Cisco Study Guide

Cisco CCST Networking Study Guide

The Cisco Certified Support Technician (CCST) Networking exam is an entry-level certification validating foundational knowledge of networking standards, IP addressing and subnetting, endpoints and media, infrastructure devices, and basic security and troubleshooting. It is aimed at students, early-career IT staff, and anyone starting a networking path or preparing for CCNA. The 50-minute exam scores on a scale where 700 is passing.

Domain 1 Domain 2 Domain 3 Domain 4 Domain 5

Practice Cisco CCST Networking questions free Create free account

Domain 1: Standards and Concepts

Key concepts you must know · 116 practice questions

The OSI model has 7 layers: Physical (1), Data Link (2), Network (3), Transport (4), Session (5), Presentation (6), Application (7). The TCP/IP model collapses these into 4: Link, Internet, Transport, and Application.
Layer 3 (Network) handles logical addressing and routing; IP lives here and routers forward packets by examining destination IP and consulting a routing table.
Layer 2 (Data Link) uses MAC addresses and switches; Layer 4 (Transport) uses TCP and UDP with port numbers to identify applications.
TCP is connection-oriented and reliable: it uses a three-way handshake (SYN, SYN-ACK, ACK), sequence numbers for ordering, acknowledgments, and retransmission of lost segments.
UDP is connectionless and low-overhead with no handshake, ordering, or retransmission; it favors timeliness over reliability and suits VoIP, video, DNS queries, and gaming.
Well-known ports to memorize: SSH 22, Telnet 23, DNS 53, HTTP 80, HTTPS 443, FTP 20/21, SMTP 25, SNMP 161/162, NTP 123, DHCP 67/68.
SSH (TCP 22) provides an encrypted CLI session and replaced Telnet (TCP 23) because Telnet sends credentials and data in plaintext.
HTTPS (TCP 443) is HTTP wrapped in TLS/SSL; the browser opens a TCP connection to 443 and negotiates a TLS session before exchanging HTTP data.
IPv4 addresses are 32 bits; IPv6 addresses are 128 bits written as eight hex groups (e.g., 2001:0db8::1), providing roughly 3.4 x 10^38 addresses.
NTP (UDP 123) synchronizes device clocks, which is essential for accurate logging, certificate validation, and correlating events across devices.
NAT/PAT lets many private hosts share one public IPv4 address, conserving the limited public address space.
Goodput (useful throughput) is limited by protocol overhead, latency, retransmissions, congestion control, and the lowest-capacity component along the path.
Jitter is the variation in packet delay; high jitter degrades real-time traffic like voice and video even when average bandwidth is adequate.
Jumbo frames carry larger payloads (typically up to 9000-byte MTU) to reduce per-packet overhead on high-volume transfers within a controlled network.

Domain 2: Addressing and Subnet Formats

Key concepts you must know · 123 practice questions

RFC 1918 private IPv4 ranges are 10.0.0.0/8, 172.16.0.0/12 (172.16.0.0-172.31.255.255), and 192.168.0.0/16; these are not routable on the public internet.
CIDR prefix length equals the number of network bits; usable hosts per subnet equal 2^(host bits) minus 2 for the network and broadcast addresses.
A /24 (255.255.255.0) has 256 total addresses and 254 usable hosts; a /26 (255.255.255.192) has 64 total and 62 usable hosts per subnet.
For a /26, subnets begin at .0, .64, .128, .192; the second subnet's usable host range is 192.168.1.65 through 192.168.1.126 with .127 as the broadcast.
The network address has all host bits set to 0 and the broadcast address has all host bits set to 1; neither is assignable to a host.
DHCP automatically assigns IP address, subnet mask, default gateway, and DNS server, eliminating manual configuration and reducing errors.
An APIPA address in 169.254.0.0/16 means the host failed to obtain an address from DHCP and self-assigned a link-local address.
DNS resolves human-readable hostnames to IP addresses; local caching reduces repeated lookups and lowers name-resolution latency.
The default route 0.0.0.0/0 matches all destinations and is configured in IOS as 'ip route 0.0.0.0 0.0.0.0 <next-hop>'.
IPv6 link-local addresses begin with fe80::/10 and are automatically configured on every IPv6 interface for same-link communication.
SLAAC (Stateless Address Autoconfiguration) lets IPv6 hosts self-configure addresses, and the vast address space removes the need for NAT.
IPv6 shorthand rules: a single double-colon (::) replaces one run of consecutive all-zero groups; the fully expanded form of 2001:db8::1 is 2001:0db8:0000:0000:0000:0000:0000:0001.
Route summarization (supernetting) aggregates contiguous subnets into one prefix at aggregation points, shrinking routing tables; design subnets from a contiguous summarizable block per site.
In Cisco IOS, 'ip address 192.168.10.1 255.255.255.0' sets a static interface address and 'ip address dhcp' configures the interface to obtain its address from DHCP.

Domain 3: Endpoints and Media Types

Key concepts you must know · 95 practice questions

A MAC address is a 48-bit (6-octet) Layer 2 hardware address written in hexadecimal that uniquely identifies a network interface within a broadcast domain.
Wi-Fi is defined by the IEEE 802.11 standard family; amendments a/b/g/n/ac/ax add speed and features such as MIMO and OFDMA.
The 2.4 GHz band has longer range and better obstacle penetration but only 3 non-overlapping channels (1, 6, 11), so it congests easily in dense areas.
The 5 GHz band offers more non-overlapping channels and higher throughput at the cost of shorter range and weaker wall penetration.
To increase per-client throughput in a crowded WLAN, deploy more APs with smaller cells, lower transmit power, and non-overlapping channels.
Twisted-pair copper (Cat5e/Cat6/Cat6a) is the standard LAN medium; the maximum run for 1000BASE-T and 10GBASE-T is 100 meters.
Fiber optic cable transmits data as light, is immune to electromagnetic interference (EMI), and supports the longest distances, making it ideal for inter-building backbones and noisy industrial sites.
Single-mode fiber with long-range (LR) optics uses a laser and small core for runs up to about 10 km; multimode fiber suits shorter in-building runs.
Direct Attach Copper (DAC) cables with SFP+ are cost-effective for short in-rack 10 GbE links between adjacent equipment.
RJ45 is the connector for terminating twisted-pair Ethernet, wired to the T568A or T568B pinout standard.
Power over Ethernet (PoE) delivers DC power and data over a single Ethernet cable, commonly powering APs, IP phones, and cameras from a PoE-capable switch.
A duplex mismatch (one side full-duplex, the other half-duplex) causes late collisions, FCS errors, and slow throughput on a switch port.
Auto-negotiation lets two interfaces agree on the highest common speed and duplex; both ends should be set the same way (both auto or both fixed).
When a port shows down, first check for an administrative shutdown ('no shutdown'), then verify the cable and that the far-end device is powered.

Domain 4: Infrastructure and Connectivity

Key concepts you must know · 170 practice questions

A switch is a Layer 2 device that forwards frames by destination MAC address, learns MACs into a CAM table, and creates a separate collision domain per port.
A router is a Layer 3 device that forwards packets by destination IP, connects different IP networks, serves as the default gateway, and can perform NAT and filtering.
A VLAN logically segments one physical switch into multiple independent Layer 2 broadcast domains; inter-VLAN traffic must be routed at Layer 3.
An access port belongs to a single VLAN; configure it with 'switchport mode access' and 'switchport access vlan <id>'.
A trunk port carries multiple VLANs over one link using IEEE 802.1Q tagging, which inserts a 4-byte VLAN tag into each frame.
A wireless access point broadcasts an SSID for clients to join and bridges wireless traffic onto the wired network.
NAT translates private source addresses to a public address so internal hosts can reach the internet while hiding the internal addressing.
Link aggregation (EtherChannel, negotiated with LACP) bundles multiple physical links into one logical link for added bandwidth and redundancy.
Network reliability comes from redundant links/devices and backup power such as a UPS so a single failure does not cause an outage.
An ACL permits or denies traffic based on rules matching source/destination address, protocol, and port.
SNMP monitors devices over UDP 161 (polling) and 162 (traps), reading metrics from agent MIBs into an SNMP manager.
Port mirroring (SPAN) copies traffic from monitored ports to an analyzer port without disrupting the monitored link.
Caching/proxy servers and a CDN reduce WAN bandwidth and latency by serving content locally or from a geographically closer location.
In IOS, 'ip route 0.0.0.0 0.0.0.0 203.0.113.1' creates a default static route and 'no shutdown' brings an administratively down interface back up.

Domain 5: Security and Diagnostics

Key concepts you must know · 202 practice questions

ping sends ICMP Echo Requests and reports round-trip time and packet loss; it is the first tool for verifying basic Layer 3 reachability.
traceroute (Linux/macOS) and tracert (Windows) reveal each router hop by incrementing TTL and reading the ICMP Time Exceeded replies, exposing where a path breaks.
If a host can ping IP addresses but not hostnames, the IP path works and the fault is DNS: missing, wrong, or unreachable DNS server.
ipconfig (Windows) and ifconfig / 'ip addr show' (Linux) display IP address, mask, gateway, and DNS; nslookup and dig test DNS resolution.
ARP maps a known IPv4 address to a MAC address on the local segment; 'arp -a' (Windows) or 'ip neigh show' (Linux) displays the neighbor cache.
A structured troubleshooting process starts with identifying the problem and gathering information (link LEDs, IP config, scope) before changing anything.
Secure a wireless network with WPA2 or WPA3 encryption and a strong, unique passphrase; avoid open networks and deprecated WEP.
To release and renew a Windows DHCP lease, run 'ipconfig /release' followed by 'ipconfig /renew'.
Secure console access in IOS with 'line console 0', 'password <pw>', and 'login'; secure remote access with SSH instead of Telnet.
'copy running-config startup-config' saves the running configuration to NVRAM so it survives a reboot.
A duplex mismatch and rising interface error/discard counters point to a Layer 1/2 problem; check both ends and review utilization on the uplink.
A saturated link is a common bottleneck; a bandwidth/traffic monitor (NetFlow or SNMP analyzer) measures latency, throughput, and utilization to find it.
Baselining normal traffic lets you detect deviations and right-size capacity before performance problems or overspending occur.
Schedule heavy jobs like backups for off-peak hours or rate-limit them so they do not saturate links during business hours.

Cisco CCST Networking exam tips

Memorize the OSI layers in order plus which device and protocol live at each layer (switch/MAC at L2, router/IP at L3, TCP-UDP/ports at L4) - many questions hinge on this mapping.
Drill subnetting until you can find network address, broadcast, usable range, and host count for /24 through /30 from memory; practice both /26 and /27 boundaries.
Know standard port numbers cold (22, 23, 53, 80, 443, 123, 161/162, 67/68) and which use TCP vs UDP.
For troubleshooting questions, follow the structured order: identify and gather information first, then test from the bottom of the stack up (cable/link, IP config, gateway, DNS).
Read scenario questions for the deciding constraint - distance, EMI immunity, cost, or interference - which usually points directly to fiber vs copper, or 2.4 GHz vs 5 GHz.

Study guide FAQ

How long is the CCST Networking exam and what score do I need to pass?

The exam runs 50 minutes and uses a scaled score where 700 is the passing mark. Plan your pace so you can answer subnetting and scenario questions, which take more time, without rushing the rest.

Do I need hands-on Cisco IOS experience to pass?

You do not need deep configuration experience, but you should recognize basic IOS commands such as 'ip address', 'switchport access vlan', 'ip route 0.0.0.0 0.0.0.0', 'no shutdown', and 'copy running-config startup-config'. A free simulator or Packet Tracer is enough to build that familiarity.

How much subnetting math is on the exam?

A significant share of the Addressing and Subnet Formats domain tests subnetting. You should be able to calculate usable hosts, identify network and broadcast addresses, determine subnet ranges, and expand or compress IPv6 addresses quickly without a calculator.

Is CCST Networking the same as CCNA, and what comes next?

No. CCST Networking is an entry-level certification that validates foundational concepts and is a stepping stone toward the more advanced, professional-level CCNA. Passing CCST is a strong way to confirm your fundamentals before tackling CCNA.

Test yourself: 706 Cisco CCST Networking practice questions