Cisco Certification

Cisco CCNA 200-301 Practice Exam

Validates ability to install, configure, and troubleshoot networks including network fundamentals, access, IP connectivity, services, security, and automation.

Practice 417 exam-style Cisco CCNA 200-301 questions with full answer explanations, then take timed mock exams that score like the real thing.

Start practicing free Sign in

417

Practice questions

100

On the real exam

825

Passing score

120 min

Exam length

What the Cisco CCNA 200-301 exam covers

Network Fundamentals86 questions
Network Access85 questions
IP Connectivity62 questions
IP Services60 questions
Security Fundamentals64 questions
Automation and Programmability60 questions

Free Cisco CCNA 200-301 sample questions

A sample of 10 questions with answers and explanations. Sign up free to practice all 417.

Question 1Network Fundamentals

Which layer of the OSI model is responsible for logical addressing and routing of packets between networks?
- ANetwork layerCorrect
- BTransport layer
- CData Link layer
- DSession layer
✓ Correct answer: A

The Network layer (Layer 3) is responsible for logical addressing using IP addresses and making routing decisions to forward packets between different networks. Routers operate at this layer to determine the best path for data to travel across network segments. This layer enables communication between devices on different networks using IP-based addressing schemes.
Why the other options are wrong
- BTransport layer is incorrect because it manages end-to-end communication and flow control, not logical addressing and routing.
- CData Link layer is incorrect because it uses MAC addresses for local network delivery within a segment, not IP-based routing.
- DSession layer is incorrect because it manages dialogue control and session establishment, not packet routing.
Question 2Network FundamentalsSelect all that apply

Which two of the following are valid representations of the IPv6 address 2001:0DB8:0000:0000:0000:0000:0000:0001? (Choose two.)
- A2001:DB8:::1
- B2001::DB8::1
- C2001:DB8::1Correct
- D2001:DB8:0:0:0:0:0:1Correct
✓ Correct answer: C, D

Both representations are valid compressions of the same IPv6 address.
Why the other options are wrong
- AThe 2001:DB8::1 format uses double colon notation to compress consecutive zero groups. The 2001:DB8:0:0:0:0:0:1 format explicitly shows each field without compression. Both notations represent the same address correctly.
- B2001:DB8:::1 is incorrect because the double colon cannot appear multiple times. 2001::DB8::1 is incorrect because double colon notation can only be used once per address.
Question 3Network Fundamentals

Which type of IPv4 address is used to send a packet to all hosts on a local network segment?
- AAnycast
- BBroadcastCorrect
- CMulticast
- DUnicast
✓ Correct answer: B

Broadcast addresses send a single packet to all hosts on a local network segment simultaneously. In IPv4, the broadcast address is the last address in a subnet (all host bits set to 1). Broadcasts are essential for protocols like DHCP and ARP.
Why the other options are wrong
- AAnycast is incorrect because it sends to the nearest node among multiple candidates.
- CMulticast is incorrect because it sends to interested group members, not all devices.
- DUnicast is incorrect because it is one-to-one communication to a single host.
Question 4Network Fundamentals

Which IEEE standard defines Power over Ethernet Plus (PoE+) and can deliver up to 30 watts of power per port?
- A802.3az
- B802.3af
- C802.3atCorrect
- D802.3bt
✓ Correct answer: C

802.3at (PoE+) delivers up to 30 watts of power per port, providing sufficient power for IP phones, wireless access points, and network devices. This standard extends 802.3af which limited to 15.4 watts. PoE+ enables greater device flexibility by supporting more power-hungry equipment.
Why the other options are wrong
- A802.3az is incorrect because this is Energy Efficient Ethernet.
- B802.3af is incorrect because it provides up to 15.4 watts.
- D802.3bt is incorrect because this is High Power PoE (up to 100 watts).
Question 5Network Fundamentals

A network administrator at Pinnacle Corp needs to determine which well-known port number is used by HTTPS traffic. Which port should be permitted through the firewall?
- APort 443Correct
- BPort 21
- CPort 80
- DPort 8080
✓ Correct answer: A

HTTPS (HTTP Secure) uses TCP port 443 for encrypted web communication. This is the standard port for secure web browsing and should be permitted through firewalls. Port 443 is universally recognized for SSL/TLS encrypted HTTP.
Why the other options are wrong
- BPort 21 is incorrect because that's FTP.
- CPort 80 is incorrect because that's unencrypted HTTP.
- DPort 8080 is incorrect because that's an alternative HTTP port.
Question 6Network Fundamentals

Which TCP/IP layer is responsible for logical addressing and routing packets between networks?
- ATransport layer
- BApplication layer
- CNetwork Access layer
- DInternet layerCorrect
✓ Correct answer: D

The Internet layer (Layer 3) of TCP/IP is responsible for logical addressing and routing packets between networks. Routers operate here making forwarding decisions based on routing tables.
Why the other options are wrong
- ATransport layer is incorrect because it manages end-to-end communication.
- BApplication layer is incorrect because it manages services. Network Access layer is incorrect because it manages hardware addressing.
- CThis layer enables communication across multiple network segments.
Question 7Network Fundamentals

An engineer at a logistics company is configuring a server that needs to communicate with a branch office device at 172.20.48.67/21. She needs to determine the network address to configure the correct static route. What is the network address for this host?
- A172.20.48.0Correct
- B172.20.40.0
- C172.20.0.0
- D172.20.32.0
✓ Correct answer: A

With a /21 subnet mask, the third octet is divided by 8 (2^3 = 8). The network is 172.20.48.0 to 172.20.55.255. Host 172.20.48.67 falls in this range with network address 172.20.48.0.
Why the other options are wrong
- B172.20.40.0 is incorrect because 48 is higher.
- C172.20.0.0 is incorrect because that's the /16 boundary.
- D172.20.32.0 is incorrect because it's lower than 48.
Question 8Network Access

A network administrator at a college campus is configuring a switch port connected to a student lab PC. She wants the port to immediately begin forwarding when a device is connected, bypassing the STP Listening and Learning states. Which feature should she enable on the port?
- ASTP Root Guard
- BSTP PortFastCorrect
- CSTP BPDU Filter
- DSTP Loop Guard
✓ Correct answer: B

PortFast is specifically designed to allow access ports connected to end devices to skip the STP Listening and Learning states and immediately transition to Forwarding. This eliminates the typical 30-second delay when a device connects to the port, which is critical for reducing boot times on user devices.
Why the other options are wrong
- AA is incorrect because Root Guard prevents a port from becoming the root by discarding BPDUs.
- CC is incorrect because BPDU Filter blocks BPDU transmission, not related to state transitions.
- DD is incorrect because Loop Guard prevents alternate paths from becoming forwarding when BPDUs stop arriving.
Question 9IP Connectivity

Orion Aerospace has three remote sites connected to headquarters. The network administrator wants to configure static routes that will only be used when the primary dynamic routing protocol routes fail. What type of static route should be configured?
- AFloating static routeCorrect
- BFully specified static route
- CDefault static route
- DSummary static route
✓ Correct answer: A

A floating static route is configured with a higher administrative distance than the primary dynamic routing protocol. When the dynamic route is learned, the static route remains unused (floats). If the dynamic route fails, the floating static route becomes active.
Why the other options are wrong
- BB is incorrect because fully specified routes do not necessarily serve as backups.
- CC is incorrect because default routes do not provide specific backup paths.
- DD is incorrect because summary routes aggregate multiple networks.
Question 10IP Services

A network administrator needs to verify which IP address has been assigned to a router interface configured as a DHCP client. Which command displays this information?
- Ashow dhcp lease
- Bshow ip dhcp server
- Cshow ip interface briefCorrect
- Dshow ip dhcp pool
✓ Correct answer: C

This command displays a summary of all interface configurations, including IP addresses assigned via DHCP to interfaces configured as DHCP clients.
Why the other options are wrong
- AA is incorrect because show dhcp lease is not a standard command.
- BB is incorrect because show ip dhcp server shows server statistics.
- DD is incorrect because show ip dhcp pool shows configured pools.

Unlock all 417 Cisco CCNA 200-301 questions

Cisco CCNA 200-301 practice exam FAQ

How many questions are in the Cisco CCNA 200-301 practice exam on CertGrid?

CertGrid has 417 practice questions for Cisco CCNA 200-301, covering 6 exam domains. The real Cisco CCNA 200-301 exam has about 100 questions.

What is the passing score for Cisco CCNA 200-301?

The Cisco CCNA 200-301 exam passing score is 825, and you have about 120 minutes to complete it. CertGrid scores your practice attempts the same way so you know when you are ready.

Are these official Cisco CCNA 200-301 exam questions?

No. CertGrid is an independent practice platform. Questions are written to mirror the style and concepts of Cisco CCNA 200-301, with full explanations, but they are not official or copied vendor exam items. They are original practice questions designed to help you genuinely learn the material.

Can I practice Cisco CCNA 200-301 for free?

Yes. You can start practicing Cisco CCNA 200-301 for free with daily practice and sample questions. Paid plans unlock full timed exams, complete explanations, and domain analytics.