The Cisco Certified Network Professional (CCNP) certification guide (2024)

The Cisco Certified Network Professional (CCNP) certification proves your skill in developing and supporting enterprise networks. It shows you understand enterprise network design and maintenance principles and practices: 

  • Learn the technologies that support network switching and routing 
  • Discover security technologies and principles that safeguard enterprise networks 
  • Demonstrate to hiring managers that you have a practical understanding of network design on an enterprise level 

Key facts

  • CCNP certification salary: $102,000 
  • When CCNP was founded: 1998 
  • CCNP certification requirements: There are no formal requirements, but candidates typically have between three to five years of enterprise networking experience 

Start your journey to earning your Cisco Certified Network Professional certification with Infosec.

CCNP exam overview

The CCNP certification path requires two exams. First, you must pass the 350-401 ENCOR exam. You then must take a concentration exam and complete the necessary training. Your total CCNP certification cost will depend on the concentration you focus on. The Infosec CCNP Boot Camp provides training for the 300-410 ENARSI, which is the most requested test, but you have other preparation options for the other concentration choices. 

The 350-401 ENCOR exam covers in-depth enterprise networking design and implementation knowledge. The most recent version covers six domains: 

Domain 1: Architecture
  • Explain the different design principles used in an enterprise network 
  • Describe wireless network design principles 
  • Explain the working principles of the Cisco SD-WAN solution 
  • Explain the working principles of the Cisco SD-Access solution 
  • Interpret wired and wireless QoS configurations 
  • Describe hardware and software switching mechanisms such as CEF, CAM, TCAM, FIB, RIB and adjacency tables 
Domain 2: Virtualization
  • Describe device virtualization technologies 
  • Configure and verify data path virtualization technologies 
  • Describe network virtualization concepts 
Domain 3: Infrastructure
  • Layer 2 
  • Layer 3 
  • Wireless 
  • IP Services 
Domain 4: Network Assurance
  • Diagnose network problems using tools such as debugs, conditional debugs, traceroute, ping, SNMP and syslog 
  • Configure and verify Flexible NetFlow 
  • Configure and verify IPSLA
  • Describe Cisco DNA Center workflows to apply network configuration, monitoring, and management
  • Configure and verify NETCONF and RESTCONF 
Domain 5: Security
  • Configure and verify device access control 
  • Configure and verify infrastructure security features 
  • Describe REST API security 
  • Configure and verify wireless security features 
  • Describe the components of network security design 
Domain 6: Automation
  • Interpret basic Python components and scripts 
  • Construct valid JSON-encoded files 
  • Describe the high-level principles and benefits of a data modeling language, such as YANG 
  • Describe APIs for Cisco DNA Center and vManage 
  • Interpret REST API response codes and results in payload using Cisco DNA Center and RESTCONF 
  • Construct an EEM applet to automate configuration, troubleshooting, or data collection 
  • Compare agent vs. agentless orchestration tools, such as Chef, Puppet, Ansible and SaltStack 

The 300-410 ENARSI exam focuses on the technologies that power enterprise networks. The latest version has four domains: 

Domain 1: Layer 3 Technologies
  • Troubleshoot administrative distance (all routing protocols) 
  • Troubleshoot route map for any routing protocol (attributes, tagging, filtering) 
  • Troubleshoot loop prevention mechanisms (filtering, tagging, split horizon, route poisoning) 
  • Troubleshoot redistribution between any routing protocols or routing sources 
  • Troubleshoot manual and auto-summarization with any routing protocol 
  • Configure and verify policy-based routing 
  • Configure and verify VRF-Lite 
  • Describe Bidirectional Forwarding Detection 
  • Troubleshoot EIGRP (classic and named mode; VRF and global) 
Domain 2: VPN Technologies
  • Describe MPLS operations (LSR, LDP, label switching, LSP) 
  • Describe MPLS Layer 3 VPN 
  • Configure and verify DMVPN (single hub) 
Domain 3: Infrastructure Security
  • Troubleshoot device security using IOS AAA (TACACS+, RADIUS, local database) 
  • Troubleshoot router security features 
  • Troubleshoot control plane policing (CoPP) (Telnet, SSH, HTTP(S), SNMP, EIGRP, OSPF, BGP) 
  • Describe IPv6 First Hop security features (RA guard, DHCP guard, binding table, ND inspection/snooping, source guard) 
Domain 4: Infrastructure Services
  • Troubleshoot device management
  • Troubleshoot SNMP (v2c, v3)
  • Troubleshoot network problems using logging (local, syslog, debugs, conditional debugs, timestamps)
  • Troubleshoot IPv4 and IPv6 DHCP (DHCP client, IOS DHCP server, DHCP relay, DHCP options)
  • Troubleshoot network performance issues using IP SLA (jitter, tracking objects, delay, connectivity)
  • Troubleshoot NetFlow (v5, v9, flexible NetFlow)
  • Troubleshoot network problems using Cisco DNA Center assurance (connectivity, monitoring, device health, network health) 

CCNP exam details

CCNP covers network design and administration, including the technologies and principles that combine to make effective enterprise networks: 

Launch date:  1998 Last update: October 2023
Number of questions:

Varies depending on which concentration you opt for 

Type of questions: Multiple-choice and drag-and-drop
Length of test: 120 minutes Passing score: 825 out of 1000 points
Recommended experience: Three to five years working with enterprise networks Languages:


Validity duration:  Three years CPEs needed for renewal: Either 40 plus one professional level exam or 80, depending on your concentration and exam level, such as “Expert”
Exam costs:  Exam vouchers are offered with the CCNP Boot Camp Most requested test: 350-401 ENCOR

Additional CCNP exam resources

You have several options when preparing for your CCNP certification, ranging from study guides, books, practice questions and training courses. These all introduce you to the domains, technologies and kinds of questions you can expect on the exam. 

CCNP study guides and books 

CCNP books and study guides provide you with a combination of enterprise networking knowledge specific to the CCNP exam. You can use these to supplement your certificate courses. You can find some on Amazon, as well as Cisco’s website:   

  • CCNP Enterprise Certification Study Guide: Implementing and Operating Cisco Enterprise Network Core Technologies: Exam 350-401

  • CCNP Enterprise Core ENCOR 350-401 and Advanced Routing ENARSI 300-410 Official Cert Guide Library 1st Edition

  • CCNP and CCIE Enterprise Core ENCOR 350-401 Official Cert Guide 

CCNP practice questions and exams 

CCNP practice exams are included with Infosec CNNP training, but you can also find valuable practice questions in the following resources available on Amazon and elsewhere.

  • CCNP Enterprise Advanced Routing and Services (ENARSI 300-410) Exam Practice Questions & Dumps

  • Exam: 300-510: CCNP SPRI: Implementing Cisco Service Provider Advanced Routing Solutions

  • CCNP SCOR: Implementing and Operating Cisco Security Core Technologies Exam: 350-701

Other free CCNP training resources 

The general CCNP community provides training material, advice, and answers to questions about the certification: 

  • Forums, such as the one found on the Cisco Learning Network or Reddit can help you get ready for the exam. Community members post exam tips and answer specific questions about test topics.
  • YouTube is another powerful resource because it features many free videos that give you exam-specific knowledge and test-taking tips.
  • Podcasts like Cyber Work can help you learn about careers in networking and architecture.  

CCNP jobs and careers

Holding a Cisco Certified Network Professional certification can propel your enterprise networking career forward because it demonstrates that you’re familiar with the core technologies and principles that power modern, large networks. 

Common CCNP job titles 

A CCNP can open many career doors. Here are common job titles, although your title will vary depending on your organization and responsibilities. 


CCNP training

Obtaining your CCNP certification takes a lot of hard work and studying, and getting professional instruction can help all that hard work pay off. Paid training is also a great option for those looking to get certified quickly or those who want extra assistance mastering the concepts covered on the exam.

CCNP certification comparisons and alternatives

CCNP certification provides valuable knowledge and skills. However, it's important to understand how it compares to other certifications in the industry. Here are some comparisons and alternatives to consider. 


CCNA vs. CCNP is a common comparison; CCNP and CCNA (Cisco Certified Network Associate) cover similar topics, but CCNA is a lower, associate-level certification while CCNP is more advanced.  For more information on CCNA, visit the Infosec CCNA hub

CCNP vs. Security+

While CCNP covers security concepts, Security+ is a dedicated cybersecurity entry-level certification. Much of the networking knowledge that helps you earn your CCNP certification may also be helpful while getting your Security+.  For more information on Security+, from exam objectives to FAQs, visit the Infosec Security+ hub


CISSP is an advanced certification for experienced cybersecurity professionals with at least five years of experience. Unlike CCNP, its main focus is security, although both certifications involve networking knowledge. For more information on CISSP, from exam objectives to FAQs, visit the Infosec CISSP hub