Cisco CCNA Cheat Sheet 2026

The 30 highest-yield Cisco CCNA facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.

100 questions
120 min time limit
83% to pass
  1. Which DNS record type maps a fully qualified domain name (FQDN) to an IPv4 address? A record
  2. Which command on a Cisco switch assigns a physical interface to EtherChannel group 1 using LACP active mode? channel-group 1 mode active
  3. A network technician is reviewing IP configurations on a local area network. Which of the following IP addresses is a valid RFC 1918 private address? 10.1.1.25
  4. Which feature protects against IP address spoofing by verifying that incoming packets match an entry in the DHCP snooping binding table? IP Source Guard
  5. What is the default violation mode for Cisco switch port security? Shutdown
  6. What are the ones that are used with NAT? All of the above
  7. What is the minimum RSA key size recommended when generating SSH keys on a Cisco IOS device for SSHv2? 2048 bits
  8. Which of the following protocols is a Distance Vector Protocol? RIP
  9. Which IEEE standard defines the Link Aggregation Control Protocol (LACP)? IEEE 802.3ad (802.1AX)
  10. Which of the following is a primary benefit of using VLANs in a network? To segment the network into multiple broadcast domains.
  11. What does the flag 'D' indicate for a port in the output of 'show etherchannel summary'? The port is down and not part of the active bundle
  12. Which command configures a Cisco router login banner that is displayed before authentication? banner login # message #
  13. What is the purpose of the SNMP 'trap' message type compared to an SNMP 'inform'? Traps are unacknowledged; informs require acknowledgment from the manager
  14. Which SNMP version introduced authentication and encryption for secure management communications? SNMPv3
  15. Which command configures the LACP port priority on an interface to influence which links are selected as active in a bundle? lacp port-priority 100
  16. Which type of VLAN attack allows a rogue device to send frames on a VLAN other than the one it is assigned to? VLAN hopping
  17. What security feature does Dynamic ARP Inspection (DAI) rely on to validate ARP packets? DHCP snooping binding table
  18. Which of the wireless protocols is the most reliable? WPA3
  19. For a boot system, the router looks to.... NVRAM
  20. What command is used to turn on the Cisco router interface? no shutdown
  21. Which command enables port security on a Cisco switch interface and sets the maximum number of MAC addresses to 2? switchport port-security maximum 2
  22. For an EtherChannel to form successfully, which of the following must match on all member ports? Port speed and duplex, native VLAN, and allowed VLANs
  23. What is the primary purpose of the Spanning Tree Protocol (STP) in a switched network? To prevent Layer 2 switching loops.
  24. Which command verifies the current NTP synchronization status and stratum on a Cisco IOS device? show ntp status
  25. In a switched network, how does a switch populate its MAC address table? By examining the source MAC address of incoming frames.
  26. Which command prevents the 'enable' password from being stored in plaintext in the Cisco IOS configuration? enable secret
  27. Which attack does DHCP snooping protect against on a switched network? Rogue DHCP server attacks
  28. To learn an unknown MAC address, what does a PC broadcast? ARP Request
  29. What are the two main types of site-to-site VPNs? Extranet Based VPN
  30. Instead of SNMP, SDN uses ____ as a network configuration management protocol. Netconf