CCNA 200-301 Exam Topics 2026: Full Objectives Breakdown + Study Order
A complete breakdown of the official Cisco CCNA 200-301 v1.1 blueprint - the six exam domains, their weights, exactly what each one tests, and the study order that gets you certified fastest.
Table of Contents
CCNA 200-301 Exam Overview
The Cisco Certified Network Associate (CCNA) is a single, associate-level exam - the 200-301 - that validates the foundational skills needed to install, operate, configure, and troubleshoot modern networks. There are no formal prerequisites, which makes it the most popular entry point into a networking career. As of August 2024, Cisco updated the blueprint to version 1.1, the version still in effect for 2026. The refresh kept the six-domain structure but modernized the content, folding in generative AI, machine learning, cloud network management, and a heavier emphasis on automation and network programmability.
Understanding the exact CCNA exam topics and how Cisco weights them is the single biggest lever you have for studying efficiently. The blueprint tells you precisely where the questions come from - so you can pour time into the 25% domain and not over-invest in a 10% one. Below is the full objectives breakdown, domain by domain, followed by the study order we recommend.
The exam blends multiple-choice, multiple-select, drag-and-drop, and simulation-style (simlet and testlet) questions. You cannot skip and return to questions, and there is no on-screen calculator, so subnetting fluency matters. Cisco does not publish an official passing score, but it sits around 825 out of 1000 (roughly 82-85% correct). The CCNA certification is valid for three years.
Domain 1.0 - Network Fundamentals
The bedrock domain. It covers the role and function of network components (routers, Layer 2 and Layer 3 switches, next-gen firewalls, access points, controllers, endpoints, servers, PoE), network topology architectures (two-tier, three-tier, spine-leaf, WAN, SOHO, on-premises vs cloud), and physical interfaces and cabling types (single-mode vs multimode fiber, copper). You will configure and verify IPv4 addressing and subnetting cold, plus IPv6 addressing, prefixes, and address types (global unicast, unique local, link-local, multicast, anycast, EUI-64). Expect questions on the TCP/IP and OSI models, comparing TCP vs UDP, wireless principles (SSID, RF, encryption), virtualization fundamentals (virtual machines, containers, VRFs), and switching concepts like MAC learning, frame forwarding, and the role of the MAC address table.
Subnetting is the highest-yield skill in this domain - it underpins questions across multiple domains, so treat binary-to-decimal conversion and VLSM as muscle memory, not memorization.
Domain 2.0 - Network Access
This domain is all about Layer 2 switching and wireless access. You will configure and verify VLANs spanning multiple switches (access ports, default VLAN, connectivity), interswitch connectivity (802.1Q trunk ports and native VLAN), and Layer 2 discovery protocols (CDP and LLDP). It covers EtherChannel (LACP), the purpose of Spanning Tree Protocol (Rapid PVST+: root bridge, root/designated/blocking ports, PortFast, BPDU Guard), and the differences between Cisco wireless architectures (autonomous, cloud, split-MAC). You will also configure WLAN components - WLC, access points, and the management of a wireless LAN through the GUI (WLAN creation, security settings, QoS profiles, and advanced WLAN settings).
Spanning Tree trips up a lot of candidates - know the port-election logic and timers, and be able to read a topology diagram to predict which port blocks.
Domain 3.0 - IP Connectivity
The largest and most heavily weighted domain - this is the heart of routing. You must interpret the components of a routing table (route source, prefix, network mask, next hop, administrative distance, metric, gateway of last resort) and explain how a router makes forwarding decisions by default (longest match, administrative distance, routing protocol metric). You will configure and verify IPv4 and IPv6 static routing (network, host, floating static, and default routes) and single-area OSPFv2 (neighbor adjacencies, point-to-point, broadcast, router ID, and how OSPF picks the DR and BDR). The domain closes with first-hop redundancy protocol (HSRP) purpose and operation.
Practice the CCNA objectives
Drilling routing tables and OSPF on real questions is the fastest way to lock in the 25% domain. Run timed sets that mirror the live blueprint.
Free CCNA PracticeBecause IP Connectivity carries the most weight, weakness here costs you the most points. Master static routing first (it is conceptually simpler), then layer on OSPF.
Domain 4.0 - IP Services
A focused, high-value-per-hour domain. You will configure and verify inside source NAT using static and pools, NTP operating in client and server mode, and the role of DHCP and DNS within the network. It also covers the function of SNMP in network operations, the use of syslog features (facilities and severity levels), configuring DHCP client and relay, the per-hop behavior (PHB) for QoS (classification, marking, queuing, congestion, policing, shaping), and configuring network devices for remote access using SSH. You will round out the domain with the capabilities and function of TFTP and FTP for file transfers.
At only 10%, this domain is small but generous - the topics are discrete and easy to memorize, making it a quick win on your scorecard.
Domain 5.0 - Security Fundamentals
This domain defines key security concepts (threats, vulnerabilities, exploits, mitigation) and security program elements (user awareness, training, physical access control). You will configure device access control using local passwords, describe security password policy elements (management, complexity, password alternatives such as multifactor authentication, certificates, and biometrics), and explain remote access and site-to-site VPNs. Core configuration tasks include Layer 2 security features (DHCP snooping, dynamic ARP inspection, and port security), access control lists (numbered and named, standard and extended IPv4 ACLs), and the differentiation between authentication, authorization, and accounting (AAA). The domain also covers wireless security protocols (WPA, WPA2, and WPA3) and configuring WLAN with WPA2 PSK using the GUI.
ACLs are the configuration-heavy part of this domain - practice writing and ordering ACL statements, since a single misplaced line changes the entire result.
Domain 6.0 - Automation and Programmability
The most forward-looking domain, and the one most expanded in v1.1. It explains how automation impacts network management and compares traditional networks with controller-based networking, and the separation of the control and data planes. You will describe controller-based, software-defined architectures (overlay, underlay, fabric) and software-defined access (SD-Access). New v1.1 emphasis includes AI and machine learning concepts in network operations (predictive analytics, anomaly detection) and cloud network management (managing devices via Cisco Catalyst Center and cloud dashboards). The domain also covers characteristics of REST-based APIs (CRUD, HTTP verbs, data encoding), recognizing the capabilities of configuration management mechanisms (Ansible, Terraform), and interpreting JSON-encoded data.
You do not need to write production code, but you must read JSON, recognize a well-formed REST call, and know which tool does what - this domain rewards recognition over deep hands-on skill.
Recommended Study Order
Study in the order the technologies build on each other - not in the order Cisco numbers the domains. Fundamentals and subnetting come first because every later domain assumes them. Save automation for last; it is conceptual and easiest to absorb once you understand the network it automates.
Here is the sequence we recommend for most candidates, roughly mapped to a 12-16 week plan:
- Network Fundamentals (1.0) - Build your foundation: OSI/TCP-IP models, cabling, and above all IPv4/IPv6 subnetting. Do not move on until subnetting is automatic.
- Network Access (2.0) - Layer 2 switching, VLANs, trunking, and Spanning Tree. This is where hands-on lab practice starts paying off.
- IP Connectivity (3.0) - The 25% domain. Static routing first, then OSPFv2 and HSRP. Spend the most lab time here.
- IP Services (4.0) - NAT, DHCP, DNS, NTP, SSH, syslog, QoS. Discrete topics that reinforce the routing and switching you just learned.
- Security Fundamentals (5.0) - ACLs, port security, DHCP snooping, AAA, and VPN concepts. ACLs tie directly back to your IP knowledge.
- Automation and Programmability (6.0) - REST APIs, JSON, controller-based networking, SDN, and AI/ML concepts. Mostly reading and recognition - a strong finishing domain.
Throughout, run a hands-on lab (Cisco Packet Tracer or a CML/GNS3 setup) alongside your reading, and start taking timed practice questions by week three. The CCNA is a launchpad - once certified, many engineers move toward the professional level with the CCNP ENCOR 350-401, which goes far deeper into the same routing, switching, and automation themes you meet here. You can rehearse the full objective set anytime on our free CCNA practice questions.
Frequently Asked Questions
Is the CCNA 200-301 v1.1 the current exam for 2026?
Yes. Cisco released blueprint version 1.1 on August 20, 2024, and it remains the live exam through 2026. It kept the six-domain structure and weights but added generative AI, machine learning, and cloud network management topics and increased the focus on automation. Always check Cisco's official exam topics page before your test date for any updates.
Which CCNA domain is the most heavily weighted?
IP Connectivity (Domain 3.0) at 25% is the single largest domain. It covers routing tables, static and default routing, single-area OSPFv2, and first-hop redundancy with HSRP. Network Fundamentals and Network Access tie for second at 20% each. Because IP Connectivity carries the most points, weakness there hurts your score the most.
How many questions are on the CCNA exam and what is the passing score?
The CCNA 200-301 typically has 100-120 questions to answer in 120 minutes. Cisco does not publish an official cut score, but it is widely reported to be around 825 out of 1000 - roughly 82-85% correct. Question types include multiple choice, drag-and-drop, and configuration simulations, and you cannot return to previous questions.
Do I need any prerequisites or coding skills for the CCNA?
No. The CCNA has no formal prerequisites - it is an associate-level exam open to anyone. Cisco recommends about a year of hands-on networking experience, but it is not required. For the automation domain you must read JSON and recognize REST API and configuration-management concepts, but you do not need to write production code.
Prepare the Honest Way and Pass First Time
Practice with realistic questions and detailed explanations across 170+ certification exams. 100% money-back guarantee.