Top 10 CCNA Exam Topics (2025)

This article will help students study effectively for the CCNA certification exam. Cisco publishes a roadmap every 12 months to add or remove exam topics based on relevance and importance. There is also an on-going shift that affects how many questions you will get for individual topics. For example, IP connectivity domain with 25% of exam points could have most of the questions on only two topics.

Knowledge DomainScoring
Network Fundamentals20%
Network Access20%
IP Connectivity25%
IP Services10%
Security Fundamentals15%
Automation and Programmability10%

It is crucial for students to create a study plan based on coverage of all topics and spend more time on key topics. Top 10 exam topics are required to answer questions in multiple knowledge domains. Exam points are weighted higher for core topics and that will affect your test score.

1. Subnetting

Students cannot pass the CCNA exam without solid subnetting skills. CCNA is a timed exam and accuracy is important as well. Subnetting extends to multiple topics and knowledge domains. For example, subnetting is required for IP interface addressing and route selection. Subnetting will follow you to the CCNP exam as well for topics such as route maps.

There are also wildcard masks used for advertising OSPF routes and access control lists (ACLs). The wildcard mask is an inverted subnet mask for advertising or filtering classful and classless routes. Network address translation (NAT) allows host internet access based on ACL wildcard masks. Learn how to calculate a wildcard mask in seconds for the CCNA exam.

IP Subnetting For CCNA (free course)

2. Interpret Routing Tables

There is a lot of anecdotal evidence that suggest students must know how to analyze routing tables for the CCNA exam. This topic will require knowledge of route selection and subnetting to answer questions. There is an algorithm that is used to select routes to install in the routing table. Routers will use the same algorithm to select routes already installed in the routing table for making forwarding decisions. Route selection is based on administrative distance, metrics, and longest prefix match subtopics.

Subnetting skills are required for longest prefix match rule to calculate address range. You will get output from a routing table and asked what route is selected to a specific network or what route is installed. What happens when a network interface is down and how does that affect selection of a backup route? There are also mandatory questions on the configuration of IPv4/IPv6 default and static routes that include route selection.

3. Switch Interconnects

Switching protocols is another core topic and not surprising since most network devices are switches. Consider data centers where most network traffic is between servers that connect via multiple switch types. There is much less traffic that traverses the internet by comparison. You can count on a significant number of trunking and Etherchannel questions that include labs. Switch connectivity also includes subtopics such as switch port settings, VLANs, and spanning tree protocol. LACP Etherchannel is often configured with trunk interfaces to connect switches with Layer 2 and Layer 3 port channels. Wireless controllers are prevalent in the data center and also connect to switches.

4. Wireless Protocols and RF Concepts

Cisco has added a lot more wireless network questions to the CCNA exam recently. In fact, students will have to know everything from RF concepts to wireless security and advanced controller settings from GUI. It is important to study the various features available to lower latency and enable faster roaming. Know how to navigate the controller GUI to enable security features along with authentication and encryption protocols. There are different AP modes such as FlexConnect and CAPWAP tunnel communication to the controller. Consider as well how DHCP and DNS traffic is managed and the various controller interfaces. You should also know how communication works between controller, access point, and clients.

5. Open Shortest Path First (OSPF)

OSPF is an open standard IP routing protocol that is easily the most popular IGP within the enterprise network. OSPF is a core topic with questions on operation, single-area configuration, and how to verify connectivity. You will also get questions based on the output of a show command and determine how a router is configured. Some key topics include router ID selection, DR/BDR election, OSPF network type, and metric calculation. OSPF uses wildcard masks to advertise subnets to neighbors. You should also know how to configure OSPF using the interface method. Make notes on timer interface settings, passive interfaces, and default priority.

OSPFv2 is officially the only dynamic routing protocol on the CCNA syllabus however that isn’t entirely accurate. Since route selection involves administrative distance (AD) you should know the AD values for all default, static and dynamic routing protocols. It is recommended to include OSPF and EIGRP metrics in your study plan as well.

6. Access Control Lists (ACL)

Some of the most difficult topics on the CCNA exam include access control lists and subnetting. CCNA will have concept and configuration questions pertaining to access control lists. For example, select the ACL to deny specific traffic classes for a range of subnets and enable logging. It is important to know how to analyze ACLs and determine what is being filtered.

Study application port numbers, IP protocol numbers, and how to configure IPv6 access control lists. There are standard, extended, and extended named ACL questions on the exam. Learn where to apply ACLs and how that affects filtering and performance. Students should also study local account authentication options and device passwords.

7. Cisco IOS Commands

Students should make a cheat sheet for all configuration topics and associated show commands. Read the official CCNA syllabus and note every instance where configure and verify keywords are mentioned. Include protocols such as DNS, DHCP, and HSRP as well where configure is not specified. There are performance-based labs that will require you to configure and verify multiple protocols. For example, OSPF, static routes, Etherchannel, trunking, NAT, and DHCP snooping. Know how to analyze the output of show commands to determine configuration settings for a device as well.

Cisco Performance-Based Simulation Labs (2025)

8. IPv6 Addressing

This topic has a reputation for lowering the score of CCNA test-takers. IPv6 addressing has been implemented as almost a second level of addressing within the enterprise. As a result, some students do not have the experience or spend enough time studying. The questions range from addressing types, configuration of static routes, and addressing methods. Know how to configure SLAAC, EUI-64 interface format, and DHCPv6. Distinguish between different prefix lengths and number of hosts for LAN/WAN connectivity. There are also differences between IPv4 and IPv6 network communication protocols.

9. DHCP / DNS Services

DHCP and DNS services extend to different addressing platforms and protocols. They are core network services and the CCNA exam will require basic knowledge. You should know how DHCP communicates with clients and how to configure an IOS server. The same concepts will apply to host-based DHCP for client addressing along with DHCP relay.

As with most network protocols there are port numbers, message types, and show commands as well. Study DNS protocol operation, services, and record types for IPv4 and IPv6. Distinguish between client-based DNS services and Cisco-based DNS configuration. It is important to know both host commands and IOS commands for all IP services listed with the syllabus. Since TCP and UDP transport is so crucial to network communication make sure to know the differences.

10. Software-Defined Networking (SDN)

SDN topic is comprised mostly of architecture and REST-based APIs questions. For example you should study the operational planes and mapped network services. There is also SDN controller operation, functions, and communication with physical devices. That includes northbound and southbound interfaces. You will get questions on REST API operation, authentication methods, and HTTP headers. The authentication methods include basic, JWT, OAuth2, and API keys. Some overlap is starting to exist between networking and DevOps.

Top 10 CCNP ENCOR Exam Topics

This article will help students study effectively for the CCNP ENCOR certification exam. Cisco publishes a roadmap every 12 months to add or remove exam topics based on relevance and importance. There is also an on-going shift that affects how many questions you will get per knowledge domain. For example, security with 20% of exam points could have most of the questions on only two topics.

Knowledge DomainScoring
Architecture15%
Virtualization10%
Infrastructure30%
Network Assurance15%
Security20%
Automation10%

It is crucial for students to create a study plan based on coverage of all topics and spend more time on key topics. Top 10 exam topics are required to answer questions in multiple knowledge domains. Exam points are weighted higher for core topics and that will affect your test score.

CCNP Commands Study Tool

Software-Defined Networking (SDN)

The first topic on this top 10 list is Software-Defined Networking (SDN). This is associated with topics listed within architecture and virtualization domains. Topics include SD-Access, SD-WAN, VRFs, and tunneling. Cisco SD-Access fabric is based on VXLAN overlays (VTEP, VNI, NVI) and LISP routing architecture.

Most of it is conceptual knowledge such as explain and describe however there is configuration of VRFs and tunnel interfaces. You could also include Cisco Catalyst Center (formerly DNAC) in this topic since it is the SDN controller and based on REST APIs. There is a slight marketing edge as well with Cisco promoting the shift to automation.

Wireless

Cisco wireless is a prevalent topic listed in architecture, infrastructure, and security domains. You will get questions on wireless segmentation with mobility groups, tags, and profiles. This is not surprising since the new 9800 fabric controller is based on this implementation model. There are also radio resource management (RRM) techniques as well for managing and optimizing wireless performance. Some examples of RRM techniques supported with Cisco 9800 controllers include DCA, CHD, TPC, FRA, and DFS.

It is important to know how to navigate the wireless controller GUI and analyze settings for client troubleshooting issues. Cisco CML has a wireless controller image (vWLC) that is probably the best study option unless you have access at work. Finally there is wireless security topics such as 802.1X and WebAuth that are crucial to enterprise connectivity and align with SDN topics.

Configuration Labs

Cisco announced recently that all performance-based labs will now be placed at the beginning of the exam. You can count on having around 5-6 labs comprised of mostly configuration and some troubleshooting topics. The coverage is broad since there are configuration topics listed in most knowledge domains. Infrastructure has the most points so topics such as OSPF and BGP configuration are often tested along with SDN topics such as VRFs and GRE.

Layer 2 troubleshooting is listed with the syllabus for trunking and Etherchannel (LACP) protocols. This is more CCNA-level quite frankly and less of a trip point for students. You should also know spanning tree configuration at the CCNP-level to include IEEE RSTP, MST, and integration with non-Cisco equipment. The best recommendation is to study all topics where configuration keyword is mentioned and know how to interpret output from basic commands. It would be worthwhile to create a root cause analysis study sheet for Layer 2 and Layer 3 protocols along with system error messages.

Open Shortest Path First (OSPF)

OSPF is an open standard routing protocol that is listed as an infrastructure topic for both concept and configuration. Anytime you have the configuration keyword used there is also verify and how to interpret the output of show commands. Infrastructure is 30% of all exam points and key to passing the exam.

Configuration subtopics are pretty standard with multi-area deployment based on interface and global methods. There is also OSPF DR election, area route summarization, and passive interfaces. Interestingly, OSPF does not support automatic summarization of routes. Know the differences between OSPF and EIGRP in the context of feature support and how to interpret errors in log files. For example, you will often get routing protocol errors when there is an adjacency or interface status problem. The same is true of Layer 2 protocols where an interface mismatch generates a system error message.

Access Control Lists (ACLs)

This is a security topic that is also included in the CCNA exam. The difference with CCNP ENCOR exam is going to be level of complexity. You will get extended numbered and named ACLs since they are more complex and provide additional filtering options. There could be questions on protocols such as filtering ICMP and OSPF multicast for example. Know how to edit extended ACLs dynamically and how to apply ACL for optimal filtering. Control Plane Policing (CoPP) is also based on extended ACLs that classify traffic classes and apply QoS policing for security purposes.

REST APIs

The purpose of REST APIs is to enable web-based communication between clients and servers. REST APIs also enable M2M communication between servers and also between network devices. This is a topic listed in both the security and automation knowledge domains. Cisco Catalyst Center (formerly DNAC) is based on REST APIs that manage fabric and non-fabric network endpoints. You should know the structure of a REST APIs such as headers, payload, URI, and HTTP response codes. Study REST API authentication methods such as basic, JWT, API keys, and OAuth2. Know the differences between them, advantages and where TLS encryption is included.

Scripting

The anecdotal evidence suggests automation and wireless are the most problematic topics on CCNP ENCOR exam. Some comments also suggest there is not enough adequate coverage in the Cisco OCG book or other courses.

Scripting is listed with the automation domain and includes Python, JSON serialization, and Embedded Event Manager (EEM). You should know how to interpret Python scripts in the context of networking applications. For example, how to import JSON configuration records or show operational status of an interface.

Learn how to read, write, and parse JSON records with Python. Study any examples available from Cisco and other sources to learn python functions, methods, and modules for network management. There are also questions on concepts and commands for creating basic EEM scripts. It is no secret that promoting automation is the reason for Catalyst Center, REST APIs, and scripting topics on the exam.

Cisco Catalyst Center

Cisco has changed the platform name of Cisco DNA Center (DNAC) to Cisco Catalyst Center. This is both an automation and network assurance topic based on SDN architecture since it is a controller. Catalyst Center is the flagship network management automation platform that also manages non-fabric devices. The questions could include REST APIs that are used to configure, monitor, and troubleshoot network devices.

Workflows are created from various REST API methods and implemented for management functions such as onboarding for example. RESTCONF is also an important tool used with Catalyst Center for automating network operations. Know the components of RESTCONF requests and responses for communication with network devices. You should also know the differences between NETCONF and RESTCONF southbound interfaces.

External BGP (eBGP)

This routing protocol is listed as an infrastructure configuration topic. You should know how to configure basic external BGP neighbor relationships for directly connected peers. It is important to know how to advertise routes for connected and non-connected subnets as well. Select commands to verify that TCP connectivity is established and the BGP routing table. You could also have questions on BGP best path selection algorithm.

IOS Commands

Finally this last topic refers to IOS commands used for troubleshooting, configuration, and to verify operational state. There are a lot of configuration and verify topics on the CCNP ENCOR syllabus. It is important to know how to interpret the output of IOS commands and answer questions based on that. This applies to both configuration snippets and show commands. Troubleshooting commands also include debug traces, ping, and traceroute results. Learn how to interpret results for configuration and operational state based on show commands.