ExamworthyExamworthy
Open the appStart free
200-301 practice questionsFull study guide
Examworthyexamworthy.com

Cisco Certified Network Associate (CCNA 200-301) cheat sheet

Cisco

Exam version 1.1Reviewed 2026-06-14

Free to share. Examworthy is not affiliated with or endorsed by Cisco; 200-301 and related marks belong to their respective owners.

At a glance

100 to 120
Questions
120 min
Time allowed
$300
Cost (USD)

Format: Multiple choice, drag-and-drop, and simulation

Domain weight map

Heaviest first - spend your time here
IP Connectivity25% · 75 Q
Network Fundamentals20% · 59 Q
Network Access20% · 60 Q
Security Fundamentals15% · 45 Q
IP Services10% · 34 Q
Automation and Programmability10% · 33 Q

How this exam thinks

CCNA rewards applying the exact rule - the host count, the election winner, the first-match ACL line - not recalling a definition. The best answer hinges on a precedence rule or a boundary value.

Spot the trap

Tempting wrong answers, and why they fail

Tempting but wrong

OSPF's lower administrative distance than EIGRP means its /16 route is chosen over an EIGRP /24 for the same destination.

Why it fails

Administrative distance only breaks ties between routes to the SAME prefix. With different prefix lengths the longest match is chosen first, so the /16 is never compared by AD against the more specific /24.

IP Connectivity

Tempting but wrong

Is fc00::/7 the prefix a host self-assigns for link-local communication when no router is present?

Why it fails

No. fc00::/7 is the unique local address (ULA) range, which is site-scoped and can be routed between internal subnets. It is not the prefix a host self-assigns for link-local communication, so it is the wrong classification.

Network Fundamentals

Tempting but wrong

A native VLAN only affects which VLAN carries management traffic, so a native-VLAN mismatch never touches the forwarding of user data.

Why it fails

It is tempting because a native-VLAN mismatch does not bring the physical link down. But the mismatch does affect user data: untagged frames leak between the two different native VLANs, bridging them together.

Network Access

Tempting but wrong

Is the coding flaw a threat, because it represents the party with intent and capability to harm the server?

Why it fails

No. A threat is the potential danger or the actor that could cause harm, such as the attacker. The coding flaw is the internal weakness being targeted, not the source of danger, so the term is misapplied.

Security Fundamentals

Tempting but wrong

Is the inside local address the registered public address the router assigns to the inside host before forwarding to the WAN?

Why it fails

No. The inside local address is the private address the host actually uses inside the network, not the registered public address it is translated to. It is the wrong end of the mapping; the translated public address is the inside global.

IP Services

Tempting but wrong

In SDN, does the controller take over physically rewriting frames and pushing packets out egress interfaces at line rate?

Why it fails

Tempting because the controller manages forwarding, but actually moving frames out of interfaces at line rate is a data plane function that stays on each switch. The controller programs the forwarding state; it does not forward the packets itself.

Automation and Programmability

Tempting but wrong

A connected route to 10.0.0.0/8 wins because connected routes have the lowest administrative distance of 0.

Why it fails

A connected route does have AD 0, but administrative distance is not consulted until after longest prefix match. The /8 is the least specific of the matches, so it loses on prefix length before AD is ever considered.

IP Connectivity

Tempting but wrong

Can a host with no router on the segment mint a globally routable 2000::/3 address?

Why it fails

No. 2000::/3 is the global unicast range used for internet-reachable addresses. A host cannot mint a globally routable address without a router advertisement supplying the prefix, so it does not describe the no-router self-configured address.

Network Fundamentals

Key terms

Routing table componentsLongest prefix matchAdministrative distanceRouting protocol metricGateway of last resortStatic routeDefault routeHost routeFloating static routeNext hop vs exit interfaceOSPFv2 single areaNeighbor adjacencyDR/BDR electionOSPF router IDOSPF network typesFirst hop redundancy protocol

Exam-day rules

  • Read the last line of the question first. It tells you whether you are being asked for a configuration, a resulting behaviour, or a fault, so you can read the scenario looking for that.
  • On any subnet question, write down the network address, broadcast address, and usable range before looking at the options. Most distractors are off by one because they count the network or broadcast as a usable host.
  • Know the administrative-distance defaults and the implicit deny cold. The wrong options are built from believable wrong numbers, so recall removes the trap.
  • For routing questions, apply the order strictly: longest prefix match first, then administrative distance, then metric. A more specific route wins even from a less trusted source.
  • Watch wildcard masks. Where an ACL or an OSPF network statement needs a wildcard, the subnet mask is the planted distractor.

Revision schedule

  1. Day 1
    Map the blueprint and set a date
  2. Week 1
    Make subnetting automatic
  3. Weeks 1-2
    Lock the switched access layer (Network Access)
  4. Weeks 2-3
    Go deep on IP Connectivity
  5. Weeks 3-4
    Cover IP Services and Security Fundamentals

Practise 200-301 free

Every question has a worked explanation and a per-distractor rationale. No sign-up.

792 audited flashcards in this deck.

Practise 200-301 free
Examworthy - Cisco Certified Network Associate (CCNA 200-301) (200-301) cheat sheet. Free to share.examworthy.com