1.

 In IP firewall filter, "dst-limit" option is used to limit the number of hops a packet is allowed to take

2. Sort queue types by processor work-load, first is less consumptive.

A. PCQ, PFIFO, RED

B. PFIFO, RED, PCQ

C. PCQ, RED, PFIFO

D. PFIFO, PCQ, RED

3. In RouterOS queue configurations the word "total" usually represents

A. upload

B. upload + download

C. download - upload

D. download
4. Which features are removed when advanced-tools package is uninstalled?

A. ping

B. LCD support

C. ip-scan

D. netwatch

E. bandwidth-test

F. neighbors
5. You set up a brand new router to be a HotSpot gateway. Run the wizard and pick Ether2 as
HotSpot interface. Everything else is set to defaults and you do not configure any additional Firewall
or NAT rules. 

Connect laptop to Ether2 and try to browse to www.yourcompany.com, but you are redirected to the
login page. You do not log in because you want hotspot users to access www.yourcompany.com
without having to log in, so you want to add www.yourcompany.com to the Walled Garden list. 

You start the Winbox client and attempt to connect to the router, but encounter an error. Why can\'t
you connect to the router with Winbox?

A. Access to router management is blocked on ALL

interfaces when you are not logged in to hotspot.

B. You must add www.yourcompany.com to your

Walled Garden list BEFORE you run the Hotspot wizard.

C. Winbox is blocked when hotspot is enabled, you

must connect to the router with Telnet or SSH instead.

D. Access to router management is blocked on hotspot

interface when you are not logged in to hotspot.
6. What does this simple queue do (check the image)?
 A. Queue guarantees download data rate of one
megabit per second for host 192.168.1.10

B. Queue limits host 192.168.1.10 upload data rate to

one megabit per second.

C. Queue guarantees upload data rate of one megabit

per second for host 192.168.1.10

D. Queue limits host 192.168.1.10 download data rate

to one megabit per second.

7. Which of the following actions have an implicit "passthrough"? (select all that apply)

A. accept

B. log

C. add src to address list

D. passthrough

E. drop
8. Firewall NAT rules process only the first packet of each connection.

9. You want to offer a static route to your DHCP clients (besides the default-route). What is the best
way to do that?

A. Set DHCP options 121

B. There is no way to send a static-route to DHCP

clients

C. Set a static IP into /ip route and it will automatically

be sent to clients

D. Set DHCP options 3

10. Which of the following is true for mangle facility in RouterOS?

A. Mangle facility is used to mark IP packets with

special marks for future processing

B. Marks packet can be used by other router facilities

like routing and bandwidth management

C. Mangle facility can be used to modify some fields in

the IP header and TTL fields

D. The mangle mark can be transmitted across the

network, and used by other routers
11. You want to use PCQ and allow 256k maximum download and upload for each client. Choose
correct argument values for the required queue.

A. kind=pcq pcq-limit=256000 pcq-classifier=dst-

address

B. kind=pcq pcq-limit=1256000 pcq-classifier=dst-

address

C. kind=pcq pcq-limit=5000000 pcq-classifier=src-

address

D. kind=pcq pcq-limit=256000 pcq-classifier=src-

address
 E. kind=pcq pcq-limit=5000000 pcq-classifier=dst-
address
12. Same IP address can be included in multiple address-lists, and these lists can be used separate
from one another.

13. You have a queue structure: 

queue "GP" max-limit=10M 
- queue "M" parent="GP" limit-at=4M max-limit=6M 
- - queue "C1" parent="M" limit-at=1M max-limit=7M priority=4 
- - queue "C2" parent="M" limit-at=1M max-limit=4M priority=1 
- - queue "C3" parent="M" limit-at=3M max-limit=7M priority=8 
- queue "F" parent="GP" limit-at=5M max-limit=8M 
- - queue "D1" parent="F" limit-at=3M max-limit=4M priority=5 
- - queue "D2" parent="F" limit-at=2M max-limit=5M priority=2 

If queues "C2" and "C3" are not requiring any traffic, how is all the 
available bandwidth going to be distributed in worst case scenario when all other queues are trying to
get all available traffic?

A. queue "C1" will get 3M, "D2" 3M, "D1" 5M

B. queue "C1" will get 2M, "D2" 5M, "D1" 3M

C. queue "C1" will get 5M, "D2" 2M, "D1" 3M

D. queue "C1" will get 4M, "D2" 7M, "D1" 4M

E. queue "C1" will get 4M, "D2" 3M, "D1" 3M

14. If a packet comes to a router and starts a new, previously unseen connection, which connection
state would be applied to it?

A. no connection state would be applied to such packet

B. invalid

C. established

D. unknown

E. new
15. An IP packet has matched all the conditions of a firewall rule and the action reject and the option
icmp-network-unreachable was initiated for that packet. What will happen with the packet content ?

A. The packet will be discarded regardless of its

content

B. The whole packet will be forwarded back to the

sender regardless of its contents

C. The packet will be rejected only if the destination

network is unreachable

D. The packet header will receive a flag of \\\"icmp-

network-unreacheble\\\"
16. The gateway router is configured with a transparent proxy with the following parameters: 

/ip proxy access add dst-host=www.mikrotik.com action=allow 

/ip proxy access add dst-host=www.mt.lv action=deny redirect-to=forum.mikrotik.com 

When the user is opening www.mt.lv, what is shown in the browser?

A. forum.mikrotik.com

B. www.mt.lv
 C. www.mikrotik.com
17. You need to redirect a browser page from a search of \"xxx\" in google to another website such
as www.mikrotik.com 

Choose correct proxy access rule.

A. /ip proxy access add dst-host=*.google.* path=*xxx*

action=deny redirect-to=www.mikrotik.com

B. /ip proxy access add path=*xxx* action=allow

redirect-to=www.mikrotik.com

C. /ip proxy access add dst-host=*xxx* action=deny

redirect-to=www.mikrotik.com

D. /ip proxy access add dst-host=*xxx* action=allow

redirect-to=www.mikrotik.com
18. Possible actions of ip firewall filter are:

A. log

B. tarpit

C. add-to-list

D. accept

E. tarp

F. bounce
19. Mangle allows you to mark IP packets with special marks, that can be used for routing and
bandwidth management. The mangle facility can also be used to modify some fields in the IP header,
like TOS (DSCP) and TTL fields. These mangle marks can then be used across multiple routers in the
network. 

20. Interface HTB can be specified as a parent for a simple queue, this way applying simple queue
only for traffic that is leaving through that interface

21. Simple Queue number 0 defines 2M for upload and download for target IP 10.10.0.33. 
Simple Queue number 1 defines 4M for upload and download for target IP 10.10.0.33. Client
10.10.0.33 is be able to obtain

A. 6M upload/download

B. 2M upload/download

C. 0M upload/download

D. 4M upload/download
22. You have a queue structure: 

queue "GP" max-limit=10M 

- queue "M" parent="GP" limit-at=4M max-limit=6M 
- - queue "C1" parent="M" limit-at=1M max-limit=7M priority=4 
- - queue "C2" parent="M" limit-at=1M max-limit=4M priority=1 
- - queue "C3" parent="M" limit-at=2M max-limit=7M priority=8 
- queue "F" parent="GP" limit-at=5M max-limit=8M 
- - queue "D1" parent="F" limit-at=3M max-limit=4M priority=5 
- - queue "D2" parent="F" limit-at=2M max-limit=5M priority=2 

Which queue will get more than limit-at in worst case scenario? 
 A. D2

B. D1

C. C1

D. C3

E. C2
23. Which RouterOS management methods can be used encrypted?

A. Telnet

B. API

C. SSH

D. Winbox

E. Webfig
24. What is the maximum client connections that can be allowed on MikroTik Web Proxy?

A. 1024

B. 8080

C. Dynamic, depending on available resources

D. 1536

E. 65536
25. What is marked by connection-state=established matcher?

A. Packet begins a new TCP connection

B. Packet belongs to an existing connection,for

example a reply packet or a packet which belongs to already
replied connection

C. Packet is related to, but not part of an existing

connection

D. Packet does not correspond to any known

connection