Cisco Certified Network Associate (200-301 CCNA)

The Cisco Certified Network Associate (CCNA) certification (Exam: 200-301 CCNA) is an entry-level networking certification that covers fundamental networking concepts, security, automation, and Cisco technologies.

20% 1.0 Network Fundamentals

• Explain the role and function of network components.
• Routers.
• Layer 2 and Layer 3 switches.
• Next-generation firewalls and IPS.
• Access points.
• Controllers (Cisco DNA Center and WLC).
• Endpoints.
• Servers.
• PoE.
• Describe characteristics of network topology architectures.
• Two-tier.
• Three-tier.
• Spine-leaf.
• WAN.
• Small office/home office (SOHO).
• On-premise and cloud.
• Compare physical interface and cabling types.
• Single-mode fiber, multimode fiber, copper.
• Connections (Ethernet shared media and point-to-point).
• Identify interface and cable issues (collisions, errors, mismatch duplex, and/or
• speed).

• Compare TCP to UDP.
• Configure and verify IPv4 addressing and subnetting.
• Describe the need for private IPv4 addressing.
• Configure and verify IPv6 addressing and prefix.
• Describe IPv6 address types.
• Unicast (global, unique local, and link local).
• Anycast.
• Multicast.
• Modified EUI 64.
• Verify IP parameters for Client OS (Windows, Mac OS, Linux)
• Describe wireless principles.
• Nonoverlapping Wi-Fi channels.
• SSID.
• RF.
• Encryption.
• Explain virtualization fundamentals (server virtualization, containers, and VRFs).
• Describe switching concepts.
• MAC learning and aging.
• Frame switching.
• Frame flooding.
• MAC address table.

20% 2.0 Network Access

• Configure and verify VLANs (normal range) spanning multiple switches.
• Access ports (data and voice).
• Default VLAN.
• Connectivity.
• Configure and verify interswitch connectivity.
• Trunk ports.
• 802.1Q.
• Native VLAN.
• Configure and verify Layer 2 discovery protocols (Cisco Discovery Protocol
• and LLDP).
• Configure and verify (Layer 2/Layer 3) EtherChannel (LACP).
• Interpret basic operations of Rapid PVST+ Spanning Tree Protocol.
• Root port, root bridge (primary/secondary), and other port names.
• Port states (forwarding/blocking).
• PortFast.
• Describe Cisco Wireless Architectures and AP modes.
• Describe physical infrastructure connections of WLAN components (AP, WLC,
• access/trunk ports, and LAG).
• Describe AP and WLC management access connections (Telnet, SSH, HTTP,
• HTTPS, console, and TACACS+/RADIUS).
• Interpret the wireless LAN GUI configuration for client connectivity, such as
• WLAN creation, security settings, QoS profiles, and advanced settings.

25% 3.0 IP Connectivity

• Interpret the components of routing table.
• Routing protocol code.
• Prefix.
• Network mask.
• Next hop.
• Administrative distance.
• Metric.
• Gateway of last resort.
• Determine how a router makes a forwarding decision by default.
• Longest prefix match.
• Administrative distance.
• Routing protocol metric.
• Configure and verify IPv4 and IPv6 static routing
• Default route.
• Network route.
• Host route.
• Floating static.
• Configure and verify single area OSPFv2.
• Neighbor adjacencies.
• Point-to-point.
• Broadcast (DR/BDR selection).
• Router ID.
• Describe the purpose, functions, and concepts of first hop redundancy
• protocols.

10% 4.0 IP Services

• Configure and verify inside source NAT using static and pools.
• Configure and verify NTP operating in a client and server mode.
• Explain the role of DHCP and DNS within the network.
• Explain the function of SNMP in network operations.
• Describe the use of syslog features including facilities and levels.
• Configure and verify DHCP client and relay.
• Explain the forwarding per-hop behavior (PHB) for QoS, such as classification,
• marking, queuing, congestion, policing, and shaping.
• Configure network devices for remote access using SSH.
• Describe the capabilities and function of TFTP/FTP in the network.

15% 5.0 Security Fundamentals

• Define key security concepts (threats, vulnerabilities, exploits, and mitigation
• techniques).
• Describe security program elements (user awareness, training, and physical access control).
• Configure and verify device access control using local passwords.
• Describe security password policies elements, such as management,
• complexity, and password alternatives (multifactor authentication, certificates,
• and biometrics).
• Describe IPsec remote access and site-to-site VPNs.
• Configure and verify access control lists.
• Configure and verify Layer 2 security features (DHCP snooping, dynamic ARP
• inspection, and port security).
• Compare authentication, authorization, and accounting concepts.
• Describe wireless security protocols (WPA, WPA2, and WPA3).
• Configure and verify WLAN within the GUI using WPA2 PSK.

10% 6.0 Automation and Programmability

• Explain how automation impacts network management.
• Compare traditional networks with controller-based networking.
• Describe controller-based, software defined architecture (overlay, underlay,
• and fabric).
• Separation of control plane and data plane.
• Northbound and Southbound APIs.
• Compare traditional campus device management with Cisco DNA Center
• enabled device management.
• Describe characteristics of REST-based APIs (CRUD, HTTP verbs, and data
• encoding).
• Recognize the capabilities of configuration management mechanisms Puppet,
• Chef, and Ansible.
• Recognize components of JSON-encoded data