















































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
The Boson Ultimate Exam is a comprehensive preparation resource designed for learners and IT professionals seeking to strengthen their technical knowledge, troubleshooting skills, and certification readiness. This exam covers networking fundamentals, cybersecurity principles, system administration, virtualization, cloud technologies, and hands-on simulation-based problem solving. It helps candidates develop confidence with realistic practice questions, scenario-driven exercises, and industry-aligned content tailored for certification success and professional growth.
Typology: Exams
1 / 55
This page cannot be seen from the preview
Don't miss anything!
















































Question 1. Which layer of the OSI model is responsible for establishing, maintaining, and terminating logical connections between end systems? A) Physical B) Data Link C) Network D) Transport Answer: D Explanation: The Transport layer (Layer 4) provides end-to-end logical connections, flow control, and error recovery via protocols such as TCP and UDP. Question 2. In a three-tier campus design, which layer typically contains the core switches? A) Access B) Distribution C) Core D) Data Center Answer: C Explanation: The core layer interconnects distribution switches and provides high-speed backbone transport for the entire campus. Question 3. Which of the following is a characteristic of a fiber optic single-mode cable? A) Core diameter of 62.5 μm B) Supports multimode propagation C) Low modal dispersion, suitable for long distances D) Uses LED light source only Answer: C
Explanation: Single-mode fiber has a very small core (≈ 9 μm) that allows only one propagation mode, minimizing modal dispersion and enabling long-reach links. Question 4. In OSPF, what is the purpose of the Designated Router (DR) on a broadcast network? A) To authenticate OSPF packets B) To reduce the number of LSAs flooded on the network segment C) To perform NAT translation D) To provide DHCP services Answer: B Explanation: The DR acts as a central point for exchanging link-state advertisements, preventing every router from forming adjacencies with every other router. Question 5. Which IPv6 address type is used for hosts that need to communicate with other nodes on the same link without a router? A) Global Unicast B) Unique Local C) Link-Local D) Multicast Answer: C Explanation: Link-Local addresses (FE80::/10) are automatically assigned and are only valid on the local link, enabling neighbor discovery without routing. Question 6. A network engineer needs to create a subnet that provides exactly 30 usable host addresses. Which subnet mask should be used on a Class C network? A) / B) /
D) All of the above Answer: D Explanation: PPP supports multiple authentication protocols; MD5 is the algorithm used by both PAP and CHAP. Administrators can enable any or both. Question 10. Which of the following best describes a “dual-stack” IPv deployment? A) IPv6 packets encapsulated in IPv4 tunnels B) Running IPv4 and IPv6 simultaneously on the same interfaces C) Translating IPv6 to IPv4 using NAT D) Using only IPv6 on a network that previously used IPv Answer: B Explanation: Dual-stack devices have both IPv4 and IPv6 addresses configured on interfaces, allowing both protocols to operate concurrently. Question 11. In a DHCP snooping configuration, what is the primary purpose of the “trusted” interface designation? A) To block all DHCP traffic on the interface B) To allow DHCP server responses to pass through the interface C) To enable DHCP client requests only D) To encrypt DHCP packets on the interface Answer: B Explanation: Trusted interfaces permit DHCP server messages (offers, ACKs) to flow, while untrusted ports block potentially malicious DHCP traffic.
Question 12. Which DNS record type is used to map a domain name to an IPv6 address? A) A B) AAAA C) CNAME D) PTR Answer: B Explanation: The AAAA (quad-A) record stores IPv6 addresses, whereas the A record stores IPv4 addresses. Question 13. A network admin wants to limit a switch port to a maximum of two MAC addresses. Which feature should be used? A) Port Security B) DHCP Snooping C) Dynamic ARP Inspection D) Private VLAN Answer: A Explanation: Port security can be configured with a “maximum” command to restrict the number of learned MAC addresses on a port. Question 14. Which of the following is a characteristic of a “stateful” firewall? A) Filters packets based solely on source/destination IP addresses B) Inspects the entire packet header and payload without maintaining session information C) Tracks active connections and enforces policies based on session state D) Operates only at Layer 2 Answer: C
C) A WAN that only supports IPv6 traffic D) A WAN that uses static routing only Answer: B Explanation: SD-WAN abstracts the control plane to a central orchestrator, enabling dynamic path selection across broadband, LTE, MPLS, etc. Question 18. Which JSON structure correctly represents a list of two VLAN objects, each with an “id” and “name” attribute? A) {"vlans": {"id":1,"name":"VLAN10"},{"id":2,"name":"VLAN20"}} B) {"vlans": [{"id":1,"name":"VLAN10"},{"id":2,"name":"VLAN20"}]} C) {"vlans": [{"id":1,"name":"VLAN10"}; {"id":2,"name":"VLAN20"}]} D) {"vlans": [{"id":1;"name":"VLAN10"},{"id":2;"name":"VLAN20"}]} Answer: B Explanation: JSON arrays are denoted by square brackets, and each object inside the array uses commas to separate items. Question 19. In Ansible, which keyword is used to declare a list of tasks that should be executed sequentially on a host? A) roles B) vars C) tasks D) handlers Answer: C Explanation: The “tasks” section defines the ordered steps (modules) that Ansible runs on target devices. Question 20. Which of the following BGP attributes is used to prefer one exit path over another when the AS-PATH length is identical? A) Local Preference
B) MED (Multi-Exit Discriminator) C) Weight D) Origin Answer: C Explanation: Weight is a Cisco-specific attribute applied locally; higher weight is preferred and is evaluated before any other BGP attribute. Question 21. A network engineer needs to provide IPv4 address translation for 200 internal hosts using a single public IP address. Which NAT method should be used? A) Static NAT B) Dynamic NAT C) Port Address Translation (PAT) D) NAT Answer: C Explanation: PAT (also called NAT overload) maps multiple private addresses to a single public IP by distinguishing sessions using port numbers. Question 22. Which of the following statements about a “spine-leaf” data-center fabric is FALSE? A) All leaf switches connect to every spine switch. B) Spine switches perform routing between leaf switches. C) Leaf switches typically have higher port density than spine switches. D) The design eliminates any single point of failure at the access layer. Answer: D Explanation: While the spine-leaf topology provides redundancy, a failure of a leaf switch still isolates the devices attached to it, so a single point of failure can still exist at the access layer.
Question 26. Which of the following is the most secure method for remote management of network devices? A) Telnet with password authentication B) SSH using RSA key pairs C) HTTP with basic authentication D) SNMPv2c with community strings Answer: B Explanation: SSH with public-key authentication provides encrypted, mutual authentication, whereas Telnet, HTTP, and SNMPv2c are either clear-text or use weak community strings. Question 27. Which command on a Cisco switch clears the MAC address table for a specific VLAN? A) clear mac address-table dynamic vlan 10 B) delete mac address-table vlan 10 C) reset mac-address-table vlan 10 D) no mac address-table vlan 10 Answer: A Explanation: The “clear mac address-table dynamic vlan [vlan-id]” command removes learned MAC entries for the specified VLAN. Question 28. In the context of 802.1X port-based authentication, which component validates the credentials of a connecting device? A) Supplicant B) Authenticator C) Authentication Server (RADIUS) D) Switch CPU Answer: C
Explanation: The RADIUS server (or other AAA server) performs the actual credential verification for 802.1X, while the supplicant presents credentials and the authenticator forwards them. Question 29. Which of the following is a characteristic of a “stateful” firewall rule that uses “inspect” in Cisco ASA? A) It only checks packet headers. B) It creates a connection table entry for each flow. C) It blocks all inbound traffic by default. D) It operates exclusively at Layer 2. Answer: B Explanation: The “inspect” keyword enables deep packet inspection and creates state entries, allowing the firewall to track the flow’s state. Question 30. Which of the following best describes “VLAN pruning” in a trunk link? A) Removing all VLANs from the trunk. B) Dynamically restricting VLAN traffic to only those VLANs needed on the downstream switch. C) Converting a trunk to an access port. D) Enabling STP on the trunk. Answer: B Explanation: VLAN pruning reduces unnecessary traffic by allowing a trunk to carry only the VLANs that have members on the downstream device. Question 31. Which of the following is the correct order of operations for a typical DHCP client obtaining an IP address? A) Request → Discover → Offer → ACK B) Discover → Offer → Request → ACK
Question 34. Which of the following is a primary function of the “Network Time Protocol (NTP)” in a large enterprise? A) Encrypt traffic between routers. B) Provide a centralized DNS service. C) Synchronize system clocks across devices. D) Authenticate remote users. Answer: C Explanation: NTP ensures that all network devices maintain accurate and consistent time, which is critical for logging, security, and troubleshooting. Question 35. A security analyst notices an increase in “ICMP Echo Request” traffic from a single host targeting many internal devices. Which mitigation technique is most appropriate? A) Enable DHCP snooping on the host’s VLAN. B) Apply a rate-limit ACL on inbound ICMP echo-request packets. C) Disable STP on the affected switch. D) Configure a static route to drop all ICMP traffic. Answer: B Explanation: Rate-limiting ICMP echo requests via an ACL reduces the impact of a potential ping flood while still allowing legitimate traffic. Question 36. Which of the following is a key difference between “static routing” and “dynamic routing”? A) Static routing can adapt to link failures automatically. B) Dynamic routing protocols exchange routing information with neighbors. C) Static routes support load balancing across multiple paths. D) Dynamic routing does not require any configuration. Answer: B
Explanation: Dynamic routing protocols (e.g., OSPF, EIGRP) share route updates, whereas static routes are manually configured and do not adapt to topology changes. Question 37. In a Cisco ASA, which command enables the firewall to inspect SIP traffic for NAT traversal? A) inspect sip B) inspect ipsec-nat-transparency C) inspect dns preset_dns_map D) inspect ftp Answer: A Explanation: The “inspect sip” command enables deep packet inspection of SIP, allowing the ASA to modify payloads for NAT traversal. Question 38. Which of the following best describes a “zero-day” vulnerability? A) A vulnerability that has been patched for at least one year. B) A vulnerability that is publicly disclosed before a fix is available. C) A vulnerability that only affects Linux systems. D) A vulnerability that is mitigated by disabling SSH. Answer: B Explanation: Zero-day exploits target flaws that are unknown to the vendor or have no patch at the time of disclosure. Question 39. In a Kubernetes cluster, which component is responsible for maintaining the desired state of the system by scheduling pods onto nodes? A) kubelet B) etcd C) kube-proxy
A) To isolate a group of ports from each other while sharing a common uplink. B) To allow all ports in the VLAN to communicate freely. C) To enable Layer 3 routing between VLANs. D) To provide multicast replication across the VLAN. Answer: A Explanation: PVLAN community ports can communicate with each other and with the primary (promiscuous) port but are isolated from other community ports. Question 43. In a BGP configuration, which attribute is considered “well-known discretionary”? A) Weight B) Local Preference C) MED D) Origin Answer: B Explanation: Local Preference is well-known (must be understood by all BGP speakers) but discretionary (may be omitted from updates). Weight is Cisco-specific, MED is optional non-well-known, Origin is well-known mandatory. Question 44. Which of the following best describes the purpose of “IPsec ESP” in a VPN tunnel? A) Provides authentication only. B) Provides encryption and optional authentication. C) Provides key exchange without encryption. D) Provides encapsulation of Ethernet frames. Answer: B
Explanation: Encapsulating Security Payload (ESP) offers confidentiality (encryption) and can also provide integrity and authentication. Question 45. Which of the following Cisco IOS commands displays the current OSPF neighbor relationships? A) show ip ospf neighbor B) show ip route ospf C) show running-config ospf D) show ip ospf interface Answer: A Explanation: “show ip ospf neighbor” lists each OSPF neighbor, its state, and adjacency details. Question 46. Which of the following is the correct way to configure a Cisco switch port as a trunk that allows only VLANs 10, 20, and 30? A) switchport mode trunk; switchport trunk allowed vlan 10,20, B) switchport mode access; switchport access vlan 10,20, C) switchport mode trunk; switchport trunk allowed vlan none D) switchport mode dynamic auto; switchport trunk allowed vlan 10- Answer: A Explanation: The “switchport mode trunk” command enables trunking, and “switchport trunk allowed vlan” restricts the VLAN list to the specified IDs. Question 47. Which of the following is a primary benefit of implementing “Network Automation” with Ansible? A) Requires a proprietary agent on every device. B) Enables configuration changes via a declarative YAML playbook. C) Only works on Windows servers. D) Replaces the need for any network monitoring tools.
D) Two servers running the same application for load balancing. Answer: A Explanation: Dual-homed means a site has two upstream connections (often to different ISPs) for redundancy and load balancing. Question 51. In IPv6, which address scope is indicated by the prefix FE80::/10? A) Global Unicast B) Unique Local C) Link-Local D) Multicast Answer: C Explanation: The FE80::/10 range is reserved for link-local addresses, used for communication on the local segment only. Question 52. Which of the following is the correct syntax to create a static route on a Cisco router for the network 10.10.20.0/24 via next-hop 192.168.1.1? A) ip route 10.10.20.0 255.255.255.0 192.168.1. B) ip route 10.10.20.0 255.255.255.0 FastEthernet0/ C) ip route 10.10.20.0 255.255.255.0 Null D) ip route 10.10.20.0/24 192.168.1. Answer: A Explanation: The “ip route” command requires destination network, subnet mask, and next-hop IP address. Question 53. Which of the following is a primary function of the “ARP” protocol? A) Resolve IPv6 addresses to MAC addresses.
B) Resolve IPv4 addresses to MAC addresses on a local LAN. C) Provide encryption for broadcast traffic. D) Translate domain names to IP addresses. Answer: B Explanation: ARP (Address Resolution Protocol) maps IPv4 addresses to their corresponding MAC addresses within the same broadcast domain. Question 54. Which of the following best describes the purpose of “RFC 1918” address space? A) Publicly routable IP addresses for the Internet. B) Private IP address ranges for internal networks. C) IPv6 address allocation. D) Multicast address allocation. Answer: B Explanation: RFC 1918 defines the private IPv4 address blocks (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) that are not routable on the public Internet. Question 55. In a Cisco IOS router, which command enables EIGRP on interfaces belonging to autonomous system 100? A) router eigrp 100 B) eigrp router 100 C) network 0.0.0.0 255.255.255. D) enable eigrp 100 Answer: A Explanation: “router eigrp 100” enters EIGRP configuration mode for AS 100; interfaces are added via “network” statements. Question 56. Which of the following is an advantage of using “MPLS” in a service provider network?