Cisco Certified Network Associate (CCNA) Exam Guide
CCNA Exam v1.0 (200-301)
The CCNA Exam v1.0 (200-301) is a crucial 120-minute assessment tied to the CCNA certification. This exam evaluates a candidate’s understanding and abilities concerning network fundamentals, network access, IP connectivity, IP services, security fundamentals, and automation and programmability. The accompanying course, Implementing and Administering Cisco Solutions (CCNA), is designed to assist candidates in their preparation for this exam. The exam content outlined below serves as a general guide to the topics that may be covered; however, additional related topics may also be included in any particular delivery of the exam. Please note that the exam content specifications may be updated at any time to ensure they accurately reflect the most current version of the exam.
1.0 Network Fundamentals (20%)
Network fundamentals form the backbone of understanding how networks operate. This domain covers the roles and functions of key network devices such as routers and switches. It explores the use of routers for directing traffic between different network segments, and the role of switches in facilitating data exchanges within a network segment. Understanding different network topologies—like two-tier, three-tier, and spine-leaf architectures—is essential for designing efficient and scalable networks. The domain also dives into various cabling types and interface options, highlighting how decisions on these can impact network setup and functionality. Additionally, foundational knowledge about protocols like TCP and UDP, along with IPv4 and IPv6 addressing schemes, are discussed to provide a rounded comprehension of internet communication mechanisms.
1.1 Explain the role and function of network components:
- Routers: Devices that connect multiple networks and route packets between them by making decisions based on the network layer headers.
- Layer 2 and Layer 3 switches: Layer 2 switches operate at the data link layer to process and forward data at the MAC address level, while Layer 3 switches can also perform routing functions based on IP addresses.
- Next-generation firewalls and IPS: Advanced security devices that provide capabilities such as application awareness, integrated intrusion prevention, and cloud-delivered threat intelligence.
- Access points: Devices that connect wireless clients to a wired network, often using Wi-Fi.
- Controllers (Cisco DNA Center and WLC): Centralized management devices that simplify the provisioning, monitoring, and optimization of wireless network components.
- Endpoints: Devices like computers, phones, and servers that connect to a network and are the source or destination of network traffic.
- Servers: Powerful computers that store, process, and serve large amounts of data and applications for clients over a network.
- PoE: Power over Ethernet technology allows network cables to carry electrical power to devices such as IP cameras and wireless access points.
1.2 Describe characteristics of network topology architectures:
- Two-tier and Three-tier: Traditional hierarchical network designs that split the network into core, distribution, and access layers, each serving a distinct purpose.
- Spine-leaf: A modern architecture used in data centers for high-speed connectivity between servers and storage systems that maximizes redundancy and bandwidth availability.
- WAN: Wide Area Networks connect larger geographical areas, such as between cities or countries.
- SOHO: Small Office/Home Office networks designed for fewer users, simpler requirements, and typically lower budget solutions.
- On-premise and cloud: On-premise networks are located physically within the company’s property, whereas cloud networks are hosted on servers in data centers managed by third-party providers.
1.3 Compare physical interface and cabling types:
- Single-mode fiber, multimode fiber, copper: Types of cabling used to connect different network devices based on the required distance, bandwidth, and environmental factors.
- Connections (Ethernet shared media and point-to-point): Ethernet shared media can have multiple devices on the same network segment, whereas point-to-point involves a direct connection between two devices.
1.4 Identify interface and cable issues (collisions, errors, mismatch duplex, and/or speed): Essential for troubleshooting physical connectivity issues that can severely impact network performance.
1.5 Compare TCP to UDP: Understanding the differences between these two core transport protocols; TCP is connection-oriented and reliable whereas UDP is simpler, connectionless, and generally faster.
1.6 Configure and verify IPv4 addressing and subnetting: Fundamental skills for setting up and managing networks to ensure efficient and correct allocation of IP addresses.
1.7 Describe the need for private IPv4 addressing: Important for conserving public IP addresses and enhancing network security.
1.8 Configure and verify IPv6 addressing and prefix: Essential as the world transitions from IPv4 to IPv6 due to IPv4 address exhaustion.
1.9 Describe IPv6 address types:
- Unicast, Anycast, Multicast, Modified EUI 64: Different methods of distributing IPv6 addresses based on the intended use and network configuration.
1.10 Verify IP parameters for Client OS (Windows, Mac OS, Linux): Ensures that each operating system is correctly configured to connect and operate within the network.
1.11 Describe wireless principles:
- Nonoverlapping Wi-Fi channels, SSID, RF, Encryption: Key concepts in setting up and securing wireless networks.
1.12 Explain virtualization fundamentals (server virtualization, containers, and VRFs): Virtualization technologies that allow for efficient resource utilization and improved network management.
1.13 Describe switching concepts:
- MAC learning and aging, Frame switching, Frame flooding, MAC address table: Core functions of switches in learning and forwarding MAC addresses to efficiently direct network traffic.
2.0 Network Access (20%)
Network access focuses on the configuration and management of connectivity within a network. It involves setting up VLANs to create logically separate networks within the same physical environment and ensuring proper communication between VLANs through interswitch connectivity using trunking. Mastery of EtherChannel and understanding of different forms of Spanning Tree Protocols (STP) ensure efficient link aggregation and loop prevention in a network. This domain also covers the configuration and management of wireless network components, including securing and managing wireless traffic and understanding the role of controllers like Cisco’s WLC and DNA Center.
2.1 Configure and verify VLANs (normal range) spanning multiple switches:
- Access ports, Default VLAN, InterVLAN connectivity: Vital for segmenting a network into multiple broadcast domains to reduce congestion and improve security.
2.2 Configure and verify interswitch connectivity:
- Trunk ports, 802.1Q, Native VLAN: Ensures that traffic between switches can carry traffic from multiple VLANs.
2.3 Configure and verify Layer 2 discovery protocols (Cisco Discovery Protocol and LLDP): These protocols provide a means to share device information and capabilities on the same network, facilitating easier device discovery and network management.
2.4 Configure and verify (Layer 2/Layer 3) EtherChannel (LACP): Combines multiple network interfaces into a single logical interface to increase bandwidth and provide redundancy.
2.5 Interpret basic operations of Rapid PVST+ Spanning Tree Protocol:
- Root port, root bridge, port states, PortFast: Key components and features of STP that prevent bridge loops and provide path redundancy in a network.
2.6 Describe Cisco Wireless Architectures and AP modes: Covers the framework and different modes of operation for Cisco wireless access points, essential for deploying flexible and scalable wireless networks.
2.7 Describe physical infrastructure connections of WLAN components (AP, WLC, access/trunk ports, LAG): Details the physical setup necessary for a wireless LAN, including how components are interconnected.
2.8 Describe AP and WLC management access connections (Telnet, SSH, HTTP, HTTPS, console, and TACACS+/RADIUS): Various methods for securely managing wireless access points and controllers.
2.9 Interpret the wireless LAN GUI configuration for client connectivity, such as WLAN creation, security settings, QoS profiles, and advanced settings: Focuses on the practical aspects of configuring and securing a wireless network using a graphical interface.
3.0 IP Connectivity (25%)
IP connectivity is crucial for enabling robust and reliable network communication. This domain entails a deep dive into routing table components, understanding how routers decide on the best path for transmitting data based on protocols like OSPF. The configuration and verification of both IPv4 and IPv6 routing are covered extensively, ensuring candidates can manage and troubleshoot network routing. Concepts such as static routing, dynamic routing with OSPF, and the importance of first-hop redundancy protocols are discussed to foster a thorough understanding of maintaining continuous network connectivity and optimizing the path data takes through a network.
3.1 Interpret the components of the routing table:
- Routing protocol code, Prefix, Network mask, Next hop, Administrative distance, Metric, Gateway of last resort: These elements are crucial for determining the best path for data packets based on various metrics and attributes.
3.2 Determine how a router makes a forwarding decision by default:
- Longest prefix match, Administrative distance, Routing protocol metric: Fundamental concepts in how routers decide the best path for routing packets to their destinations.
3.3 Configure and verify IPv4 and IPv6 static routing:
- Default route, Network route, Host route, Floating static: Static routes are manually configured routes that provide precise control over the routing decisions in the network.
3.4 Configure and verify single area OSPFv2:
- Neighbor adjacencies, Point-to-point, Broadcast, Router ID: Key aspects of OSPF necessary for setting up and maintaining a robust internal gateway routing protocol.
3.5 Describe the purpose, functions, and concepts of first hop redundancy protocols: These protocols ensure continuous availability of a gateway by providing protocol redundancy, essential in maintaining uninterrupted network service.
4.0 IP Services (10%)
IP Services enhance the functionality of a network by providing crucial services to the hosted applications and end-users. This includes configuring and managing DHCP for dynamic IP address allocation, DNS for domain name resolution, and understanding the critical role of NTP for time synchronization across network devices. Additionally, knowledge about SNMP and Syslog for network monitoring and logging provides network administrators with tools to diagnose and resolve network issues proactively. The domain also explores Quality of Service (QoS) techniques, which are vital for managing bandwidth and prioritizing network traffic to ensure that critical applications receive the necessary resources.
4.1 Configure and verify inside source NAT using static and pools: Network Address Translation is crucial for translating private IP addresses to public IPs, allowing for internet connectivity and conserving IPv4 addresses.
4.2 Configure and verify NTP operating in a client and server mode: Ensures that all devices on a network are synchronized in time, which is vital for troubleshooting and security logging.
4.3 Explain the role of DHCP and DNS within the network: Dynamic Host Configuration Protocol automatically assigns IP addresses to devices on a network, while Domain Name System resolves human-readable names to IP addresses.
4.4 Explain the function of SNMP in network operations: Simple Network Management Protocol is used for monitoring network-attached devices for conditions that warrant administrative attention.
4.5 Describe the use of syslog features including facilities and levels: Syslog is a standard for message logging, allowing for a wide variety of device management and security audit purposes.
4.6 Configure and verify DHCP client and relay: Involves setting up devices to receive IP addresses from a DHCP server and configuring routers to forward DHCP packets between clients and servers.
4.7 Explain the forwarding per-hop behavior (PHB) for QoS, such as classification, marking, queuing, congestion, policing, and shaping: Quality of Service controls are essential for managing packet loss, delay, and jitter on a network, ensuring that critical applications receive the necessary bandwidth.
4.8 Configure network devices for remote access using SSH: Secure Shell provides a secure channel over an unsecured network, making it the standard for securely accessing network devices remotely.
4.9 Describe the capabilities and functions of TFTP/FTP in the network: Trivial File Transfer Protocol and File Transfer Protocol are used for the transfer of files between devices in a network, essential for operations such as loading software images onto network devices.
5.0 Security Fundamentals (15%)
Security fundamentals are key to protecting network data and resources from unauthorized access and attacks. This domain addresses the core security concepts of threats, vulnerabilities, exploits, and their mitigation. It includes configuring network devices for secure access using strong password policies, implementing access control lists (ACLs), and understanding the functionalities of various security protocols such as WPA, WPA2, and WPA3 for securing wireless networks. The use of VPNs for securing remote connections and the implementation of security measures against common attacks identified by OWASP are also critical components.
5.1 Define key security concepts (threats, vulnerabilities, exploits, and mitigation techniques): Provides a fundamental understanding of the landscape of network security, helping professionals identify and counteract potential security risks.
5.2 Describe security program elements (user awareness, training, and physical access control): Emphasizes the importance of a comprehensive security strategy that includes not only technological solutions but also educational and policy measures to protect network assets.
5.3 Configure and verify device access control using local passwords: Essential for ensuring that only authorized users can access network devices, thus protecting sensitive configurations and data.
5.4 Describe security password policies elements, such as management, complexity, and password alternatives (multifactor authentication, certificates, and biometrics): Discusses best practices for password security and additional authentication methods that enhance security.
5.5 Describe IPsec remote access and site-to-site VPNs: IPsec enhances security for transmission of sensitive information over unprotected networks such as the internet.
5.6 Configure and verify access control lists: Access control lists (ACLs) are used to increase the security level of network devices by controlling the flow of traffic and limiting network broadcasts.
5.7 Configure and verify Layer 2 security features (DHCP snooping, dynamic ARP inspection, and port security): These features provide mechanisms to prevent common attacks such as DHCP spoofing, ARP poisoning, and MAC address spoofing.
5.8 Compare authentication, authorization, and accounting concepts: Often referred to as the AAA framework, these concepts provide essential services for controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services.
5.9 Describe wireless security protocols (WPA, WPA2, and WPA3): Wi-Fi Protected Access protocols are security standards designed to secure wireless computer networks.
5.10 Configure and verify WLAN within the GUI using WPA2 PSK: Practical application of configuring a secure wireless local area network using the graphical user interface of WLAN devices.
6.0 Automation and Programmability (10%)
Automation and programmability represent the evolving landscape of network management, emphasizing the shift from manual configurations to automated, software-defined networks. This domain covers the use of APIs for interacting with network devices and services, providing a scalable and flexible method of network management. Understanding controller-based and software-defined networking architectures helps in optimizing and simplifying operations. Tools like Ansible, Puppet, and Chef automate configuration management, promoting efficiency and accuracy. Familiarity with data formats like JSON, essential for modern API interactions, and the understanding of how automation impacts network management, round out the knowledge needed to modernize and streamline network operations.
6.1 Explain how automation impacts network management: Discusses the transformative effect of automation on traditional network management, reducing the need for manual interventions, decreasing the potential for human errors, and increasing the speed of operations.
6.2 Compare traditional networks with controller-based networking: Highlights the shift from conventional networking paradigms to more modern, flexible, and efficient models managed through centralized controllers.
6.3 Describe controller-based and software-defined architectures (overlay, underlay, and fabric):
- Separation of control plane and data plane: Provides a more scalable and manageable approach by separating the network’s routing logic from the forwarding function.
- Northbound and Southbound APIs: Interfaces that provide communication between the control layer and the infrastructure below, and between the control layer and the applications above, respectively.
6.4 Compare traditional campus device management with Cisco DNA Center enabled device management: Cisco DNA Center allows for more centralized and integrated network management compared to traditional methods.
6.5 Describe characteristics of REST-based APIs (CRUD, HTTP verbs, and data encoding): REST APIs facilitate the interaction with web services using standard HTTP methods, which are crucial for modern web applications.
6.6 Recognize the capabilities of configuration management mechanisms Puppet, Chef, and Ansible: These tools automate the process of network configuration management, ensuring consistency and compliance across devices.
6.7 Recognize components of JSON-encoded data: JSON (JavaScript Object Notation) is a lightweight data-interchange format that is easy for humans to read and write, and easy for machines to parse and generate, widely used in configurations and APIs.
Responses