Cisco Certified Network Associate (CCNA) Exam

825 Questions and Answers

Network engineer preparing for the 200-301 CCNA certification exam

Cisco Certified Network Associate CCNA Exam Answers

If you’re aiming to build a successful career in networking, one of the most powerful certifications you can earn is the Cisco Certified Network Associate (CCNA). Recognized globally, the CCNA validates your knowledge and skills in core networking concepts and technologies, including IP connectivity, security fundamentals, automation, and programmability.

In this guide, we’ll break down what the CCNA exam is, what you’ll learn, who it’s for, the key topics covered, and how Exam Sage can help you pass with confidence.

What Is the CCNA Exam?

The CCNA exam (code 200-301) is a certification exam offered by Cisco Systems, a global leader in networking and telecommunications. This exam tests your ability to install, configure, operate, and troubleshoot medium-size routed and switched networks.

Unlike older versions of the certification, the current CCNA consolidates various associate-level tracks (e.g., routing & switching, security, wireless) into one comprehensive exam. The goal is to ensure you have a solid foundational understanding of modern networking across diverse platforms.

What Will You Learn by Preparing for the CCNA?

Studying for the CCNA equips you with essential skills and technical knowledge in areas such as:

  • IP addressing and subnetting

  • Routing and switching fundamentals

  • VLANs, STP (Spanning Tree Protocol), and inter-VLAN routing

  • IP connectivity and OSPF configurations

  • Wireless networking

  • Network security fundamentals

  • Network automation and programmability

  • Basic device configuration using Cisco IOS

Whether you’re new to IT or aiming to formalize your hands-on experience, the CCNA delivers a comprehensive foundation.

Who Should Take the CCNA Exam?

The CCNA is ideal for:

  • Aspiring Network Engineers

  • IT Support Technicians

  • System Administrators

  • Junior Network Administrators

  • Computer Science and Information Technology Students

  • Professionals looking to transition into networking roles

You don’t need prior Cisco certifications to take the CCNA, but some networking knowledge or experience (or a good study resource) will help you prepare.

CCNA Exam Topics – What’s Covered?

Here’s an overview of the official CCNA exam domains, with reference to questions from the Exam Sage practice collection:

1. Network Fundamentals

You’ll learn about IP addressing, Ethernet, switching concepts, cabling, and basic command-line tools.
→ Covered in Questions 1–100 and 750–775.

2. Network Access

Covers VLANs, trunking, STP, port security, and wireless access points.
→ See Questions 105–200 and 796–805.

3. IP Connectivity

Focuses on routing concepts like OSPF, static routing, and the routing table.
→ Covered extensively in Questions 201–300 and 799–810.

4. IP Services

Includes DHCP, NAT, NTP, SNMP, and QoS basics.
→ Refer to Questions 301–400 and 814–820.

5. Security Fundamentals

You’ll study access control, VPNs, firewalls, and secure device access (SSH vs Telnet).
→ Questions 401–500 and 805–813 are relevant.

6. Automation and Programmability

Introduces SDN, APIs, and Cisco DNA Center—future-focused skills.
→ Covered in Questions 501–600.

Why Choose Exam Sage for CCNA Practice?

ExamSage.com offers a premium, practice-driven learning experience tailored for CCNA candidates who want:

  • Realistic Practice Questions: Over 820+ expert-created multiple-choice questions designed to reflect real CCNA exam scenarios.

  • Detailed Explanations: Every question includes clear and concise reasoning to reinforce your understanding.

  • Topic-Wise Coverage: Questions are structured by exam domains to help you identify strengths and weaknesses.

  • Updated for 2025: All content reflects the latest Cisco exam guidelines, with no outdated topics.

Whether you’re just beginning or polishing your final prep, Exam Sage’s CCNA exam pack helps you study smarter—not harder.

Final Thoughts

The CCNA certification remains one of the most respected entry-level credentials in IT networking. It’s not just a badge—it’s a foundation for higher-level Cisco certifications (like CCNP), better job opportunities, and practical skill-building in enterprise and cloud networks.

If you’re ready to take the next step, start your CCNA journey today with Exam Sage’s expertly crafted practice exams. With the right resources and commitment, you can pass the CCNA exam and launch your career with confidence.

Sample Questions and Answers

1. Which two layers of the OSI model are combined in the TCP/IP model’s Network Access layer?

A. Network and Transport
B. Data Link and Physical
C. Application and Presentation
D. Session and Network

Answer: B. Data Link and Physical
Explanation:
The TCP/IP model combines the Data Link and Physical layers into a single layer called the Network Access layer, which handles how data is physically transmitted.

2. What is the primary purpose of ARP in a network?

A. To assign IP addresses
B. To discover DNS servers
C. To map IP addresses to MAC addresses
D. To translate hostnames to IP addresses

Answer: C. To map IP addresses to MAC addresses
Explanation:
The Address Resolution Protocol (ARP) is used to associate an IP address with a MAC address, enabling proper data delivery within a local network.

3. Which command shows a list of directly connected Cisco neighbors?

A. show ip route
B. show interfaces
C. show cdp neighbors
D. show running-config

Answer: C. show cdp neighbors
Explanation:
The Cisco Discovery Protocol (CDP) helps discover directly connected Cisco devices using the show cdp neighbors command.

4. What does the subnet mask 255.255.255.224 allow?

A. 14 usable host addresses
B. 30 usable host addresses
C. 62 usable host addresses
D. 126 usable host addresses

Answer: B. 30 usable host addresses
Explanation:
A /27 subnet mask (255.255.255.224) allows 32 IP addresses, with 2 reserved (network and broadcast), leaving 30 usable addresses.

5. Which type of IPv6 address is equivalent to a private IPv4 address?

A. Global Unicast
B. Link-local
C. Unique Local Address
D. Multicast

Answer: C. Unique Local Address
Explanation:
Unique Local Addresses (ULAs) in IPv6 are similar to private IP addresses in IPv4 and are used for local communication within an organization.

6. Which routing protocol uses the administrative distance of 90?

A. RIP
B. OSPF
C. EIGRP
D. BGP

Answer: C. EIGRP
Explanation:
Enhanced Interior Gateway Routing Protocol (EIGRP) has an administrative distance of 90 for internal routes.

7. What is the function of a default gateway in a network?

A. Assign MAC addresses to devices
B. Resolve domain names
C. Route packets outside the local network
D. Encrypt data packets

Answer: C. Route packets outside the local network
Explanation:
The default gateway is used when a host needs to communicate with a device on a different network.

8. Which command is used to assign an IP address to a router interface?

A. ip address 192.168.1.1/24
B. interface ip address 192.168.1.1
C. ip address 192.168.1.1 255.255.255.0
D. assign ip 192.168.1.1 255.255.255.0

Answer: C. ip address 192.168.1.1 255.255.255.0
Explanation:
This command is used in interface configuration mode to set the IP address and subnet mask.

9. What is the purpose of NAT (Network Address Translation)?

A. To resolve hostnames
B. To convert IPv6 to IPv4
C. To translate private IPs to public IPs
D. To provide VPN tunnels

Answer: C. To translate private IPs to public IPs
Explanation:
NAT translates private IP addresses into a public IP address to allow internet access.

10. Which two protocols operate at the Transport layer?

A. IP and ICMP
B. TCP and UDP
C. FTP and TFTP
D. ARP and RARP

Answer: B. TCP and UDP
Explanation:
Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are Layer 4 protocols responsible for end-to-end communication.

11. What is the purpose of the VLAN trunking protocol (VTP)?

A. To route traffic between VLANs
B. To assign ports to VLANs
C. To propagate VLAN information across switches
D. To secure VLANs

Answer: C. To propagate VLAN information across switches
Explanation:
VTP distributes and synchronizes VLAN information among switches in the same VTP domain, reducing administrative overhead.

12. Which IPv4 address class supports 16 million hosts per network?

A. Class A
B. Class B
C. Class C
D. Class D

Answer: A. Class A
Explanation:
Class A provides a large number of host addresses (2²⁴ – 2 ≈ 16 million), ideal for large networks.

13. Which two commands are needed to enable RIP on a Cisco router?

A. router rip, network [network-address]
B. ip routing, router enable rip
C. enable rip, network rip
D. ip route rip, router enable

Answer: A. router rip, network [network-address]
Explanation:
To configure RIP, use router rip followed by the network command to advertise directly connected networks.

14. Which layer of the OSI model is responsible for path determination and logical addressing?

A. Transport
B. Network
C. Data Link
D. Session

Answer: B. Network
Explanation:
The Network layer is responsible for logical addressing (IP) and routing or path selection.

15. What does the command show ip interface brief provide?

A. VLAN configuration details
B. Routing table
C. IP addresses and interface statuses
D. ARP table

Answer: C. IP addresses and interface statuses
Explanation:
This command displays a summary of the router’s interfaces, their IP addresses, and their current status.

16. Which protocol uses port 53?

A. FTP
B. HTTP
C. DNS
D. DHCP

Answer: C. DNS
Explanation:
The Domain Name System (DNS) uses port 53 for resolving domain names into IP addresses.

17. What happens when a switch receives a frame with a destination MAC address not in its MAC address table?

A. It drops the frame
B. It sends the frame to the router
C. It floods the frame out all ports except the one it came from
D. It stores the frame until it learns the destination

Answer: C. It floods the frame out all ports except the one it came from
Explanation:
If the switch doesn’t recognize the destination MAC, it floods the frame to all ports except the source to find the destination.

18. What is the maximum number of hosts in a /26 subnet?

A. 64
B. 62
C. 32
D. 30

Answer: B. 62
Explanation:
A /26 subnet provides 64 IPs, but two are reserved (network and broadcast), leaving 62 usable host IPs.

19. What type of address is FF02::1?

A. Global unicast
B. Link-local
C. Multicast (all nodes)
D. Anycast

Answer: C. Multicast (all nodes)
Explanation:
FF02::1 is the IPv6 multicast address for all nodes on the local link.

20. Which command sets a password for accessing privileged EXEC mode?

A. enable secret [password]
B. enable password [password]
C. line console 0 password [password]
D. username admin password [password]

Answer: A. enable secret [password]
Explanation:
enable secret encrypts the password for privileged EXEC mode, offering better security than enable password.

21. What does STP prevent in a switched network?

A. Routing loops
B. Broadcast storms and loops
C. IP address duplication
D. VLAN overlap

Answer: B. Broadcast storms and loops
Explanation:
Spanning Tree Protocol (STP) prevents Layer 2 loops and broadcast storms by blocking redundant paths.

22. What is the first step in the DHCP DORA process?

A. Acknowledge
B. Discover
C. Request
D. Offer

Answer: B. Discover
Explanation:
The DHCP client starts the lease process by broadcasting a Discover message to find available DHCP servers.

23. Which of the following is a distance vector routing protocol?

A. OSPF
B. RIP
C. EIGRP
D. IS-IS

Answer: B. RIP
Explanation:
RIP (Routing Information Protocol) uses a distance vector algorithm and periodic updates to calculate routes.

24. What is the purpose of the switchport mode access command?

A. Enables trunking
B. Assigns a port to a VLAN
C. Configures the port for access mode
D. Disables the port

Answer: C. Configures the port for access mode
Explanation:
This command ensures a switch port operates in access mode, connecting end devices to a single VLAN.

25. Which type of memory holds the startup configuration on a Cisco device?

A. RAM
B. NVRAM
C. ROM
D. Flash

Answer: B. NVRAM
Explanation:
NVRAM (Non-Volatile RAM) stores the startup configuration file that loads when the device boots.

26. Which field in an Ethernet frame identifies the upper-layer protocol?

A. Preamble
B. FCS
C. Type
D. Destination MAC

Answer: C. Type
Explanation:
The Ethernet frame’s Type field indicates the upper-layer protocol (e.g., IPv4, IPv6, ARP).

27. What is the role of ACLs in a network?

A. Encrypt data
B. Assign IP addresses
C. Filter traffic based on defined rules
D. Optimize routing tables

Answer: C. Filter traffic based on defined rules
Explanation:
Access Control Lists (ACLs) control traffic by permitting or denying packets based on source/destination IP, protocol, and port.

28. What is the effect of the login command in line configuration mode?

A. It enables encrypted password login
B. It requires a user to log in
C. It creates a new user
D. It enables telnet access

Answer: B. It requires a user to log in
Explanation:
The login command forces the user to enter a password for access via the console or terminal line.

29. Which protocol provides error reporting and diagnostics in IP networks?

A. TCP
B. ICMP
C. ARP
D. HTTP

Answer: B. ICMP
Explanation:
The Internet Control Message Protocol (ICMP) is used for diagnostic functions such as ping and for reporting unreachable destinations.

30. Which address is automatically assigned to an IPv6-enabled interface?

A. Global Unicast
B. Link-Local
C. Anycast
D. Loopback

Answer: B. Link-Local
Explanation:
IPv6 interfaces automatically generate a link-local address (starting with FE80::) for communication within the local link.

31. What is the administrative distance of OSPF?

A. 90
B. 100
C. 110
D. 120

Answer: C. 110
Explanation:
Administrative Distance (AD) is used to rank the trustworthiness of routing sources. OSPF has an AD of 110.

32. Which layer of the TCP/IP model corresponds to the OSI model’s Data Link and Physical layers?

A. Application
B. Transport
C. Internet
D. Network Access

Answer: D. Network Access
Explanation:
The Network Access layer in the TCP/IP model includes the functions of both the Physical and Data Link layers of the OSI model.

33. Which of the following commands saves the current configuration to NVRAM?

A. write running-config
B. copy running-config startup-config
C. save configuration now
D. config save

Answer: B. copy running-config startup-config
Explanation:
This command copies the current (running) configuration into the startup configuration stored in NVRAM.

34. What command would you use to check active TCP/UDP connections on a router?

A. show tcp
B. show sessions
C. show ip sockets
D. show control-plane

Answer: C. show ip sockets
Explanation:
The show ip sockets command provides details on active sockets (TCP/UDP) and their states.

35. What is the purpose of the command no shutdown on an interface?

A. To delete the interface
B. To reset the interface
C. To enable the interface
D. To stop routing on the interface

Answer: C. To enable the interface
Explanation:
By default, interfaces may be administratively shut down. no shutdown brings the interface up.

36. What is the function of NAT (Network Address Translation)?

A. Assigns MAC addresses to hosts
B. Filters packets between networks
C. Translates private IPs to public IPs
D. Provides name resolution

Answer: C. Translates private IPs to public IPs
Explanation:
NAT allows multiple private IP addresses to access the Internet using a single public IP.

37. Which command shows the routing table in Cisco IOS?

A. show ip table
B. show ip route
C. display routing
D. show router info

Answer: B. show ip route
Explanation:
The show ip route command displays the current routing table and all learned routes.

38. Which protocol is used to resolve IP addresses to MAC addresses?

A. DNS
B. DHCP
C. ARP
D. ICMP

Answer: C. ARP
Explanation:
Address Resolution Protocol (ARP) maps IP addresses to physical MAC addresses.

39. What does the TTL field in an IP packet represent?

A. The packet’s size
B. Time before the packet is deleted
C. Maximum hops before packet discard
D. Time delay between source and destination

Answer: C. Maximum hops before packet discard
Explanation:
TTL (Time to Live) limits the number of hops a packet can take before being dropped, preventing infinite loops.

40. What kind of address is 127.0.0.1?

A. Loopback
B. Broadcast
C. Multicast
D. Private

Answer: A. Loopback
Explanation:
127.0.0.1 is the loopback address used for internal host testing.

41. What does the Cisco command show cdp neighbors display?

A. Routing information
B. MAC address table
C. Directly connected Cisco devices
D. IP routing neighbors

Answer: C. Directly connected Cisco devices
Explanation:
CDP (Cisco Discovery Protocol) reveals neighboring Cisco devices and their interfaces.

42. Which of these is a valid IPv6 address format?

A. 192.168.1.1
B. FE80::1
C. 300.255.255.0
D. 2001.0db8.0000.0001

Answer: B. FE80::1
Explanation:
IPv6 addresses are written in hexadecimal with colons, such as FE80::1.

43. Which protocol establishes a secure session over a network?

A. FTP
B. Telnet
C. SSH
D. SMTP

Answer: C. SSH
Explanation:
Secure Shell (SSH) provides encrypted terminal access to remote systems, unlike Telnet.

44. What is a collision domain?

A. A set of devices sharing the same VLAN
B. A part of the network where packet collisions can occur
C. A zone of overlapping IP addresses
D. The scope of a routing protocol

Answer: B. A part of the network where packet collisions can occur
Explanation:
In a collision domain, data packets can interfere with each other, typically found in hubs or shared media.

45. Which of the following devices breaks up collision domains?

A. Hub
B. Repeater
C. Switch
D. Bridge

Answer: C. Switch
Explanation:
Switches break up collision domains by providing a dedicated bandwidth per port.

46. Which port does HTTPS use by default?

A. 21
B. 23
C. 80
D. 443

Answer: D. 443
Explanation:
HTTPS (Hypertext Transfer Protocol Secure) uses port 443 by default.

47. Which layer of the OSI model is responsible for encryption?

A. Data Link
B. Presentation
C. Session
D. Network

Answer: B. Presentation
Explanation:
The Presentation layer is responsible for data encryption and format translation.

48. What kind of traffic does a switch forward if the destination MAC is a broadcast address?

A. None
B. Only to routers
C. To all ports except the source
D. Only to VLAN 1

Answer: C. To all ports except the source
Explanation:
Switches flood broadcast frames to all ports in the same VLAN, except the one where the frame was received.

49. What does EIGRP use to calculate the best path?

A. Cost only
B. Hop count
C. Bandwidth and delay
D. Administrative distance

Answer: C. Bandwidth and delay
Explanation:
EIGRP uses a composite metric based on bandwidth, delay, reliability, and load, but mainly bandwidth and delay.

50. What protocol enables automatic assignment of IP addresses?

A. DNS
B. DHCP
C. TFTP
D. ICMP

Answer: B. DHCP
Explanation:
The Dynamic Host Configuration Protocol (DHCP) assigns IP addresses and other network settings to devices dynamically.

51. What is the default subnet mask for a Class B IP address?

A. 255.0.0.0
B. 255.255.0.0
C. 255.255.255.0
D. 255.255.255.255

Answer: B. 255.255.0.0
Explanation:
Class B IP addresses have a default subnet mask of 255.255.0.0, allowing for 16 bits of network and 16 bits of host addressing.

52. Which protocol is primarily used for managing network devices?

A. FTP
B. SNMP
C. SMTP
D. ICMP

Answer: B. SNMP
Explanation:
Simple Network Management Protocol (SNMP) is used for monitoring and managing network devices.

53. What does the acronym ACL stand for in Cisco networking?

A. Access Control List
B. Automatic Configuration Link
C. Active Connection Layer
D. Access Connection Link

Answer: A. Access Control List
Explanation:
ACLs are used to filter traffic and provide security by controlling which packets are allowed or denied on interfaces.

54. Which of the following is a valid private IP address?

A. 192.168.1.1
B. 8.8.8.8
C. 172.35.10.1
D. 11.0.0.1

Answer: A. 192.168.1.1
Explanation:
192.168.x.x is within the private IP address range defined by RFC 1918.

55. What is the function of the show interfaces command?

A. Shows IP routes
B. Displays interface status and statistics
C. Lists all VLANs
D. Shows device inventory

Answer: B. Displays interface status and statistics
Explanation:
show interfaces provides detailed info on each interface, including status, errors, bandwidth, etc.

56. What kind of VLAN is used to carry traffic for multiple VLANs across a trunk link?

A. Native VLAN
B. Access VLAN
C. Management VLAN
D. Trunk VLAN

Answer: D. Trunk VLAN
Explanation:
Trunk ports carry multiple VLANs by tagging traffic, allowing VLANs to span across multiple switches.

57. Which wireless standard supports speeds up to 54 Mbps?

A. 802.11a
B. 802.11b
C. 802.11g
D. 802.11n

Answer: C. 802.11g
Explanation:
802.11g operates in the 2.4 GHz band and supports up to 54 Mbps.

58. What is the primary purpose of the enable command on a Cisco device?

A. Enter user EXEC mode
B. Enter privileged EXEC mode
C. Start the device
D. Enable an interface

Answer: B. Enter privileged EXEC mode
Explanation:
enable switches from user EXEC mode to privileged EXEC mode, which allows more commands.

59. Which command would you use to clear the ARP cache?

A. clear arp
B. clear ip arp
C. clear arp-cache
D. clear ip arp-cache

Answer: D. clear ip arp-cache
Explanation:
This command clears the ARP table on Cisco routers and switches.

60. What is the maximum number of hosts on a subnet with a /27 mask?

A. 30
B. 32
C. 62
D. 64

Answer: A. 30
Explanation:
A /27 subnet mask provides 32 addresses; 2 are reserved (network & broadcast), so 30 usable hosts.

61. What does the ping command test?

A. Router configuration
B. Physical connectivity only
C. Layer 3 reachability
D. DNS resolution

Answer: C. Layer 3 reachability
Explanation:
ping tests IP layer connectivity between hosts.

62. Which Cisco protocol prevents routing loops in a Layer 2 network?

A. STP
B. EIGRP
C. OSPF
D. RSTP

Answer: A. STP
Explanation:
Spanning Tree Protocol prevents Layer 2 loops by blocking redundant paths.

63. Which command is used to assign an IP address to an interface?

A. ip address 192.168.1.1 255.255.255.0
B. set ip 192.168.1.1 255.255.255.0
C. interface ip address 192.168.1.1 255.255.255.0
D. config ip 192.168.1.1 255.255.255.0

Answer: A. ip address 192.168.1.1 255.255.255.0
Explanation:
This command configures the IP address and subnet mask on an interface in interface configuration mode.

64. What type of address is FF-FF-FF-FF-FF-FF?

A. Multicast MAC
B. Broadcast MAC
C. Unicast MAC
D. Loopback address

Answer: B. Broadcast MAC
Explanation:
This MAC address is the broadcast address used to send frames to all devices on the LAN.

65. What is the default encapsulation on Cisco serial interfaces?

A. PPP
B. HDLC
C. Frame Relay
D. Ethernet

Answer: B. HDLC
Explanation:
Cisco routers use HDLC encapsulation by default on serial interfaces.

66. Which routing protocol is distance-vector?

A. OSPF
B. EIGRP
C. RIP
D. IS-IS

Answer: C. RIP
Explanation:
RIP is a distance-vector protocol using hop count as a metric.

67. What port number is used by FTP data transfer?

A. 20
B. 21
C. 22
D. 23

Answer: A. 20
Explanation:
FTP uses port 21 for control and port 20 for data transfer.

68. What is the maximum length of a Cat5e cable for reliable transmission?

A. 50 meters
B. 100 meters
C. 150 meters
D. 200 meters

Answer: B. 100 meters
Explanation:
The maximum recommended length for Cat5e cable is 100 meters.

69. Which IP protocol number does ICMP use?

A. 1
B. 6
C. 17
D. 88

Answer: A. 1
Explanation:
ICMP uses protocol number 1 in the IP header.

70. Which layer of the OSI model provides end-to-end communication control?

A. Network
B. Transport
C. Session
D. Presentation

Answer: B. Transport
Explanation:
The Transport layer provides end-to-end communication, error recovery, and flow control.

71. What does the show vlan brief command display?

A. Routing table summary
B. VLANs configured and their ports
C. MAC address table
D. IP interface status

Answer: B. VLANs configured and their ports
Explanation:
It lists VLAN IDs, names, status, and associated ports.

72. Which protocol is used for secure remote command-line access?

A. Telnet
B. SSH
C. FTP
D. SMTP

Answer: B. SSH
Explanation:
SSH encrypts the connection for secure remote access, unlike Telnet.

73. What is a stub network?

A. A network with no routes to other networks
B. A network connected to a single router
C. A network with multiple redundant paths
D. A network used only for management

Answer: B. A network connected to a single router
Explanation:
Stub networks have only one path in or out, typically at the network edge.

74. What does VTP stand for?

A. VLAN Trunking Protocol
B. Virtual Transfer Protocol
C. VLAN Transfer Protocol
D. Virtual Trunking Process

Answer: A. VLAN Trunking Protocol
Explanation:
VTP manages VLAN configuration across multiple switches.

75. What is the maximum number of VLANs supported on a Cisco switch?

A. 64
B. 128
C. 256
D. 4096

Answer: D. 4096
Explanation:
The 802.1Q VLAN tag field is 12 bits, allowing up to 4096 VLANs.

You may also like...