Free Practice Questions for Cisco CCNA Certification

    🔄 Last checked for updates June 30th, 2026

    Study with 354 exam-style practice questions designed to help you prepare for the Cisco CCNA.

    Start Practicing

    All Domains

    Practice with randomly mixed questions from all topics

    Question MixAll Topics
    FormatRandom Order

    Domain Mode

    Practice questions from a specific topic area

    Quiz History

    Exam Details

    Key information about Cisco CCNA

    Official study guide

    View

    Question formats CertSafari offers
    • Multiple choice
    • Matching
    • Fill in the blank
    exam code:

    200-301

    course preparation:

    Implementing and Administering Cisco Solutions (CCNA)

    time limit minutes:

    120

    associated certification:

    CCNA certification

    Exam Topics & Skills Assessed

    Skills measured (from the official study guide)

    1.0 Network Fundamentals(20%)

    1.1 Explain the role and function of network components

    • Routers
    • Layer 2 switches
    • Layer 3 switches
    • Next-generation firewalls
    • IPS
    • Access points
    • Controllers
    • Endpoints
    • Servers
    • PoE

    1.2 Describe characteristics of network topology architectures

    • Two-tier
    • Three-tier
    • Spine-leaf
    • WAN
    • Small office/home office (SOHO)
    • On-premises
    • Cloud

    1.3 Compare physical interface and cabling types

    • Single-mode fiber
    • Multimode fiber
    • Copper
    • Ethernet shared media
    • Point-to-point connections

    1.4 Identify interface and cable issues

    • Collisions
    • Errors
    • Mismatch duplex
    • Mismatch speed

    1.5 Compare TCP to UDP

    • TCP
    • UDP

    1.6 Configure and verify IPv4 addressing and subnetting

    • IPv4 addressing
    • Subnetting

    1.7 Describe private IPv4 addressing

    • Private IPv4 addressing

    1.8 Configure and verify IPv6 addressing and prefix

    • IPv6 addressing
    • IPv6 prefix

    1.9 Describe IPv6 address types

    • Unicast (global, unique local, link local)
    • Anycast
    • Multicast
    • Modified EUI 64

    1.10 Verify IP parameters for Client OS

    • Windows
    • Mac OS
    • Linux

    1.11 Describe wireless principles

    • Nonoverlapping Wi-Fi channels
    • SSID
    • RF
    • Encryption

    1.12 Explain virtualization fundamentals

    • Server virtualization
    • Containers
    • VRFs

    1.13 Describe switching concepts

    • MAC learning
    • MAC aging
    • Frame switching
    • Frame flooding
    • MAC address table

    2.0 Network Access(20%)

    2.1 Configure and verify VLANs (normal range) spanning multiple switches

    • Access ports (data, voice)
    • Default VLAN
    • InterVLAN connectivity

    2.2 Configure and verify interswitch connectivity

    • Trunk ports
    • 802.1Q
    • Native VLAN

    2.3 Configure and verify Layer 2 discovery protocols

    • Cisco Discovery Protocol (CDP)
    • LLDP

    2.4 Configure and verify (Layer 2/Layer 3) EtherChannel (LACP)

    • EtherChannel
    • LACP

    2.5 Interpret basic operations of Rapid PVST+ Spanning Tree Protocol

    • Root port
    • Root bridge (primary/secondary)
    • Port states
    • Port roles
    • PortFast
    • Root guard
    • Loop guard
    • BPDU filter
    • BPDU guard

    2.6 Describe Cisco Wireless Architectures and AP modes

    • Cisco Wireless Architectures
    • AP modes

    2.7 Describe physical infrastructure connections of WLAN components

    • AP
    • WLC
    • Access ports
    • Trunk ports
    • LAG

    2.8 Describe network device management access

    • Telnet
    • SSH
    • HTTP
    • HTTPS
    • Console
    • TACACS+
    • RADIUS
    • Cloud managed

    2.9 Interpret the wireless LAN GUI configuration for client connectivity

    • WLAN creation
    • Security settings
    • QoS profiles
    • Advanced settings

    3.0 IP Connectivity(25%)

    3.1 Interpret the components of routing table

    • Routing protocol code
    • Prefix
    • Network mask
    • Next hop
    • Administrative distance
    • Metric
    • Gateway of last resort

    3.2 Determine how a router makes a forwarding decision by default

    • Longest prefix match
    • Administrative distance
    • Routing protocol metric

    3.3 Configure and verify IPv4 and IPv6 static routing

    • Default route
    • Network route
    • Host route
    • Floating static

    3.4 Configure and verify single area OSPFv2

    • Neighbor adjacencies
    • Point-to-point
    • Broadcast (DR/BDR selection)
    • Router ID

    3.5 Describe the purpose, functions, and concepts of first hop redundancy protocols

    • First hop redundancy protocols

    4.0 IP Services(10%)

    4.1 Configure and verify inside source NAT using static and pools

    • Inside source NAT
    • Static NAT
    • NAT pools

    4.2 Configure and verify NTP operating in a client and server mode

    • NTP client mode
    • NTP server mode

    4.3 Explain the role of DHCP and DNS within the network

    • DHCP
    • DNS

    4.4 Explain the function of SNMP in network operations

    • SNMP

    4.5 Describe the use of syslog features, including facilities and severity levels

    • Syslog features
    • Facilities
    • Severity levels

    4.6 Configure and verify DHCP client and relay

    • DHCP client
    • DHCP relay

    4.7 Explain the forwarding per-hop behavior (PHB) for QoS

    • Classification
    • Marking
    • Queuing
    • Congestion
    • Policing
    • Shaping

    4.8 Configure network devices for remote access using SSH

    • SSH remote access

    4.9 Describe the capabilities and functions of TFTP/FTP in the network

    • TFTP
    • FTP

    5.0 Security Fundamentals(15%)

    5.1 Define key security concepts

    • Threats
    • Vulnerabilities
    • Exploits
    • Mitigation techniques

    5.2 Describe security program elements

    • User awareness
    • Training
    • Physical access control

    5.3 Configure and verify device access control using local passwords

    • Local passwords

    5.4 Describe security password policy elements

    • Password management
    • Password complexity
    • Multifactor authentication
    • Certificates
    • Biometrics

    5.5 Describe IPsec remote access and site-to-site VPNs

    • IPsec remote access VPNs
    • Site-to-site VPNs

    5.6 Configure and verify access control lists

    • Access control lists (ACLs)

    5.7 Configure and verify Layer 2 security features

    • DHCP snooping
    • Dynamic ARP inspection
    • Port security

    5.8 Compare authentication, authorization, and accounting concepts

    • Authentication
    • Authorization
    • Accounting (AAA)

    5.9 Describe wireless security protocols

    • WPA
    • WPA2
    • WPA3

    5.10 Configure and verify WLAN within the GUI using WPA2 PSK

    • WLAN GUI configuration
    • WPA2 PSK

    6.0 Automation and Programmability(10%)

    6.1 Explain how automation impacts network management

    • Network automation

    6.2 Compare traditional networks with controller-based networking

    • Traditional networks
    • Controller-based networking

    6.3 Describe controller-based, software defined architecture

    • Overlay
    • Underlay
    • Fabric
    • Control plane
    • Data plane
    • Northbound APIs
    • Southbound APIs

    6.4 Explain AI (generative and predictive) and machine learning in network operations

    • AI
    • Generative AI
    • Predictive AI
    • Machine learning

    6.5 Describe characteristics of REST-based APIs

    • Authentication types
    • CRUD
    • HTTP verbs
    • Data encoding

    6.6 Recognize the capabilities of configuration management mechanisms such as Ansible and Terraform

    • Ansible
    • Terraform

    6.7 Recognize components of JSON-encoded data

    • JSON-encoded data

    Techniques & products

    Routers
    Layer 2 switches
    Layer 3 switches
    Next-generation firewalls
    IPS
    Access points
    Controllers
    Endpoints
    Servers
    PoE
    Two-tier architecture
    Three-tier architecture
    Spine-leaf architecture
    WAN
    SOHO
    On-premises
    Cloud
    Single-mode fiber
    Multimode fiber
    Copper cabling
    Ethernet
    TCP
    UDP
    IPv4 addressing
    Subnetting
    Private IPv4 addressing
    IPv6 addressing
    IPv6 prefix
    Unicast
    Anycast
    Multicast
    Modified EUI 64
    Windows OS
    Mac OS
    Linux OS
    Wi-Fi channels
    SSID
    RF
    Wireless encryption
    Server virtualization
    Containers
    VRFs
    MAC learning
    MAC aging
    Frame switching
    Frame flooding
    MAC address table
    VLANs
    Access ports
    Voice VLAN
    Default VLAN
    InterVLAN connectivity
    Trunk ports
    802.1Q
    Native VLAN
    Cisco Discovery Protocol (CDP)
    LLDP
    EtherChannel
    LACP
    Rapid PVST+
    Spanning Tree Protocol
    Root port
    Root bridge
    PortFast
    Root guard
    Loop guard
    BPDU filter
    BPDU guard
    Cisco Wireless Architectures
    AP modes
    Wireless LAN Controller (WLC)
    Link Aggregation Group (LAG)
    Telnet
    SSH
    HTTP
    HTTPS
    Console access
    TACACS+
    RADIUS
    Cloud managed networks
    WLAN GUI configuration
    QoS profiles
    Routing table components
    Routing protocol code
    Prefix
    Network mask
    Next hop
    Administrative distance
    Metric
    Gateway of last resort
    Longest prefix match
    Static routing
    Default route
    Network route
    Host route
    Floating static route
    OSPFv2
    Neighbor adjacencies
    DR/BDR selection
    Router ID
    First hop redundancy protocols
    Network Address Translation (NAT)
    Static NAT
    NAT pools
    NTP client
    NTP server
    DHCP
    DNS
    SNMP
    Syslog
    QoS (Quality of Service)
    Classification
    Marking
    Queuing
    Congestion
    Policing
    Shaping
    TFTP
    FTP
    Security threats
    Vulnerabilities
    Exploits
    Mitigation techniques
    User awareness
    Security training
    Physical access control
    Local passwords
    Password policy management
    Password complexity
    Multifactor authentication (MFA)
    Certificates
    Biometrics
    IPsec VPNs
    Remote access VPNs
    Site-to-site VPNs
    Access Control Lists (ACLs)
    DHCP snooping
    Dynamic ARP inspection
    Port security
    Authentication
    Authorization
    Accounting (AAA)
    WPA
    WPA2
    WPA3
    WPA2 PSK
    Network automation
    Controller-based networking
    Software Defined Architecture (SDA)
    Overlay
    Underlay
    Fabric
    Control plane
    Data plane
    Northbound APIs
    Southbound APIs
    Artificial Intelligence (AI)
    Generative AI
    Predictive AI
    Machine learning
    REST-based APIs
    CRUD operations
    HTTP verbs
    Data encoding
    Ansible
    Terraform
    JSON-encoded data

    CertSafari is not affiliated with, endorsed by, or officially connected to Cisco. Full disclaimer