Top 10 CCNA Exam Topics (2025)

This article will help students study effectively for the CCNA certification exam. Cisco publishes a roadmap every 12 months to add or remove exam topics based on relevance and importance. There is also an on-going shift that affects how many questions you will get for individual topics. For example, IP connectivity domain with 25% of exam points could have most of the questions on only two topics.

Knowledge DomainScoring
Network Fundamentals20%
Network Access20%
IP Connectivity25%
IP Services10%
Security Fundamentals15%
Automation and Programmability10%

It is crucial for students to create a study plan based on coverage of all topics and spend more time on key topics. Top 10 exam topics are required to answer questions in multiple knowledge domains. Exam points are weighted higher for core topics and that will affect your test score.

1. Subnetting

Students cannot pass the CCNA exam without solid subnetting skills. CCNA is a timed exam and accuracy is important as well. Subnetting extends to multiple topics and knowledge domains. For example, subnetting is required for IP interface addressing and route selection. Subnetting will follow you to the CCNP exam as well for topics such as route maps.

There are also wildcard masks used for advertising OSPF routes and access control lists (ACLs). The wildcard mask is an inverted subnet mask for advertising or filtering classful and classless routes. Network address translation (NAT) allows host internet access based on ACL wildcard masks. Learn how to calculate a wildcard mask in seconds for the CCNA exam.

IP Subnetting For CCNA (free course)

2. Interpret Routing Tables

There is a lot of anecdotal evidence that suggest students must know how to analyze routing tables for the CCNA exam. This topic will require knowledge of route selection and subnetting to answer questions. There is an algorithm that is used to select routes to install in the routing table. Routers will use the same algorithm to select routes already installed in the routing table for making forwarding decisions. Route selection is based on administrative distance, metrics, and longest prefix match subtopics.

Subnetting skills are required for longest prefix match rule to calculate address range. You will get output from a routing table and asked what route is selected to a specific network or what route is installed. What happens when a network interface is down and how does that affect selection of a backup route? There are also mandatory questions on the configuration of IPv4/IPv6 default and static routes that include route selection.

3. Switch Interconnects

Switching protocols is another core topic and not surprising since most network devices are switches. Consider data centers where most network traffic is between servers that connect via multiple switch types. There is much less traffic that traverses the internet by comparison. You can count on a significant number of trunking and Etherchannel questions that include labs. Switch connectivity also includes subtopics such as switch port settings, VLANs, and spanning tree protocol. LACP Etherchannel is often configured with trunk interfaces to connect switches with Layer 2 and Layer 3 port channels. Wireless controllers are prevalent in the data center and also connect to switches.

4. Wireless Protocols and RF Concepts

Cisco has added a lot more wireless network questions to the CCNA exam recently. In fact, students will have to know everything from RF concepts to wireless security and advanced controller settings from GUI. It is important to study the various features available to lower latency and enable faster roaming. Know how to navigate the controller GUI to enable security features along with authentication and encryption protocols. There are different AP modes such as FlexConnect and CAPWAP tunnel communication to the controller. Consider as well how DHCP and DNS traffic is managed and the various controller interfaces. You should also know how communication works between controller, access point, and clients.

5. Open Shortest Path First (OSPF)

OSPF is an open standard IP routing protocol that is easily the most popular IGP within the enterprise network. OSPF is a core topic with questions on operation, single-area configuration, and how to verify connectivity. You will also get questions based on the output of a show command and determine how a router is configured. Some key topics include router ID selection, DR/BDR election, OSPF network type, and metric calculation. OSPF uses wildcard masks to advertise subnets to neighbors. You should also know how to configure OSPF using the interface method. Make notes on timer interface settings, passive interfaces, and default priority.

OSPFv2 is officially the only dynamic routing protocol on the CCNA syllabus however that isn’t entirely accurate. Since route selection involves administrative distance (AD) you should know the AD values for all default, static and dynamic routing protocols. It is recommended to include OSPF and EIGRP metrics in your study plan as well.

6. Access Control Lists (ACL)

Some of the most difficult topics on the CCNA exam include access control lists and subnetting. CCNA will have concept and configuration questions pertaining to access control lists. For example, select the ACL to deny specific traffic classes for a range of subnets and enable logging. It is important to know how to analyze ACLs and determine what is being filtered.

Study application port numbers, IP protocol numbers, and how to configure IPv6 access control lists. There are standard, extended, and extended named ACL questions on the exam. Learn where to apply ACLs and how that affects filtering and performance. Students should also study local account authentication options and device passwords.

7. Cisco IOS Commands

Students should make a cheat sheet for all configuration topics and associated show commands. Read the official CCNA syllabus and note every instance where configure and verify keywords are mentioned. Include protocols such as DNS, DHCP, and HSRP as well where configure is not specified. There are performance-based labs that will require you to configure and verify multiple protocols. For example, OSPF, static routes, Etherchannel, trunking, NAT, and DHCP snooping. Know how to analyze the output of show commands to determine configuration settings for a device as well.

Cisco Performance-Based Simulation Labs (2025)

8. IPv6 Addressing

This topic has a reputation for lowering the score of CCNA test-takers. IPv6 addressing has been implemented as almost a second level of addressing within the enterprise. As a result, some students do not have the experience or spend enough time studying. The questions range from addressing types, configuration of static routes, and addressing methods. Know how to configure SLAAC, EUI-64 interface format, and DHCPv6. Distinguish between different prefix lengths and number of hosts for LAN/WAN connectivity. There are also differences between IPv4 and IPv6 network communication protocols.

9. DHCP / DNS Services

DHCP and DNS services extend to different addressing platforms and protocols. They are core network services and the CCNA exam will require basic knowledge. You should know how DHCP communicates with clients and how to configure an IOS server. The same concepts will apply to host-based DHCP for client addressing along with DHCP relay.

As with most network protocols there are port numbers, message types, and show commands as well. Study DNS protocol operation, services, and record types for IPv4 and IPv6. Distinguish between client-based DNS services and Cisco-based DNS configuration. It is important to know both host commands and IOS commands for all IP services listed with the syllabus. Since TCP and UDP transport is so crucial to network communication make sure to know the differences.

10. Software-Defined Networking (SDN)

SDN topic is comprised mostly of architecture and REST-based APIs questions. For example you should study the operational planes and mapped network services. There is also SDN controller operation, functions, and communication with physical devices. That includes northbound and southbound interfaces. You will get questions on REST API operation, authentication methods, and HTTP headers. The authentication methods include basic, JWT, OAuth2, and API keys. Some overlap is starting to exist between networking and DevOps.

CCNA 200-301 Practice Test

CCNA 200-301 Practice Test

This practice test is comprised of 50 matching type questions designed to prepare you for CCNA 200-301 certification exam. (pass score is 80%)

1 / 50

Match the IPv6 addressing method on the left with the description?

static
EUI-64
DHCPv6
SLAAC

2 / 50

Match the IPv6 route type on the left with the description.

fully specified static route
directly attached static route
serial interface attached static route
default route
floating static route

3 / 50

Match the route source on the left with the administrative distance value.

EIGRP
external BGP
OSPF
connected
static

4 / 50

Match the application on the left with the assigned application port.

SMTP
DNS
RTP
SSH
FTP
NTP

5 / 50

Match the protocol on the left with the IP protocol number.

VRRP
ICMP
EIGRP
OSPF

6 / 50

Match the address type on the left with the prefix.

RFC 1918
anycast
multicast
wireless controller virtual interface
APIPA

7 / 50

Match the wireless QoS profile on the left with the traffic type.

gold
bronze
platinum
silver

8 / 50

Match the wireless LAP mode on the left with the description.

local mode
rogue mode
Flexconnect mode
monitor mode
client mode

9 / 50

Match the wireless concept on the left with the description.

ESS
IBSS
BSSID
BSS

10 / 50

Match the wireless concept on the left with the description.

Dynamic Channel Assignment (DCA)
PMF
Fast Transition
Dynamic Frequency Detection (DFS)

11 / 50

Match the wireless encryption algorithm on the left with the wireless security standard.

AES/CCMP
TKIP
SAE
RC4

12 / 50

Match the application on the left with the application port.

CAPWAP
Syslog
SNMP
Telnet
DHCP

13 / 50

Match the wireless protocol on the left with the description.

802.11h
802.11a
802.11g
802.11ax

14 / 50

Match the network device on the left with the description.

L3 switch
firewall
router
IPS

15 / 50

Match the protocol on the left with the TCP/IP networking model layer.

UDP
ICMP
PPP
T1

16 / 50

Match the network media type on the left with the description.

UTP/STP
multi-mode fiber (MMF)
Twinax
single-mode fiber (SMF)

17 / 50

Match the spanning tree protocol enhancement on the left with the description.

Root Guard
BPDU Filter
Loop Guard
BPDU Guard

18 / 50

Match the protocol feature on the left with the transport protocol.

error detection
data integrity checksum
error recovery
OSPF

19 / 50

Match the switching feature on the left with the description.

MAC learning
MAC aging
ARP request
frame switching

20 / 50

Match the configuration feature on the left with the IOS command.

manual selection of forwarding LACP ports
designating a switch to select forwarding LACP ports
DTP
Layer 3 port channel
InterVLAN connectivity

21 / 50

Match the virtualization component on the left with the description.

multithreading
Kubernetes
hypervisor
guest operating system
container

22 / 50

Match the spanning tree switch port role on the left with the description.

designated port
root port
non-designated
alternate port

23 / 50

Match the route type on the left with the routing table protocol code.

Host
OSPF
default route
EIGRP

24 / 50

Match the route type on the left with the configuration.

static route
floating static route
default route
static host route

25 / 50

Match the protocol on the left with the characteristic.

TFTP
FTP
EIGRP
OSPF

26 / 50

Match the OSPF adjacency state on the left with the description.

2-Way
Exstart
Exchange
Init
Loading

27 / 50

Match the subnet mask on the left with the equivalent CIDR notation.

255.255.255.248
255.255.252.0
255.255.255.252
255.255.255.224
255.255.255.240

28 / 50

Match the protocol on the left with the configuration setting.

CAPWAP
VRRP
NTP
HSRP
CDP

29 / 50

Match the HSRP state on the left with the description.

Listen
Initial
Standby
Active
Learn
Speak

30 / 50

Match the API authentication method on the left with the description.

basic
OAuth2
API keys
JWT

31 / 50

Match the SDN feature on the left with the network service.

management plane
control plane
northbound interface
southbound interface
data plane

32 / 50

Match the automation function on the left with the description.

CRUD operation
data serialization
character set encoding
HTTP verb
REST API authentication

33 / 50

Match the serialization example on the left with the application.

– name: router-1
identity:interface-type {
<interface>:GigabitEthernet0/1</name>
"interface":"GigabitEthernet0/1",

34 / 50

Match the JSON syntax on the left with the description.

"interface":"Ethernet0",
{"hostname" : "R1", "IP" : "192.168.1.1"}
["Ethernet0/0","Ethernet0/1"]
"description"

35 / 50

Match the protocol on the left with the correct sequence when a host connects to a web server.

DNS query
TCP handshake to web server
DHCP request
proxy ARP broadcast

36 / 50

Match the DHCP feature on the left with the description.

DHCP relay
DHCP option 82
DHCP option 150
DHCP bindings

37 / 50

Match the NAT address concept on the left with the description.

inside local address
ip nat inside source static
port address translation
ip nat inside source list 199
ip nat outside interface

38 / 50

Match the Syslog message on the left with the severity level.

informational
emergencies
errors
critical
alerts
warnings

39 / 50

Match the protocol on the left with the description.

open standard spanning tree protocol
CDP
support for multiple VLANs
LLDP

40 / 50

Match the default transport protocol on the left with the application traffic.

DNS
SMTP
DCHP
SSH
FTP

41 / 50

Match the cyber security concept on the left with the description.

vulnerability
threat
exploit
mitigation

42 / 50

Match the AAA server on the left with the description.

RADIUS
security level 15
TACACS+
security level 1

43 / 50

Match the network feature on the left with the description.

ip address show
ipconfig /all
DHCP binding table
DNS table

44 / 50

Match the cyber security concept on the left with the example.

multi-factor knowledge
AAA
multi-factor inherence
multi-factor possession

45 / 50

Match the management protocol on the left with the supported feature.

SSH
SNMPv3
FTP
SNMPv2c
console

46 / 50

Match the Cisco configuration feature on the left with the default setting.

switch priority
MAC aging timer
router priority
ARP aging timer
OSPF dead timer

47 / 50

Match the OSPF configuration feature for directly connected neighbors on the left with the description.

router ID mismatch
passive interface
tunnel interface
process identifier
MTU mismatch

48 / 50

Match the IPv6 address on the left with the description.

2001:db8:3c4d:1::/64
2001:db8:3c4d:1:0/127
2001:db8:3c4d:1:1/128
2001:db8:3c4d:1:2/126

49 / 50

Match the operational plane on the left with the description.

application plane
data plane
management plane
control plane

50 / 50

Match the IEEE standard on the left with the description.

802.3at
802.1w
802.3ad
802.1X