MikroTik MTCNA & MTCRE Exam Dumps (Exam Question and Answer)

 

1. Which are necessary sections in /queue simple to set bandwidth limitation?

A. target-address, dst-address, max-limit

B. target-address, max-limit

C. max-limit

D. target-address, dst-address

2. What configuration is added by /ip Hot-Spot setup command? (Select all that apply)

A. /ip Hot-Spot user

B. /ip dhcp-server

C. /queue tree

D. /ip service

E. /ip Hot-Spot walled-garden

3. Firewall NAT rules process only the first packet of each connection.

A. False

B. True

4. Which protocol does Ping use?

A. TCP

B. BootP

C. ICMP

D. ARP

5. What protocol is used for Ping and Trace route?

A. UDP - trace route

B. IP

C. ICMP - ping

D. TCP

E. DHCP

6. The basic unit of a physical network (OSI Layer 1) is the:

A. Byte

B. Bit

C. Frame

D. Header

7. What kind of users are listed in the Secrets window of the PPP menu?

A. winbox users

B. pppoe users

C. wireless users

D. l2tp users

E. pptp users

F. Hot-Spot users

8. What menus should be used to allow certain websites to be accessed from behind a Hot-Spot interface, without client authentication

A. ip Hot-Spot walled-garden

B. ip Hot-Spot profile

C. ip Hot-Spot ip-binding

D. ip Hot-Spot walled-garden ip

9. What is necessary for PPPoE client configuration?

A. ip firewall nat masquerade rule

B. Static IP address on PPPoE client interface

C. Interface (on which PPPoE client is going to work)

10. How long is level 1 (demo) license valid?

A. 24 hours

B. 1 month

C. Infinite time

D. 1 year

11. Which of the following are layers in the TCP/IP model?

Application

Session

Transport

Internet

Data Link

Physical

A. 1, 3 and 4

B. 3, 4 and 5

C. 2, 3 and 5

D. 1 and 2

12. Which of the following keystrokes enables safe mode in console:

A. Ctrl+x

B. Ctrl+s

C. Ctrl+d

D. Ctrl+c

13. What is a stub network?

A. A network that has only one entry and exit point.

B. A network with only one entry and no exit point.

C. A network with more than one exit point.

D. A network with more than one exit and entry point.

14. Collisions are possible in fullduplex Ethernet networks

A. true

B. false

15. Your Company has been assigned a 172.16.25.0/25 network from your ISP. What are the possible options to divide the network into subnets?

A. two times /24

B. one /23 and one /27

C. two times /26

D. four times /27

16. What is the correct action for a NAT rule on a router that should intercept SMTP traffic and send it over to a specified mail server?

A. passthrough

B. tarpit

C. dst-nat

D. redirect

17. There are two routes in the routing table:

0 dst-addr=10.1.1.0/24 gateway=5.5.5.5

1 dst-addr=10.1.1.4/30 gateway=5.6.6.6

Which gateway will be used to get to the IP address 10.1.1.6?

A. the required route is not in the routing table

B. both - half of the traffic will be routed through one gateway, half through the other

C. 5.5.5.5

D. 5.6.6.6

18. MAC layer by OSI model is also known as

A. Layer 1

B. Layer 2

C. Layer 7

D. Layer 6

E. Layer 3

19. How many layers does Open Systems Interconnection model have?

A. 5

B. 7

C. 6

D. 9

E. 12

20. What is the correct action to be specified in the NAT rule to hide a private network when communicating to the outside world?

A. tarpit

B. passthrough

C. allow

D. masquerade

21. For user in local PPP Secrets/PPP Profiles database, it is possible to

A. Deny services (like telnet) only for this user or for one group of users

B. Allow login by PPPoE and PPTP, but deny login by L2TP

C. Allow/deny use of more than one login by this user

D. Set max values for transferred data (Rx/Tx)

E. Allow only PPPoE login

22. Which is the default port of IP-Winbox?

A. TCP 8291

B. TCP 80

C. UDP 8291

D. TCP 8192

23. You have a router with configuration

- Public IP :202.168.125.45/24

- Default gateway:202.168.125.1

- DNS server: 248.115.148.136, 248.115.148.137

- Local IP: 192.168.2.1/24

Mark the correct configuration on client PC to access to the Internet

A. IP:192.168.0.1/24 gateway:192.168.2.1

B. IP:192.168.2.253/24 gateway:202.168.0.1

C. IP:192.168.1.223/24 gateway:248.115.148.136

D. IP:192.168.2.115/24 gateway: 192.168.2.1

E. IP:192.168.2.2/24 gateway:202.168.125.45

24. Select valid MAC-address

A. 00:00:5E:80:EE:B0

B. 192.168.0.0/16

C. AEC8:21F1:AA44:54FF:1111:DDAE:0212:1201

D. G2:60:CF:21:99:H0

25. Where can you monitor (see addresses and ports) real-time connections which are processed by the router?

A. Firewall Connection Tracking

B. Tool Torch

C. Queue Tree

D. Firewall Counters

26. It is possible to create an encrypted PPPoE tunnel in RouterOS:

A. false

B. true

27. Action = Redirect is applied in

A. Chain=srcnat

B. Chain=dstnat

C. Chain=forward

28. Which is a default baud-rate of currently manufactured RouterBOARDs?

A. 115200

B. 11520

C. 38400

D. 9600

29. Is ARP used in the IPv6 protocol?

A. False

B. True

30. A routing table has following entries:

0 dst-address=10.0.0.0/24 gateway=10.1.5.126

1 dst-address=10.1.5.0/24 gateway=10.1.1.1

2 dst-address=10.1.0.0/24 gateway=25.1.1.1

3 dst-address=10.1.5.0/25 gateway=10.1.1.2

Which gateway will be used for a packet with destination address 10.1.5.126?

A. 10.1.1.1

B. 10.1.5.126

C. 25.1.1.1

D. 10.1.1.2

31. What is the meaning of letter "R" on an active session in the menu PPP Active Connections?

A. Running

B. Remote

C. Radius

32. What is the minimal possible wireless configuration to create an Access Point?

A. mode

B. frequency

C. DFS mode

D. band

E. scan-list

F. radio name

G. WDS

H. ssid

33. Choose all valid hosts address range for subnet 15.242.55.62/27

A. 15.242.55.31-15.242.55.62

B. 15.242.55.32-15.242.55.63

C. 15.242.55.33-15.242.55.62

D. 15.242.55.33-15.242.55.63

34. If 'check-gateway' is enabled for an ECMP route and one of the gateways is unreachable, then:

A. The unreachable gateway is not going be used in Round Robin algorithm.

B. ECMP is going to send packets to all gateways even if one is unreachable.

C. The ECMP route becomes inactive.

35. Action=redirect can be used in NAT chain src-nat

A. true

B. false

36. You have 802.11b/g wireless card. What frequencies are available toyou?

A. 5800MHz

B. 2412MHz

C. 5210MHz

D. 2422MHz

E. 2327MH

37. Which of the protocols below is used by Netinstall?

A. arp

B. rarp

C. dhcp

D. bootp

38. Action=redirect allows you to make?

A. Transparent DNS Cache

B. Foward DNS to another device IP address

C. Enable local service

D. Transparent HTTP Proxy

39. Which of the following protocols / port s are used for SNMP. (Simple Network Management Protocol)

A. UDP 162

B. TCP 25

C. TCP 123

D. TCP 161

E. TCP 162

F. UDP 161

40. Which is correct masquerade rule for 192.168.0.0/24 network on the router with outgoing interface=ether1

A. /ip firewall nat add action=masquerade chain=srcnat

B. /ip firewall nat add action=masquerade chain=srcnat srcaddress=192.168.0.0/24

C. /ip firewall nat add action=masquerade out-interface=ether1 chain=dstnat

D. /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1

41. What letters appear next to a route, which is automatically created by RouterOS when user adds a valid address to an active interface?

A. I

B. S

C. C

D. D

E. A

42. Can you manually add drivers to RouterOS in case your PCI Ethernet card is not recognized, and it's a driver issue?

A. Yes

B. No

43. It is possible to add user-defined chains in ip firewall mangle

A. True

B. False

44. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is a router between server and end-user host, it will not be able to create PPPoE tunnel to that PPPoE server.

A. True

B. False

45. How long is an IPv6 address?

A. 128 bits

B. 128 bytes

C. 32 bits

D. 64 bits

46. One host on an internal network is accessing an external web page through a MikroTik router that is doing source NAT. Select correct statement about the packets that flow from that web page to the host?

A. Packets go through the input chain before the routing decision and after that through output chain

B. Packets go through the forward chain

C. Packets go through the output chain

D. Packets go through the input chain

47. From which of the following locations can you obtain Winbox?

A. Router webpage

B. Files menu in your router

C. Via the console cable

D. Mikrotik.com

48. Where is a hub specified in the OSI model?

A. Session layer

B. Application layer

C. Physical layer

D. Data Link layer

49. A DHCP server is configured on a LAN interface which is a port on a bridge. The DHCP server does not start. What could be the reason(s)?

A. There may be multiple IP addresses set on the LAN interface

B. There might not be an IP address assigned to the LAN Interface

C. The DHCP server cannot run on an interface which is also a bridge port

D. The IP address pool could be incorrectly defined

50. Which wireless mode allows you to connect to any standard AP (not only MikroTik) and to be able to bridge this wireless interface to an Ethernet?

A. station

B. bridge

C. station-pseudobridge

D. station-wds

51. Two Host, A and B, are connected to broadcast LAN. Select all the answer showing pairs of IP address/mask which would allow IP connections to be established between the two hosts

A: 10.1.2.66/25 and B:10.1.2.109/26

B. A: 10.2.2.1/23 and B: 10.2.0.1/22

C. A: 10.1.2.192/24 and B: 10.1.2.129/26

D. A: 10.2.1.0/23 and B: 10.2.0.1/22

52. Select valid subnet masks:

A. 255.255.224.0

B. 255.255.192.255

C. 192.0.0.0

D. 255.192.0.0

53. Why is it useful to set a Radio Name on the radio interfaces?

A. To identify a station in a list of connected clients

B. To identify a station in the Access List

C. To identify a station in Neighbor discovery

54. The correct order for PPPOE discovery stage is

A. Initialization, Session confirmation, Request and Offer

B. Request, Initialization, Session confirmation and Offer

C. Request, Offer, Initialization and Session confirmation

D. Initialization, Offer, Request and Session confirmation

55. Simple Queue number 0 defines 2M for upload and download for target IP 10.10.0.33. Simple Queue number 1 defines 4M for upload and download for target IP 10.10.0.33. Client 10.10.0.33 is be able to obtain

A. 0M upload/download

B. 6M upload/download

C. 4M upload/download

D. 2M upload/download

56. Router A and B are both running as PPPoE servers on different broadcast domains of your network. Is it possible to set Router A to use "/ppp secret" accounts from Router B to authenticate PPPoE customers?

A. Yes

B. No

57. What kind of users are listed in the "/user" menu?

A. pptp users

B. wireless users

C. router users

D. Hot-Spot users

58. Mikrotik RouterOS DHCP client can receive following options

A. Byte limit

B. IP Gateway

C. Rate Limit

D. Uptime Limit

E. IP Address and Subnet

59. It is possible to create a configuration where VLAN and PPTP interfaces are bridged together.

A. FALSE

B. TRUE

60. A client that has successfully connected to a wireless network is considered to be which of the following? Choose all that apply:

A. Authenticated

B. Associated

C. Unassociated

D. Unauthenticated

61. Which of the following is true for connection tracking

A. Connection tracking must be enabled to be able to use all firewall features

B. Disable connection tracking for mangle to work

C. Connection tracking must be enabled for NAT'ed network

D. Enabling connection tracking reduces CPU usage in RouterOS

62. The hotspot feature can be used only on ethernet interfaces. You have to use a separate access point if you want to use this feature with wireless

A. Yes

B. No

63. If ARP=reply-only is configured on an interface, this interface will

A. accept all MAC-addresses listed in '/ip arp' as static entries

B. add new MAC addresses in '/ip arp' list

C. add new IP addresses in '/ip arp' list

D. accept IP and MAC address combinations listed in '/ip arp' list

E. accept all IP addresses listed in '/ip arp' as static entries

64. When backing up your router by using the 'Export' command, the following happens:

A. The Export file can be edited with a standard text editor after its creation

B. Winbox usernames and passwords are backed up

C. You are requested to give the export file a name

65. If you need to make sure that one computer in your Hotspot network can access the internet without Hotspot authentication, which menu allows you to do this?

A. Users

B. IP bindings

C. Walled-garden

D. Walled-garden IP

66. Which statements are true regarding ICMP packets?

ICMP guarantees datagram delivery.

ICMP can provide hosts with information about network problems.

ICMP is encapsulated within IP datagrams.

ICMP is encapsulated within UDP datagrams.

A. 1 only

B. 2 and 3

C. 1 and 4

D. All of the above

67. How many different priorities can be selected for queues in Mikrotik RouterOS?

A. 8

B. 16

C. 0

D. 1

68. When sending out an ARP request, an IP host is expecting what kind of address for an answer?

A. IP address

B. VLAN ID

C. MAC Address

D. 802.11g

69. To connect your MikroTik router to a wireless access point, you have to:

A. Use the same Band (5 GHz, 2.4 GHz, ...)

B. Use the same Radio Name

C. Use the same SSID as on accesspoint

70. Select minimal set of software packages in RouteOS required to configuring a wireless AP

A. advanced-tools

B. System

C. routing

D. dhcp

E. Wireless

71. What does this simple queue do (check the image)?

A. Queue guarantees download data rate of one megabit per second for host 192.168.1.10

B. Queue guarantees upload data rate of one megabit per second for host 192.168.1.10

C. Queue limits host 192.168.1.10 upload data rate to one megabit per second.

D. Queue limits host 192.168.1.10 download data rate to one megabit per second.

72. You have 10 users plugged into a hub running 10Mbps half-duplex. There is a server connected to the switch running 10Mbps half-duplex as well. How much bandwidth does each host have to the server?

A. 2 Mbps

B. 1 Mbps

C. 10 Mbps

D. 100 kbps

73. Which default route will be active?

/ip routeadd disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.1

add disabled=no distance=5 dst-address=0.0.0.0/0 gateway=2.2.2.2

A. Route via gateway 1.1.1.1

B. Route via gateway 2.2.2.2

74. There can be more than one PPPoE server in a single broadcast domain:

A. True

B. False

75. If you wish to block user access to MSN messenger, which chain should the firewall rule be placed in?

A. output

B. input

C. process

D. forward

76. Action=redirect allows you to make

A. Transparent HTTP Proxy

B. Transparent DNS Cache

C. Forward DNS to another device IP address

D. Enable Local Service

77. A network ready device is directly connected to a MikroTik RouterBOARD 750 with a correct U.T.P. RJ45 functioning cable. The device is configured with an IPv4 address of 192.168.100.70 using a subnet mask of 255.255.255.252. What will be a valid IPv4 address for the RouterBOARD 750 for a successful connection to the device?

A. 192.168.100.71/255.255.255.252

B. 192.168.100.69/255.255.255.252

C. 192.168.100.68/255.255.255.252

D. 192.168.100.70/255.255.255.252

78. You need to reboot a RouterBoard after importing a previously exported rsc file to activate the new configuration.

A. False

B. True

79. To block communications between wireless clients connected to the same access point interface, you should set

A. 'max-station-count=1'

B. 'default-authentication=no'

C. 'default-forwarding=no'

D. 'default-authentication=no' and 'default-forwarding=no'

80. Why is it useful to set a Radio Name on the radio interface?

A. To identify a station in a list of connected clients

B. To identify a station in the Access List

C. To identify a station in Neighbor discovery

81. Which type of encryption could be used to establish a connection with a simple passkey without using a 802.1X authentication server?

A. WPA PSK/WPA2 PSK

B. WPA EAP/WPA2 EAP

82. You want to use PCQ and allow 256k maximum download and upload for each client. Choose correct argument values for the required queue.

A. kind=pcq pcq-rate=1256000 pcq-classifier=dst-address

B. kind=pcq pcq-rate=5000000 pcq-classifier=dst-address

C. kind=pcq pcq-rate=5000000 pcq-classifier=src-address

D. kind=pcq pcq-rate=256000 pcq-classifier=src-address

E. kind=pcq pcq-rate=256000 pcq-classifier=dst-address

83. You want to transfer existing '/ip firewall filter' configuration from one router to a new system.

Choose the best possible way to do:

A. Export only '/ip firewall filter'

B. Create backup only of '/ip firewall filter' rules

C. Create backup, edit backup file and restore on target router

D. Export global configuration and remove everything apart from '/ip firewall filter'

84. Router A and B are both running as PPPoE servers on different broadcast domains of your network. It is possible to set Router A to use "/ppp secret" accounts from Router B to authenticate PPPoE customers.

A. false

B. true

85. You want to implement a mechanism that automates the IP configuration, including IP address, subnet mask, default gateway, and DNS information. Which protocol will you use to accomplish this?

A. SNMP

B. ARP

C. DHCP

D. SMTP

86. What does the firewall action "Redirect" do? Select all true statements.

A. Redirects a packet to a specified port on the router

B. Redirects a packet to the router

C. Redirects a packet to a specified port on a host in the network

D. Redirects a packet to a specified IP

87. You have a DHCP server on your MikroTik router. The IP addresses 10.1.2.2-10.2.2.20 are distributed in the DHCP network. Additionally, 3 static IP address are defined for your servers: 10.1.2.31-10.1.2.33.

After a while 20 more IP addresses need to be distributed in the network. It is possible to distribute the extra IP address without adding another DHCP Server:

A. False

B. True

88. Destination NAT (chain dstnat, action dst-nat) can be used to:

A. Change destination port

B. Hide your local network from the Internet

C. Direct users from the Internet to a server within your local network

D. Change source port

89. What protocol does PPP use to identify the Network layer protocol?

A. LCP

B. HDLC

C. NCP

D. ISDN

90. Which facts are correct about backup files?

A. Includes files stored in /files

B. Editable

C. Includes username and password from /user

D. Includes all router configurations

91. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These flags mean:

A. Dynamic, Available, Created

B. Dynamic, Active, Console

C. Direct, Available, Connected

D. Dynamic, Active, Connected

92. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package:

A. routing

B. no extra package required

C. dhcp

D. advanced-tools

93. Is it possible to limit how many clients are able to connect to an access point?

A. Yes, but only with access-lists

B. No it's not possible at all

C. Yes

94. Mark all correct answers.

A. Wireless access-list could allow and deny connect to your AP

B. Default-Forwarding could be enabled for a specific clients by wireless access-list

C. /ip firewall filter allows to deny authentication to AP

D. The only way to prevent wireless clients connections - disable wireless interface

95. Which router command allows you to view the entire contents of all access lists?

A. show interface

B. show all access-lists

C. show ip interface

D. show access-lists

96. NStreme works only on 40mhz Channel width

A. True

B. False

97. Which option in the configuration of a wireless card must be disabled to cause the router to permit ONLY known clients listed in the access list to connect?

A. Security Profile

B. Default Forward

C. Default Authenticate

D. Enable Access List

98. There are two wireless cards (wlan1 and wlan2) which are bridged together. On wlan1 card there is a setting

"Forwarding=no". Choose the correct answer(s):

A. Stations on wlan2 will be able to communicate with stations on wlan1

B. Stations on wlan1 will be able to communicate with stations on wlan1

C. Stations on wlan1 will be able to communicate with stations on wlan2

D. Stations on wlan2 will be able to communicate with stations on wlan2

E. To prevent communication between wlan1 and wlan2 one cannot use Bridge Filters

99. During a scan, in order to see all the available wireless frequencies that are supported by the card, the following option must be selected in the wireless card's "Frequency Mode":

A. manual txpower

B. regulatory domain

C. superchannel

100. How many wireless clients can connect, when wireless card is configured to mode=bridge?

A. 2007

B. 100

C. 1

D. 2

101. What is the default TTL (time to live) on a router that an IP packet can experience before it will be discarded?

A. 1

B. 30

C. 60

D. 64

102. When adding a static route, you must always ensure that you add both the gateway and the interface.

A. True

B. False

103. To make all DNS request coming from your network to resolve on your router (regardless of clients configuration), which action would you specify for the DST-NAT rule?

A. Masquerade

B. Dst-nat

C. You can't use DST-NAT to achieve this

D. Redirect

104. The first two rules in the forward chain of the filter table are :/ip firewall filter add chain=forward connection-state=established action=accept/ip firewall filter add chain=forward connection-state=invalid action=dropconnection-state=related packets are not filtered by the rules above

A. True

B. False

105. /interface wireless access list is used for

A. Shows a list of Client's MAC address that are already registered at AP

B. Authenticate Hotspot users

C. Handles a list of Client's MAC Address to permit/deny connection to AP

D. Contains the security profiles settings

106. On the advanced menu of the wireless setup there is a parameter called "Area", it works directly with:

A. None of these

B. Connect List

C. Security Profile

D. Access List

107. What is the address range of a Class B network address in binary?

A. 01xxxxxx

B. 10xxxxxx

C. 0xxxxxxx

D. 110xxxxx

108. In RouterOS queue configurations the word "total" ussually represents

A. download - upload

B. upload + download

C. download

D. upload

109. Which class of IP address provides a maximum of only 254 host addresses per network ID?

A. Class B

B. Class C

C. Class A

D. Class D

110. What PPP protocol provides dynamic addressing, authentication, and multilink?

A. NCP

B. HDLC

C. LCP

D. X.25

111. In case when router login password is lost, it is necessary to reinstall RouterOS or use hardware reset function.

A. True

B. False

112. What protocol is used to find the hardware address of a local device?

A. ICMP

B. IP

C. ARP

D. RARP

113. Possible actions of ip firewall filter are:

A. Tarpit

B. Tarp

C. Bounce

D. Add-to-address-list

E. Log

F. Accept

114. Which of the following is the valid host range for the subnet on which the IP address 192.168.168.188 255.255.255.192 resides?

A. 192.168.168.128-192

B. 192.168.168.128-190

C. 192.168.168.129-190

D. 192.168.168.129-191

115. Mark the queue types that are available in RouterOS

A. RED - Random Early Detect (or Drop)

B. LIFO - Last In First Out

C. FIFO - First In First Out (for Bytes or for Packets)

D. DRR - Deficit Round Robin

E. PCQ - Per Connection Queuing

F. SFQ - Stochastic Fairness Queuing

116. Which software version can be installed onto the following RouterBoard types?

A. Routeros-x86-x.xx.npk on a RB1100

B. Routeros-mipsbe-x.xx.npk on a RB133

C. Routeros-mipsle-x.xx.npk on a RB133

D. Routeros-powerpc-x.xx.npk on a RB333

E. Routeros-mipsbe-x.xx.npk on a RB433

117. Which port does PPTP use by default?

A. UDP 1723

B. TCP 1723

C. UDP 1721

D. TCP 1721

118. Which firewall chain should you use to filter clients HTTP traffic going through the router?

A. prerouting

B. forward

C. output

D. input

119. PPP Secrets are used for

A. L2TP clients

B. Router users

C. PPTP clients

D. PPP clients

E. IPSec clients

F. PPPoE clients

120. Which of the following allows a router to respond to an ARP request that is intended for a remote host?

A. Proxy ARP

B. Inverse ARP (IARP)

C. Reverse ARP (RARP)

D. Gateway DP

121. WPA 2 Pre Shared key (PSK) is enabled on AP, all your clients have to use the same PSK. Only Virtual AP could be used to allow clients to connect with a different PSK.

A. True

B. False

122. Which of the following actions are available for '/ip firewall mangle' (select all valid actions)

A. Change MSS

B. Mark connection

C. Accept

D. Jump

E. Drop

F. Mark packet

123. You need to set up an E1(T1) connection with PPP configured. Which License Level is needed?

A. Level 4

B. It cannot be done in RouterOS

C. Level 5

124. An IP address pool can contain address from more than one subnet

A. True

B. False

125. Which features are removed when advanced-tools packages is uninstalled?

A. Neighbors

B. Ip-scan

C. Netwatch

D. LCD support

E. Ping

F. Bandwith-test

126. Rate Flapping can be avoided by

A. Choose larger channels (40 Mhz instead of 20 Mhz)

B. Reduce supported rates

C. Change ap-bridge to bridge

D. Set basic rates to only one data rate like 24 Mbps

127. Mark possible connection states in the connection tracking table

A. Related

B. Invalid

C. Closed

D. Established

E. Syn

F. New

128. Which options should be used when you want to prevent access from one specific address to your router web interface?

A. Group setting for System users

B. Firewall Filter Chain Input

C. Firewall Filter Chain Forward

D. WWW service from IP Services

129. Which queue-type is suitable for congested environment but not good on UDP?

A. PCQ

B. BFIFO

C. PFIFO

D. RED

E. SCQ

130. How many IP addresses can one find in the header of an IP packet?

A. 1

B. 3

C. 2

D. 4

131. Using wireless connect-list it's possible to prioritize connection to one Access Point over another Access Point by changing the order of the entries.

A. True

B. False

132. RouterOS log messages are stored on disk by default

A. False

B. True

133. Which of the following is the decimal and hexadecimal equivalents of the binary number 10011101?

A. 155, 0x9B

B. 157, 0x9D

C. 185, 0xB9

D. 159, 0x9F

134. Which of the following are TCP/IP protocols used at the Application layer of the OSI model?

IP

TCP

Telnet

FTP

TFTP

A. 1, 3 and 5

B. 1 and 3

C. All of the above

D. 3, 4 and 5

135. MikroTik RouterOS commands can be run once a day by:

A. /system watchdog

B. /system scheduler

C. /system cron

136. Which of the following is used in standard 802.11 wireless networks?

A. CSMA/CA

B. CSMA/CD

C. CDMA

D. FDD

137. Choose correct statements for MikroTik proxy (MULTI)

A. Controls domains or servers which are allowed to cache by Proxy

B. To deny access to a specific website, caching should be enabled

C. Destination NAT rule is required to utilize transparent proxy facility

D. Can deny access to a specific domains or servers, but not specific web pages

138. What can be used as ’target-address’ in the simple queue? (ONE)

A. server’s address

B. client’s address

C. client’s MAC address

D. address list name

139. A MikoTik PPPoE Server can be used only within a broadcast domain, that is, users can not run PPPoE protocol with a server if there is a router between the customer and that PPPoE server.

A. TRUE

B. FALSE 

140. What is marked by connection-state=established matcher? (ONE)

A. Packet begins a new TCP connection

B. Packet does not correspond to any known connection

C. Packet is related to, but not part of an existing connection

D. Packet belongs to an existing connection, for example a reply packet or a packet which belongs to already replied connection

141. To be able to do NAT the connection tracking does not need to be enabled.

A. TRUE

B. FALSE

142. If a packet comes to a router and starts a new, previously unseen connection, which connection state would be applied to it? (ONE)

A. established

B. unknown

C. new

D. invalid

E. no connection state would be applied to such packet

143. How many usable IP addresses are there in a 20-bit subnet? (ONE)

A. 2047

B. 4094

C. 2048

D. 2046

E. 4096

144. Hotspot ip-binding is used to allow access to Internet web servers specifying the IP address of the web server instead of the URL.

A. TRUE

B. FALSE

145. Netinstall can be used to (MULTI)

A. Keep configuration, but reset a lost admin password

B. Install different software version (upgrade or downgrade)

C. Install package for different hardware architecture

D. Reinstall software without losing license

146. You have a wireless interface with SSID="WAN1"mode="ap-bridge" and a VirtualAP with SSID="VAP1" on the router. Is it possible to use nstreme protocol? (ONE)

A. No, Nstreme can not be used on wireless interface if a VirtualAP is on it.

B. Yes, but Nstreme can be used only for SSID=VAP1.

C. Yes, but Nstreme can be used only for SSID=WLAN1.

D. Yes, Nstreme can be used for both SSIDs

 147. /store allows you to save to external disk (MULTI)

A. web-proxy data

B. system configuration

C. dude data

D. User-Manager data

148. You wish to secure your RouterOS system. You do not want the RouterOS to be discoverable using MNDP or CDP locally. You also want to deny management via the MAC addresses on all interfaces. Select the correct actions to accomplish this. (MULTI)

A. Remove/Disable the Interfaces

B. Add a Deny All input firewall rule

C. Place a proper input firewall rule to block mac discovery

D. Place a proper forward firewall rule to block mac discovery

E. Remove/Disable all discovery interfaces

F. Remove/Disable all interfaces under mac-server telnet

G. Remove/Disable all interfaces under mac-Server winbox

149. You need to redirect a browser page from a search of "xxx" in google to another website such as www.mikrotik.com

Choose correct proxy access rule. (ONE)

A. /ip proxy access add dst-host=*.google.* path=*xxx* action=deny redirect-to=www.mikrotik.com

B. /ip proxy access add path=*xxx* action=allow redirect-to=www.mikrotik.com

C. /ip proxy access add dst-host=*xxx* action=allow redirect-to=www.mikrotik.com

D. /ip proxy access add dst-host=*xxx* action=deny redirect-to=www.mikrotik.com

150. Is it possible to have PPTP Client and PPTP server on one MikroTik router at the same time?

A. TRUE

B. FALSE

151. In which situations can Netinstall NOT be used to install a RouterBOARD? (MULTI)

A. The router does not have an operating system

B. The router is connected only to a secondary Ethernet port

C. You do not know the password of the router

D. The router is connected only to a wireless network

152. Check the allowed input formats for wireless scan-list. (MULTI)

A. 5500 5700

B. 5500 - 5700

C. 5500/5700

D. 5500,5700

E. 5500-5700

153. Collisions are possible in full-duplex Ethernet networks

A.TRUE

B. FALSE

154. You would like to allow multiple logins with one user name on a HotSpot server. How should this be configured? (MULTI)

A. Set "Shared Users" option at /ip hotspot

B. It's not possible

C. Set "only-one=no' at /ip hotspot

D. Set "Shared Users" option at /ip hotspot user profile

 

155. What wireless modes can be used in a WDS setup? (MULTI)

A. station-wds

B. ap-bridge

C. nstreme-dual-slave

D. bridge

E. station

 

156. Which rule is used to block SMTP protocol from Lan interface for clients? (ONE)

A. /ip firewall filter add chain=forward protocol=tcp dst-port=25 action=drop in-interface=Lan

B. /ip firewall filter add chain=input protocol=tcp  dst-port=25 action=drop in-interface=Lan

C. /ip firewall filter add chain=forward dst-port=25 action=drop in-interface=Lan

D. /ip firewall filter add chain=output protocol=tcpdst-port=25 action=drop in-interface=Lan

 

157. The highest queue priority is?

A. 1

B. 16

C. 8

D. 256

 

158. A client uses a RouterBOARD1000.The clock is configured in '/system clock'. The clock resets to default after each reboot.

Select the best solution for the problem. (MULTI)

A. Configure '/system ntp server' and set a valid and reachable NTP client address.

B. Configure '/system ntp client' and set a valid and reachable NTP server address.

C. Write a script in '/system script' to set the clock

D. Open the router and ensure the CMOS battery is fine

 

159. When backing up your router by using the 'Export' command, the following happens: (MULTI)

A. You are requested to give the export file a name

B. Winbox usernames and passwords are backed up

C. The Export file can be edited with a standard text editor after its creation

 

160. Select which of the following are 'Public IP addresses': (MULTI)

A. 10.110.50.37

B. 172.28.73.21

C. 192.168.0.1

D. 172.168.254.2

E. 11.63.72.21

 

161. Define a routing loop (choose the most precise description) (ONE)

A. situation where the TTL of the packet expires

B. situation where the packet is routed through the same router twice

C. Situation where the packet does not reach it\'s destination

D. situation where the packet is routed through the same sequence of routers until the TTL expires

 

162. What can you do with Netinstall? (MULTI)

A. Reinstall RouterOS

B. Install Linux

C. Reset password in RouterOS

D. Add configuration to RouterOS

 

163. The basic unit of a physical network (OSI Layer 1) is the: (ONE)

A. Byte

B. Header

C. Bit

D. Frame

164. Which of the following would prevent unknown clients from connecting to your AP? Choose the BEST answer. (ONE)

A. Uncheck "Default Authenticate" in the wireless card configuration, and add each known client's MAC address to your access-list configuration ensuring that you enable "authenticate" in the entry

B. Add each known client's MAC address to your access-list configuration is the only step needed

C. Configure the radius server under "/radius"

D. Check the "Do not permit unknown client" box in the wireless configuration

E. Uncheck "Default Authenticate" in the wireless card configuration, and add each known client's MAC address to your connect-list configuration

 

165. You want to share the same user and password for different computers. Which menu is used for configuration? (MULTI)

A. /ip hotspot walled-garden

B. /ip hotspot user profile

C. /ip hotspot profile

D. /ip hotspot ip-binding

 

166. You can not use OSPF and RIP routing protocols simultaneously on the RouterOS.

TRUE/FALSE

 

167. When adding a user to your local ppp secrets/ppp profiles database, it is possible to (MULTI)

A. Allow/deny use of more than one login by this user

B. Set max values for total transferred bytes (up- and download)

C. Allow login by pppoe and pptp, but deny login by l2tp

D. Deny services (like telnet) only for this user or for one group of users

E. Allow only pppoe login

 

168. What is true about Bandwidth Test Tool? (select all that apply) (MULTI)

A. Only work on MikroTik Router OS

B. Can be downloaded on default router webpage

C. Tests throughput between two MikroTik devices

D. Can be used to monitor throughput to a remote device

 

169. Using wireless connect-list it’s possible to prioritize connection to one Access Point over another Access Point by changing the order of the entries.

TRUE/FALSE

 

170. Action=redirect can be used in NAT chain src-nat

TRUE/FALSE

 

171. Mark all packages required for PPPoE server on MikroTik RouterOS (MULTI)

A. synchronous

B. radius

C. user-manager

D. ppp

E. system

 

172. It is impossible to disable user "admin" at the menu "/user"

TRUE/FALSE

 

173. It is required to make a web server on a private LAN visible on the Public Internet. Only the web server port should be visible to the public. Which of the following configuration steps must be met. (select all that apply) (MULTI)

A. A route between the NAT Router and the webserver must exist

B. Connection Tracking must be enabled on NAT router

C. LAN address of the webserver should be routable on the internet

D. in ip firewall NAT there should be a dst-nat between the public ip of the router and the private ip of the webserver

E. Public IP address of the webserver must be installed on the NAT Router

 

174. A backup file from a MikroTik router is stored in plain text format

TRUE/FALSE

 

175. What configuration is added by /ip hotspot setup command? (select all that apply) (MULTI)

A. /queue tree

B. /ip hotspot walled-garden

C. /ip hotspot user

D. /ip service

E. /ip dhcp-server

 

176. /interface wireless access-list is used for (MULTI)

A. Shows a list of Client's MAC Address that are already registered at AP

B. Handles a list of Client's MAC Address to permit/deny connection to AP

C. Contains the security profiles settings

D. Authenticate Hotspot users

 

177. What action should be used to inform source that packets reached destination, but was not accepted ? (ONE)

A. action=accept

B. action=drop

C. action=tarpit

D. action=reject

 

178. In which order are the entries in Access List and Connect List processed? (ONE)

A. By Signal Strength Range

B. In sequence order

C. In a random order

D. By interface name

 

179. You want to skip HotSpot (authorization, accounting, etc.) for a specific host. What should you use? (ONE)

A. /ip hotspot walled-garden ip

B. /ip hotspot walled-garden

C. /ip address

D. /ip hotspot ip-binding

 

180. Two mangle rules defining different mangle marks for the same traffic type, will make it have both mangle marks. 

TRUE/FALSE

 

181. Which firewall chain should you use to filter ICMP packets from the router itself? (ONE)

A. input

B. forward

C. output

D. postrouting

182. When adding a static route, you must always ensure that you add both the gateway and the interface.  

TRUE/FALSE

 

183. What does this simple queue do (check the image)? (ONE)

A. Queue limits host 192.168.1.10 download data rate to one megabit per second.

B. Queue guarantees download data rate of one megabit per second for host 192.168.1.10

C. Queue guarantees upload data rate of one megabit per second for host 192.168.1.10

D. Queue limits host 192.168.1.10 upload data rate to one megabit per second.

 

184. Router A and B are both running as PPPoE servers on different broadcast domains of your network. Is it possible to set Router A to use "/ppp secret" accounts from Router B to authenticate PPPoE customers ?

TRUE/FALSE

 

185. Is it possible for a client to get an IP address but no gateway after a successful DHCP request?

TRUE/FALSE

 

186. A network ready device is directly connected to a MikroTik RouterBOARD 750 with a correct U.T.P. RJ45 functioning cable. The device is configured with an IPv4 address of 192.168.100.70 using a subnet mask of 255.255.255.252. What will be a valid IPv4 address for the RouterBOARD 750 for a successful connection to the device? (MULTI)

A. 192.168.100.68/255.255.255.252

B. 192.168.100.69/255.255.255.252

C. 192.168.100.71/255.255.255.252

D. 192.168.100.70/255.255.255.252

 

187. The gateway router is configured with a transparent proxy with the following parameters:

 

/ip proxy access add dst-host=www.mikrotik.com action=allow

/ip proxy access add dst-host=www.mt.lv action=deny redirect-to=forum.mikrotik.com

 

188. When the user is opening www.mt.lv, what is shown in the browser? (ONE)

 

A. www.mt.lv

B. forum.mikrotik.com

C. www.mikrotik.com

 

189. Simple Queue number 0 defines 2M for upload and download for target IP 10.10.0.33.
Simple Queue number 1 defines 4M for upload and download for target IP 10.10.0.33. Client 10.10.0.33 is be able to obtain (MULTI)

A. 4M upload/download

B. 6M upload/download

C. 0M upload/download

D. 2M upload/download

 

190. Hotspot can be configured on a Virtual Access point interface

TRUE/FALSE

 

191. Wireless clients (mode=station) will work properly if bridged to Ethernet

TRUE/FALSE

 

192. Where should you upload new MikroTik RouterOS version packages for upgrading router? (ONE)

A. Any directory in /files

B. System Backup menu

C. FTP root directory or files directory of the router

D. System package menu

 

193. When sending out an ARP request, an IP host is expecting what kind of address for an answer? (MULTI)

A. VLAN ID

B. MAC Address

C. IP address

D. 802.11g

 

194. Is it possible to create a custom firewall chain and use it in both input and forward chains at the same time?

TRUE/FALSE

 

195. The following image shows a RouterOS Wireless Access List configuration.

Wireless interface "Default Authenticate" is unchecked. What will happen with clients connecting to this AP? (ONE)

A. No client is able to connect to the Wireless Access Point.

B. 00:0C:42:61:6C:90 client will connect to wlan1

C. 00:0C:42:31:38:A2 will connect to wlan1 when the signal strength is greater than -60

D. Client with mac-address 00:0C:42:31:38:A2 will connect to wlan1

 

196. HotSpot is required on the interfaces ether2, ether3, wlan1 (in ap-bridge mode).

These interfaces are bridged in the bridge1 interface.

Which interface should the HotSpot server be configured on? (ONE)

A. On wlan1 interface

B. On bridge1 interface

C. On ether3 interface

D. On ether2 interface

 

197. Mark correct statements. (MULTI)

A. Export files are not editable

B. Backup files are not editable

C. Backup files are editable

 

198. Which is the default port of IP-Winbox? (ONE)

A. TCP 8192

B. TCP 8291

C. TCP 80

D. UDP 8291

 

199. What kind of users are listed in the Secrets window of the PPP menu? (MULTI)

A. pptp users

B. winbox users

C. wireless users

D. l2tp users

E. pppoe users

F. hotspot users

 

200. For static routing functionality, additionally to the RouterOS system package, you will also need the following software package: (ONE)

A. routing

B. dhcp

C. none

D. advanced-tools

 

201. What kind of users are listed in the "/user" menu?

A. hotspot users

B. wireless users

C. router users

D. pptp users

 

202. Is action=masquerade allowed in chain=dstnat?

A. yes

B. no

C. yes, but it works only for incoming connections

D. yes, but only if dst-addr is specified

 

203. MikroTik RouterOS is sending logs to an external syslog server. Which protocol and port is

used by RouterOS for sending logs (by default)?

A. UDP 514

B. UDP 21

C. TCP 110

D. UDP 113

 

204. When "Cache On Disk" is not checked under the web proxy settings, where does the data get stored?

A. RAM (Memory)

B. System Disk

C. USB Disk

D. It does not get stored

 

205. Which options are correct ?

A. DST-NAT to define new destination address in our local network for incoming packets

B. SRC-NAT to prevent local network clients access to outside

C. SRC-NAT to prevent access from outside to our local network clients

D. DST-NAT to redirect all packets to router itself

 

206. RouterOS DHCP server is able to send any DHCP options (specified in RFCs) to DHCP

clients

TRUE/FALSE

 

207. Which of the following is NOT a valid MAC Address?

A. 88:0C:00:99:5F:EF

B. EA:BA:AA:EE:FF:CB

C. 80:GF:AA:67:13:5D

D. 13:16:86:53:89:43

E. 95:B5:DD:EE:78:8A

 

208. Possible actions of ip firewall filter are:

A. tarp

B. add-to-list

C. bounce

D. tarpit

E. log

F. accept

 

209. You have a router with configuration

- Public IP :202.168.125.45/24

- Default gateway:202.168.125.1

- DNS server: 248.115.148.136, 248.115.148.137

- Local IP: 192.168.2.1/24

 

Mark the correct configuration on client PC to access to the Internet

A. IP:192.168.2.2/24 gateway:202.168.125.45

B. IP:192.168.2.115/24 gateway: 192.168.2.1

C. IP:192.168.0.1/24 gateway:192.168.2.1

D. IP:192.168.1.223/24 gateway:248.115.148.136

E. IP:192.168.2.253/24 gateway:202.168.0.1

 

210. What letters appear next to a route, which is automatically created by RouterOS when user

adds a valid address to an active interface?

A. I

B. S

C. D

D. A

E. C

 

211. There is an HTTP server 10.0.0.1 in your private network. You have made a DST-NAT rule

that sends all HTTP traffic received on your router's address 80.232.50.100 to this server. If you

make a firewall rule on the router to disallow address 159.148.20.30 to communicate with the

server, how would you identify this communication in this rule?

A. src-address=80.232.50.100 dst-address=10.0.0.1

B. src-address=159.148.20.30 dst-address=80.232.50.100

C. src-address=159.148.20.30 dst-address=10.0.0.1

D. src-address=80.232.50.100 dst-address=159.148.20.30

 

212. Choose all valid hosts address range for subnet 15.242.55.62/27

A. 15.242.55.32-15.242.55.63

B. 15.242.55.33-15.242.55.63

C. 15.242.55.31-15.242.55.62

D. 15.242.55.33-15.242.55.62

 

213. Mark the queue types that are available in RouterOS

A. SFQ – Stochastic Fairness Queuing

B. FIFO - First In First Out (for Bytes or for Packets)

C. RED – Random Early Detect (or Drop)

D. DRR - Deficit Round Robin

E. PCQ – Per Connection Queuing

F. LIFO - Last In First Out

 

214. Is it possible to limit how many clients are able to connect to an access point?

A. Yes

B. No it's not possible at all

C. Yes, but only with access-lists

 

215. Can you manually add drivers to RouterOS in case your PCI Ethernet card is not recognized,

and you suspect it is a driver issue?

YES/NO

 

216. A station can connect to AP if they both use different country regulation settings, but the

frequency chosen is allowed in both countries

TRUE/FALSE

 

217. You want to create an access point for several laptop (non-RouterOS) clients. Select all

options you can set on the MikroTik wireless interface:

A. mode=ap-bridge

B. Nstreme to optimize link

C. mode=bridge

D. Security profile for WPA encryption

 

218. It it possible to use the MikroTik Nstreme protocol with Windows wireless clients, if they

install a special driver that can be downloaded from the MikroTik webpage?

TRUE/FALSE

 

219. Making use of a narrower channel width such as 10MHz or 5MHz will increase your wireless

link speed.

TRUE/FALSE

 

220. It is necessary to configure a local DNS server to be able to give out a DNS setting to clients

via DHCP server.

TRUE/FALSE

 

221. The default value of 'target-scope' for a static route is:

A. 30

B. 1

C. 255

D. 10

 

222. You can control bandwidth of a client connected to AP with the resource / interface wireless

access-list ( assume the client uses MikroTik RouterOS).

TRUE/FALSE

 

223. Is it possible that the same IP address is included in multiple address lists and still be used by

these multiple address lists?

TRUE/FALSE

 

224. Select valid MAC-address

A. 00:00:5E:80:EE:B0

B. 192.168.0.0/16

C. AEC8:21F1:AA44:54FF:1111:DDAE:0212:1201

D. G2:60:CF:21:99:H0

 

225. MikroTik proxy features are:

A. SMTP caching

B. DNS name filtering

C. FTP caching

D. POP3 caching

E. HTTP caching

 

226. What is possible with Netinstall? (MULTI)

A. MikroTik RouterOS configuration reset

B. MikroTik RouterOS reinstall

C. MikroTik RouterOS password reset with saving router's configuration

 

227. Choose the best option to offer hotspot access to a known wireless client without HotSpot

authentication

A. /ip hotspot ip-binding

B. /ip firewall mangle

C. place Client registered MAC address in access list

D. /ip hotspot walled garden

 

228. Configuring HotSpot is possible on MikroTik RouterOS only with a wireless interface.

TRUE/FALSE

 

229. A routing table has following entries:

0 dst-address=10.0.0.0/24 gateway=10.1.5.126

1 dst-address=10.1.5.0/24 gateway=10.1.1.1

2 dst-address=10.1.0.0/24 gateway=25.1.1.1

3 dst-address=10.1.5.0/25 gateway=10.1.1.2

 

230. Which gateway will be used for a packet with destination address 10.1.5.126?

A. 25.1.1.1

B. 10.1.1.1

C. 10.1.5.126

D. 10.1.1.2

 

231. Action=redirect is applied in

A. chain=srcnat

B. chain=dstnat

C. chain=forward

 

232. You have 802.11b/g wireless card. What frequencies are available to you?

A. 5800MHz

B. 2412MHz

C. 5210MHz

D. 2422MHz

E. 2327MHz

 

233. Mark all correct statements about /export (rsc file).

A. Exports logs from /log print

B. Exports full configuration of the router

C. Exports only part of the configuration (for example /ip firewall)

D. Exports scripts from /system script

E. Exports files could not edited

 

234. What wireless card can we use to achieve 100 Mbps actual wireless throughput?

A. 802.11 b/g

B. 802.11 a/b/g

C. 802.11 a

D. 802.11 a/n

E. 802.11 a/b/g/n

 

235. It is possible to add user-defined chains in ip firewall mangle.

  YES/NO

 

236. Action=redirect allows you to make

A. Transparent DNS Cache

B. Forward DNS to another device IP address

C. Enable Local Service

D. Transparent HTTP Proxy

 

237. Which is correct masquerade rule for 192.168.0.0/24 network on the router with outgoing interface=ether1?

A. /ip firewall nat add action=masquerade chain=srcnat

B. /ip firewall nat add action=masquerade chain=srcnat src-address=192.168.0.0/24

C. /ip firewall nat add action=masquerade out-interface=ether1 chain=dstnat

D. /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1

 

238. Mark all features that are compatible with Nstreme

A. WDS between a device in station-wds mode and a device in station-wds mode

B. Encryption

C. WDS between a device in ap-bridge mode with a device in station-wds mode

D. Bridging a device in station mode with a device in ap-bridge mode

 

239. Which are necessary sections in /queue simple to set bandwidth limitation?

A. target-address, max-limit

B. target-address, dst-address, max-limit

C. target-address, dst-address

D. max-limit

 

240. What protocol is used for Ping and Trace route?

A. DHCP

B. IP

C. TCP

D. ICMP

E. UDP

 

241. In MikroTik RouterOS, Layer-3 communication between 2 hosts can be achieved by using an address subnet of: 

A. /31 

B. /29 

C. /32

D. /30

 

242. Two hosts, A and B, are connected to a broadcast LAN. Select all the answers showing pairs of IP address/mask which would allow IP connections to be established between the two hosts.

A. A: 10.1.2.66/25 and B: 10.1.2.109/26

B. A: 10.2.2.1/23 and B: 10.2.0.1/22

C. A: 10.1.2.192/24 and B: 10.1.2.129/26

D. A: 10.2.1.0/23 and B: 10.2.0.1/22

 

243. Why is it useful to set a Radio Name on the radio interface?

A. To identify a station in a list of connected clients

B. To identify a station in the Access List

C. To identify a station in Neighbor discovery

 

244. MikroTik RouterOS DHCP client can receive following options

A. Byte limit

B. IP Gateway

C. Rate limit

D. Uptime limit

E. IP Address and Subnet

 

245. The HotSpot feature can be used only on ethernet interfaces. You have to use a separate access point if you want to use this feature with wireless.

TRUE/FALSE

 

246. If you need to make sure that one computer in your HotSpot network can access the Internet without HotSpot authentication, which menu allows you to do this?

A. Users

B. IP bindings

C. Walled-garden

D. Walled-garden IP

 

247. How many different priorities can be selected for queues in MikroTik RouterOS?

A. 8

B. 16

C. 0

D. 1

 

248. Which default route will be active?

/ip route

add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.1

add disabled=no distance=5 dst-address=0.0.0.0/0 gateway=2.2.2.2

A. Route via gateway 1.1.1.1

B. Route via gateway 2.2.2.2

 

249. How long is level 1 (demo) license valid?

A. 24 hours

B. Infinite time

C. 1 month

D. 1 year

 

250. NStreme works only on 40mhz channel width

TRUE/FALSE

 

251. To make all DNS requests coming from your network to resolve on your router (regardless of the clients’ configuration), which action would you specify for the DST-NAT rule?

A. masquerade

B. dst-nat

C. you can’t use DST-NAT to achieve this

D. redirect

 

252. Which software version can be installed onto the following RouterBoard types?

A. routeros-x86-x.xx.npk on a RB1100

B. routeros-mipsbe-x.xx.npk on a RB133

C. routeros-mipsle-x.xx.npk on RB133

D. routeros-powerpc-x.xx.npk on a RB333

E. routeros-mipsbe-x.xx.npk on a RB433

 

253. PPP Secrets are used for

A. L2TP clients

B. Router users

C. PPtP clients

D. IPSec clients

E. PPPoE clients

F. PPP clients

 

254. WPA 2 Pre-Shared Key (PSK) is enabled on AP, all your clients have to use the same PSK. Only Virtual AP could be used to allow clients to connect with a different PSK.

TRUE/FALSE

 

255. Which of the following actions are available for ‘/ip firewall mangle’ (select all valid actions)

A. change MSS

B. mark connection

C. accept

D. jump

E. drop

F. mark packet

 

256. OSFP area ID does not need to be unique within the AS.

TRUE/FALSE

 

257. Check all of the DHCP Server Options that are implemented for DHCP-Client and not Custom.

A. WINS Server

B. ntp server

C. DNS Server

D. subnet mask

E. tftp

F. gateway

 

258. You need to set up an E1(T1) connection with PPP configured.

Which License level is needed?

A. Level 4

B. It cannot be done in RouterOS

C. Level 5

D. Level 6

 

259. Mark queue type that uses fairness principle between sub-queues, allows users to choose classifier for sub-queues, and apply a limit to each sub-queue

A. SFQ

B. RED

C. PCQ

D. BFIFO

 

260. An IP address pool can contain addresses from more than one subnet.

TRUE/FALSE

 

261. Which features are removed when advanced-tools package is uninstalled?

A. neighbors

B. ip-scan

C. netwatch

D. LCD support

E. ping

F. bandwidth-test

 

262. Rate Flapping can be avoided by

A. Choose larger channels (40 MHz instead of 20 MHz)

B. Reduce supported rates

C. Change ap-bridge to bridge

D. Set basic rates to only one data rate like 24 Mbps

 

263. Mark possible connection states in the connection tracking table

A. Related

B. Invalid

C. Closed

D. Established

E. Syn

F. New

 

264. You have a queue structure as follows:

queue “GP” max-limit=10M

- queue “M” parent=”GP” limit-at=4M max-limit=6M

- – queue “C1″ parent=”M” limit-at=1M max-limit=7M priority=4

- – queue “C2″ parent=”M” limit-at=1M max-limit=4M priority=1

- – queue “C3″ parent=”M” limit-at=3M max-limit=7M priority=8

- queue “F” parent=”GP” limit-at=5M max-limit=8M

- – queue “D1″ parent=”F” limit-at=3M max-limit=4M priority=5

- – queue “D2″ parent=”F” limit-at=2M max-limit=5M priority=2

 

If queues “C1″ and “D2″ will not require any traffic, how the total available traffic is going to be distributed in the worst case scenario?

A. queue “C2″ will get 3M, “C3″ 2M, “D1″ 4M

B. queue “C2″ will get 2M, “C3″ 5M, “D1″ 3M

C. queue “C2″ will get 4M, “C3″ 2M, “D1″ 4M

D. queue “C2″ will get 2M, “C3″ 3M, “D1″ 5M

E. queue “C2″ will get 3M, “C3″ 3M, “D1″ 4M

 

265. A MikroTik Router has the following configuration

/ip address

add address=1.1.1.2/30 interface=ether1

add address=2.2.2.2/30 interface=ether2

add address=192.168.10.1/24 interface=ether3

 

/ip firewall mangle

add action=mark-connection chain=prerouting

dst-port=80 new-connection-mark=web_c passthrough=yes protocol=tcp

add action=mark-routing chain=prerouting

connection-mark=web_c new-routing-mark=web passthrough=no

 

/ip firewall nat

add action=masquerade chain=srcnat

out-interface=ether3

 

/ip route

add gateway=1.1.1.1

add gateway=2.2.2.2 routing-mark=web

 

What can be said about the Web Access (port 80) by a customer connected at ether3 interface with IP 192.168.10.2/24, gateway 192.168.10.1 ?

A. The customer will access the Web using the gateway 2.2.2.2

B. The Customer is unable to access the Web.

C. The Customer will access the Web by ECMP, by using both gateways 1.1.1.1 and 2.2.2.2

D. The customer will access the Web using the gateway 1.1.1.1

 

266. Which options should be used when you want to prevent access from one specific address to your router web interface?

A. Group settings for System users

B. Firewall Filter Chain Input

C. Firewall Filter Chain Forward

D. WWW service from IP Services

 

267. You need to save visited web-pages to memory logs from web-proxy. Which is the correct configuration?

A. /system logging add topics=web-proxy,debug action=memory

B. /system logging add topics=web-proxy,!debug action=disk

C. /system logging add topics=web-proxy,!debug action=remote

D. /system logging add topics=web-proxy,!debug action=memory

 

268. By default info, error and warning messages are logged into memory of your RouterOS device. You can add logging of visited web-pages and other message topics

TRUE/FALSE

 

269. Which options are necessary to use the HotSpot Universal Client feature?

A. arp=enabled on the HotSpot interface

B. /ip dhcp-server configuration

C. address-pool configuration in /ip hotspot and /ip hotspot user profile

D. /ip firewall mangle rules

 

270. What is the correct action to be specified in the NAT rule to hide a private network when communicating to the outside world?

A. tarpit

B. masquerade

C. passthrough

D. allow

 

271. What is term for the hardware coded address found on an interface?

A. MAC Address

B. Interface Address

C. FQDN Address

D. IP Address

 

272. To assign specific traffic to the route – traffic must be identified by routing mark. Each packet can have only one routing mark.

TRUE/FALSE

 

273. In Ip Firewall NAT, you can Classify Traffic in SRC Nat Chain based on " in-interface".

TRUE/FALSE

 

274. Which option in the configuration of a wireless card must be disabled to cause the router to permit ONLY known clients listed in the access list to connect?

 A. Default Forward

B. Enable Access List

C. Default Authenticate

D. Security Profile

 

275. Which of the following Routes statuses are possible?

A. D = Drop

B. C = Connected

C. S = Static

D. A = Active

 

276. How many DHCP servers could you run on one interface?

A. 255

B. 1024

C. 4

D. 1

 

277. What is the default protocol/port of (secure) winbox?

A. TCP/8080

B. TCP/22

C. UDP/5678

D. TCP/8291

 

278. Router has Wireless and Ethernet client interfaces, all client interfaces are bridged.

To create a DHCP service for all clients you must configure DHCP server on

A. only on bridge interface

B. every bridge port

C. DHCP service is not possible in this setup

D. Ethernet and wireless interfaces

 

279. What does the firewall action "Redirect" do?

A. Redirects a packet to a specified port on a host in the network

B. Redirects a packet to a specified IP

C. Redirects a packet to the router

D. Redirects a packet to a specified port on the router

 

280. Which wireless mode allows you to connect to any standard AP (not only MikroTik) and to be able to bridge this wireless interface to an Ethernet?

A. station

B. bridge

C. station-pseudobridge

D. station-wds

 

281. How many layers does Open Systems Interconnection model have?

A. 9

B. 6

C. 5

D. 7

E. 12

 

282. Which configuration menu should you use to change router's Winbox default port?

A. /ip service

B. /ip firewall service-ports

C. /ip firewall filter

D. /system resource

 

283. On the advanced menu of the wireless setup there is a parameter called “Area”, it works directly with:

A. Connect List

B. Access List

C. None of these

D. Security Profile

 

284. What menus should be used to allow certain websites to be accessed from behind a hotspot interface, without client authentication

A. ip hotspot ip-binding

B. ip hotspot profile

C. ip hotspot walled-garden

D. ip hotspot walled-garden ip

 

285. Which of the following is true for connection tracking

A. Enabling connection tracking reduces CPU usage in RouterOS

B. Connection tracking must be enabled for firewall to be effective

C. Connection tracking must be enable for NAT’ed network

D. Disable connection tracking for mangle to work

 

286. Which of these are possible solutions to bridge two networks over a wireless link:

A. Both devices in AP mode and enable WDS mode

B. One device in AP mode, another one in station-pseudobridge-clone

C. One device in AP mode, another one in station-pseudobridge

D. One device in AP mode, another one in station

 

287. You have a 802.11b/g wireless card. Which frequencies can be set?

A. 5210MHz

B. 2327MHz

C. 2422MHz

D. 2412MHz

E. 5800MHz

 

288. Action=redirect applies to

A. Route rules

B. DST-NAT rules

C. Firewall Filter rules

D. SRC-NAT rules

 

289. You need to reboot a RouterBoard after importing a previously exported rsc file to activate the new configuration.

TRUE/FALSE

 

290. If ARP=reply-only is configured on an interface, what will this interface do (MULTI)

A. Add new IP addresses in /ip arp list

B. Accept all IP/MAC combinations listed in /ip arp as static entries

C. Add new MAC addresses in /ip arp list

D. Accept all IP addresses listed in /ip arp as static entries

E. Accept all MAC-addresses listed in /ip arp as static entries

 

291. We have two radio cards in a point-to-point link with settings:

Card Nr 1.: mode=ap-bridge ssid=”office”

frequency=2447 band=2.4ghz-b/g default-authentication=yes default-forwarding=yes security-profile=wpa

 

Card Nr 2.: mode=station ssid=”office”

frequency=2412 band=2.4ghz-b/g default-authentication=yes default-forwarding=yes security-profile=wpa2

 

Is Card Nr2. able to connect to Card Nr 1.?

A. Yes, if Nstreme is enabled or disabled on both

B. Yes, when security profile settings are compatible with each other and Nstreme is enabled or disabled on both

C. No, because of the different frequencies

D. No, because of the different security profiles

 

292. Consider the following network diagram. In R1, you have the following configuration:

/ip route

add dst-address=192.168.1.0/24 gateway=192.168.99.2

 

/ip firewall nat

add chain=srcnat out-interface=Ether1 action=masquerade

 

On R2, if you wish to prevent all access to a server located at 192.168.1.10 from LAN1 devices, which of the following rules would be needed?

A. /ip firewall filter add chain=forward src-address=192.168.99.1 dst-address=192.168.1.10 action=drop

B. /ip firewall filter add chain=input src-address=192.168.99.1 dst-address=192.168.1.10 action=drop

C. /ip firewall nat add chain=dstnat src-address=192.168.99.1 dst-address=192.168.1.10 action=drop

D. /ip firewall filter add chain=forward src-address=192.168.0.0/24 dst-address=192.168.1.10 action=drop

 

293. Select which of the following are ‘Public IP addresses’:

A. 10.110.50.37

B. 11.63.72.21

C. 172.28.73.21

D. 192.168.0.1

E. 172.168.254.2

 

294. What is the maximum number of ARP entries on a MikroTik RouterOS device ?

A. Unlimited

B. 2048

C. 8192

D. 10240

 

295. Mark all correct answers: destination NAT will take place (MULTI)

A. before ip firewall filter, chain forward

B. after routing decision

C. before routing decision

D. after ip firewall filter, chain forward

 

296. Mark all correct answers

A. Default-Forwarding could be enabled for a specific clients by wireless access-list

B. The only way to prevent wireless clients connections - disable wireless interface

C. Wireless access-list could allow and deny access to your AP

D. /ip firewall filter allows to deny authentication to AP

 

297. To use masquerade, you need to specify  (ONE)

A. Action=accept, out-interface, chain=src-nat

B. Action=masquerade, in-interface, chain=src-nat

C. Action=masquerade, out-interface, chain=src-nat

D. Action=masquerade, out-interface, chain=dst-nat

 

298. How many wireless clients can connect, when wireless card is configured to mode=bridge ?  (ONE)

A. 2

B. 1

C. 2007

D. 100

 

299. Which software version can be installed on to the following RouterBoard types ? (MULTI)

A. Routeros-mipsbe-x.xx.npk on a RB433

B. Routeros-x86-x.xx.npk on a RB1100

C. Routeros-mipsle-x.xx.npk on RB133

D. Routeros-powerpc-x.xx.npk on a RB333

E. Routeros-mipsbe-x.xx.npk on a RB133

 

300. Which firewall chain you should use filter SSH access to the router itself ? (ONE)

A. Output

B. Input

C. Prerouting

D. Forward

 

301. What does the firewall action “log” do ? (ONE)

A. It logs the packet

B. It blocks and logs the packet

C. It adds a prefix to the packet and passes it through

D. It logs and blocks the packet

 

302. You have a wireless interface with SSID=”WAN1” mode=”ap-bridge” and a VirtualAP with SSID=”WAP1” on the router. Is it possible to use nstreme protocol ? (ONE)

A. Yes, but Nstreme can be used only for SSID=VAP1

B. Yes, but Nstreme can be used only for SSID=WLAN1

C. No, Nstreme can not be used on wireless interface if a VirtualAP is on it

D. Yes, but Nstreme will be used for all SSID assigned for that physical interface

 

303. Router OS can set vlan-id value from – to : (ONE)

A. 1 – 4096

B. 1 – 2049

C. 1 – 2048

D. 1 – 4095

 

304. HotSpot server is installed on the router. All IP-phones are required to have access to outside networks without any HotSpot authentication. Select the configuration options you can use to achieve this setup (MULTI)

A. /ip hotspot walled-garden ip

B. /ip hotspot ip-binding

C. /ip hotspot service-ports

 

305. Collisions are possible in full-duplex Ethernet networks

(TRUE/FALSE)

 

306. You have to connect to a RouterBoard without any previous configuration. Select all possibilities to connect and do some basic configuration (MULTI)

A. Telnet

B. Attach Monitor/Keyboard

C. Mac-Winbox

D. Serial Connection

 

307. You have a DHCP server on your MikroTik router. The IP addres 10.1.2.2 – 10.2.2.20 are distributed in the DHCP network. Additionally, 3 static IP address are defined for your servers : 10.1.2.31 – 10.1.2.33. After a while 20 more IP addresses need to be distributed in the network. Is it possible to distribute the extra IP address without adding another DHCP server ?

(TRUE/FALSE)

 

308. What protocol does ping use ? (ONE)

A. UDP

B. ARP

C. TCP

D. ICMP

 

309. In RouterOS  queue configuration the word “total” usually reports (ONE)

A. Upload

B. Download

C. Download – Upload

D. Upload + Download

 

310. Firewall NAT rules process only the first packet of each connection

(TRUE/FALSE)

 

311. Router firewall rules are:

/ip firewall filter add chain=forward action=jump jump-target=custom

/ip firewall filter add chain=custom action=passthrough

/ip firewall filter add chain=forward action=log

 

When traffic reaches the end of the ‘chain=custom’. What will happen next?

A. Traffic will be logged in chain=forward

B. Traffic will be dropped in chain=custom

C. Traffic will be accepted in chain=custom

 

312. Connection marks are stored in the connection tracking table.

(TRUE/FALSE)

 

313. Nstreme Dual can be used for (MULTI)

A. different band usage on receive and transmit

B. full-duplex wireless link

C. one wireless card with two antennas

D. wireless link redundancy

 

314. To block access to web proxies running on TCP port 8080, you have to create a firewall rule and specify: (ONE)

A. “chain”,”action”,”port”

B. “chain”,”action”,”protocol”,”port”

C. “chain”,”action”,”protocol”,”limit”

D. “chain”,”action”,”protocol”

 

315. Which of the following is true for mangle facility in RouterOS? (MULTI)

A. Mark packet can be used by other router facilities like routing and bandwidth management

B. The mangle mark can be transmitted across the network, and used by other routers

C. Mangle facility can be used to modify some fields in the IP header and TTL fields

D. Mangle facility is used to mark IP Packets with special marks for future processing

 

316. You are about to configure DNS Chache and make a static DNS rule, Your router should resolve any domain name. Which are the minimum settings you will need? (MULTI)

A. Add a new static DNS entry

B. Enable “Allow Remote Requests”

C. Configure Primary DNS server

D. Set cache size to 4096

E. Configure both Primary and Secondary DNS servers

 

317. The total-max-limit under Simple Queues will limit the combined upload and download of the target-address of your simple queue.

(TRUE/FALSE)

 

318. How many usable IP address are there in a 23-bit (255.255.254.0) subnet? (ONE)

A. 256

B. 508

C. 512

D. 510

 

319. What is the meaning  of letter “R” on an active session in the menu PPP active Connections? (ONE)

A. Running

B. Radius

C. Remote

 

320. Which is a default baud-rate of curently manufactured RouterBOARDs? (ONE)

A. 115200

B. 38400

C. 9600

D. 11520

 

321. To use your RouterOS System as a DNS cache for a local network, you have to: (MULTI)

A. Allow forwarding of DNS traffic

B. Enable “Allow Remote Requests” at DNS settings

C. Enable DHCP package

D. Configure DNS-servers at RouterOS DNS settings

 

322. Which route will be used to reach host 192.168.1.55? (ONE)

/ip route

add disable=no distance=1 dst-address=192.168.1.0/24 gateway=1.1.1.1

add disable=no distance=1 dst-address=192.168.1.0/25 gateway=2.2.2.2

add disable=no distance=1 dst-address=192.168.1.0/16 gateway=3.3.3.3

 

A. Route via gateway 3.3.3.3

B. Route via gateway 2.2.2.2

C. Route via gateway 1.1.1.1

 

323. Which of the following IP addresses are publicly routable? (MULTI)

A. 127.34.255.3

B. 172.16.13.23

C. 11.3.10.4

D. 192.158.1.4

 

324. It is necessary to have a Level 4 RouterOS License to create a wireless link between two RouterOS devices.

(TRUE/FALSE)

 

325. When clicking the ‘Backup’ button in the Files widow, the following happens (select all that apply): (MULTI)

A. You are requested to give the backup file a name

B. Backup file is saved to the computer desktop

C. Backup file is created with the data and time of its creation

D. Backup file will contain Winbox usernames and passwords

 

326. Connection tracking can be turned off on your masquerading internet gateway to improve network performance.

(TRUE/FALSE)

 

327. To limit wireless access for your HotSpot users (MULTI)

A. Create MAC Address restriction in the Wireless Access List

B. Create IP Address restriction in the Wireless Access List

C. Create MAC Address restriction on HotSpot user login

D. Create MAC Address restriction on PPP user login

 

328. Which firewall chain would be used to block a client’s MSN traffic on a router? (ONE)

A. forward

B. input

C. output

D. static

 

329. DST-NAT can process traffic sent from and through the router.

(TRUE/FALSE)

 

330. A MikroTik PPPoE Server can be used only within a broadcast domain, that is, user can not run PPPoE protocol with a server if there is a router between the customer and that PPPoE server.

(TRUE/FALSE)

 

331. In order to use dynamic keys in your security profile for an AP, you MUST set up the dhcp server to provide the dynamic keys.

(TRUE/FALSE)

 

332. When creating Nstreme Dual links in the Wireless Interface menu you must set at least the following parameters: (MULTI)

A. SSID

B. Enable Nstreme

C. Band

D. Frequency

E. None of the above

 

334. Which facility should be used, to ensure that clients with radio signal strength poorer than -90dBm can’t connect to interface wlan 1 on a MikroTik AP? Choose one answer

A. /interface wireless registration-table remove numbers=-9

B. /interface wireless set wlan1 basic-rates-a/g

C. /interface wireless access-list

D. /interface wireless security-profiles add static-transmit-key

 

335. Which computers would be able to communicate directly (without any involved) (MULTI)

A. 10.5.5.1/24 and 10.5.5.100/25

B. 192.168.0.5/26 and 192.168.0.100

C. 192.168.1715/29 and 192.168.17.20/28

D. 10.10.0.17/22 and 10.10.1.30/23

 

336. /ip route configuration on router,

/ip route add gateway=192.168.0.1

/ip route add dst-address=192.168.1.0/24 gateway=192.168.0.2

/ip route add dst-address=192.168.2.0/24 gateway=192.168.0.3

/ip route add dst-address=192.168.3.0/26 gateway=192.168.0.4

 

Router needs to send packets to 192.168.3.240. Which gateway will be used? (ONE)

A. 192.168.0.3

B. 192.168.0.2

C. 192.168.0.4

D. 192.168.0.1

 

337. What is the minimum configuration a network administrator needs to do on a MikroTik router to enable OSPF? (ONE)

A. Add an interface to OSPF interface configuration

B. Add a network to OSPF network configuration

C. Both interface and network must be added to OSPF configuration

D. Nothing; OSPF instance can run with no configuration

 

338. Destination NAT (chain dstnat, action dst-nat) can be used to: (MULTI)

A. Change source port

B. Change destination port

C. Hide your local network from the Internet

D. Direct user from the Internet to a server within your local network

 

339. MikroTik RouterOS commands can be run once a day by: (ONE)

A. /system cron

B. /system scheduler

C. /system watchdog

 

340. You want to limit bandwith for your HotSpot users. HotSpot can create dynamic queues on user login to do the speed limitation.

(TRUE/FALSE)

 

341. Which of the following protocols are proprietary to MikroTik (MULTI)

A. Nstreme Dual

B. WMM

C. Nv2

D. Nstreme

E. WiMax

 

342. What is the correct action for a NAT rule on a router that should intercept SMTP traffic and send it over to a specified mail server? (ONE)

A. redirect

B. tarpit

C. dst-nat

D. passthrough

 

343. If ARP=reply-only is enabled on one router interface, router can add dynamic ARP entries for the particular interface.

(TRUE/FALSE)

 

344. DNS configuration of the router,

/ip dns static add address=192.168.0.1 name=www.test.com

Computer DNS server address is router, You are sending ping to www.test.com from the computer. Which is the resolved address? (ONE)

A. www.test.com is resolved as 204.12.0.60

B. www.test.com is resolved as 192.168.0.1

C. it is not possible to resolve www.test.com

 

345. DHCP server is configured on a router’s ether1 interface. IP address 192.168.0.100/24 is assigned to the interface. Possible IP Pools, that can be used by this DHCP server, are: (MULTI)

A. 192.168.0.1-192.168.0.99, 192.168.0.101-192.168.0.254

B. 192.168.0.1-192.168.0.254

C. 192.168.0.1-192.168.0.14

D.192.168.0.1-192.168.0.255

 

346. Mark all features that can be used to assign bandwidth limitation for a group users? (MULTI)

A. AP-limit in Acess Points

B. Address-list

C. Queue Tree

D. Mangle

E. NAT

 

347. In a wireless network it is decided to comply with 802.11a protocol standard. To enable turbo mode, which is the correct configuration? (ONE)

A. 12^th channel, 40mhz wide

B. 5^th channel, 5mhz wide

C. 6^th channel, 40mhz wide

D. 5^th channel, 10mhz wide

 

348. Mark all the configurations where RouterOS is utilizing the DNS client feature (MULTI)

A. Layer-7 packet filter configuration

B. Hotspot configuration

C. Web-proxy configuration

D. PPP configuration

 

349. Connection state in MikroTik RouterOS is the same thing as TCP state elsewhere?

(TRUE/FALSE)

 

350. Select all the RouterOS software packages required for configuring a wireless AP (MULTI)

A. advance-tools

B. dhcp

C. system

D. routing

E. wireless

 

351. A PC with IP 192.168.1.2 can access internet, and static ARP has been set for that IP address on gateway. When the PC Ethernet card failed, the user change it with a new card and set the same IP for it.

What else should be done? (MULTI)

A. Nothing-it will work as before

B. Another IP has to be added for internet access

C. Old static ARP entry on gateway has to be udated for the new card

D. MAC-address of the new card has to be changed to MAC address of old card

 

352. You need to allow HTTP access to www.mikrotik.com for all HotSpot users without authorization. What should you use? (ONE)

A. /ip hotspot walled-garden ip

B. /ip hotspot ip-binding

C. /ip hotspot user

D. /ip hotspot walled-garden

 

353. While troubleshooting a network from inside the network, you discover that you can ping the gateway reliably, but you cannot browse the Internet. Skype, however, works flawlessly. What is the most likely issue?

A. The computer did not get an IP address

B. DNS is not available

C. Masquerading rule is not applied

D. Network card and/or cable is not working

 

354. Which RouterOS packages should be installed on router for SSH server support?

A. advanced-tools

B. system

C. ssh

D. security

 

355. Where are HotSpot authorized clients shown?

A. /ip hotspot user

B. /ip hotspot host

C. /ip hotspot

D. /ip hotspot active

 

356. Select valid subnet masks:

A. 255.255.224.0

B. 255.192.0.0

C. 192.0.0.0

D. 255.255.192.255

 

357. /ip firewall nat

add chain=dstnat in-interface=ether1 protocol=tcp dst-port=3389 action=dst-nat to-address=192.168.1.2 to-ports=81

 

The command shown above:

A. Forwards any TCP traffic incoming through ether1 port 81 to the port 3389 of the internal host 192.168.1.2

B. Forwards all TCP traffic from 192.168.1.2 to port 81 of the interface ether1

C. Forwards any TCP traffic incoming through ether1 port 3389 to the port 81 of the internal host 192.168.1.2

D. Adds IP address 192.168.1.2 to the interface ether1

 

358. You want to transfer existing '/ip firewall filter' configuration from one router to a new system. Choose the best possible way to do:

A. Create backup, edit backup file and restore on target router

B. Export global configuration and remove everything apart from '/ip firewall filter'

C. Export only '/ip firewall filter'

D. Create backup only of '/ip firewall filter' rules

 

359. What could be monitored by Torch?

A. Src. Address

B. None of the above is correct

C. Protocol

D. Dst. Address

E. Dst. Port

F. Vlan ID