01 Cisco Certified Network Associate Study Guide 2026/2027 | Networking, IP Connectivity, Security Fundamentals & Automation Review | Qs 2026/2027 | Page 1 | Passin
CISCO / CCNA
CCNA 200-301 Cisco Certified Network Associate
Study Guide 2026/2027 | Networking, IP
Connectivity, Security Fundamentals & Automation
Review | Qs
2026/2027 Edition . Official Exam 2026/2027
75 80% N/A
QUESTIONS PASSING SCORE RECERTIFICATION
TABLE OF CONTENTS
Section 1 Network Fundamentals Q1-15
Section 2 IP Connectivity (Routing, VLANs, Inter-VLAN Routing) Q16-30
Section 3 IP Services (NAT, DHCP, DNS, QoS) Q31-45
Section 4 Security Fundamentals (ACLs, Port Security, VPNs) Q46-60
Section 5 Automation and Programmability Q61-75
Instructions: Select the single best answer for each question. This exam is designed for CCNA 200-301 Cisco
Certified Network Associate certification preparation. Passing score: 80% (60 questions correct).
CCNA 200-301 -- 2026/2027 | Passing Score: 80% | Page 1 of 35
, Q1 Question 1 of 75
A junior technician at a regional bank is troubleshooting a workstation that cannot reach the
corporate file server. The technician notices the switch port LED is solid amber while all other
ports show solid green. The workstation obtains an IP address via DHCP but cannot ping its
default gateway.
A. The switch port is administratively disabled and must be re-enabled with the no shutdown command.
B. The port has been placed in an err-disabled state due to a security violation and requires manual
recovery.
C. The workstation NIC is configured for half-duplex operation while the switch port uses full-duplex.
D. The VLAN assigned to the port does not match the VLAN configured on the default gateway interface.
Correct Answer: B
Rationale:
A solid amber LED on a Cisco switch port typically indicates an err-disabled state, often triggered by port security
violations, excessive errors, or loop detection. The other options would not produce an amber LED: a disabled port
shows no light, duplex mismatch causes performance issues but not amber status, and VLAN mismatch would not
change the port LED color.
Q2 Question 2 of 75
A network architect is designing the addressing scheme for a new branch office that requires
4 subnets, each supporting up to 50 hosts. The architect has been allocated the
192.168.10.0/24 network and must minimize wasted addresses.
A. Use a /26 mask for all subnets, yielding 4 subnets with 62 usable hosts each.
B. Use a /27 mask for all subnets, yielding 8 subnets with 30 usable hosts each.
C. Use a /25 mask for all subnets, yielding 2 subnets with 126 usable hosts each.
D. Use a /28 mask for all subnets, yielding 16 subnets with 14 usable hosts each.
Correct Answer: A
Rationale:
A /26 mask provides 62 usable hosts per subnet (2^6 - 2), which satisfies the 50-host requirement while producing
exactly 4 subnets from the /24. A /27 only provides 30 hosts, which is insufficient. A /25 yields only 2 subnets, and
a /28 provides only 14 hosts, both failing the requirements.
CCNA 200-301 -- 2026/2027 | Passing Score: 80% | Page 2 of 35
, Q3 Question 3 of 75
During a routine audit, an engineer discovers that a newly deployed IoT device is sending
frames with a destination MAC address of FF:FF:FF:FF:FF:FF. The engineer needs to explain
this behavior to the security team.
A. The device is performing a gratuitous ARP to update neighboring devices with its MAC address.
B. The device is sending a broadcast frame that will be forwarded to all hosts within the local Layer 2
domain.
C. The device has detected a duplicate IP address and is alerting the network with a DHCPDECLINE
message.
D. The device is attempting to establish a unicast session with the default gateway using proxy ARP.
Correct Answer: B
Rationale:
The MAC address FF:FF:FF:FF:FF:FF is the Layer 2 broadcast address, meaning the frame is destined for all
devices on the same broadcast domain. Gratritous ARP uses a specific destination MAC, not broadcast.
DHCPDECLINE and proxy ARP do not use all-ones destination MAC addresses.
Q4 Question 4 of 75
A help desk technician receives a ticket from a remote employee who reports that their laptop
connects to the corporate wireless network but cannot access internal resources. The laptop
successfully obtains an IP address in the 10.1.10.0/24 range, but the default gateway is
10.1.10.254. Other devices on the same AP use 10.1.10.1 as the gateway.
A. The laptop has a static IP configuration with an incorrect default gateway entry.
B. The wireless controller is load-balancing clients across two different gateway addresses.
C. The DHCP scope for the wireless VLAN has been configured with an incorrect option 3 value.
D. The laptop is associated with a guest SSID that uses a different subnet and gateway.
Correct Answer: A
Rationale:
If the laptop receives an IP in the correct range but has a different gateway than other DHCP clients, it likely has a
static IP or static gateway configuration overriding DHCP. A DHCP scope error would affect all clients, not just one.
Load balancing and guest SSID scenarios would typically produce different IP subnets entirely.
CCNA 200-301 -- 2026/2027 | Passing Score: 80% | Page 3 of 35
, Q5 Question 5 of 75
An enterprise is migrating from IPv4 to dual-stack IPv4/IPv6. A network engineer configures a
router interface with both address families. The engineer wants to verify which neighbors
have been discovered via the IPv6 Neighbor Discovery protocol.
A. Issue the show ipv6 route command and look for link-local next-hop entries.
B. Issue the show ipv6 neighbors command to display the IPv6 neighbor cache table.
C. Issue the show arp command and filter for IPv6 link-local addresses.
D. Issue the show ipv6 interface brief command to verify ND-enabled interfaces.
Correct Answer: B
Rationale:
The show ipv6 neighbors command displays the IPv6 neighbor discovery cache, which is the IPv6 equivalent of the
ARP table. The show ipv6 route command shows routing information, not neighbor discovery. The show arp
command only displays IPv4 entries, and show ipv6 interface brief does not show discovered neighbors.
Q6 Question 6 of 75
A data center technician is troubleshooting intermittent connectivity on a server connected to
a Catalyst switch. The show interface output reveals thousands of runts and CRC errors
incrementing on the switch port. The cabling was recently replaced during a rack
reorganization.
A. The server NIC is failing and must be replaced to eliminate the physical layer errors.
B. The cable is damaged, improperly terminated, or the wrong category for the port speed.
C. The switch port is configured for 100 Mbps while the server NIC auto-negotiated to 1 Gbps.
D. The duplex mismatch between the switch and server is causing late collisions and frame corruption.
Correct Answer: B
Rationale:
Runts and CRC errors are classic indicators of physical layer problems such as cable damage, improper
termination, or using a cable category that does not support the configured speed. A duplex mismatch typically
causes late collisions and input errors, not primarily runts and CRCs. Speed mismatch would prevent link
establishment rather than cause CRC errors.
CCNA 200-301 -- 2026/2027 | Passing Score: 80% | Page 4 of 35
CISCO / CCNA
CCNA 200-301 Cisco Certified Network Associate
Study Guide 2026/2027 | Networking, IP
Connectivity, Security Fundamentals & Automation
Review | Qs
2026/2027 Edition . Official Exam 2026/2027
75 80% N/A
QUESTIONS PASSING SCORE RECERTIFICATION
TABLE OF CONTENTS
Section 1 Network Fundamentals Q1-15
Section 2 IP Connectivity (Routing, VLANs, Inter-VLAN Routing) Q16-30
Section 3 IP Services (NAT, DHCP, DNS, QoS) Q31-45
Section 4 Security Fundamentals (ACLs, Port Security, VPNs) Q46-60
Section 5 Automation and Programmability Q61-75
Instructions: Select the single best answer for each question. This exam is designed for CCNA 200-301 Cisco
Certified Network Associate certification preparation. Passing score: 80% (60 questions correct).
CCNA 200-301 -- 2026/2027 | Passing Score: 80% | Page 1 of 35
, Q1 Question 1 of 75
A junior technician at a regional bank is troubleshooting a workstation that cannot reach the
corporate file server. The technician notices the switch port LED is solid amber while all other
ports show solid green. The workstation obtains an IP address via DHCP but cannot ping its
default gateway.
A. The switch port is administratively disabled and must be re-enabled with the no shutdown command.
B. The port has been placed in an err-disabled state due to a security violation and requires manual
recovery.
C. The workstation NIC is configured for half-duplex operation while the switch port uses full-duplex.
D. The VLAN assigned to the port does not match the VLAN configured on the default gateway interface.
Correct Answer: B
Rationale:
A solid amber LED on a Cisco switch port typically indicates an err-disabled state, often triggered by port security
violations, excessive errors, or loop detection. The other options would not produce an amber LED: a disabled port
shows no light, duplex mismatch causes performance issues but not amber status, and VLAN mismatch would not
change the port LED color.
Q2 Question 2 of 75
A network architect is designing the addressing scheme for a new branch office that requires
4 subnets, each supporting up to 50 hosts. The architect has been allocated the
192.168.10.0/24 network and must minimize wasted addresses.
A. Use a /26 mask for all subnets, yielding 4 subnets with 62 usable hosts each.
B. Use a /27 mask for all subnets, yielding 8 subnets with 30 usable hosts each.
C. Use a /25 mask for all subnets, yielding 2 subnets with 126 usable hosts each.
D. Use a /28 mask for all subnets, yielding 16 subnets with 14 usable hosts each.
Correct Answer: A
Rationale:
A /26 mask provides 62 usable hosts per subnet (2^6 - 2), which satisfies the 50-host requirement while producing
exactly 4 subnets from the /24. A /27 only provides 30 hosts, which is insufficient. A /25 yields only 2 subnets, and
a /28 provides only 14 hosts, both failing the requirements.
CCNA 200-301 -- 2026/2027 | Passing Score: 80% | Page 2 of 35
, Q3 Question 3 of 75
During a routine audit, an engineer discovers that a newly deployed IoT device is sending
frames with a destination MAC address of FF:FF:FF:FF:FF:FF. The engineer needs to explain
this behavior to the security team.
A. The device is performing a gratuitous ARP to update neighboring devices with its MAC address.
B. The device is sending a broadcast frame that will be forwarded to all hosts within the local Layer 2
domain.
C. The device has detected a duplicate IP address and is alerting the network with a DHCPDECLINE
message.
D. The device is attempting to establish a unicast session with the default gateway using proxy ARP.
Correct Answer: B
Rationale:
The MAC address FF:FF:FF:FF:FF:FF is the Layer 2 broadcast address, meaning the frame is destined for all
devices on the same broadcast domain. Gratritous ARP uses a specific destination MAC, not broadcast.
DHCPDECLINE and proxy ARP do not use all-ones destination MAC addresses.
Q4 Question 4 of 75
A help desk technician receives a ticket from a remote employee who reports that their laptop
connects to the corporate wireless network but cannot access internal resources. The laptop
successfully obtains an IP address in the 10.1.10.0/24 range, but the default gateway is
10.1.10.254. Other devices on the same AP use 10.1.10.1 as the gateway.
A. The laptop has a static IP configuration with an incorrect default gateway entry.
B. The wireless controller is load-balancing clients across two different gateway addresses.
C. The DHCP scope for the wireless VLAN has been configured with an incorrect option 3 value.
D. The laptop is associated with a guest SSID that uses a different subnet and gateway.
Correct Answer: A
Rationale:
If the laptop receives an IP in the correct range but has a different gateway than other DHCP clients, it likely has a
static IP or static gateway configuration overriding DHCP. A DHCP scope error would affect all clients, not just one.
Load balancing and guest SSID scenarios would typically produce different IP subnets entirely.
CCNA 200-301 -- 2026/2027 | Passing Score: 80% | Page 3 of 35
, Q5 Question 5 of 75
An enterprise is migrating from IPv4 to dual-stack IPv4/IPv6. A network engineer configures a
router interface with both address families. The engineer wants to verify which neighbors
have been discovered via the IPv6 Neighbor Discovery protocol.
A. Issue the show ipv6 route command and look for link-local next-hop entries.
B. Issue the show ipv6 neighbors command to display the IPv6 neighbor cache table.
C. Issue the show arp command and filter for IPv6 link-local addresses.
D. Issue the show ipv6 interface brief command to verify ND-enabled interfaces.
Correct Answer: B
Rationale:
The show ipv6 neighbors command displays the IPv6 neighbor discovery cache, which is the IPv6 equivalent of the
ARP table. The show ipv6 route command shows routing information, not neighbor discovery. The show arp
command only displays IPv4 entries, and show ipv6 interface brief does not show discovered neighbors.
Q6 Question 6 of 75
A data center technician is troubleshooting intermittent connectivity on a server connected to
a Catalyst switch. The show interface output reveals thousands of runts and CRC errors
incrementing on the switch port. The cabling was recently replaced during a rack
reorganization.
A. The server NIC is failing and must be replaced to eliminate the physical layer errors.
B. The cable is damaged, improperly terminated, or the wrong category for the port speed.
C. The switch port is configured for 100 Mbps while the server NIC auto-negotiated to 1 Gbps.
D. The duplex mismatch between the switch and server is causing late collisions and frame corruption.
Correct Answer: B
Rationale:
Runts and CRC errors are classic indicators of physical layer problems such as cable damage, improper
termination, or using a cable category that does not support the configured speed. A duplex mismatch typically
causes late collisions and input errors, not primarily runts and CRCs. Speed mismatch would prevent link
establishment rather than cause CRC errors.
CCNA 200-301 -- 2026/2027 | Passing Score: 80% | Page 4 of 35
