How To

CCNA 200-301 Exam Topics: The Complete v1.1 List Explained

Cisco publishes the exact list of what the CCNA exam tests: six domains and 53 numbered objectives, each domain carrying a published weight. Most candidates skim that list once and never open it again, which is a mistake. The blueprint is the closest thing you get to seeing the exam before you sit it, and every question you will face maps back to one of those numbered lines.

Original content from computingforgeeks.com - post 169942

This page walks the complete CCNA 200-301 exam topics list, the syllabus Cisco publishes as the v1.1 blueprint. For every objective you get a plain-English translation of what Cisco is actually asking, plus a link to a free guide on this site that covers it with real Cisco IOS output from our lab. If you want the exam logistics instead (fees, booking, retakes), those live in the exam cost and format guide.

Current as of July 2026, checked against Cisco’s official CCNA 200-301 v1.1 exam topics.

The CCNA 200-301 exam topics at a glance

The exam is a single 120-minute test covering six domains. The percentages are Cisco’s official weights, and they tell you where the questions come from: nearly half the exam sits in just two domains.

DomainWeightWhat it covers
1.0 Network Fundamentals20%Devices, cabling, TCP/UDP, IPv4 and IPv6 addressing, subnetting, wireless basics, virtualization, switching concepts
2.0 Network Access20%VLANs, trunking, EtherChannel, Spanning Tree, CDP/LLDP, wireless architectures, device management access
3.0 IP Connectivity25%The routing table, forwarding decisions, static routing, single-area OSPFv2, first hop redundancy
4.0 IP Services10%NAT, NTP, DHCP, DNS, SNMP, syslog, QoS, SSH, TFTP/FTP
5.0 Security Fundamentals15%Security concepts, device hardening, VPNs, ACLs, Layer 2 security, AAA, wireless security
6.0 Automation and Programmability10%Automation concepts, controller-based networking, AI and machine learning, REST APIs, Ansible and Terraform, JSON

Cisco states the list is a guideline and related topics may still appear, so treat the weights as the shape of the exam rather than a contract. The full official document is on the Cisco Learning Network exam topics page. Everything below is that document, decoded.

What changed in v1.1, and when v2.0 lands

The v1.1 blueprint took effect on August 20, 2024. It was a light revision, not a new exam. The domains and weights did not move. The real changes:

  • Objective 6.4 was replaced. The old “compare traditional campus device management with Cisco DNA Center” objective is gone. In its place: explain generative and predictive AI and machine learning in network operations. This is the headline addition.
  • Terraform replaced Puppet and Chef in objective 6.6. Configuration management is now “such as Ansible and Terraform”.
  • STP protection features were added to objective 2.5: root guard, loop guard, BPDU filter, and BPDU guard now appear by name, and port states became “port states and roles”.
  • Objective 2.8 was broadened from AP and WLC management access to network device management access generally, and “cloud managed” joined the access-method list.
  • REST API authentication types were added to objective 6.5.

The bigger date to plan around: v1.1 retires on February 2, 2027, and CCNA v2.0 goes live on February 3, 2027, keeping the same 200-301 exam number. If you are studying in 2026, you are studying v1.1 and this list is your target. If your exam date slips past early February 2027, check the v2.0 topic list before you book.

Domain 1: Network Fundamentals (20%)

Domain 1 is where the vocabulary and the math live. It rewards people who actually understand what each box in a topology does and who can subnet quickly without a calculator. The OSI and TCP/IP models underpin the whole domain even though they are not a numbered objective anymore; layer language shows up in questions across all six domains.

ObjectiveWhat it asksWhere we cover it
1.1The role of routers, L2/L3 switches, next-generation firewalls and IPS, access points, controllers, endpoints, servers, and PoENetwork devices explained and PoE standards and wattage
1.2Topology architectures: two-tier, three-tier, spine-leaf, WAN, SOHO, on-premises and cloudNetwork architectures explained
1.3Compare interface and cabling types: single-mode and multimode fiber, copper, shared media vs point-to-pointCopper vs fiber cabling
1.4Identify interface and cable issues: collisions, errors, duplex and speed mismatchesTroubleshooting Cisco interfaces
1.5Compare TCP to UDPTCP vs UDP with real captures
1.6Configure and verify IPv4 addressing and subnettingIPv4 addressing, subnetting step by step, VLSM, and the subnetting cheat sheet
1.7Describe private IPv4 addressingCovered in the IPv4 addressing guide (RFC 1918 ranges)
1.8Configure and verify IPv6 addressing and prefixIPv6 addressing explained
1.9IPv6 address types: global unicast, unique local, link-local, anycast, multicast, modified EUI-64Same IPv6 guide, with EUI-64 verified on real IOS
1.10Verify IP parameters on Windows, macOS, and LinuxVerify IP settings on client OS
1.11Wireless principles: nonoverlapping channels, SSID, RF, encryptionWireless networking fundamentals
1.12Virtualization fundamentals: server virtualization, containers, VRFsVMs, containers, and VRFs
1.13Switching concepts: MAC learning and aging, frame switching, flooding, the MAC address tableHow switches work

Objective 1.6 deserves more of your time than any other line in this domain. Subnetting is not one question on the exam; it hides inside routing questions, ACL questions, and OSPF questions. When you can work the Domain 1 practice test without reaching for a calculator, you are ready to move on.

Domain 2: Network Access (20%)

Domain 2 is switching, and it is hands-on. Cisco uses “configure and verify” on the first four of these objectives, which means simulation questions: expect to type real commands and read real show output. Comfort in the CLI matters here, and the IOS CLI editing shortcuts pay for themselves in saved exam minutes.

ObjectiveWhat it asksWhere we cover it
2.1Configure and verify VLANs (normal range) spanning multiple switches: access ports, data and voice VLANs, default VLAN, InterVLAN connectivityVLAN configuration, plus router-on-a-stick and Layer 3 switch SVIs for the InterVLAN part
2.2Configure and verify interswitch connectivity: trunk ports, 802.1Q, native VLAN802.1Q trunking
2.3Configure and verify Layer 2 discovery: CDP and LLDPCDP and LLDP
2.4Configure and verify Layer 2/Layer 3 EtherChannel (LACP)EtherChannel with LACP
2.5Interpret Rapid PVST+: root bridge and port roles, port states, PortFast, root guard, loop guard, BPDU filter and guardRapid PVST+ configuration
2.6Describe Cisco wireless architectures and AP modesWireless architectures and AP modes
2.7Describe WLAN component connections: AP, WLC, access and trunk ports, LAGSame wireless architectures guide
2.8Describe device management access: console, Telnet, SSH, HTTP/HTTPS, TACACS+/RADIUS, cloud managedCisco device base configuration and SSH access setup
2.9Interpret WLAN GUI configuration for client connectivity: WLAN creation, security settings, QoS profilesGuide in progress (needs a live WLC for real screenshots)

The trap in this domain is memorizing commands without reading output. Exam items love to hand you a show interfaces trunk or show spanning-tree capture and ask what is broken. Test yourself against the Domain 2 practice test to see whether you can interpret, not just configure.

Domain 3: IP Connectivity (25%)

The heaviest domain on the exam, and the one where pass or fail is usually decided. Only five objectives, but they are deep, and two of them (static routing and OSPF) are prime simulation material.

ObjectiveWhat it asksWhere we cover it
3.1Interpret the routing table: protocol codes, prefix, mask, next hop, administrative distance, metric, gateway of last resortReading the IP routing table
3.2How a router forwards by default: longest prefix match, administrative distance, protocol metricHow a router forwards a packet
3.3Configure and verify IPv4 and IPv6 static routing: default, network, host, and floating static routesIPv4 static routes and IPv6 static routes
3.4Configure and verify single-area OSPFv2: neighbor adjacencies, point-to-point, broadcast and DR/BDR, router IDOSPF concepts then single-area OSPF configuration
3.5Describe the purpose and concepts of first hop redundancy protocolsHSRP, VRRP, and GLBP explained, with a hands-on HSRP lab

A quarter of your exam comes from this table. Study it in order: you cannot debug OSPF if you cannot read a routing table, and you cannot place a floating static route if you do not understand administrative distance. When the individual pieces feel solid, run the IP connectivity troubleshooting workflow end to end, then take the Domain 3 practice test.

Domain 4: IP Services (10%)

Nine objectives squeezed into ten percent of the exam. The questions here are shallower than Domain 3 but broad, so the efficient play is knowing exactly what each service does and how to verify it, without going down rabbit holes.

ObjectiveWhat it asksWhere we cover it
4.1Configure and verify inside source NAT: static and poolsNAT and PAT configuration
4.2Configure and verify NTP in client and server modeNTP client and server on IOS
4.3The role of DHCP and DNS in the networkDHCP server and relay and DNS on Cisco routers
4.4The function of SNMP in network operationsSNMP and syslog on IOS
4.5Syslog features: facilities and severity levelsSame SNMP and syslog guide (severity table included)
4.6Configure and verify DHCP client and relayDHCP relay with ip helper-address
4.7QoS per-hop behavior: classification, marking, queuing, congestion, policing, shapingQoS explained
4.8Configure network devices for remote access using SSHSSH on routers and switches
4.9TFTP and FTP capabilities in the networkGuide in progress

Two memorization tables carry most of the Domain 4 points: the syslog severity levels (0 through 7) and the QoS marking values. Both are in the linked guides, verified on real IOS.

Domain 5: Security Fundamentals (15%)

Security is a mix of concept questions (define the terms, compare the protocols) and configuration work (ACLs and the Layer 2 security trio). The configuration objectives here produce some of the trickiest simulation items on the exam, because a misordered ACL fails silently.

ObjectiveWhat it asksWhere we cover it
5.1Key security concepts: threats, vulnerabilities, exploits, mitigationNetwork security concepts
5.2Security program elements: user awareness, training, physical access controlSame security concepts guide
5.3Configure and verify device access control with local passwordsDevice access control
5.4Password policy elements: management, complexity, MFA, certificates, biometricsSame access control guide
5.5IPsec remote access and site-to-site VPNsRemote access vs site-to-site VPNs
5.6Configure and verify access control listsCisco ACLs
5.7Layer 2 security: DHCP snooping, dynamic ARP inspection, port securityPort security, DHCP snooping, and dynamic ARP inspection
5.8Compare authentication, authorization, and accountingAAA with RADIUS vs TACACS+
5.9Wireless security protocols: WPA, WPA2, WPA3Covered in wireless fundamentals
5.10Configure WLAN with WPA2 PSK in the GUIGuide in progress (paired with objective 2.9)

The Layer 2 security trio in 5.7 works as one story: port security limits who plugs in, DHCP snooping decides which DHCP offers are legitimate, and dynamic ARP inspection uses the snooping database to stop ARP spoofing. Learn them in that order and the Domain 5 practice test will feel fair.

Domain 6: Automation and Programmability (10%)

The newest material and the domain the v1.1 revision touched most. Everything here is describe-and-recognize level: nobody asks you to write a Python script, but you do need to read JSON, know what a REST API call looks like, and explain where AI fits in network operations.

ObjectiveWhat it asks
6.1How automation impacts network management
6.2Compare traditional networks with controller-based networking
6.3Controller-based and software-defined architecture: overlay, underlay, fabric, control plane vs data plane, northbound and southbound APIs
6.4Explain generative and predictive AI and machine learning in network operations (new in v1.1)
6.5REST API characteristics: authentication types, CRUD, HTTP verbs, data encoding
6.6Configuration management with tools such as Ansible and Terraform
6.7Recognize components of JSON-encoded data

Our Domain 6 guides are in production now and will be linked here as they publish. Until then, the objective list above is exactly what to revise: ten percent of the exam, all of it conceptual, most of it answerable from careful reading rather than lab hours.

How the weights should shape your study time

Add the numbers and the strategy writes itself. Domains 1 through 3 are 65 percent of the exam, and all three lean on the same two skills: subnetting fluency and reading show command output. That is where lab time pays. Domains 4 and 6 together are only 20 percent and are mostly recall, so they respond better to spaced repetition than to marathon lab sessions.

A weighting most candidates get wrong: they spend weeks polishing Domain 1 trivia while leaving OSPF shaky. Domain 3 alone outweighs Domains 4 and 6 combined. If your practice scores force a choice, fix IP Connectivity first.

The “configure and verify” verbs in the list are also a study signal. Cisco uses them on 15 of the 53 objectives, and those are the ones that can appear as hands-on simulation items. Every one of our linked guides for those objectives was built in a real GNS3 lab with real IOS output, because reading about a trunk and fixing one are different skills. The question types and sim strategy guide explains how those items behave in the exam engine.

Turn the topic list into a study plan

A topic list tells you what to learn, not when. The CCNA 200-301 study guide and roadmap sequences everything above into a learning path, and the full series is browsable from the CCNA 200-301 series page. Work a domain, then prove it with its practice test before moving on. Keep the command cheat sheet and the subnetting cheat sheet within reach for the final review week, and check this page again before you book: when objectives move, this list moves with them.

Keep reading

Configure Samba File Share on Debian 13 / 12 Debian Configure Samba File Share on Debian 13 / 12 Setup WireGuard VPN on Ubuntu 24.04 / Debian 13 / Rocky Linux 10 Debian Setup WireGuard VPN on Ubuntu 24.04 / Debian 13 / Rocky Linux 10 Use NetworkManager nmcli on Ubuntu and Debian Debian Use NetworkManager nmcli on Ubuntu and Debian Build a 10-Inch Mini Rack for a Homelab Networking Build a 10-Inch Mini Rack for a Homelab GL.iNet Tailscale Exit Node: Home and Travel Two-Box Setup Networking GL.iNet Tailscale Exit Node: Home and Travel Two-Box Setup Allow ICMP Echo Reply on Windows Server 2019/2022 Windows Allow ICMP Echo Reply on Windows Server 2019/2022

Leave a Comment

Press ESC to close