CCNA 200-301 v1.1 – Exam at a Glance

Exam: CCNA 200-301
Time: 120 minutes
Focus: Modern enterprise networking – routing/switching, wireless, security, and automation.

The exam is built around six domains:

• Network Fundamentals (20%)
• Network Access (20%)
• IP Connectivity (25%)
• IP Services (10%)
• Security Fundamentals (15%)
• Automation and Programmability (10%)

Goal: Understand what a network is, what the parts do, and how IP addressing works.

• Devices & roles
  • Routers, Layer 2/3 switches
  • Next-gen firewalls and IPS
  • Access points and wireless controllers
  • Endpoints and servers
  • PoE (Power over Ethernet)

• Topologies & designs
  • 2-tier vs 3-tier
  • Spine-leaf
  • WAN
  • SOHO (small office / home office)
  • On-prem vs cloud

• Cabling & interfaces
  • Single-mode fiber, multimode fiber, copper
  • Shared media vs point-to-point
  • Common issues: collisions, errors, speed/duplex mismatch

• IP basics
  • IPv4 addressing and subnetting
  • Private IPv4 ranges
  • IPv6 addressing and prefixes
  • IPv6 types: unicast (global, ULA, link-local), anycast, multicast, EUI-64

• Clients & wireless
  • Verify IP parameters on Windows, macOS, Linux
  • SSID, non-overlapping Wi-Fi channels, RF basics
  • Wireless encryption basics

• Virtualization & switching
  • Server virtualization, containers, VRFs
  • MAC learning and aging
  • Frame switching and flooding
  • MAC address table concepts

Goal: Get devices onto the LAN and WLAN safely and correctly.

• VLANs
  • Data and voice VLANs
  • Default VLAN
  • VLANs spanning multiple switches
  • Inter-VLAN connectivity

• Trunks
  • 802.1Q tagging
  • Native VLAN
  • Access vs trunk ports

• Neighbor discovery
  • Cisco Discovery Protocol (CDP)
  • Link Layer Discovery Protocol (LLDP)

• Link aggregation
  • EtherChannel (LACP) at Layer 2 / Layer 3

• Spanning Tree (Rapid PVST+)
  • Root bridge, root ports, other port roles
  • Port states and roles
  • PortFast
  • Root guard, loop guard, BPDU guard, BPDU filter

• Wireless access
  • Cisco wireless architectures and AP modes
  • Physical connections: AP, WLC, access/trunk ports, LAG
  • WLAN GUI basics: SSID creation, security, QoS profiles, advanced options

• Device management access
  • Telnet, SSH, HTTP, HTTPS, console
  • TACACS+ / RADIUS
  • Cloud-managed devices

Goal: Understand how routers make forwarding decisions.

• Routing table components
  • Routing protocol code
  • Prefix and network mask
  • Next hop
  • Administrative distance
  • Metric
  • Gateway of last resort

• Forwarding decisions
  • Longest prefix match
  • Administrative distance
  • Routing protocol metric

• Static routing (IPv4 and IPv6)
  • Default route
  • Network route
  • Host route
  • Floating static routes

• OSPFv2 (single area)
  • Neighbor adjacencies
  • Point-to-point networks
  • Broadcast networks and DR/BDR
  • Router ID

• First Hop Redundancy
  • Purpose: keep default gateway available using redundancy concepts

Goal: Know the common network services that support connectivity.

• NAT
  • Inside source NAT (static and pools)

• Time and naming
  • NTP client and server roles
  • Role of DHCP and DNS

• Monitoring and logging
  • SNMP in network operations
  • Syslog facilities and severity levels

• DHCP operations
  • DHCP client
  • DHCP relay

• QoS basics
  • Classification and marking
  • Queuing and congestion management
  • Policing and shaping

• Remote access and file services
  • Configure network devices for SSH access
  • TFTP / FTP capabilities and functions

Goal: Protect devices, data, and users.

• Security concepts
  • Threats, vulnerabilities, exploits
  • Mitigation techniques

• Security program elements
  • User awareness and training
  • Physical access control

• Device access security
  • Local passwords for device access
  • Password policy (management, complexity)
  • Alternatives: MFA, certificates, biometrics

• VPNs
  • IPsec remote-access VPNs
  • IPsec site-to-site VPNs

• Access control
  • Configure and verify ACLs

• Layer 2 security
  • DHCP snooping
  • Dynamic ARP inspection (DAI)
  • Port security

• AAA concepts
  • Authentication
  • Authorization
  • Accounting

• Wireless security
  • WPA, WPA2, WPA3
  • Configure WLAN (GUI) with WPA2-PSK

Goal: Understand how automation and APIs change network management.

• Automation impact
  • Why automation matters for consistency, speed, and error reduction

• Traditional vs controller-based networking
  • Comparison of management and control methods

• SDN and controller-based architecture
  • Overlay vs underlay vs fabric
  • Separation of control plane and data plane
  • Northbound and southbound APIs

• AI / ML in network operations
  • Generative and predictive uses for monitoring and troubleshooting

• REST-based APIs
  • Authentication types
  • CRUD operations
  • HTTP verbs
  • Data encoding formats

• Configuration management tools
  • Capabilities of Ansible
  • Capabilities of Terraform

• JSON
  • Recognize JSON-encoded structures and fields