Cisco CCNA 200-301 prep, networking roadmap with ARIA
Cisco CCNA 200-301 is a 120-minute exam with around 100 items, a passing target near 825 out of 1000 (Cisco does not publish the exact cut), and the most-recognized foundational networking certification on the market. No prerequisite is enforced, but a year of hands-on networking helps. I prep you for it with an adaptive evaluation, a roadmap weighted toward IP Connectivity, a daily task engine that surfaces IOS-config drills out of your error backlog, and a pass guarantee tied to five measurable conditions. Start your free CAT evaluation at claudelab.me/onboarding/select-cert?code=200-301.
TL;DR
- 120 minutes, around 100 items, target near 825 out of 1000, intermediate level, six domains.
- IP Connectivity at 25 percent is the largest. With Network Access and Network Fundamentals (20 percent each), three domains carry 65 percent.
- Embedded sim and testlet questions are graded harder than multi-choice; one missed sim can swing the result.
- I open with a 15-to-25-question CAT eval that lands a domain-by-domain skill estimate across all six 200-301 domains.
- Pass-guarantee eligibility is checked by a database function with five mechanical conditions, not a marketing line.
What the 200-301 exam is
CCNA 200-301 is Cisco's foundational networking certification and the current single-exam format (Cisco collapsed the older multi-track CCNA in 2020 and the blueprint is still active in 2026). It tests routing and switching, IP services, basic security, and the start of network automation at an intermediate level. Format: roughly 100 items in 120 minutes, scored 1 to 1000 with passing widely placed near 825 (Cisco does not publish the exact cut and varies it per form). Six domains:
| Domain | Weight | What it covers |
|---|---|---|
| 1.0 Network Fundamentals | 20% | Components, topology, cabling, IPv4/IPv6 addressing and subnetting, wireless principles, virtualization, switching. |
| 2.0 Network Access | 20% | VLANs and trunking (802.1Q), CDP/LLDP, EtherChannel (LACP), Spanning Tree, wireless architecture, AP modes, WLC, WLAN config. |
| 3.0 IP Connectivity | 25% | Routing table interpretation, static and OSPFv2 single-area, FHRP, default routing, OSPF area concepts, DR/BDR election. |
| 4.0 IP Services | 10% | NAT (static, dynamic, PAT), NTP, DHCP, DNS, SNMP, syslog, QoS basics, SSH, TFTP/FTP. |
| 5.0 Security Fundamentals | 15% | Security concepts, password policies, ACLs, Layer 2 security (port security, DHCP snooping, DAI), wireless security, VPN, AAA. |
| 6.0 Automation and Programmability | 10% | Controller-based vs traditional networks, SDN, REST APIs, Ansible/Puppet/Chef positioning, JSON/XML/YAML, YANG/NETCONF/RESTCONF basics. |
IP Connectivity is the largest single domain at 25 percent. Stack it with Network Access and Network Fundamentals (20 percent each) and three domains carry 65 percent of the exam. Splitting time evenly across all six wastes the prep window.
Cisco's question types
CCNA 200-301 uses four formats, each graded differently:
- Multiple choice (single and multiple response), the bulk of the exam.
- Drag-and-drop ordering or matching (port-to-protocol, STP state order).
- Sim items where you open a simulated IOS CLI on a small topology and run real commands.
- Testlet items where one scenario carries multiple linked questions, often with a topology diagram and a partial config.
Two pacing rules. You cannot flag a question and come back; once you submit, the previous item is locked. Sims and testlets eat time: a multi-choice averages 30 to 60 seconds, a sim can take 5 to 10 minutes. Budget the first 10 questions accordingly.
Where CCNA sits versus Network+
CCNA is vendor-specific. CompTIA Network+ (sibling page) is vendor-neutral. Both are foundational. CCNA drills IOS commands and Cisco product behavior, carries more weight on a networking resume, and runs longer on syntax. Network+ moves faster and reads more like a concepts exam.
How ARIA preps you for it
ARIA owns your CCNA prep end to end. Five pieces, each running every day.
The CAT evaluation. A 15-to-25-question adaptive test across the six 200-301 domains. Difficulty adjusts per answer. It stops at 95 percent confidence or 25 questions. Output: a domain-by-domain estimate that drives your roadmap. Full mechanic in the CAT explainer.
The personalized roadmap. The moment the eval closes, I generate three to five phases sequenced from your weakest domain to your strongest, with two to four milestones each. Milestone count scales with level: novice on IP Connectivity gets the most; proficient on Automation gets the fewest. Because IP Connectivity, Network Access, and Network Fundamentals carry 65 percent combined, the roadmap front-loads them unless your CAT baseline says otherwise. See the roadmap overview.
The daily task engine with IOS-config drills. Every time you reopen the app, I pick one task. Not a list. The engine weighs active milestone, error backlog, readiness decay, and schedule drift, then surfaces the highest-value action via the Today Task card. On CCNA the engine surfaces IOS-config drills disproportionately, because command syntax is the cert's slowest-learning surface.
Scenario-based practice for sims. Sim items are scored on a defined set of correct commands against a small topology, not on free-form CLI. Practice sessions include sim-format drills that mirror the exam: read the topology, identify the requirement, write commands in order, validate against expected output. Every miss tags the command family (interface, VLAN, OSPF, ACL, NAT).
The readiness score. A single 0-to-100 number estimating your probability of passing CCNA today. It blends coverage, accuracy, and recency, and decays roughly 3 points per day of inactivity past the grace window (readiness and decay). At 60 it unlocks the demo test, at 80 the gauntlet. With every milestone done, two mock passes, one gauntlet pass, and live readiness at 80, the pass guarantee flips eligible.
Common pitfalls on CCNA 200-301
The questions that quietly cost the most points. Every prep tool lists them. Few do anything structural about them.
1. IOS configuration syntax
CCNA tests command syntax cold. Interface ranges, switchport modes (access, trunk, dynamic auto, dynamic desirable), OSPF process and area syntax (router ospf 1, network 10.0.0.0 0.255.255.255 area 0), EIGRP AS numbering, and VLAN/VTP/STP commands all live in muscle memory or they do not. The backlog tags every miss by family and ships it back on a different topology.
2. Spanning Tree port states and convergence
The five legacy STP states (disabled, blocking, listening, learning, forwarding) and timers (hello 2s, max-age 20s, forward delay 15s) get misordered. Rapid PVST+ collapses to discarding/learning/forwarding with sub-second convergence. PortFast, BPDU Guard, root guard, and root bridge election (lowest bridge ID wins, bridge ID = priority + MAC) trip people the same way.
3. OSPF area types and DR/BDR election
Single-area OSPF is the CCNA scope, but the exam still tests area concepts (backbone area 0, normal areas) and DR/BDR rules. DR/BDR is elected on broadcast and non-broadcast multi-access networks, not point-to-point. Election prefers highest priority, then highest router ID. A higher-priority router joining later does not preempt, and that one trips a lot of candidates.
4. NAT types with config snippets
Static, dynamic, and PAT (NAT overload) look alike in IOS but solve different problems. Static maps one inside-local to one inside-global permanently. Dynamic maps from a pool. PAT maps many to one or a few using port translation. Snippets differ by a command or two:
- Static:
ip nat inside source static 10.0.0.5 203.0.113.5 - Dynamic:
ip nat pool POOL1 ...plusip nat inside source list 1 pool POOL1 - PAT: dynamic plus the
overloadkeyword
5. ACL placement and order-of-evaluation
Standard ACLs (1-99, 1300-1999) match source IP only and go near the destination. Extended ACLs (100-199, 2000-2699) match source, destination, protocol, and port, and go near the source. The placement rule is counterintuitive, and ACL evaluation is top-down with an implicit deny at the end, so order matters and a missed permit gets dropped.
6. Wireless concepts
Autonomous APs run their own config; lightweight APs (CAPWAP) are managed by a Wireless LAN Controller. 2.4 GHz has three non-overlapping channels (1, 6, 11) in North America; 5 GHz has many more but with DFS rules. WPA2 vs WPA3, AES vs TKIP, PSK vs Enterprise (802.1X) all show up.
7. Automation basics
REST API items test HTTP verbs (GET, POST, PUT, PATCH, DELETE), status codes (200, 201, 400, 401, 403, 404, 500), and JSON structure. YANG is the data modeling language; NETCONF and RESTCONF are the protocols that use it. Ansible (agentless, push, YAML), Puppet, and Chef (both agent-based, pull, Ruby DSL) are tested by positioning, not by writing code.
8. Layer 2 security (port security, DHCP snooping, DAI)
Port security limits MAC addresses on an access port and reacts (protect, restrict, shutdown). DHCP snooping classifies ports as trusted or untrusted to block rogue DHCP servers. Dynamic ARP Inspection builds on the snooping binding table to reject spoofed ARP. Order matters: snooping must be on before DAI works.
Common questions
How does Cisco's no-return-to-question rule change my CCNA prep?
On the 200-301 you cannot flag a question and come back. Once you submit, the next item loads and the previous one is locked. You commit on every screen, you do not bank tough items for a second pass, and you cannot use later questions to jog memory on earlier ones. The roadmap drills this by running practice in single-pass mode by default, so exam-day rhythm is the one you have already practiced.
How does ARIA cover IOS configuration without a real router?
Sim questions are scored on a defined set of correct commands, not on a free-form CLI. ARIA drills the exact command sequences Cisco scores: interface config, switchport modes, VLAN creation, OSPF and EIGRP basics, ACL writing and placement, NAT translations. Every miss tags the command family, and the backlog returns the same family on a different topology so the syntax sticks across contexts.
How long does CCNA prep take at 45 to 60 minutes per day?
At 45 minutes, median time-to-ready sits between ten and fourteen weeks. At 60 minutes, eight to eleven. CCNA is heavier on rote command syntax than most modern exams, so the bottleneck is reps on IOS commands, not concept time. The roadmap is sized from your CAT baseline.
Should I take CCNA or Network+ if I am starting from zero?
Network+ is vendor-neutral and lighter on syntax. CCNA is vendor-specific, drills IOS, and carries more weight on a networking resume. If you want the broader concept foundation first, take Network+ then CCNA. If your job uses Cisco gear or you are aiming at network engineering, CCNA on its own is the stronger signal.
When should I move from CCNA to CCNP?
Cisco removed the prerequisite, so technically you can sit CCNP whenever. In practice, plan a six-to-twelve-month gap with hands-on Cisco work in between. CCNP Enterprise (350-401 ENCOR plus a concentration) goes deeper on routing, advanced services, automation, and architecture. Without lab time after CCNA, the depth jump is brutal.
Is there a separate lab exam for CCNA 200-301?
No. Cisco retired the standalone CCNA lab years ago. Sim and lab simulation questions are embedded in the single 200-301 exam, scored alongside multiple-choice and drag-drop items. CCIE still has a separate lab; CCNA does not.
What is the CCNA 200-301 passing score?
Cisco does not publish an exact cut and varies it slightly per exam form. The widely accepted target is around 825 out of 1000, roughly 82 percent. The roadmap targets a comfortable margin above that, not the line itself, because sim and testlet items are weighted more heavily and one missed sim can swing the result.
Start your Cisco CCNA prep
The cheapest possible signal is the 15-minute CAT evaluation. It tells you which of the six 200-301 domains you actually own, which one will cost you the exam if you sit it tomorrow, and where the roadmap starts.
Start your free CCNA 200-301 evaluation now.
Background reading: the AI cert prep guide covers the four categories of AI prep tools, the pass guarantee breaks down the five mechanical conditions, and the Network+ page is the vendor-neutral counterpart.