Cisco Certified Specialist Cloud Connectivity (300-440) ENCC Exam Guide
Cisco Certified Specialist Cloud Connectivity (300-440) ENCC
Designing and Implementing Cloud Connectivity v1.0 (300-440)
Exam Overview: The Designing and Implementing Cloud Connectivity v1.0 (ENCC 300-440) exam, part of the CCNP Enterprise Certification, is a 90-minute assessment. It evaluates a candidate’s expertise in designing and implementing cloud connectivity, covering areas such as architecture models, IPsec, SD-WAN, operations, and design.
The topics listed are general guidelines for exam content. Additional related topics may also appear in specific exam deliveries. The guidelines may be updated at any time for clarity and to reflect exam content accurately.
1.0 Architecture Models
1.1 Internet-based connectivity to cloud providers
- Describes options like Native IPsec and Cisco SD-WAN for connecting to AWS, Azure, and Google Cloud over the internet.
1.2 Private connectivity to cloud providers
- Covers methods such as MPLS, colocation providers, and SDCI regional cross-connects for direct connections to cloud services.
1.3 Connectivity to SaaS cloud providers
- Discusses direct and indirect access models, centralized internet gateways, and dedicated connections to SaaS services from providers like AWS, Azure, and Google Cloud.
2.0 Design
2.1 Recommend connectivity models for high availability and reliability
- Focuses on selecting models based on business and technical requirements to ensure high availability, resiliency, SLAs, and reliability.
2.2 Recommend connectivity models based on network architecture needs
- Involves considerations for bandwidth, QoS, dedicated vs. shared connections, multi-homing, and routing to meet specific requirements.
2.3 Recommend connectivity models for regulatory compliance
- Addresses compliance with standards like NIST, FEDRAMP, and ISO based on business and technical needs.
2.4 Describe cloud-native security policies
- Explains policies for managing east/west traffic within cloud providers and handling internet traffic, applicable to AWS, Azure, and Google Cloud.
3.0 IPsec Cloud Connectivity
3.1 Configure IPsec for internet-based secure cloud connectivity
- Details configuring secure connections between on-premises Cisco IOS XE routers and cloud endpoints for AWS, Azure, and Google Cloud.
3.2 Configure IPsec between on-premises and cloud-hosted Cisco IOS XE routers
- Focuses on secure connectivity setups for routers hosted in AWS, Azure, or Google Cloud.
3.3 Configure routing on Cisco IOS XE with BGP and OSPF
- Involves setting up routing protocols to integrate on-premises networks with cloud networks, including route redistribution and static routing.
4.0 SD-WAN Cloud Connectivity
4.1 Configure Cisco SD-WAN for internet-based secure cloud connectivity
- Covers configurations for connecting AWS, Azure, and Google Cloud using Cisco SD-WAN.
4.2 Configure Cisco SD-WAN OnRamp to a SaaS provider
- Discusses the setup for optimized SaaS access through Cisco SD-WAN.
4.3 Configure Cisco SD-WAN policies
- Describes setting security, routing, and application policies for managing north/south and east/west traffic.
5.0 Operation
5.1 Diagnose IPsec connectivity issues
- Provides guidance on troubleshooting IPsec connections between on-premises routers and cloud endpoints.
5.2 Diagnose routing issues on Cisco IOS XE
- Involves troubleshooting BGP and OSPF routing problems, including redistribution and static routes in cloud-integrated networks.
5.3 Diagnose Cisco SD-WAN connectivity issues
- Focuses on identifying and resolving problems with Cisco SD-WAN connections to AWS, Azure, and Google Cloud.
5.4 Diagnose Cisco SD-WAN policy issues
- Covers troubleshooting security, routing, and application policy problems in SD-WAN environments.
Responses