Beruflich Dokumente
Kultur Dokumente
Which options can be used when you want to prevent access from one specific address
to your router web interface?
□ A Firewall Filter Chain Input
□ B. WWW service from IP Services
□ C. Group settings for System users
□ D. Firewall Filter Chain Forward
2. Which configuration menu should you use to change router's Winbox default port ?
o A /ip firewall service-ports
o B /ip service
o C /system resource
o D /ip firewall filter
4. You want to use PCQ and allow 256k maximum download and upload for each client. Choose
correct argument values for the required queue.
□ A kind=pcq pcq-rate=256000 pcq-classifier=src-address
□ B kind=pcq pcq-rate=256000 pcq-classifier=dst-address
□ C kind=pcq pcq-rate=5000000 pcq-classifier=src-address
□ D kind=pcq pcq-rate=5000000 pcq-classifier=dst-address
□ E kind=pcq pcq-rate=1256000 pcq-classifier=dst-address
7. How many different priorities can be selected for queues in MikroTik RouterOS?
o A 1
o B 8
o C 0
o D 16
8. It is required to make a web server on a private LAN visible on the Public Internet. Only the web
server port should be visible to the public. Which of the following configuration steps must be
met. (select all that apply)
□ A in ip firewall NAT there should be a dst-nat between the public ip of the router and
the private ip of the webserver
□ B Connection Tracking must be enabled on NAT router
□ C Public IP address of the webserver must be installed on the NAT Router
□ D LAN address of the webserver should be routable on the internet
□ E A route between the NAT Router and the webserver must exist
9. You have to connect to a RouterBOARD without any previous configuration. Select all
possibilities to connect and do some basic configuration
□ A Telnet
□ B Attach monitor/keyboard
□ C MAC-Winbox
□ D Serial Connection
/ip route
add disabled=no distance=1 dst-address=192.168.1.0/24 gateway=1.1.1.1
add disabled=no distance=1 dst-address=192.168.1.0/25 gateway=2.2.2.2
add disabled=no distance=1 dst-address=192.168.0.0/16 gateway=3.3.3.3
12. What will happen if "Default forward" is disabled in wireless menu on a RouterOS AP?
o A Only clients with matching access control list rule will be able to connect to the AP
o B Clients will not be able to connect to the AP
o C AP will not be able to connect to the clients
o D Clients will not be able to connect to each other
13. Which firewall chain should you use to filter ICMP packets from the router itself?
o A postrouting
o B input
o C forward
o D output
14. Is it possible to limit how many clients are able to connect to an access point?
o A Yes, but only with access-lists
o B No it's not possible at all
o C Yes
16. Simple Queue number 0 defines 2M for upload and download for target IP 10.10.0.33.
Simple Queue number 1 defines 4M for upload and download for target IP 10.10.0.33.
The maximum bandwidth that the client 10.10.0.33 is be able to obtain is:
o A 4M upload/download
o B 6M upload/download
o C 0M upload/download
o D 2M upload/download
17. Mark correct statement.
o A Backup files are editable
o B Export files are not editable
o C Backup files are not editable
18. When frequency mode is set to ‘regulatory domain’ in wireless interface configuration:
o A It restricts operation to only the permitted channels and transmit powers according
to the value of country selected
o B It ignores all restrictions
o C It ignores transmit power restrictions, but obeys frequency limitations for the value
of country selected
o D Allows any transmit power to be set with any frequency
19. Select statements that are true regarding the following command:
/ip route add dst-address=172.16.4.0/24 gateway=192.168.4.2
o A 5.6.6.6
o B the required route is not in the routing table.
o C both - half of the traffic will be routed through one gateway, half through the other.
o D 5.5.5.5
21. For static routing functionality, additionally to the RouterOS 'system' package, you will also need
the following software package:
o A no extra package required
o B routing
o C advanced-tools
o D dhcp
22. What is the meaning of the status letter "R" on a PPPoE client interface in RouterOS Interfaces
menu?
o A Radius
o B Running
o C Remote
o D Reconnecting
23. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there
is a router between server and end-user host,it will not be able to create PPPoE tunnel to that
PPPoE server. {True/False)
CPE configuration:
-- wlan1 is in 'Station-Bridge' mode
-- Bridge1 has wlan1 and ether1 as ports
Select protocols that will pass from ether1 on the CPE to ether1 on the Access Point.
□ A BGP
□ B Firewire
□ C IPv4
□ D PPPoE
□ E DHCP
□ F IPv6
□ G USB
□ H ARP
26. If ARP=reply-only is configured on an interface, this interface will
o A accept all IP addresses listed in '/ip arp' as static entries
o B add new IP addresses in '/ip arp' list
o C accept all MAC-addresses listed in '/ip arp' as static entries
o D add new MAC addresses in '/ip arp' list
o E accept IP and MAC address combinations listed in '/ip arp' list
27. Router has wireless and ethernet client interfaces, all client interfaces are bridged. To create a
DHCP service for all clients, DHCP server must be configured on:
o A Every bridge port
o B Ethernet and wireless interfaces
o C Only on the bridge interface
o D DHCP service is not possible in this setup
28. How many wireless clients can connect, when wireless card is configured to mode=bridge ?
o A 100
o B 1
o C 2007
o D 2
29. Consider the following network diagram. In R1, you have the following configuration:
/ip route
add dst-address=192.168.1.0/24 gateway=192.168.99.2
On R2, if you wish to prevent all access to a server located at 192.168.1.10 from LAN1 devices,
which of the following rules would be needed?
o A /ip firewall filter add chain=input src-address=192.168.99.1 dst-
address=192.168.1.10 action=drop
o B /ip firewall nat add chain=dstnat src-address=192.168.99.1 dst-address=192.168.1.10
action=drop
o C /ip firewall filter add chain=forward src-address=192.168.0.0/24 dst-
address=192.168.1.10 action=drop
o D /ip firewall filter add chain=forward src-address=192.168.99.1 dst-
address=192.168.1.10 action=drop
30. One host on an internal network is accessing an external web page through a MikroTik router
that is doing source NAT. Select correct statement about the packets that flow from that web
page to the host ?
o A Packets go through the input chain
o B Packets go through the output chain
o C Packets go through the forward chain
o D Packets go through the input chain before the routing decision and after that
through output chain
31. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These
flags mean:
o A Dynamic, Available, Created
o B Dynamic, Active, Console
o C Dynamic, Active, Connected
o D Direct, Available, Connected
33. When sending out an ARP request, an IP host is expecting what kind of address for an answer?
□ A VLAN ID
□ B 802.11g
□ C MAC Address
□ D IP address
34. The RouterOS graphing is used for
o A bandwidth limitation
o B average traffic and resource usage display
o C real-time traffic and resource usage display
o D bandwidth testing
39. Which of the following would prevent unknown clients from connecting to your AP? Choose the
BEST answer.
o A Add each known client's MAC address to your access-list configuration is the only step
needed
o B Uncheck 'Default Authenticate' in the wireless card configuration, and add each
known client's MAC address to your access-list configuration ensuring that you
enable 'authenticate' in the entry
o C Uncheck 'Default Authenticate' in the wireless card configuration, and add each
known client's MAC Address to your connect-list configuration
o D Configure the radius server under '/radius'
o E Check the 'Do not permit unknown client' box in the wireless configuration
40. Which option in the configuration of a wireless card must be disabled to cause the router to
permit ONLY known clients listed in the access list to connect?
o A Enable Access List
o B Security Profile
o C Default Authenticate
o D Default Forward
42. Which are necessary sections in /queue simple to set bandwidth limitation?
o A target-address, max-limit
o B target-address, dst-address
o C max-limit
o D target-address, dst-address, max-limit
43. A client uses a RouterBOARD1000.The clock is configured in '/system clock'. The clock resets to
default after each reboot. Select the best solution for the problem.
□ A Open the router and ensure the CMOS battery is fine.
□ B Write a script in '/system script' to set the clock
□ C Configure '/system ntp client' and set a valid and reachable NTP server address.
□ D Configure '/system ntp server' and set a valid and reachable NTP client address.
45. Mark all features that can be help to assign bandwidth limitation for a group of users?
□ A NAT
□ B Queue Tree
□ C Address-list
□ D Mangle
46. Rate Flapping can be avoided by
o A Reduce supported rates
o B Change ap-bridge to bridge
o C Choose larger channels (40 MHz instead of 20 MHz)
o D Set basic rates to only one data rate like 24 Mbps
47. Is it possible to have PPTP Client and PPTP server on one MikroTik router at the same time?
(True/False)
48. Two mangle rules defining different mangle marks for the same traffic type, will make it have
both mangle marks {TRUE/FALSE}
49. In which order are the entries in Access List and Connect List processed?
o A In a random order
o B By interface name
o C In sequence order
o D By Signal Strength Range
50. Can you manually add drivers to RouterOS in case your PCI Ethernet card is not recognized, and
you suspect it is a driver issue?
o A Yes
o B No
51. A MikoTik PPPoE Server can be used only within a broadcast domain, that is, users can not run
PPPoE protocol with a server if there is a router between the customer and that PPPoE server.
(TRUE/FALSE)
52. You have a wireless interface with SSID="WAN1"mode="ap-bridge" and a VirtualAP with
SSID="VAP1" on the router. Is it possible to use nstreme protocol?
o A No, Nstreme can not be used on wireless interface if a VirtualAP is on it.
o B Yes, but Nstreme can be used only for SSID=VAP1.
o C Yes, but Nstreme can be used only for SSID=WLAN1.
o D Yes, Nstreme can be used for both SSIDs
53. In MikroTik RouterOS, Layer-3 communication between 2 hosts can be achieved by using an
address subnet of:
□ A /32
□ B /31
□ C /29
□ D /30
54. To make all DNS requests coming from your network to resolve on your router (regardless of the
clients' configuration), which action would you specify for the DST-NAT rule?
o A redirect
o B you can't use DST-NAT to achieve this
o C dst-nat
o D masquerade
57. When backing up your router by using the 'Export' command, the following happens:
□ A You are requested to give the export file a name
□ B The Export file can be edited with a standard text editor after its creation
□ C Winbox usernames and passwords are backed up
67. Where can you monitor (see addresses and ports) real-time connections which are processed by
the router ?
□ A Tool Torch
□ B Firewall Connection Tracking
□ C Queue Tree
□ D Firewall Counters
74. To apply bandwith restriction using Simple queue on traffic that travels from one bridge port to
another bridge port within same bridge interface, following must be done:
o A Use mangle to mark the connection
o B Associate the Simple queue to the bridge interface
o C Enable 'Use IP Firewall' in bridge settings
o D Configure an IP address on the bridge interface
75. Action of type 'masquerade' in IP -> Firewall -> NAT is a 'special case' of the following action :
o A redirect
o B netmap
o C same
o D src-nat
o E dst-nat
76. Assuming a functional wireless interface is present and working, is it possible to create a
wireless access point with level 5 license ?
o A No, only with level 6 license
o B Yes
o C No, Only with level 4 license
o D No, only with level 3 license
77. Destination NAT (chain dstnat, action dst-nat) can be used to :
□ A Change source port
□ B Direct users from the Internet to a server within your local network
□ C Change destination port
□ D Hide your local network from the Internet
83. Router A and B are both running as PPPoE servers on different broadcast domains of your
network. It is possible to set Router A to use "/ppp secret" accounts from Router B to
authenticate PPPoE customers. (TRUE/FALSE)
84. If a packet comes to a router and starts a new, previously unseen connection, which connection
state would be applied to it?
o A established
o B no connection state would be applied to such packet
o C invalid
o D new
o E unknown
85. To block communications between wireless clients connected to the same access point
interface, you should set
o A 'default-authentication=no' and 'default-forwarding=no'
o B 'default-forwarding=no'
o C 'max-station-count=1'
o D 'default-authentication=no'
88. In the Route List, the identification DAb for a route stands for
o A direct - active - bgp
o B direct - acknowledge - backup
o C dynamic - active - backup
o D dynamic - active – bgp
89. It is possible to have PPTP Client and PPTP server on one MikroTik router at the same time.
(TRUE/FALSE)
90. More than one DHCP relay can be used on the same interface. (TRUE/FALSE)
o A Forwards any TCP traffic incoming through ether1 port 3389 to the port 81 of the
internal host 192.168.1.2
o B Forwards all TCP traffic from 192.168.1.2 to port 81 of the interface ether1
o C Adds IP address 192.168.1.2 to the interface ether1
o D Forwards any TCP traffic incoming through ether1 port 81 to the port 3389 of the
internal host 192.168.1.2