🏗️ Enterprise Network Architecture - ENCOR Practice Questions

Study enterprise network design: hierarchical models (core, distribution, access), SD-WAN, SD-Access, Cisco DNA Center, and fabric architectures for campus and WAN.

11Questions Available
1Exam Domains

Practice Architecture Questions Now

Start a timed practice session focusing on Enterprise Network Architecture topics from the ENCOR question bank.

Start ENCOR Practice Quiz →

ENCOR Architecture Question Bank (11 Questions)

Browse all 11 practice questions covering Enterprise Network Architecture for the ENCOR certification exam. Each question includes the full answer and a detailed explanation to help you understand the concepts.

  1. Question 1Architecture

    What is the role of the Fabric Border Node in Cisco SD-Access?

    ATo provide wireless access
    BTo connect the SD-Access fabric to external networks (WAN, internet, data center) translating between VXLAN fabric and traditional routing
    CTo manage DNA Center
    DTo authenticate users
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    Fabric Border Node: gateway between SD-Access fabric and external domains. It translates VXLAN to traditional IP routing, handles VRF-to-VRF leaking, connects to WAN/internet/DC networks, and enforces macro-segmentation (inter-VN) policy at the fabric edge.

  2. Question 2Architecture

    In SD-Access, which overlay protocol encapsulates traffic across the fabric?

    AGRE
    BVXLAN
    CIPsec
    DMPLS
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    SD-Access uses VXLAN for data plane encapsulation across the fabric. LISP handles the control plane, and Cisco TrustSec provides policy (SGTs).

  3. Question 3Architecture

    What are the key components of a Cisco SD-Access fabric?

    AOnly switches and routers
    BFabric Control Plane Node (LISP map server), Fabric Border Node (external gateway), Fabric Edge Node (host-facing), and DNA Center (orchestrator)
    COnly DNA Center
    DOnly wireless controllers
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    SD-Access fabric components: Control Plane Node (LISP MS/MR — host tracking/mapping), Border Node (connects fabric to external networks, VRF handoff), Edge Node (host-facing, VXLAN encapsulation, SGT assignment), Intermediate Node (pure transport), and DNA Center (automated provisioning and policy).

  4. Question 4Architecture

    Which component acts as the control plane node in Cisco SD-Access?

    ACisco DNA Center
    BCisco ISE
    CLISP Map Server/Map Resolver
    DCisco vManage
    Show Answer & Explanation
    Correct Answer: C
    Explanation:

    LISP Map Server/Map Resolver serves as the control plane in SD-Access fabric. DNA Center is the management plane, ISE handles policy, and vManage is for SD-WAN.

  5. Question 5Architecture

    Which overlay technology does Cisco SD-Access use to encapsulate traffic within the fabric?

    AGRE (Generic Routing Encapsulation)
    BVXLAN (Virtual Extensible LAN)
    CIPsec
    DMPLS
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    Cisco SD-Access uses VXLAN as the data plane encapsulation in the fabric overlay. VXLAN provides Layer 2 and Layer 3 overlay services using a 24-bit VNI (VXLAN Network Identifier) that supports up to 16 million segments. LISP provides the control plane, and CTS (Cisco TrustSec) provides group-based policy enforcement via SGTs.

  6. Question 6Select All That ApplyArchitecture

    Which three planes make up the Cisco SD-Access architecture? (Choose three)

    AManagement plane (DNA Center)
    BControl plane (LISP)
    CData plane (VXLAN)
    DApplication plane (AppDynamics)
    Show Answer & Explanation
    Correct Answers: A, B, C
    Explanation:

    SD-Access has three planes: Management (DNA Center), Control (LISP MS/MR), and Data (VXLAN encapsulation). Policy uses Cisco ISE with TrustSec SGTs.

  7. Question 7Architecture

    In Cisco SD-Access, which component acts as the control plane node and maintains the mapping of endpoint identifiers (EIDs) to routing locators (RLOCs)?

    AEdge Node
    BBorder Node
    CControl Plane Node (Map Server/Map Resolver)
    DIntermediate Node
    Show Answer & Explanation
    Correct Answer: C
    Explanation:

    In SD-Access, the Control Plane Node runs LISP (Locator/ID Separation Protocol) as Map Server and Map Resolver, maintaining the EID-to-RLOC database. Edge Nodes are fabric access switches. Border Nodes connect the fabric to external networks. This separation of control and data planes is core to SD-Access architecture.

  8. Question 8Architecture

    In a campus network using a three-tier hierarchical model, which layer aggregates traffic from access layer switches and applies policy?

    AAccess layer
    BDistribution layer
    CCore layer
    DEdge layer
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    The distribution layer aggregates traffic from multiple access layer switches, applies routing policies, ACLs, QoS, and provides the boundary between Layer 2 (access) and Layer 3 (core) domains. The access layer connects endpoints. The core layer provides high-speed backbone transport between distribution blocks.

  9. Question 9Virtualization

    What is the role of LISP (Locator/ID Separation Protocol) in SD-Access?

    AA routing protocol replacement
    BLISP separates endpoint identity (EID) from location (RLOC), enabling endpoint mobility and mapping in the SD-Access fabric control plane
    CA VLAN management protocol
    DA wireless protocol
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    LISP in SD-Access: endpoint IPs (EIDs) are separated from their fabric location (RLOCs). The LISP Map Server/Map Resolver (on Control Plane Node) tracks which EID is at which RLOC. This enables: seamless mobility (EID stays same, RLOC changes), host tracking, and anycast gateway.

  10. Question 10Virtualization

    In SD-Access, what is the relationship between overlay and underlay networks?

    AThey are the same network
    BUnderlay provides physical IP connectivity (IS-IS routing); overlay runs on top using VXLAN tunnels to create virtual networks with LISP control plane
    COverlay replaces underlay
    DUnderlay uses VXLAN
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    Underlay: physical network providing IP reachability between VTEPs (SD-Access uses IS-IS for underlay routing). Overlay: virtual network using VXLAN encapsulation over the underlay — carries user traffic in isolated VNs. LISP provides the control plane (host tracking, mapping). DNA Center automates both layers.

  11. Question 11Architecture

    What is macro-segmentation vs micro-segmentation in SD-Access?

    AThey are the same
    BMacro-segmentation isolates Virtual Networks (VRFs) from each other; micro-segmentation uses SGTs to control access between groups within the same VN
    CMicro-segmentation uses VLANs
    DMacro-segmentation uses ACLs only
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    SD-Access segmentation: Macro = Virtual Networks (VNs) mapped to VRFs — complete L3 isolation between tenants (e.g., corporate vs IoT). Micro = SGTs within a VN — SGACL controls which groups can talk (e.g., allow employees to access printers, deny guests). Both enforced in the fabric without manual ACL management.

Key Architecture Concepts for ENCOR

architecturehierarchicalcoredistributionaccesssd-wansd-accessdna centerfabric

ENCOR Architecture Exam Tips

Enterprise Network Architecture questions in ENCOR are typically scenario-based. Focus on service-level decision making aligned to official exam objectives. Priority concepts: architecture, hierarchical, core, distribution, access, sd-wan.

What ENCOR Expects

  • Anchor your answer in select the most practical, secure, and scalable answer for the stated scenario.
  • Architecture scenarios for ENCOR are frequently mapped to Domain 1 (15%), so read the objective carefully before picking controls or architecture.
  • Expect multi-service scenarios where Architecture interacts with IAM, networking, storage, or observability patterns rather than appearing as an isolated service question.
  • When two options are both technically valid, prefer the choice that best aligns with the exam's operational scope (Professional) and managed-service best practices.

High-Value Architecture Concepts

  • Know the core Architecture building blocks cold: architecture, hierarchical, core, distribution.
  • Review the edge-case features and limits for access, sd-wan; these details are commonly used to differentiate answer choices.
  • Practice service-integration reasoning: how Architecture pairs with SD-WAN, Wireless, Automation in real deployment patterns.
  • For ENCOR, explain why the chosen Architecture design meets reliability, security, and cost expectations better than the alternatives.

Common ENCOR Traps

  • Watch for answers that partially solve the requirement but miss operational constraints.
  • Questions in Architecture often include distractors that look correct for Architecture but violate least-privilege, durability, or availability requirements.
  • Avoid picking options purely by feature name; validate data path, failure handling, and governance impact before answering.
  • If the prompt hints at automation or repeatability, eliminate manual-only operational answers first.

Fast Review Checklist

  • Can you compare at least two Architecture implementation paths and justify which one best fits the scenario?
  • Can you map the chosen answer back to Architecture (15%) outcomes for ENCOR?
  • Can you explain security and access boundaries for Architecture without relying on default-open assumptions?
  • Can you describe how Architecture integrates with SD-WAN and Wireless during failure, scaling, and monitoring events?

Exam Domains Covering Architecture

Domain 1Architecture15%

Related Resources

🎯 Free ENCOR Mock Exam📝 SD-WAN Questions📝 Wireless Questions📝 Automation Questions

More ENCOR Study Resources

← ENCOR Study Hub30-Day Study PlanFull Practice Exam