CCNA 200-301 Exam Domains and Weights

Understanding the exam domain breakdown is essential for efficient study planning. The CCNA 200-301 v1.1 covers six domains, each with a specific percentage weight that determines how many questions you will see from that topic area.

Domain Weight Summary

Domain 1: Network Fundamentals (20%)

This domain tests your understanding of foundational networking concepts. Topics include:

• Network components: Routers, Layer 2/3 switches, firewalls, IPS, access points, controllers, endpoints, servers
• Network topologies: WAN, spine-leaf, two-tier, three-tier, SOHO, on-premises vs. cloud
• Physical interfaces and cabling: Single-mode fiber, multimode fiber, copper (UTP), PoE
• TCP vs. UDP: Connection-oriented vs. connectionless transport
• IPv4 addressing and subnetting: Configuration, verification, private addressing (RFC 1918)
• IPv6 addressing: Global unicast, unique local, link-local, multicast, anycast, EUI-64
• Wireless principles: Non-overlapping Wi-Fi channels, RF concepts
• Virtualization fundamentals: Virtual machines, containers, hypervisors
• Switching concepts: MAC learning, frame switching, frame flooding, MAC address table

Study Tip: Network Fundamentals is where most people start. Build a strong foundation here because every other domain depends on it. Don't rush past subnetting—it appears in questions across ALL domains.

Domain 2: Network Access (20%)

This domain covers Layer 2 technologies and wireless networking:

• VLANs: Configuration and verification across multiple switches, access ports, default VLAN, inter-VLAN routing
• Trunking: 802.1Q, native VLAN, trunk port configuration
• Spanning Tree Protocol (STP): RSTP, root bridge election, port states, PortFast, root guard, loop guard, BPDU guard, BPDU filter
• EtherChannel: Layer 2 and Layer 3, LACP, PAgP, static
• Layer 2 discovery protocols: CDP (Cisco Discovery Protocol), LLDP
• Wireless architectures: Autonomous AP, lightweight AP, cloud-managed AP, WLC-based
• WLAN components: Access points, wireless LAN controllers
• Network device management: Telnet, SSH, HTTP/HTTPS, console, TACACS+, RADIUS

Study Tip: STP is one of the most challenging CCNA topics. Focus on understanding root bridge election, port roles, and the new v1.1 topics (root guard, loop guard, BPDU guard/filter). Use network simulators like Cisco Packet Tracer for hands-on practice.

Domain 3: IP Connectivity (25%)

The heaviest-weighted domain covers routing and Layer 3 forwarding:

• Routing table components: Prefix, network mask, next hop, administrative distance, metric, routing protocol codes, gateway of last resort
• Router forwarding decisions: Longest prefix match, administrative distance, metric comparison
• Static routing: IPv4 and IPv6 static routes—default, network, host, and floating static routes
• OSPFv2: Single-area OSPF configuration—router ID, neighbor adjacencies, broadcast vs. point-to-point networks, DR/BDR election, OSPF cost
• First Hop Redundancy: HSRP, VRRP, GLBP concepts (not configuration)

Study Tip: This is your highest-priority domain. Dedicate 25-30% of your study time here. Master subnetting first, then static routing, then OSPF. Simulation questions frequently ask you to configure OSPF or troubleshoot routing issues.

Domain 4: IP Services (10%)

This domain covers essential network services:

• NAT: Static NAT, dynamic NAT, PAT (Port Address Translation)
• NTP: Network Time Protocol operation and configuration
• DHCP: Client operation, relay agent, server pools
• DNS: Role in name resolution, forward and reverse lookups
• SNMP: Versions, components (manager, agent, MIB), GET/SET/TRAP
• Syslog: Severity levels, logging configuration
• QoS: Forwarding per-hop behaviors (PHB), DSCP marking, queuing basics
• Remote access: SSH, Telnet configuration for device management
• TFTP/FTP: IOS image management, configuration backup/restore

Study Tip: While this domain has the lowest weight (tied with Automation), don't neglect it. NAT, DHCP, and NTP questions are considered "easy points" by well-prepared candidates. Know the syslog severity levels cold.

Domain 5: Security Fundamentals (15%)

This domain covers network security concepts and implementation:

• Security concepts: Threats, vulnerabilities, exploits, attack types
• Security program elements: User awareness, training, physical access control
• Device access control: Local passwords, enable secret, SSH configuration
• Password policies: Complexity, rotation, encryption in running-config
• VPNs: Site-to-site and remote access VPN concepts (IPsec, SSL/TLS)
• Access Control Lists (ACLs): Standard and extended IPv4 ACLs, configuration and verification
• Layer 2 security: DHCP snooping, dynamic ARP inspection, port security
• AAA: Authentication, Authorization, Accounting concepts—TACACS+ vs. RADIUS
• Wireless security: WPA, WPA2, WPA3, EAP, 802.1X
• WLAN security configuration: WPA2 PSK via GUI

Study Tip: Security questions often test your understanding of WHY something is done, not just HOW. Understand the purpose of each Layer 2 security feature and which attack it mitigates.

Domain 6: Automation and Programmability (10%)

The newest domain covers modern network management:

• Automation impact: Benefits of automation on network management
• Traditional vs. controller-based networking: Comparing legacy and SDN approaches
• Software-defined architectures: Control plane vs. data plane, overlay/underlay/fabric, northbound and southbound APIs
• AI and Machine Learning: Generative AI, predictive AI in network operations (new in v1.1)
• REST-based APIs: Characteristics, HTTP methods (GET, POST, PUT, DELETE)
• Configuration management: Ansible, Terraform (new in v1.1)
• JSON: Interpreting JSON-encoded data

Study Tip: This domain was significantly updated in v1.1. Don't memorize—understand the concepts. Know the difference between northbound and southbound APIs, and be able to read JSON data structures.

Recommended Study Time Allocation

On the Exam: Questions are not grouped by domain. They appear in random order throughout the exam. A routing question might be followed by a wireless question, then a security question. Stay focused and adapt to each question independently.