139 Soal MTCNA

/
1. / interface wireless access-list is use for :
A. Shows a list of clients MAC address to permit/deny registered to AP
B. Autenticate Hotspot users
C. Handles a list of clients MAC address to permit/deny connection to AP
D. Contains the security profiles settings.

A
An IP address pool can contain address from more than one subnet
A. True
B. False

18. Action=redirect applies to

A. SRC-NAT rules

B. DST-NAT rules

C. Firewall Filter rules

D. Route rules

8. A routing table has following entries: 

0 dst-address=10.0.0.0/24 gateway=10.1.5.126 

1 dst-address=10.1.5.0/24 gateway=10.1.1.1 

2 dst-address=10.1.0.0/24 gateway=25.1.1.1 

3 dst-address=10.1.5.0/25 gateway=10.1.1.2 

Which gateway will be used for a packet with destination address

10.1.5.126? 

A. 10.1.1.1

B. 10.1.5.126

C. 10.1.1.2

D. 25.1.1.1
1. Action=redirect is applied in
A. chain=srcnat
B. chain=dstnat
C. chain=forward

2. Action=redirect allows you to make

A. Transparent DNS Cache
B. Forward DNS to another device IP address
C. Enable Local Service
D. Transparent HTTP Proxy

3. A PC with IP 192.168.1.2 can access internet, and static ARP has been set for that IP address on
gateway.
When the PC Ethernet card failed, the user change it with a new card and set the same IP for it.
What else should be done?
a. Old static ARP entry on gateway has to be updated for the new card
b. Nothing - it will work as before
c. MAC-address of the new card has to be changed to MAC address of old card
d. Another IP has to be added for Internet access

4. A network ready device is directly connected to a MikroTik RouterBOARD 750 with a correct
U.T.P. RJ45 functioning cable. The device is configured with an IPv4 address of 192.168.100.70
using a subnet mask of 255.255.255.252. What will be a valid IPv4 address for the RouterBOARD
750 for a successful connection to the device?
A. 192.168.100.70/255.255.255.252
B. 192.168.100.69/255.255.255.252
C. 192.168.100.68/255.255.255.252
D. 192.168.100.71/255.255.255.252

5. A MikroTik PPPoE Server can be used only within a broadcast domain, that is, users can not run
PPPoE protocol with a server if there is a router between the costumer and that PPPoE server.
FALSE

TRUE

6. A routing table has following entries:

0 dst-address=10.0.0.0/24 gateway=10.1.5.1.126
1 dst-address=10.1.5.0/24 gateway=10.1.1.1
2 dst-address=10.1.0.0/24 gateway=25.1.1.1
3 dst-address=10.1.5.0/25 gateway=10.1.1.2

Which gateway will be used for a packet destination address 10.1.5.126 ?

A. 10.1.1.1
B. 10.1.1.2
C. 10.1.5.126
D. 25.1.1.1

7. A backup file from MikroTik router is stored in plain text format

FALSE

C
16. Can you manually add drivers to RouterOS in case your PCI Ethernet card is not
recognized, and you suspect it is a driver issue?

A. No

B. Yes

14. Check all of the DHCP Server Options that are implemented for DHCP-Client and not
Custom.

A. tftp

B. subnet mask

C. gateway

D. DNS Server

E. WINS Server

F. ntp server

1. Choose all valid hosts address range for subnet 15.242.55.62/27

A. 15.242.55.33-15.242.55.63
B. 15.242.55.33-15.242.55.62
C. 15.242.55.32-15.242.55.63
D. 15.242.55.31-15.242.55.62

2. Can you manually add drivers to RouterOS in case your PCI Ethernet card is not recognized, and
it’s a driver issue?
A. Yes
B. No

3. Consider the following network diagram. In R1, you have the following configuration:
/ip route
adddst-address=192.168.1.0/24 gateway=192.168.99.2
/ip firewall nat
add chain=srcnat out-interface=Ether1 action=masquerade
On R2, if you wish to prevent all access to a server located at 192.168.1.10 from LAN1 devices,
which of the following rules would be needed?
A. /ip firewall filter add chain=forward src-address=192.168.99.1 dst-address=192.168.1.10
action=drop
B. /ip firewall filter add chain=input src-address=192.168.99.1 dst-address=192.168.1.10 action=drop
C. /ip firewall nat add chain=dstnatsrc-address=192.168.99.1 dst-address=192.168.1.10 action=drop
D. /ip firewall filter add chain=forward src-address=192.168.0.0/24 dst-address=192.168.1.10
action=drop
4. Check the allowed input formats for wireless scan-list.
A. 5500,5700
B. 5500 5700
C. 5500/5700
D. 5500 - 5700
E. 5500-5700

5. Collisions are possible in full-duplex Ethernet networks.

FALSE

6. Configuring HotSpot is Possible on Mikrotik RouterOS only with a wireless interface

FALSE

7. Connection state in MikroTik RouterOS is the same thing as TCP state elsewhere ?
TRUE

D
1. DNS configuration of the router.
/ipdns static add address=192.168.0.1 name=www.test.com
Computer DNS server is router, You are sending ping to www.test.com from the computer. Which
is the resolved address?
A. www.test.com is resolved as 204.12.0.50
B. www.test.com is resolved as 192.168.0.1
C. it is not possible to resolve www.test.com

2. DHCP server is configured on a router’s ether 1 interface IP address 192.168.0.100/24 is

assigned to the interface. Possible IP Pools, that can be used by this server, are:
A. 192.168.0.1-192.168.0.99 192.168.0.101-192.168.0.254
B. 192.168.0.1-192.168.0.254
C. 192.168.0.1-192.168.0.14
D. 192.168.0.1-192.168.0.255

F
19. For user in local ppp secrets/ppp profiles database, it is possible to

A. Allow/deny use of more than one login by this user

B. Allow login by pppoe and pptp, but deny login by l2tp

C. Set max values for total transferred bytes (up- and download)

D. Allow only pppoe login

E. Deny services (like telnet) only for this user or for one group of users
 3. For static routing functionality, additionally to the RouterOS 'system' package, you will also
need the following software package:

A. no extra package required

B. routing

C. dhcp

D. advanced-tools

1. For static routing functionality, additionally to the RouterOS system package, you will also need
the following software package:
A. none
B. dhcp
C. routing
D. advanced-tools

2. From which of the following locations can you obtain Winbox?

A. Router’s webpage
B. Files menu in your router
C. Via the console cable
D. mikrotik.com

3. Firewall NAT rules process only the first packet of each connection.
TRUE

H
13. How many different priorities can be selected for queues in MikroTik RouterOS?

A. 0

B. 16

C. 1

D. 8

10. How many wireless clients can connect, when wireless card is configured to
mode=bridge ?

A. 2007

B. 2
 C. 100

D. 1

1. How many usable IP address are there in a 20-bit subnet?

4096 2048
2047 4094 2046

2. How many layers does Open System Interconnectionmodel have ?

12 9
6 5 7

3. How many usable IP Addresses are there in a 23-bit (255.255.254.0) subnet?

510 254
508 512

4. How many bits are in a subnet mask for an IPV4 network ?

16 none
8 32

5. How long is level 1 (demo) license valid ?

A. 24 Hours B. Infinite Time
C. 1 Month D. 1 Year

6. How many different priorities can be selected selected for queues in MikroTikRouterOS ?
A. 8 B. 16
C. 0 D. 1

7. Hotspot ip-binding is used to allow access to internet web servers specifying the IP address of
the web server instead of the URL.
FALSE

8. How many IP address can one find in the header of an IP packet ?

A. 1 B. 2 C. 3 D. 4

9. HotSpot is required on the interfaces ether2, ether3, wlan1 (in ap-bridge mode), These
interfaces are bridged in the bridge1 interfaces, Which interface should the Hotpsot server be
configured on ?
A. On ether2 interface
B. On bridge1 interface
C. On wlan1 interface
D. On ether3 interface

10. How many wireless clients can connect, when wireless card is configured to mode=bridge ?
A. 2
B. 1
C. 100
D. 2007

11. How many DHCP servers could you run on one interface ?
A. 255 C. 4
B. 1024 D. 1

I
17. Is it possible to limit how many clients are able to connect to an access point?

A. No it's not possible at all

B. Yes

C. Yes, but only with access-lists

1. in mikrotik RouterOS layer-3 communication between 2 hosts can be achieved with

A. /29 B. /31 C. /32 D. /30

2. It is possible to add user-defined chains in ip firewall mangle

TRUE

3. If you need to make sure that one computer in your HotSpot can access the internet without
HotSpot authentication, which menu allows you to do this ?
A. Users B. IP Bindings
C. Walled Garden D. Walled-garden IP

4. If ARP=reply-only is configured on an interface, what will this interface do

A. Add new IP address in /iparp list
B. Accept new IP/MAC combinations listed in /iparp as static entries
C. Add new MAC addresses in /iparp list
D. Accept all IP addresses listed in /iparp as static enteries
E. Accept all MAC-addresses listed in /iparp as static enteries

5. It is possible to disable user “admin” at the menu “/user”

FALSE

6. If a packet comes to a router and starts a new, previously unseen connection, which connection
state would be applied to it ?
A. New B. Established
C. unknown D. Invalid
E. no connection state would be applied to such packet

7. Is ARP used in the IPv6 protocol ? (ket: menggunakan ndp sebagai pengganti arp)
FALSE

8. If ARP=reply-only is enabled on one router interface, router can add dynamic ARP entries for the
particular interface.
FALSE

9. Is it possible for client to get an IP Address but no gateway after a successful DHCP request ?
TRUE

10. Is it possible to have PPTP client an PPTP Server on one MikroTik router at same time ?
TRUE

11. Is it possible that the same IP address is included in multiple address lists and still be used by
these multiple address lists ?
TRUE

12. In RouterOS queue configurations the word “total” usually represents

A. upload B. Download
C. download + upload D. upload + download

13. In which situations can netinstall NOT be used to install a RouterBOARD ?

A. The router is connected only to a secondary Ethernet port
B. You do not know the password of the router
C. The router is connected only to a wireless network
D. The router does not have an operating system

14. In a wireless network it is decided to comply with 802.11a protocol standard. To enable turbo
mode which is the correct configuration ?
A. 12th channel, 40 mhz wide
B. 5th channel, 5 mhz wide
C. 6th channel, 5 mhz wide
D. 6th channel, 10 mhz wide

15. In order to use dynamic keys in your security profile for an AP, you must set up the dhcp server
to provide the dynamic keys.
TRUE

16. Is it possible to create a costum firewall chain and use it in both input and forward chains at
the same time ?
TRUE

17. in ip firewall NAT, you can Classify Traffic in SRC NAT Chain based on “in-interface”
FALSE

18. Is it possible to limit how many clients are able to connect to an access point ?
A. Yes, but only with access-lists
B. No it’s not possible at all
C. Yes

19. It is necessary to configure a local DNS server to be able to give out a DNS setting to clients via
DHCP server.
TRUE

20. /interface wireless access list is used for

A. Contains the security profiles settings
B. Handles a list of Client's MAC Address to permit/deny connection to AP
C. Shows a list of Client's MAC address that are already registered at AP
D. Authenticate Hotspot users

M
1. Mark Public IP addresses
A. 11.63.72.21 D. 192.168.0.1
B. 172.168.254.2 E. 172.28.73.21
C. 10.110.50.37

2. MAC layer by OSI model is also known as

Layer 3 Layer 2 Layer 1 layer 6 Layer 7

3. Mark all correct statements about /export (rsc file).

A. Exports logs from /log print
B. Exports full configuration of the router
C. Exports only part of the configuration (for example /ip firewall)
D. Exports scripts from /system script
E. Exports files could not edited

4. Mark all features that are compatible with Nstreme

A. WDS between a device in station-wds mode and a device in station-wdsmode X
B. Encryption X
C. WDS between a device in ap-bridge mode with a device in station-wds mode
D. Bridging a device in station mode with a device in ap-bridge mode X

5. MikroTikRouterOS DHCP client can receive following options

A. Byte limit
B. IP Gateway
C. Rate limit
D. Uptime limit
E. IP Address and Subnet
6. Mark the queue types that are available in RouterOS
A. SFQ – Stochastic Fairness Queuing
B. DRR - Deficit Round Robin
C. FIFO - First In First Out (for Bytes or for Packets)
D. LIFO - Last In First Out
E. PCQ – Per Connection Queuing
F. RED – Random Early Detect (or Drop)

7. Mark all the configuration where RouterOS is utilizing the DNS client feature
A. Layer-7 packet filter
B. Hotspot configuration
C. Web proxy configuration
D. PPP configuration

8. Mark all packages required for PPPoE server on MikroTik RouterOS

A. ppp
B. radius
C. user-manager
D. system
E. synchronous

9. Mark all features that can be used to assign bandwith limitation for a group of users ?
A. AP-limit in Access Points
B. Address-list
C. Queue Tree
D. Mangle
E. NAT

N
1. Netinstall can be used to
A. Keep configuration, but reset a lost admin password
B. Install different software version (upgrade or downgrade)
C. Reinstall software without losing license
D. Install package for different hardware architecture

O
1. On the advanced menu of the wireless setup there is a parameter called “Area”, it works
directly with:
A. Connect List C. None of these
B. Access List D. Secuity Profile

NStreme works only on 40mhz Channel width

A. True
B. False

P
Possible actions of ip firewall filter are:
A. Bounce
B. Log
C. Add-to-address-list
D. Tarp
E. Accept
F. Tarpit

9. PPP Secrets are used for

A. PPtP clients

B. PPP clients

C. PPPoE clients

D. L2TP clients

E. IPSec clients

F. Router users

1. Possible actions of ip firewall filter are:

A. log D. add-to-list
B. accept E. tarp
C. tarpit F. bounce

2. PPP Secrets are used for

A. L2PT clients
B. IPSec clients
C. PPPoE clients
D. PPtP Clients
E. Router users
F. PPP clients

R
 2. Router has Wireless and Ethernet client interfaces, all client interfaces are bridged. 

To create a DHCP service for all clients you must configure DHCP server on

A. every bridge port

B. Ethernet and wireless interfaces

C. DHCP service is not possible in this setup

D. only on bridge interface

1. Router A and B are both running as PPPoE server on different broadcast domains of your
network. Is it possible to set Router A to use “/ppp secret” accounts from Router B to authenticate
PPPoE costumers ?
FALSE

2. Router Firewall rules are:

/ip firewall filter add chain=forward action=jump jump-target=costum
/ip firewall filter add chain=costum action=passthrough
/ip firewall filter add chain=forward action=log
When traffic reaches the end of ‘chain=costum’. What will happen next ?

A. Traffic will be logged in chain=forward

B. Traffic will be dropped in chain=costum
C. Traffic will be accepted in chian=costum

3. Router has wireless and Ethernet client interfaces, all client interfaces are bridged. To create a
DHCP service for all clients you must configure DHCP server on
A. only on bridged interface
B. every bridged port
C. DHCP service is not possible in this setup
D. Ethernet and wireless interfaces

S
1. Select valid SUBNET masks:
A. 255.192.0.0 C. 192.0.0.0
B. 255.255.224.0 D. 255.255.192.255

2. Select which of the following are “Public IP Addresses” :

A. 10.110.50.37 D. 192.168.0.1
B. 11.63.72.21 E. 172.168.254.2
C. 172.28.73.21
3. Select all the RouterOS software packages requires for configuring a wireless AP
A. advanced-tools
B. dhcp
C. system
D. routing
E. wireless

4. Select valid mac-address ?

A. AEC8:21F1:AA44:54FF:1111:0212:0102
B. G2:60:CF:32:D1:A2
C. 00:00:34:E4:23:A7
D. 192.168.3.0/24

T
24. The RouterOS graphing is used for

A. bandwidth limitation

B. real-time traffic and resource usage display

C. average traffic and resource usage display

D. bandwidth testing

25. To connect your MikroTik router to a wireless access point, you have to:

A. Use the same Band (5 GHz, 2.4 GHz, ...)

B. Use the same SSID as on accesspoint

C. Use the same Radio Name

1. The basic unit of a physical network (OSI Layer 1) is the :

A. Header C. Bit
B. Byte D. Frame

2. The network address is

A. The first usable address of the subnet
B. The last address of the subnet
C. The first address of the subnet

3. Two host, A and B, are connected to a broadcast LAN. Select all the answers showing pairs of IP
address / mask which would allow IP connections to be established between the two hosts.
A. A: 10.1.2.66/25 and B: 10.1.2.109/26
B. B: 10.1.2.192/24 and B: 10.1.2.129/26
C. A. 10.2.2.1/23 and B: 10.2.0.1/22
D. A. 10.2.1.0/23 and B: 10.2.0.1/22

4. The HotSpot feature can be used only on Ethernet interfaces. You have to use a separate access
if you to use this feature with wireless.
FALSE

5. To make all DNS request coming from your network to resolve on your router (regardless of the
client configuration) which would you specify of the DST-NAT rule ?
A. Masquerade
B. DST-NAT
C. you can’t use DST-NAT to archive this
D. Redirect

6. There are two routes in the routing table:

0 dst-addr=10.1.1.0/24 gateway=5.5.5.5
1 dst-addr=10.1.1.4/30 gateway=5.6.6.6
Which gateway will be used to get to the IP address 10.1.1.6 ?
A. 5.6.6.6
B. the required route is not in the routing table
C. 5.5.5.5
D. both – half of the traffic will be routed through one gateway, half through the other

7. There is an HTTP server 10.0.0.1 in your private network. You have made a DST-NAT rule that
sends all HTTP traffic received on your router’s address 80.232.50.100 to this server. If you make a
firewall rule on the router to disallow address 159.148.20.30 to communicate with server, how
would you identify this communication in this rule ?
A. src-address=159.148.20.30 dst-address=10.0.0.1
B. src-address=159.148.20.30 dst-address=80.232.50.100
C. src-address=80.232.50.100 dst-address=10.0.0.1
D. src-address=80.232.50.100 dst-address=159.148.20.30

8. The default value of ‘target-scope’ for static route is:

A. 10 C. 1
B. 30 D. 255

9. The total-max limit under simple queues will limit the combined upload and download of the
target-address of your simple queue.
TRUE

10. To be able to do NAT the connection tracking does not need to be enabled.
TRUE

11. To use masquerade, you need to specify

A. action=masquerade, out-interface, chain=src-nat
B. action=accept, out-interface, chain=src-nat
C. action=masquerade, in-interface, chain=src-nat
D. action=masquerade, out-interface, chain=dst-nat

12. The first two rules in the forward chain of the filter table are:
/ ip firewall filter add chain=forward connection-state=established action=accept
/ ip firewall filter add chain=forward connection-state=invalid action=drop
Connection-state=related packets are not filtered by the rules above.
TRUE

W
1. Which options should be used when you want to prevent access from one spesific address
to your router web interface?
A. Firewall Filter Chain Input
B. WWW service from IP Services
C. Group setting for System users
D. Firewall Filter Chain Forward

2. WPA 2 Pre Shared key (PSK) is enabled on AP, all your clients have to use the same PSK.
Only Virtual AP could be used to allow clients to connect with a different PSK.
A. True
B. False

22. Which is a default baud-rate of currently manufactured RouterBOARDs?

A. 115200

B. 38400

C. 9600

D. 11520

23. When backing up your router by using the 'Export' command, the following happens:

A. The Export file can be edited with a standard text editor after its creation

B. You are requested to give the export file a name

C. Winbox usernames and passwords are backed up

15. When sending out an ARP request, an IP host is expecting what kind of address for an
answer? 

A. MAC Address

B. VLAN ID
 C. IP address

D. 802.11g

11. Which firewall chain should be used for filters that protect your router interface?

A. post-routing

B. input

C. forward

D. pre-routing

12. What does the firewall action "log" do?

A. It logs and blocks the packet

B. It adds a prefix to the packet and passes it through

C. It logs the packet

D. It blocks and logs the packet

6. Which firewall chain would be used to block a client's MSN traffic on a router?

A. static

B. output

C. input

D. forward

7. Where should you upload new MikroTik RouterOS version packages for upgrading router?

A. Any directory in /files

B. FTP root directory or /files directory of the router

C. System Package menu

D. System Backup menu

5. Which of the following Routes statuses are possible?

A. A = Active

B. C = Connected
 C. S = Static

D. D = Drop

4. What can be used as ’target-address’ in the simple queue?

A. address list name

B. server’s address

C. client’s MAC address

D. client’s address

Which features are removed when advanced-tools packages is uninstalled?

A. Netwatch
B. Bandwith-test
C. Neighbors
D. Ip-scan
E. LCD support
F. Ping

1. What kind of users are listed in the Secrets window of the PPP menu?

A. l2tp users

B. pptp users

C. winbox users

D. hotspot users

E. wireless users

F. pppoe users

1. Which ones of the following are valid IP addresses ?

1.27.14.254 192.168.256.1
192.168.13.255 10.10.14.0

2. Which one is NOT a valid MAC Address ?

88:0C:00:99:5F:EF 13:16:86:53:89:43 EA:BA:AA:EE:FF:CB
95:B5:DD:EE:78:8A 80:GF:AA:67:13:5D

3. What protocol does ping use ?

ICMP UDP
TCP ARP

4. What wireless card can we use to achieve 100Mbps actual wireless throughput ?
A. 802.11 b/g B. 802.11 a/b/g
C. 802.11 a D. 802.11 a/n E. 802.11 a/b/g/n

5. Which is correct masquerade rule for 192.168.0.0.24 network on the router with outgoing
interface=ether1 ?
A. /ip firewall nat add action=masquerade chain=srcnat
B. /ip firewall nat add action=masquerade chain=srcnatsrc-address=192.168.0.0/24
C. /ip firewall nat add action=masquerade out-interface=ether1 chain=dstnat
D. /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1

6. What letters appear next to a route, which is automatically created by RouterOS when user
adds a valid address to an active interface ?
A. I B. D C. A D. C E. S
Ket: D = Dynamic, A = Active, C = Connected

7. Which are necessary sections in /queue simple to set bandwith limitation ?

A. target-address, max-limit
B. target-address, dst-address, max-limit
C. target-address, dst-address
D. max-limit

8. What protocol is used for ping and Trace route ?

A. DHCP B. IP
C. TCP D. ICMP E. UDP

9. Why is it useful to set a Radio Name on the radio interface ?

A. To identify a station in a list of connected clients
B. To identify a station in the Access List
C. To identify a station in Neighbor discovery

10. What kind of users are listed in the Secrets window of the PPP menu?
A. pptpusers B. l2tp users C. winbox users D. wireless users
E. pppoe users F. hotspot users

11. Which default route will be active?

/ip route
add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.1
add disabled=no distance=5 dst-address=0.0.0.0/0 gateway=2.2.2.2
A. Route via gateway 1.1.1.1
B. Route via gateway 2.2.2.2

12. What menus should be used to allow certain websites to be accessed from behind a hotspot
interface, without client authentication
A. ip hotspot ip-binding
B. ip hotspot profile
C. ip hotspot walled-garden +++
D. ip hotspot walled-garden ip
13. Which of the following is true for connection tracking
A. Enabling connection tracking reduces CPU usage in RouterOS
B. Connection tracking must be enabled for firewall to be effective
C. Connection tracking must be enable for NAT'ed network
D. Disable connection tracking for mangle to work

14. Which of these are possible solutions to bridge two networks over a wireless link:
A. Both devices in AP mode and enable WDS mode
B. One device in AP mode, another one in station-pseudobridge-clone
C. One device in AP mode, another one in station-pseudobridge
D. One device in AP mode, another one in station

15. Which of the following Routes statuses are possible?

A. C = Connected
B. S = Static
C. A = Active
D. D = Drop

16. When backing up your router by using the 'Export' command, the following happens:
A. Winbox usernames and passwords are backed up
B. The Export file can be edited with a standard text editor after its creation
C. You are requested to give the export file a name

17. We have two radio cards in a point-to-point link with settings:

Card Nr 1.: mode=ap-bridge ssid="office"
frequency=2447 band=2.4ghz-b/g default-authentication=yes default-forwarding=yes security-
profile=wpa
Card Nr 2.: mode=station ssid="office"
frequency=2412 band=2.4ghz-b/g default-authentication=yes default-forwarding=yes security-
profile=wpa2
Is Card Nr2. able to connect to Card Nr 1.?
A. Yes, if Nstreme is enabled or disabled on both
B. Yes, when security profile settings are compatible with each other and Nstreme is enabled or
disabled on both
C. No, because of the different frequencies
D. No, because of the different security profiles

18. What is the default protocol/port of (secure) winbox?

A. UDP/5678 B. TCP/8291
C. TCP/22 D. TCP/8080

19.Which is the default port of IP-Winbox?

A. TCP 80 B. TCP 8291
C. TCP 8192 D. UDP 8291

20.What kind of users are listed in the "/user" menu?

A. router users B. pptp users
C. hotspot users D. wireless users

21.Which configuration menu should you use to change router's Winbox default port?
A. /ip firewall service-ports B. /ip firewall filter
C. /system resource D. /ip service

22.What is marked by connection-state=established matcher?

A. Packet is related to, but not part of an existing connection
B. Packet begins a new TCP connection
C. Packet does not correspond to any known connection
D. Packet belongs to an existing connection,for example a reply packet or a packet which belongs to
already replied connection

23.What wireless modes can be used in a WDS setup?

A. ap-bridge B. station
C. station-wds D. Bridge E. nstreme-dual-slave

24.Which of the following protocols / port s are used for SNMP. (Simple Network Managemnt
Protocol)
A.TCP 161 B.TCP 162
C. UDP 161 D.TCP 123
E. UDP 162 F.TCP 25

25.Which computers would be able to communicate directly (without any routers involved)
A. 192.168.0.5/26 and 192.168.0.100
B. 10.5.5.1/24 and 10.5.5.100/25
C. 10.10.0.17/22 and 10.10.1.30/23
D. 192.168.17.15/29 and 192.168.17.20/28

26.WPA2Pre-Shared Key (PSK) is enable on AP, all your cliens have to use same PSK. Only virtual
AP could be used to allow clients to connect with a different PSK.
TRUE

27.What is term for the hardware coded address found on an interface?

A. IP Address B. Interface Address
C. MAC Address D. FQDN Address

28.What is the default TTL (time to live) on a router that an IP packet can experience before it will
be discarded ?
A. 60 B. 30
C. 1 D. 64

29.What is the maximum number of ARP entries on a Mikrotik RouterOS device ?

A. Unlimited
B. 2048
C. 8192
D. 10240

30. When “Cache on Disk” is nto checked under the web proxy setting, shre does the data get
stored ?
A. It does not get stored
B. USB Disk
C. RAM (Memory)
D. System Disk

31. Which features are removed when advanced-tools package is unistalled ?

A. Ping
B. Bandwith-test
C. Neighbors
D. ip-scan
E. LCD support
F. Netwatch

32. What does firewall action “log” do ?

A. It blocks and logs the packet
B. It adds a prefix to the packet and passws it through
C. It logs and blocks the packet
D. It logs the packet

33. What can you do with Netinstall ?

A. add configuration to RouterOS
B. Reinstall RouterOS
C. Reset password in RouterOS
D. Install Linux

34. Which mode allows you to connect any standard AP (not onlyMikroTik)and to able to bridge
this wireless interface to an Ethernet ?
A. bridge
B. station
C. station-wds
D. station-pseudobridge

35. Which facility should be used, to ensure that clients with radio signal strength power than – 90
dBm can’t connect to interface wlan1 on a MikroTik AP? Choose one answer
A. interface wireless set wlan1 basic-rates
B. interface wireless registration-table remove numbers=-91
C. interface wireless access-list
D. interface wireless security-profiles and static-transmit-key

36. Which of the following is true for mangle facility in RouterOS ?

A. Mangle facility is used to mark IP packets with special marks for future processing
B. The mangle mark can be transmitted across the network, and used by other routers
C. Marks packet can be used by other router facilities like routing and bandwith management
D. Mangle facility can be used to modify some fields in the IP header and TTL fields

37. What is possible with Netinstall ?

A. MikroTik RouterOS configuration reset
B. MikroTIk RouterOS reinstall
C. MikroTik RouterOS password reset with saving routers configuration

38. When viewing the routes in Winbox, some routes will show “DAC” in the first column, these
flags mean:
A. Dynamic,Active,Connected
B. Dynamic,Active,Console
C. Direct,Available,Connected
D. Dynamic,Available,Created

39. Mark all correct answer destination NAT will take place
A. before routing decision
B. after routing decision
C. before ip firewall filter, chain forward
D. after ip firewall filter, chain forward

40. Where should you upload new MikroTik RouterOS version packages for upgrading router ?
A. Any direction in files
B. System Backup menu
C. FTP root directory or files directory of the router
D. System Package menu

41. Which software version can be installed on to the following RouterBoard types ?
A. routeros-x86-x.xx.npk on a RB1100
B. routeros-mipsbe-x.xx.npk on a RB 133
C. routeros-mipsle-x.xx.npk on a RB133
D. routeros-powerpc-x.xx.npk on a RB433
E. routeros-mipsbe-x.xx.npk on a RB433

42. WPA 2 Pre-shared Key (PSK) is enabled on AP, all your client have to use the same PSK. Only
virtual AP could be used to allow clients to connect with different PSK.
TRUE

42. Wireless clients (mode=station) will work properly if bridged to ethernet

FALSE

43. When sending out an ARP request, an IP host is expiring what kind of address for an answer ?
A. 801.11g
B. IP address
C. MAC Address
D. VLAN ID

44. Which option in the configuration of a wireless card must be disabled to cause the router to
permit ONLY known clients listed in the access list to connect ?
A. Default Forward
B. Enable Access List
C. Default Authenticate
D. Security Profile

45. What configuration is added by /ip hotspot setup command ? (select all that apply)
A. /ip hotspot user
B. queue tree
C. /ip service
D. /ip dhcp server
E. /ip hotspot walled-garden
46. What does the firewall action “Redirect” do ?
A. Redirects a packet to a specified port on a host in the network
B. Redirects a packet to a specified IP
C. Redirects a packet to the router
D. Redirects a packet to a specified port on the router

47. Which wireless mode allows you to connect to any standard AP (not only MikroTik) and to be
able to bridge this wireless interface to an Ethernet ?
A. station
B. bridge
C. station-pseudobridge
D. station-wds

48. What does this simple queue do (check the image) ? Image can not display
A. Queue guarantees download data rate of one megabit per second for host 192.168.1.10
B. Queue limits host 192.168.1.10 upload data rate to one megabit per second
C. Queue guarantees upload data rate of one megabit per second for host 192.168.1.10
D. Queue limits host 192.168.1.10 download data rate to one megabit per second

49.Which queue-type is suitable for congested environment but not good on UDP?
A. RED
B. PFIFO
C. SCQ
D. PCQ
E. BFIFO

50.Which of the following actions are available for '/ip firewall mangle' (select all valid
actions)
A. Accept
B. Jump
C. Change MSS
D. Mark connection
E. Mark packet
F. Drop

Y
You need to set up an E1(T1) connection with PPP configured. Which License Level is
needed?
A. It cannot be done in RouterOS
B. Level 4
C. Level 5

20. You start a scan for wireless networks on you access point. What will happen ?
 A. You'll see all connected clients

B. You'll see available frequencies

C. All connected clients will disconnect

1. You have a router with configuration

- Public IP :202.168.125.45/24
- Default gateway:202.168.125.1
- DNS server: 248.115.148.136, 248.115.148.137
- Local IP: 192.168.2.1/24
Mark the correct configuration on client PC to access to the Internet.

IP:192.168.0.1/24 gateway:192.168.2.1
IP:192.168.2.115/24 gateway: 192.168.2.1
IP:192.168.2.2/24 gateway:202.168.125.45
IP:192.168.2.253/24 gateway:202.168.0.1
IP:192.168.1.223/24 gateway:248.115.148.136

2. You have 802.11b/g wireless card. What frequencies are available to you?
A. 5800MHz B. 2412MHz
C. 5210MHz D. 2422MHz E. 2327MHz

3. You want to use PCQ and allow 256k maximum download and upload for each client. Choose
correct argument values for the required queue.
A. kind=pcqpcq-limit=1256000 pcq-classifier=dst-address
B. kind=pcqpcq-limit=256000 pcq-classifier=dst-address
C. kind=pcqpcq-limit=5000000 pcq-classifier=src-address
D. kind=pcqpcq-limit=256000 pcq-classifier=src-address
E. kind=pcqpcq-limit=5000000 pcq-classifier=dst-address

4. You need to reboot a RouterBoard after importing a previously exported rsc file to activate the
new configuration.
False

5. You would like to allow multiple logins with one user name on a HotSpot server. How should
this be configured?
A. Set "Shared Users" option at /ip hotspot
B. It's not possible
C. Set "only-one=no' at /ip hotspot
D. Set "Shared Users" option at /ip hotspot user profile

6. You need to allow HTTP access to www.mikrotik.com for all Hotspot users without
authorization. What should you use ?
A. /ip hotpsot walled-garden ip
B. /ip hotpsot ip-binding
C. /ip hotpsot user
D. /ip hotspot walled-garden
7. You want to skip HotSpot (authorization, accounting, etc.) for a specific host. What should you
use
A. /ip hotspot ip-binding
B. /ip hotspot walled-garden ip
C. /ip address walled-garden
D. /ip address

8. You can control bandwith of a client connected to AP with the resource / interface wireless
access-list ( assume the client uses MikroTik ROuterOS).
TRUE