-WAN
🔧
Infrastructure
Advanced routing (OSPF, EIGRP, BGP), switching (STP, EtherChannel, VLANs), IPv6, QoS, and wireless.
30%
  • Configure and verify EIGRP (neighbour relationships, metric, summarisation, authentication)
  • Configure and verify OSPF (single area, multi-area, LSA types, neighbour states, route filtering)
  • Describe BGP path selection attributes (weight, local preference, AS-path, MED, next-hop)
  • Configure and verify eBGP peering between directly connected neighbours
  • Configure and verify IPv6 routing (OSPFv3, EIGRP for IPv6, static IPv6 routes)
  • Configure and verify advanced switching (STP root election, port roles, port states)
  • Configure and verify Rapid PVST+ and understand MST concepts
  • Configure and verify EtherChannel (LACP active/passive, PAgP desirable/auto, static on)
  • Configure and verify 802.1Q trunking, VTP modes, and inter-VLAN routing
  • Describe QoS concepts (classification, marking, queuing, shaping, policing, DSCP values)
  • Configure and verify QoS policies (MQC, class-maps, policy-maps, service-policies)
  • Describe 802.11 wireless standards (a/b/g/n/ac/ax) and their characteristics
  • Configure and verify a WLC-based wireless deployment (WLANs, VLANs, security profiles)
  • Describe wireless roaming concepts (intra-controller, inter-controller, Layer 2 and Layer 3)
  • Explain RRM (Radio Resource Management) and its components (TPC, DCA)
  • Configure and verify FlexConnect AP mode and split tunnelling
  • Describe IS-IS basics and compare it with OSPF for use in service provider environments
📊
Network Assurance
Network monitoring, telemetry, SPAN, IP SLA, SNMP, Syslog, and Cisco DNA Center assurance.
10%
  • Configure and verify device monitoring using Syslog (severity levels, logging destinations)
  • Configure and verify SNMP v2c and v3 (community strings, OIDs, traps, informs)
  • Configure and verify IP SLA (ICMP echo, UDP jitter, HTTP operations, threshold tracking)
  • Configure and verify SPAN, RSPAN, and ERSPAN for traffic capture
  • Configure and verify Flexible NetFlow (flow records, flow exporters, flow monitors)
  • Describe Cisco DNA Center assurance and its role in network visibility
  • Describe the use of network telemetry (streaming telemetry, gNMI, gRPC)
  • Explain the use of Network Time Protocol (NTP) for accurate time synchronisation
  • Describe the use of EEM (Embedded Event Manager) for network automation and alerting
🔒
Security
ACLs, CoPP, zone-based firewall, 802.1X, MAB, WebAuth, AAA, TrustSec, and MACsec.
20%
  • Configure and verify extended and named IPv4/IPv6 ACLs
  • Configure and verify Control Plane Policing (CoPP) to protect the router control plane
  • Configure and verify zone-based firewall (ZBF) policies and zone pairs
  • Describe 802.1X authentication framework (supplicant, authenticator, authentication server)
  • Configure and verify 802.1X on Cisco switches
  • Configure and verify MAC Authentication Bypass (MAB)
  • Configure and verify WebAuth (local and centralised web authentication)
  • Describe AAA concepts (RADIUS, TACACS+) and their differences
  • Describe Cisco TrustSec (SGT tagging, SXP, inline propagation)
  • Describe MACsec (IEEE 802.1AE) encryption and its use cases in enterprise networks
  • Configure and verify DHCP snooping, Dynamic ARP Inspection (DAI), and IP Source Guard
  • Describe the purpose and operation of VPNs (site-to-site IPsec, DMVPN, remote access)
🤖
Automation
Python, Ansible, NETCONF/RESTCONF, REST APIs, JSON/YAML, and Cisco DNA Center APIs.
15%
  • Interpret Python scripts used for network automation (variables, loops, functions, libraries)
  • Describe the use of Python libraries for network automation (Netmiko, NAPALM, nornir)
  • Describe the use of Ansible for network device configuration and automation
  • Configure and verify NETCONF over SSH (capabilities, RPC operations, subtree filters)
  • Configure and verify RESTCONF (HTTP methods, URI structure, YANG models)
  • Describe REST API concepts (HTTP verbs, status codes, JSON/XML payloads, authentication)
  • Interpret JSON and YAML encoded data structures
  • Describe the Cisco DNA Center API for network inventory, topology, and command runner
  • Explain the use of YANG data models for structured network configuration
  • Describe the role of model-driven telemetry in modern network operations
  • Construct a simple Python script to retrieve device information via REST API
Resources

Study & Practice

Practice CCNP Enterprise Questions Official Cisco CCNP Enterprise Page 350-401 ENCOR Exam Topics (Cisco) Official Cisco Exam Tutorial Official Cisco Certification Tracking Book your Official Cisco Certification Exam