Cisco Certifications

CCNP Enterprise
Blueprint Revisions

Products and technologies are evolving faster than ever before. To keep up with the fast pace, we are
introducing a new agile process that will allow us to align our exams faster with these changes: minor
revisions. Minor revisions will provide us with the agility and speed that are necessary to adjust our
programs to match industry changes and the evolution of technologies. Minor revisions will allow us to
update track details (exam blueprint, equipment list, and software) more frequently while keeping overall
changes to a minimum (up to 20%). These revisions allow us to ensure our content stays relevant, and
they minimize learning curves between revisions.

The main objective of a minor revision is to:

• Further scope out the exam blueprint by ensuring exam objectives are clear.
• Introduce new blueprint tasks to ensure exams stay relevant.
• Phase out old(er) products and/or technology solutions that are less relevant today.
• Update equipment and/or software.

Visit www.cisco.com/go/certroadmap to review the holistic roadmap across all Cisco Certifications.

The CCNP Enterprise exam portfolio is going through a minor revision. Although the overall domains
within the exam blueprints have not changed, with this minor revision, we added and removed
technology solutions to ensure exam relevancy.

Refer to https://learningnetwork.cisco.com for the list of exam topics covered in the updated CCNP
Enterprise exams portfolio and for more information about the CCNP Enterprise certification program.

Cisco and Cisco logo are trademarks or registered of Cisco and/or its affiliates in the U.S. and other countries.
To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks.
Cisco © and/or its affiliates. All rights reserved. 1
 Cisco Certifications

CCNP Enterprise
CCNP Enterprise – Executive Summary

The new minor revision for CCNP Enterprise allows us to keep the domain closely aligned with today’s
commonly adopted Cisco Enterprise technologies and solutions. To modernize the blueprint, relevant
technologies that enterprise engineers regularly use in the field were added, and outdated topics were
removed.

Below is a comprehensive summary of the Enterprise exam portfolio.

Exam Name Acronym Exam Number Review

Implementing and Operating Cisco Enterprise Core Technologies ENCOR 350-401 Updated to v1.1
Implementing Cisco Enterprise Advanced Routing and Services ENARSI 300-410 Updated to v1.1
Implementing Cisco SD-WAN Solutions ENSDW 300-415 Updated to v1.2
Designing Cisco Enterprise Networks ENSLD 300-420 Updated to v1.1
Designing Cisco Enterprise Wireless Networks ENWLSD 300-425 Updated to v1.1
Implementing Cisco Enterprise Wireless Networks ENWLSI 300-430 Updated to v1.1
Automating and Programming Cisco Enterprise Solutions ENAUTO 300-435 Updated to v1.1
Designing and Implementing Cloud Connectivity ENCC 300-440 NEW exam v1.0

A detailed review of each exam follows below.

Cisco and Cisco logo are trademarks or registered of Cisco and/or its affiliates in the U.S. and other countries.
To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks.
Cisco © and/or its affiliates. All rights reserved. 2
 Cisco Certifications

CCNP Enterprise
Implementing Cisco Enterprise Network Core Technologies v1.1
350-401 ENCOR
Compared to v1.0, the five domains (Architecture, Virtualization, Infrastructure, Network Assurance,
Security, and Automation) remain identical. The wireless technologies that were added to the blueprint
are wireless segmentation and client density, 802.1X, and EAPOL. The additional technologies that were
added are adjacency tables, policy-based routing, RPF check, spanning tree enhancements, PTP, and
cloud network design. EAP, Syslog configuration, and standard Netflow were removed from the blueprint.

350-401 Implementing Cisco Enterprise Network Core Technologies

v1.0 v1.1
1.1a Enterprise network design such as 2-tier, 3-tier, and 1.1a High-level enterprise network design such as 2-tier, 3-
fabric capacity planning tier, fabric, and cloud

1.2 Analyze design principles of a WLAN deployment 1.2 Describe wireless network design principles
1.2.c Client density

1.3 Differentiate between on-premises and cloud 1.3 Task removed

infrastructure deployments

1.4 Explain the working principles of the Cisco SD-WAN 1.3 Explain the working principles of the Cisco SD-WAN
solution solution
1.4.b Traditional WAN and SD-WAN solutions 1.3.b Benefits and limitations of SD-WAN solutions

1.6 Describe concepts of wired and wireless QoS 1.5 Interpret wired and wireless QoS configurations

1.7 Differentiate hardware and software switching 1.6 Describe hardware and software switching mechanisms
mechanisms such as CEF, CAM, TCAM, FIB, RIB, and adjacency tables

3.1.c Configure and verify common Spanning Tree Protocols 3.1.c Configure and verify common Spanning Tree Protocols
(RSTP and MST) (RSTP, MST) and Spanning Tree enhancements such as
root guard and BPDU guard

3.2.a Compare routing concepts of EIGRP and OSPF (advanced 3.2.a Compare routing concepts of EIGRP and OSPF (advanced
distance vector vs. link state, load balancing, path distance vector vs. link state, load balancing, path
selection, path operations, metrics) selection, path operations, metrics, and area types)

3.2.d Describe policy-based routing

3.3.e Troubleshoot WLAN configuration and wireless client 3.3.e Troubleshoot WLAN configuration and wireless client
connectivity issues connectivity issues using GUI only

3.3.f Describe wireless segmentation with groups, profiles,

and tags

Cisco and Cisco logo are trademarks or registered of Cisco and/or its affiliates in the U.S. and other countries.
To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks.
Cisco © and/or its affiliates. All rights reserved. 3
 Cisco Certifications

CCNP Enterprise
3.4.a Describe Network Time Protocol (NTP) 3.4.a Interpret network time protocol configurations such as
NTP and PTP

3.4.d Describe multicast protocols, such as PIM and IGMP 3.4.d Describe multicast protocols, such as RPF check, PIM and
v2/v3 IGMP v2/v3

4.2 Configure and verify device monitoring using syslog for 4.2 Task removed
remote logging

4.3 Configure and verify NetFlow and Flexible NetFlow 4.3 Configure and verify Flexible Netflow

5.1.a Lines and password protection 5.1.a Lines and local user authentication

5.4 Configure and verify wireless security features 5.4 Configure and verify wireless security features
5.4.a EAP 5.4.a 802.1X
5.4.d EAPOL (4-way handshake)

Cisco and Cisco logo are trademarks or registered of Cisco and/or its affiliates in the U.S. and other countries.
To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks.
Cisco © and/or its affiliates. All rights reserved. 4
 Cisco Certifications

CCNP Enterprise
Implementing Cisco Enterprise Advanced Routing and Services v1.1
300-410 ENARSI
Compared to v1.0, all 4 domains (Layer 3, VPN, Infrastructure Security, and Infrastructure Services)
remain identical. The technologies that were added to EIGRP are VRF and global routing modes. VRF-Lite
and unicast routing were added to BGP.

300-410 Implementing Cisco Enterprise Advanced Routing and Services

v1.0 v1.1
1.9 Troubleshoot EIGRP (classic and named mode) 1.9 Troubleshoot EIGRP (classic and named mode; VRF and
global)
1.9.a Address families (IPv4, IPv6) 1.9.a Address families (IPv4, IPv6)
1.9.b Neighbor relationship and authentication 1.9.b Neighbor relationship and authentication
1.9.c Loop-free path selections (RD, FD, FC, successor, 1.9.c Loop-free path selections (RD, FD, FC, successor,
feasible successor, stuck in active) feasible successor, stuck in active)
1.9.d Stubs 1.9.d Stubs
1.9.e Load balancing (equal and unequal cost) 1.9.e Load balancing (equal and unequal cost)
1.9.f Metrics 1.9.f Metrics

1.11 Troubleshoot BGP (Internal and External)
1.11.a Address families (IPv4, IPv6)
1.11.b Neighbor relationship and authentication (next-
hop, mulithop, 4-byte AS, private AS, route
refresh, synchronization, operation, peer group,
states and timers)
1.11.c Path preference (attributes and best-path)
1.11.d Route reflector (excluding multiple route
reflectors, confederations, dynamic peer)
1.11.e Policies (inbound/outbound filtering, path
manipulation)
1.11 Troubleshoot BGP (Internal and External; unicast and
VRF-Lite)
1.11.a Address families (IPv4, IPv6)
1.11.b Neighbor relationship and authentication (next-
hop, mulithop, 4-byte AS, private AS, route
refresh, synchronization, operation, peer group,
states and timers)
1.11.c Path preference (attributes and best-path)
1.11.d Route reflector (excluding multiple route
reflectors, confederations, dynamic peer)
1.11.e Policies (inbound/outbound filtering, path
manipulation)

Cisco and Cisco logo are trademarks or registered of Cisco and/or its affiliates in the U.S. and other countries.
To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks.
Cisco © and/or its affiliates. All rights reserved. 5
 Cisco Certifications

CCNP Enterprise
Implementing Cisco SD-WAN Solutions v1.2
300-415 ENSDWI
Compared to v1.1, all domains (Architecture, Controller Deployment, Router Deployment, Policies,
Security and Quality of Service, and Management and Operations) remain identical. The technologies
that were added to the blueprint are multi-region fabric, multicloud, public and private hosting
platforms, configuration groups, feature policies and workflows, TrustSec, and App-QoE.

350-415 Implementing Cisco SD-WAN Solutions

v1.1 v1.2
1.1 Describe Cisco SD-WAN architecture and components 1.1 Describe Cisco SD-WAN architecture and components
1.1.a Orchestration plane (vBond, NAT) 1.1.a Orchestration plane (vBond, NAT)
1.1.b. Management plane (vManage) 1.1.b Management plane (vManage)
1.1.c. Control plane (vSmart, OMP) 1.1.c Control plane (vSmart, OMP)
1.1.d. Data plane (WAN Edge) 1.1.c (i) TLOC
1.1.d (i) TLOC 1.1.c (ii) vRoute
1.1.d (ii) IPsec and GRE 1.1.d Data plane (WAN Edge)
1.1.d (iii) vRoute 1.1.d (i) IPsec and GRE
1.1.d (iv) BFD 1.1.d (ii) BFD
1.1.e Multi-Region Fabric

1.3 Describe Cisco SD-WAN Cloud OnRamp 1.3 Describe Cisco SD-WAN Cloud OnRamp
1.3.a SaaS 1.3.a SaaS
1.3.b IaaS 1.3.b. IaaS
1.3.c Colocation 1.3.c Colocation
1.3.d Multicloud (Cloud and Interconnect)

2.2 Describe controller on-premises deployment 2.2 Describe controller on-premises deployment
2.2.a Hosting platform (KVM and Hypervisor) 2.2.a Hosting platforms (Public and Private)
2.2.b Installing controllers 2.2.b. Installing controllers
2.2.c Scalability and redundancy 2.2.c. Scalability and redundancy

2.4 Troubleshoot control plane connectivity between 2.4 Troubleshoot control plane connectivity
Controllers

3.1 Describe WAN Edge deployment 3.1 Describe WAN Edge deployment
3.1.a On-boarding 3.1.a On-boarding (ZTP and Bootstrap)
3.1.b Orchestration with zero-touch provisioning 3.1.b Data center and regional hub deployments
and plug-and-play
3.1.c Data center and regional hub deployments

3.7 Describe configuration groups, feature profiles, and

Workflows

Cisco and Cisco logo are trademarks or registered of Cisco and/or its affiliates in the U.S. and other countries.
To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks.
Cisco © and/or its affiliates. All rights reserved. 6
 Cisco Certifications

CCNP Enterprise
5.2 Describe Cisco SD-WAN security features 5.2 Describe Cisco SD-WAN security features
5.2.a. Application-aware enterprise firewall 5.2.a Application-aware enterprise firewall
5.2.b IPS 5.2.b IPS
5.2.c URL filtering 5.2.c URL filtering
5.2.d AMP 5.2.d AMP
5.2.e SSL and TLS proxy 5.2.e SSL and TLS proxy
5.2.f TrustSec

5.5 Describe Application Quality of Experience (App-QoE)

5.5.a TCP optimization
5.5.b. Data Redundancy elimination (DRE)
5.5.c. Packet duplication
5.5.d. Forward error correction (FEC)
5.5.e. AppNav

Cisco and Cisco logo are trademarks or registered of Cisco and/or its affiliates in the U.S. and other countries.
To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks.
Cisco © and/or its affiliates. All rights reserved. 7
 Cisco Certifications

CCNP Enterprise
Designing Cisco Enterprise Networks v1.1
300-420 ENSLD

Compared to v1.0, all domains (Routing Solutions, Campus Networks, WAN, Network Services, and
Automation) remain identical. The technologies that were added to the blueprint are Layer 2 security
techniques, GRPC and GNMI, direct connect, cloud on-ramp, MPLS direct connect, WAN integration, Saas,
PaaS, and IaaS. Dial-in and dial-out approaches to model-driven telemetry were removed.

300-420 Designing Cisco Enterprise Networks

v1.0 v1.1
2.2.e Layer 2 security techniques such as STP security, port
security, VACL

3.1 Compare WAN connectivity options 3.1 Describe WAN connectivity options for on-premises, hybrid,
and cloud solutions

3.2 Design site-to-site VPN 3.2 Design site-to-site VPN for on-premises, hybrid, and cloud
solutions

3.3 Design high availability for enterprise WAN 3.3 Design high availability for enterprise WAN for on-premises,
hybrid, and cloud solutions

5.1 Choose the correct YANG data model set based on 5.1 Task removed
requirements

5.4 Describe GRPC and GNMI

5.5 Compare dial-in and dial-out approaches to model-driven 5.5 Describe cloud connectivity options such as direct connect,
telemetry cloud on ramp, MPLS direct connect, and WAN integration

5.6 Describe cloud-based services model in private, public, and

hybrid deployments (Saas, PaaS, IaaS)

Cisco and Cisco logo are trademarks or registered of Cisco and/or its affiliates in the U.S. and other countries.
To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks.
Cisco © and/or its affiliates. All rights reserved. 8
 Cisco Certifications

CCNP Enterprise
Designing Cisco Enterprise Wireless Networks v1.1
300-425 ENWLSD
Compared to v1.0, all domains (Wireless Site Survey, Wired and Wireless Infrastructure, Mobility, and
WLAN High Availability) remain identical. The technologies that were added to the blueprint are
Embedded Wireless Controller technology, and Hyperlocation was removed.

300-425 Designing Cisco Enterprise Wireless Networks

v1.0 v1.1
2.4 Apply design requirements for these types of wireless 2.4 Apply design requirements for these types of wireless
networks networks
2.4.a Data 2.4.a Data
2.4.b Voice and video 2.4.b Voice and video
2.4.c Location 2.4.c Location
2.4.d Hyperlocation

2.5 Design high-density wireless networks and their 2.5 Design high-density wireless networks and their
associated components (campus, lecture halls, associated components
conference rooms)
4.2 Design high availability for APs
4.2 Design high availability for APs 4.2.a AP prioritization
4.2.a AP prioritization 4.2.b Fall-back (assigning primary, secondary, and
4.2.b Fall-back (assigning primary, secondary, and tertiary)
tertiary) 4.2.c Embedded Wireless Controller (EWC)

Cisco and Cisco logo are trademarks or registered of Cisco and/or its affiliates in the U.S. and other countries.
To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks.
Cisco © and/or its affiliates. All rights reserved. 9
 Cisco Certifications

CCNP Enterprise
Implementing Cisco Enterprise Wireless Networks v1.1
300-430 ENWLSI
Compared to v1.0, all domains (FlexConnect, QoS on a Wireless Network, Multicast, Location Services,
Advanced Location Services, Security for Wireless Client Connectivity, Monitoring, Device Hardening)
remain identical. The technologies that were added to the blueprint are Cisco Spaces and Cisco DNA
Center. MSE was removed. ACLs have been updated to support both AireOS and IOS XE controllers.

300-430 Implementing Cisco Enterprise Wireless Networks

v1.0 v1.1
4.1 Deploy MSE and CMX on a wireless network 4.1 Deploy CMX and Cisco Spaces on a wireless network

5.1 Implement CMX components 5.1 Implement CMX and Cisco Spaces components
5.1.a Detect and locate 5.1.a Detect and locate
5.1.b Analytics 5.1.b Analytics
5.1.c Presence services 5.1.c Presence services
5.1.d Captive portals
5.5 Implement wIPS using MSE 5.1.e Connectors

8.3 Implement CPU ACLs on the controller

5.5 Implement wIPS using Cisco DNA Center

8.3 Implement control plane ACLs on the controller

Cisco and Cisco logo are trademarks or registered of Cisco and/or its affiliates in the U.S. and other countries.
To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks.
Cisco © and/or its affiliates. All rights reserved. 10
 Cisco Certifications

CCNP Enterprise
Automating Cisco Enterprise Solutions v1.1
300-435 ENAUTO
Compared to v1.0, all domains (Network Programmability Foundation, Automate APIs and Protocols,
Network Device Programmability, Cisco DNA Center, Cisco SD-WAN, and Cisco Meraki) remain identical.
To modernize the blueprint, changes were made to reflect an increased presence of Terraform in
enterprise automation. Puppet was replaced with Terraform, and API naming was updated, including the
main functionalities.

300-435 Automating Enterprise Solutions

v1.0 v1.1
1.6 Explain the benefits of using network configuration tools 1.6 Explain the benefits of using network configuration tools
such as Ansible and Puppet for automating IOS XE such as Ansible and Terraform for automating IOS XE
platforms platforms

2.1 Identify the JSON instance based on a YANG model 2.1 Identify the JSON instance based on a YANG model
(including YANG Suite)

2.2 Identify the XML instance based on a YANG model 2.2 Identify the XML instance based on a YANG model
(including YANG Suite)

4.2 Describe the features and capabilities of Cisco DNA 4.2 Describe the features and capabilities of Cisco DNA
Center Center
4.2.a Network assurance APIs 4.2.a Network assurance APIs
4.2.b Intent APIs 4.2.b Intent APIs
4.2.c Multivendor support (3rd party SDKs) 4.2.c SDA
4.2.d Events and notifications 4.2.d Events and notifications

4.4 Implement API requests for Cisco DNA Center to 4.4 Implement API requests for Cisco DNA Center to
accomplish network management tasks accomplish network management tasks
4.4.a Intent APIs 4.4.a Intent APIs
4.4.b Command Runner APIs 4.4.b Command Runner APIs
4.4.c Site APIs 4.4.c Site APIs
4.4.d SDA APIs

5.1 Describe features and capabilities of Cisco SD-WAN 5.1 Describe features and capabilities of Cisco SD-WAN
vManage Certificate Management APIs vManage APIs

Cisco and Cisco logo are trademarks or registered of Cisco and/or its affiliates in the U.S. and other countries.
To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks.
Cisco © and/or its affiliates. All rights reserved. 11
 Cisco Certifications

CCNP Enterprise
Designing and Implementing Cloud Connectivity v1.0
300-440 ENCC

New Exam Launch:

This new concentration is focused on designing, deploying and operating scalable global cloud solutions
ranging from traditional VPN technologies to SD-WAN and cloud-native networking. Enterprises
everywhere are adapting to the hybrid cloud world, and the network engineers at these organizations
must design, build, and operate these hybrid networks. A network that connects offices, storefronts,
manufacturing plants, mobile workers, and more to applications that might be hosted in a data center,
the public cloud, or a combination of both.

Cisco and Cisco logo are trademarks or registered of Cisco and/or its affiliates in the U.S. and other countries.
To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks.
Cisco © and/or its affiliates. All rights reserved. 12