Browse Certification Practice Tests by Exam Family

Cisco CCNA 200-301 v2.0 Cheat Sheet

May 1, 2026

Review a compact Cisco Certified Network Associate (CCNA) 200-301 v2.0 cheat sheet for switching, routing, IP services, security, operations, AI-assisted network management, and troubleshooting before IT Mastery practice.

On this page

Use this cheat sheet before a CCNA practice set when you need a fast reminder of what to check, compare, and eliminate. CCNA questions usually reward layered evidence: confirm the symptom, identify the affected scope, then choose the smallest network change that matches the facts.

Use this with practice. Review the CCNA checklist, then take the free diagnostic or open the CCNA route in IT Mastery.

Try CCNA on Web Free CCNA diagnostic

Exam snapshot

FieldDetail
VendorCisco
CertificationCisco Certified Network Associate
Exam route tracked hereCCNA 200-301 v2.0
Mastery practice reference100-question diagnostic, 120-minute timing
IT Mastery statusLive CCNA practice available
Best useReview switching, routing, services, security, operations, and troubleshooting before mixed practice

Before scheduling, verify Cisco’s current exam topics, delivery rules, and version timing. This page is independent practice support and does not claim affiliation with Cisco.

Domain checklist

DomainWeightWhat to knowCommon trap
Network Infrastructure and Connectivity25%device roles, cabling, interface status, IP addressing, wireless basics, topology evidenceassuming a service is broken before confirming link, address, and gateway facts
Switching and Network Access25%VLANs, trunks, access ports, STP, EtherChannel, wireless access, Layer 2 troubleshootingforgetting allowed VLANs, native VLAN mismatch, or STP state
IP Routing20%connected routes, static routes, OSPF basics, longest-prefix match, default gateways, next-hop reachabilitychanging ACLs or DNS when the route table cannot forward the packet
Network Services and Security20%DHCP, DNS, NAT, NTP, SNMP, ACLs, device hardening, secure management, basic wireless securityusing a broad permit or deny rule without matching direction, source, destination, and port
AI, Network Operations and Management10%monitoring, logs, controllers, APIs, configuration management, automation output, AI-assisted operationstreating automation or AI as magic instead of evidence that still must be verified

Must-know distinctions

DistinctionHow to decide in a question
VLAN vs subnetVLANs segment Layer 2 broadcast domains. Subnets define IP network boundaries. They often align, but they are not the same thing.
Access port vs trunk portAccess ports carry one VLAN for an endpoint. Trunks carry multiple VLANs between network devices.
Native VLAN vs allowed VLANNative VLAN handles untagged frames on a trunk. Allowed VLANs define which VLANs may cross the trunk.
STP blocking vs interface downSTP blocking prevents loops while the interface can still be physically up. Interface down means the link itself is unavailable.
Connected route vs static routeConnected routes appear from active interfaces. Static routes are manually configured forwarding instructions.
Default route vs default gatewayRouters use default routes. Hosts use a default gateway to leave the local subnet.
ACL direction in vs outInbound is checked as traffic enters an interface. Outbound is checked as traffic exits an interface.
DNS vs DHCPDNS resolves names. DHCP leases addressing configuration.
NAT vs ACLNAT changes address information. ACLs permit or deny traffic. Both can affect reachability but solve different problems.
Monitoring vs remediationMonitoring detects or explains behavior. Remediation changes the network and should follow evidence.

Troubleshooting sequence

Use this order when a CCNA item gives symptoms, command output, counters, or a simple topology.

    flowchart LR
	  A["Symptom"] --> B["Scope"]
	  B --> C["Layer"]
	  C --> D["Evidence"]
	  D --> E["Smallest safe fix"]
	  E --> F["Verify"]
  • Symptom: name what is failing: no connectivity, slow access, intermittent wireless, failed name resolution, or blocked service.
  • Scope: decide whether the issue affects one host, one VLAN, one subnet, one site, or one service.
  • Layer: separate physical/link, switching, IP addressing, routing, service, security policy, and operations evidence.
  • Evidence: use interface state, MAC table, ARP, route table, OSPF neighbor, ACL match, DHCP lease, DNS result, logs, or counters.
  • Smallest safe fix: choose the change that directly matches the evidence instead of rebuilding the network.
  • Verify: confirm the expected forwarding, service, or security behavior after the change.

High-yield checklist

  • Confirm interface status and speed/duplex before troubleshooting higher layers.
  • Check IP address, subnet mask, default gateway, and VLAN placement for endpoint issues.
  • For trunk problems, verify encapsulation behavior, allowed VLANs, native VLAN, and STP state.
  • For same-VLAN communication, inspect Layer 2 path, MAC learning, port security, and access VLAN assignment.
  • For inter-VLAN routing, verify the gateway interface or SVI, route table, and return path.
  • Use longest-prefix match when multiple routes could apply.
  • Use administrative distance only when route sources compete for the same prefix.
  • For OSPF basics, check neighbor state, matching area, network reachability, and advertised prefixes.
  • For DHCP, confirm scope, relay, excluded addresses, and whether the client is receiving a lease.
  • For DNS, distinguish name-resolution failure from IP reachability failure.
  • For NAT, identify inside and outside interfaces, translated addresses, and direction of traffic.
  • For ACLs, read source, destination, protocol, port, direction, and implicit deny.
  • For wireless, separate coverage, interference, authentication, roaming, and security mode.
  • For management access, prefer secure protocols and least exposure.
  • For automation or AI-assisted operations, treat generated suggestions as inputs to validate, not final proof.

Common CCNA traps

  • Solving a routing problem before confirming the endpoint is in the correct VLAN and subnet.
  • Assuming a trunk carries every VLAN automatically.
  • Ignoring the return path when one-way communication appears to work.
  • Applying an ACL to the wrong interface or direction.
  • Treating DNS failure as a general network outage.
  • Changing OSPF settings without checking neighbor state and route advertisement evidence.
  • Selecting a disruptive fix when the question asks for the first troubleshooting step.
  • Trusting controller, AI, or monitoring output without verifying command or topology evidence.

Practice strategy

Take the free CCNA diagnostic first and classify every miss by failure mode: switching, routing, services, security, operations, or pure terminology. If most misses are switching or routing, drill those pages separately before another mixed set. If misses are spread across domains, use timed mixed practice and focus on reading the symptom, scope, and evidence before looking at answer choices.

When you can complete repeated timed attempts above your target score without recognizing question wording, schedule real practice time around weak domains rather than memorizing the same items.

Official source

Revised on Monday, May 25, 2026
Free Practice Exam