CCNP
Exam Description: Implementing Cisco Enterprise Network Core Technologies v1.0 (ENCOR 350-401) is a 120-minute exam associated with the CCNP and CCIE Enterprise Certifications. This exam tests a candidate's knowledge of implementing core enterprise network technologies including dual stack (IPv4 and IPv6) architecture, virtualization, infrastructure, network assurance, security and automation. The course, Implementing Cisco Enterprise Network Core Technologies, helps candidates to prepare for this exam.
Course Details
Implementing Cisco Enterprise Network Core Technologies v1.0 (350-401)
The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. To better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.
15% 1.0 Architecture
1.1 Explain the different design principles used in an enterprise network
1.1.a Enterprise network design such as Tier 2, Tier 3, and Fabric Capacity planning
1.1.b High availability techniques such as redundancy, FHRP, and SSO
1.2 Analyze design principles of a WLAN deployment
1.2.a Wireless deployment models (centralized, distributed, controller-less, controller based, cloud, remote branch)
1.2.b Location services in a WLAN design
1.3 Differentiate between on-premises and cloud infrastructure deployments
1.4 Explain the working principles of the Cisco SD-WAN solution
1.4.a SD-WAN control and data planes elements
1.4.b Traditional WAN and SD-WAN solutions
1.5 Explain the working principles of the Cisco SD-Access solution
1.5.a SD-Access control and data planes elements
1.5.b Traditional campus interoperating with SD-Access
1.6 Describe concepts of wired and wireless QoS
1.6.a QoS components
1.6.b QoS policy
1.7 Differentiate hardware and software switching mechanisms
1.7.a Process and CEF
1.7.b MAC address table and TCAM
1.7.c FIB vs. RIB
Page 2
2019 Cisco Systems, Inc. This document is Cisco Public.
10% 2.0 Virtualization
2.1 Describe device virtualization technologies
2.1.a Hypervisor type 1 and 2
2.1.b Virtual machine
2.1.c Virtual switching
2.2 Configure and verify data path virtualization technologies
2.2.a VRF
2.2.b GRE and IPsec tunneling
2.3 Describe network virtualization concepts
2.3.a LISP
2.3.b VXLAN
30% 3.0 Infrastructure
3.1 Layer 2
3.1.a Troubleshoot static and dynamic 802.1q trunking protocols
3.1.b Troubleshoot static and dynamic EtherChannels
3.1.c Configure and verify common Spanning Tree Protocols (RSTP and MST)
3.2 Layer 3
3.2.a Compare routing concepts of EIGRP and OSPF (advanced distance vector vs.
linked state, load balancing, path selection, path operations, metrics)
3.2.b Configure and verify simple OSPF environments, including multiple normal
areas, summarization, and filtering (neighbor adjacency, point-to-point and
broadcast network types, and passive interface)
3.2.c Configure and verify eBGP between directly connected neighbors (best path
selection algorithm and neighbor relationships)
Page 3
3.3 Wireless
3.3.a Describe Layer 1 concepts, such as RF power, RSSI, SNR, interference noise,
band and channels, and wireless client devices capabilities
3.3.b Describe AP modes and antenna types
3.3.c Describe access point discovery and join process (discovery algorithms, WLC
selection process)
3.3.d Describe the main principles and use cases for Layer 2 and Layer 3 roaming
3.3.e Troubleshoot WLAN configuration and wireless client connectivity issues
3.4 IP Services
3.4.a Describe Network Time Protocol (NTP)
3.4.b Configure and verify NAT/PAT
3.4.c Configure first hop redundancy protocols, such as HSRP and VRRP
3.4.d Describe multicast protocols, such as PIM and IGMP v2/v3
10% 4.0 Network Assurance
4.1 Diagnose network problems using tools such as debugs, conditional debugs, trace route,
ping, SNMP, and syslog
4.2 Configure and verify device monitoring using syslog for remote logging
2019 Cisco Systems, Inc. This document is Cisco Public.
4.3
Configure and verify NetFlow and Flexible NetFlow
4.4
Configure and verify SPAN/RSPAN/ERSPAN
4.5
Configure and verify IPSLA
4.6
Describe Cisco DNA Center workflows to apply network configuration, monitoring, and management
4.7
Configure and verify NETCONF and RESTCONF
20%
5.0
Security
5.1
Configure and verify device access control
5.1.a Lines and password protection
5.1.b Authentication and authorization using AAA
Page 4
5.2
Configure and verify infrastructure security features
5.2.a ACLs
5.2.b CoPP
5.3
Describe REST API security
5.4
Configure and verify wireless security features
5.4.a EAP
5.4.b WebAuth
5.4.c PSK
5.5
Describe the components of network security design
5.5.a Threat defense
5.5.b Endpoint security
5.5.c Next-generation firewall
5.5.d TrustSec, MACsec
5.5.e Network access control with 802.1X, MAB, and WebAuth
15%
6.0
Automation
6.1
Interpret basic Python components and scripts
6.2
Construct valid JSON encoded file
6.3
Describe the high-level principles and benefits of a data modeling language, such as YANG
6.4
Describe APIs for Cisco DNA Center and vManage
6.5
Interpret REST API response codes and results in payload using Cisco DNA Center and RESTCONF
6.6
Construct EEM applet to automate configuration, troubleshooting, or data collection
6.7
Compare agent vs. agentless orchestration tools, such as Chef, Puppet, Ansible, and
SaltStack
2019 Cisco Systems, Inc. This document is Cisco Public.
Page 5
Implementing Cisco Enterprise Advanced Routing and Services v1.0 (300-410)
Exam Description: Implementing Cisco Enterprise Advanced Routing and Services v1.0 (ENARSI 300-410) is a 90-minute exam associated with the CCNP Enterprise Certification. This exam certifies a candidate's knowledge for implementation and troubleshooting of advanced routing technologies and services including Layer 3, VPN services, infrastructure security, infrastructure services, and infrastructure automation. The course, Implementing Cisco Enterprise Advanced Routing and Services, helps candidates to prepare for this exam.
The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. To better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.
35% 1.0 Layer 3 Technologies
1.1 Troubleshoot administrative distance (all routing protocols)
1.2 Troubleshoot route map for any routing protocol (attributes, tagging, filtering)
1.3 Troubleshoot loop prevention mechanisms (filtering, tagging, split horizon, route poisoning)
1.4 Troubleshoot redistribution between any routing protocols or routing sources
1.5 Troubleshoot manual and auto-summarization with any routing protocol
1.6 Configure and verify policy-based routing
1.7 Configure and verify VRF-Lite
1.8 Describe Bidirectional Forwarding Detection
1.9 Troubleshoot EIGRP (classic and named mode)
1.9.a Address families (IPv4, IPv6)
1.9.b Neighbor relationship and authentication
1.9.c Loop-free path selections (RD, FD, FC, successor, feasible successor, stuck in active)
1.9.d Stubs
1.9.e Load balancing (equal and unequal cost)
1.9.f Metrics
1.10 Troubleshoot OSPF (v2/v3)
1.10.a Address families (IPv4, IPv6)
1.10.b Neighbor relationship and authentication
1.10.c Network types, area types, and router types
1.10.c (i) Point-to-point, multipoint, broadcast, nonbroadcast
1.10.c (ii) Area type: backbone, normal, transit, stub, NSSA, totally stub
1.10.c (iii) Internal router, backbone router, ABR, ASBR
1.10.c (iv) Virtual link
1.10.d Path preference
Page 6
1.11 Troubleshoot BGP (Internal and External)
2019 Cisco Systems, Inc. This document is Cisco Public. Page 1
1.11.a Address families (IPv4, IPv6)
1.11.b Neighbor relationship and authentication (next-hop, mulithop, 4-byte AS, private AS, route refresh, synchronization, operation, peer group, states and timers)
1.11.c Path preference (attributes and best-path)
1.11.d Route reflector (excluding multiple route reflectors, confederations, dynamic peer)
1.11.e Policies (inbound/outbound filtering, path manipulation)
20%
2.0
VPN Technologies
2.1
Describe MPLS operations (LSR, LDP, label switching, LSP)
2.2
Describe MPLS Layer 3 VPN
2.3
Configure and verify DMVPN (single hub)
2.3.a GRE/mGRE
2.3.b NHRP
2.3.c IPsec
2.3.d Dynamic neighbor
2.3.e Spoke-to-spoke
20%
3.0
Infrastructure Security
3.1
Troubleshoot device security using IOS AAA (TACACS+, RADIUS, local database)
3.2
Troubleshoot router security features
3.2.a IPv4 access control lists (standard, extended, time-based)
3.2.b IPv6 traffic filter
3.2.c Unicast reverse path forwarding (uRPF)
3.3
Troubleshoot control plane policing (CoPP) (Telnet, SSH, HTTP(S), SNMP, EIGRP, OSPF, BGP)
3.4
Describe IPv6 First Hop security features (RA guard, DHCP guard, binding table, ND inspection/snooping, source guard)
25%
4.0
Infrastructure Services
4.1
Troubleshoot device management
4.1.a Console and VTY
4.1.b Telnet, HTTP, HTTPS, SSH, SCP
4.1.c (T)FTP
4.2
Troubleshoot SNMP (v2c, v3)
4.3
T