------------------------------------------------------------------------------------- SET - 2 -------------------------------------------------------------------------------------

1. Action=redirect is applied in
a. chain=srcnat
b. chain=dstnat
c. chain=forward

2. You have 802.11b/g wireless card. What frequencies are available to you?
a. 5800MHz
b. 2412MHz
c. 5210MHz
d. 2422MHz
e. 2327MHz

3. Mark all correct statements about /export (rsc file).

a. Exports logs from /log print
b. Exports full configuration of the router
c. Exports only part of the configuration (for example /ip firewall)
d. Exports scripts from /system script
e. Exports files could not edited

4. What wireless card can we use to achieve 100 Mbps actual wireless throughput?
a. 802.11 b/g
b. 802.11 a/b/g
c. 802.11 a
d. 802.11 a/n
e. 802.11 a/b/g/n

5. It is possible to add user-defined chains in ip firewall mangle

True
False

6. Choose all valid hosts address range for subnet 15.242.55.62/27

a. 15.242.55.31-15.242.55.62
b. 15.242.55.32-15.242.55.63
c. 15.242.55.33-15.242.55.62
d. 15.242.55.33-15.242.55.63

7. Action=redirect allows you to make

a. Transparent DNS Cache
b. Forward DNS to another device IP address
c. Enable Local Service
d. Transparent HTTP Proxy

8. Which is correct masquerade rule for 192.168.0.0/24 network on the router with outgoing interface=ether1?
a. /ip firewall nat add action=masquerade chain=srcnat
b. /ip firewall nat add action=masquerade chain=srcnat src-address=192.168.0.0/24
c. /ip firewall nat add action=masquerade out-interface=ether1 chain=dstnat
d. /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1

9. What letters appear next to a route, which is automatically created by RouterOS when user adds a valid address to an active interface?
a. I
b. D
c. A
d. S
e. C

10. Mark all features that are compatible with Nstreme

a. WDS between a device in station-wds mode and a device in station-wds mode
b. Encryption
c. WDS between a device in ap-bridge mode with a device in station-wds mode
d. Bridging a device in station mode with a device in ap-bridge mode

11. Can you manually add drivers to RouterOS in case your PCI Ethernet card is not recognized, and it’s a driver issue?
a. Yes
b. No

12. For static routing functionality, additionally to the RouterOS system package, you will also need the following software package:
a. none
b. dhcp
c. routing
d. advanced-tools
13. Which are necessary sections in /queue simple to set bandwidth limitation?
a. target-address, max-limit
b. target-address, dst-address, max-limit
c. target-address, dst-address
d. max-limit

14. What protocol is used for Ping and Trace route?

a. DHCP
b. IP
c. TCP
d. ICMP - ping
e. UDP – trace route

15. From which of the following locations can you obtain Winbox?
a. Router’s webpage
b. Files menu in your router
c. Via the console cable
d. mikrotik.com

16. Two hosts, A and B, are connected to a broadcast LAN. Select all the answers showing pairs of IP address/mask which would allow IP
connections to be established between the two hosts.
a. A: 10.1.2.66/25 and B: 10.1.2.109/26
b. A: 10.2.2.1/23 and B: 10.2.0.1/22
c. A: 10.1.2.192/24 and B: 10.1.2.129/26
d. A: 10.2.1.0/23 and B: 10.2.0.1/22

17. Why is it useful to set a Radio Name on the radio interface?

a. To identify a station in a list of connected clients
b. To identify a station in the Access List
c. To identify a station in Neighbor discovery

18. What kind of users are listed in the Secrets window of the PPP menu?
a. pptp users
b. l2tp users
c. winbox users
d. wireless users
e. pppoe users
f. hotspot users

19. Router A and B are both running as PPPoE servers on different broadcast domains of your network. Is it possible to set Router A to use “/ppp
secret” accounts from Router B to authenticate PPPoE customers ?
Yes
No

20. MikroTik RouterOS DHCP client can receive following options

a. Byte limit
b. IP Gateway
c. Rate limit
d. Uptime limit
e. IP Address and Subnet
------------------------------------------------------------------------------------- SET - 3 -------------------------------------------------------------------------------------

1. If you need to make sure that one computer in your HotSpot network can access the Internet without HotSpot authentication, which menu
allows you to do this?
a. Users
b. IP bindings
c. Walled-garden
d. Walled-garden IP

2. How many different priorities can be selected for queues in MikroTik RouterOS?
a. 8
b. 16
c. 0
d. 1

3. Which default route will be active? /ip route add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.1 add disabled=no distance=5
dst-address=0.0.0.0/0 gateway=2.2.2.2
a. Route via gateway 1.1.1.1
b. Route via gateway 2.2.2.2

4. How long is level 1 (demo) license valid?

a. 24 hours
b. Infinite time
c. 1 month
d. 1 year

5. Is ARP used in the IPv6 protocol ?

True
False

6. In MikroTik RouterOS, Layer-3 communication between 2 hosts can be achieved by using an address subnet of:
a. /30
b. /29
c. /32
d. /31

7. A PC with IP 192.168.1.2 can access internet, and static ARP has been set for that IP address on gateway. When the PC Ethernet card failed, the
user change it with a new card and set the same IP for it. What else should be done? [multiple answers]

a. Old static ARP entry on gateway has to be updated for the new card
b. Nothing – it will work as before
c. MAC-address of the new card has to be changed to MAC address of old card
d. Another IP has to be added for Internet access

8. How many usable IP addresses are there in a 20-bit subnet?

a. 2047
b. 4096
c. 2048
d. 2046
e. 4094

9. What is the default TTL (time to live) on a router that an IP packet can experience before it will be discarded ?
a. 60
b. 30
c. 1
d. 64

10. The network address is

a. The first usable address of the subnet
b. The last address of the subnet
c. The first address of the subnet

11. Which ones of the following are valid IP addresses? [multiple answers]

a. 192.168.13.255
b. 1.27.14.254
c. 10.10.14.0
d. 192.168.256.1
12. Which of the following is NOT a valid MAC Address?
a. 95:B5:DD:EE:78:8A
b. 13:16:86:53:89:43
c. 80:GF:AA:67:13:5D
d. 88:0C:00:99:5F:EF
e. EA:BA:AA:EE:FF:CB

13. If ARP=reply-only is configured on an interface, what will this interface do

a. Add new IP addresses in /ip arp list
b. Accept all IP/MAC combinations listed in /ip arp as static entries
c. Accept all MAC-addresses listed in /ip arp as static entries
d. Add new MAC addresses in /ip arp list
e. Accept all IP addresses listed in /ip arp as static entries

14. What is term for the hardware coded address found on an interface?
a. IP Address
b. Interface Address
c. MAC Address
d. FQDN Address

15. Which of the following IP addresses are publicly routable?

a. 127.34.155.3
b. 192.168.1.4
c. 172.16.13.23
d. 11.3.10.4

16. What protocol does ping use?

a. UDP
b. TCP
c. ARP
d. ICMP

17. MAC layer by OSI model is also known as

a. Layer 3
b. Layer 7
c. Layer 2
d. Layer 6
e. Layer 1

18. How many layers does Open Systems Interconnection model have?
a. 12
b. 6
c. 9
d. 5
e. 7

19. How many IP addresses can one find in the header of an IP packet?
a. 3
b. 4
c. 1
d. 2

20. The basic unit of a physical network (OSI Layer 1) is the:

a. Byte
b. Frame
c. Bit
d. Header
------------------------------------------------------------------------------------- SET - 4 -------------------------------------------------------------------------------------

1. You have a router with configuration

- Public IP :202.168.125.45/24
- Default gateway:202.168.125.1
- DNS server: 248.115.148.136, 248.115.148.137
- Local IP: 192.168.2.1/24
Mark the correct configuration on client PC to access to the Internet
a. IP:192.168.0.1/24 gateway:192.168.2.1
b. IP:192.168.2.253/24 gateway:202.168.0.1
c. IP:192.168.1.223/24 gateway:248.115.148.136
d. IP:192.168.2.115/24 gateway: 192.168.2.1
e. IP:192.168.2.2/24 gateway:202.168.125.45

2. On the advanced menu of the wireless setup there is a parameter called “Area”, it works directly with:
a. Connect List
b. Access List
c. None of these
d. Security Profile

3. What menus should be used to allow certain websites to be accessed from behind a hotspot interface, without client authentication
a. ip hotspot ip-binding
b. ip hotspot profile
c. ip hotspot walled-garden
d. ip hotspot walled-garden ip

4. You want to use PCQ and allow 256k maximum download and upload for each client. Choose correct argument values for the required queue.
a. kind=pcq pcq-limit=1256000 pcq-classifier=dst-address
b. kind=pcq pcq-limit=256000 pcq-classifier=dst-address
c. kind=pcq pcq-limit=5000000 pcq-classifier=src-address
d. kind=pcq pcq-limit=256000 pcq-classifier=src-address
e. kind=pcq pcq-limit=5000000 pcq-classifier=dst-address

5. Which of the following is true for connection tracking

a. Enabling connection tracking reduces CPU usage in RouterOS
b. Connection tracking must be enabled for firewall to be effective
c. Connection tracking must be enable for NAT’ed network
d. Disable connection tracking for mangle to work

6. Which of these are possible solutions to bridge two networks over a wireless link:
a. Both devices in AP mode and enable WDS mode
b. One device in AP mode, another one in station-pseudobridge-clone
c. One device in AP mode, another one in station-pseudobridge
d. One device in AP mode, another one in station

7. When backing up your router by using the ‘Export’ command, the following happens:
a. Winbox usernames and passwords are backed up
b. The Export file can be edited with a standard text editor after its creation
c. You are requested to give the export file a name

8. You need to reboot a RouterBoard after importing a previously exported rsc file to activate the new configuration.
True
False

9. It is impossible to disable user “admin” at the menu “/user”

True
False

10. If a packet comes to a router and starts a new, previously unseen connection, which connection state would be applied to it?
a. no connection state would be applied to such packet
b. new
c. unknown
d. invalid
e. established

11. We have two radio cards in a point-to-point link with settings:

Card Nr 1.: mode=ap-bridge ssid=”office”
frequency=2447 band=2.4ghz-b/g default-authentication=yes default-forwarding=yes security-profile=wpa
Card Nr 2.: mode=station ssid=”office”
frequency=2412 band=2.4ghz-b/g default-authentication=yes default-forwarding=yes security-profile=wpa2
Is Card Nr2. able to connect to Card Nr 1.?
a. Yes, if Nstreme is enabled or disabled on both
b. Yes, when security profile settings are compatible with each other and Nstreme is enabled or disabled on both
c. No, because of the different frequencies
d. No, because of the different security profiles

12. If you need to make sure that one computer in your HotSpot network can access the Internet without HotSpot authentication, which menu
allows you to do this?
a. Walled-garden IP
b. Walled-garden
c. Users
d. IP bindings

13. Consider the following network diagram. In R1, you have the following configuration:
/ip route
add dst-address=192.168.1.0/24 gateway=192.168.99.2
/ip firewall nat
add chain=srcnat out-interface=Ether1 action=masquerade

On R2, if you wish to prevent all access to a server located at 192.168.1.10 from LAN1 devices, which of the following rules would be needed?
a. /ip firewall filter add chain=forward src-address=192.168.99.1 dst-address=192.168.1.10 action=drop
b. /ip firewall filter add chain=input src-address=192.168.99.1 dst-address=192.168.1.10 action=drop
c. /ip firewall nat add chain=dstnat src-address=192.168.99.1 dst-address=192.168.1.10 action=drop
d. /ip firewall filter add chain=forward src-address=192.168.0.0/24 dst-address=192.168.1.10 action=drop

14. What is the default protocol/port of (secure) winbox?

a. UDP/5678
b. TCP/8291
c. TCP/22
d. TCP/8080

15. Mark the queue types that are available in RouterOS

a. SFQ – Stochastic Fairness Queuing
b. DRR – Deficit Round Robin
c. FIFO – First In First Out (for Bytes or for Packets)
d. LIFO – Last In First Out
e. PCQ – Per Connection Queuing
f. RED – Random Early Detect (or Drop)

16. A network ready device is directly connected to a MikroTik RouterBOARD 750 with a correct U.T.P. RJ45 functioning cable. The device is
configured with an IPv4 address of 192.168.100.70 using a subnet mask of 255.255.255.252. What will be a valid IPv4 address for the
RouterBOARD 750 for a successful connection to the device?
a. 192.168.100.70/255.255.255.252
b. 192.168.100.69/255.255.255.252
c. 192.168.100.71/255.255.255.252
d. 192.168.100.68/255.255.255.252

17. How many usable IP addresses are there in a 23-bit (255.255.254.0) subnet?
a. 512
b. 510
c. 508
d. 254

18. Is ARP used in the IPv6 protocol ?

True
False

19. Which of the following protocols / port s are used for SNMP. (Simple Network Managemnt Protocol)
a. TCP 162
b. UDP 162
c. UDP 161
d. TCP 25
e. TCP 123
f. TCP 161

20. Select which of the following are ‘Public IP addresses’:

a. 192.168.0.1
b. 172.168.254.2
c. 172.28.73.21
d. 10.110.50.37
e. 11.63.72.21

21. If ARP=reply-only is enabled on one router interface, router can add dynamic ARP entries for the particular interface.
False
True
22. MAC layer by OSI model is also known as
a. Layer 3
b. Layer 7
c. Layer 1
d. Layer 2
e. Layer 6

23. Select valid MAC-address

a. G2:60:CF:21:99:H0
b. 00:00:5E:80:EE:B0
c. AEC8:21F1:AA44:54FF:1111:DDAE:0212:1201
d. 192.168.0.0/16

24. Which computers would be able to communicate directly (without any routers involved)
a. 192.168.17.15/29 and 192.168.17.20/28
b. 192.168.0.5/26 and 192.168.0.100
c. 10.5.5.1/24 and 10.5.5.100/25
d. 10.10.0.17/22 and 10.10.1.30/2
------------------------------------------------------------------------------------- SET - 6 -------------------------------------------------------------------------------------

1. What can you do with Netinstall?

a. Reset password in RouterOS
b. Install Linux
c. Add configuration to RouterOS
d. Reinstall RouterOS

2. Consider the attached diagram:

In order for Router 1 to see all of the networks the following commands could be used (choose all answers that could work)

a. /routing add dst-address=0.0.0.0/0 gateway=10.10.0.2

b. /ip route add dst-address=0.0.0.0/0 gateway=10.10.0.2
c. /ip route add dst-address=172.16.0.0/24 gateway=10.10.0.2, /ip route add dst-address=172.32.0.0/24 gateway=10.10.0.2
d. /ip route add dst-address=172.16.0.0/24 gateway=10.10.0.2, /ip route add dst-address=172.32.0.0/24 gateway=10.50.0.2

3. Configuring HotSpot is possible on MikroTikRouterOS only with a wireless interface.

Yes

No

4. What menus should be used to allow certain websites to be accessed from behind a hotspot interface, without client authentication
a. ip hotspot ip-binding
b. ip hotspot profile
c. ip hotspot walled-garden ip
d. ip hotspot walled-garden

5. For static routing functionality, additionally to the RouterOS system package, you will also need the following software package:
a. none
b. routing
c. advanced-tools
d. dhcp

6. Netinstall can be used to

a. Install different software version (upgrade or downgrade)
b. Keep configuration, but reset a lost admin password
c. Reinstall software without losing licence
d. Install package for different hardware architecture

7. In which order are the entries in Access List and Connect List processed?
a. By interface name
b. In sequence order
c. By Signal Strength Range
d. In a random order

8. In Winbox, Hide Passwords unchecked shows passwords for the following

a. RouterOS user
b. Hotspot User
c. RADIUS shared secret
d. PPP secrets

9. Which options should be used when you want to prevent access from one specific address to your router web interface?
a. Firewall Filter Chain Forward
b. Firewall Filter Chain Input
c. Group settings for System users
d. WWW service from IP Services

10. Which of the following would prevent unknown clients from connecting to your AP? Choose the BEST answer.
a. Check the "Do not permit unknown client" box in the wireless configuration
b. Uncheck "Default Authenticate" in the wireless card configuration, and add each known client's MAC address to your access-list configuration
ensuring that you enable "authenticate" in the entry
c. Add each known client's MAC address to your access-list configuration is the only step needed
d. Uncheck "Default Authenticate" in the wireless card configuration, and add each known client's MAC address to your connect-list configuration
e. Configure the radius server under "/radius"

11. Can you manually add drivers to RouterOS in case your PCI Ethernet card is not recognized, and you suspect it is a driver issue?
a. Yes
b. No

12. Mark the queue types that are available in RouterOS

a. SFQ – Stochastic Fairness Queuing
b. RED – Random Early Detect (or Drop)
c. FIFO - First In First Out (for Bytes or for Packets)
d. DRR - Deficit Round Robin
e. LIFO - Last In First Out
f. PCQ – Per Connection Queuing

13. Check the allowed input formats for wireless scan-list.

a. 5500 5700
b. 5500-5700
c. 5500,5700
d. 5500 - 5700
e. 5500/5700

14. Choose all valid hosts address range for subnet 15.242.55.62/27
a. 15.242.55.31-15.242.55.62
b. 15.242.55.33-15.242.55.63
c. 15.242.55.33-15.242.55.62
d. 15.242.55.32-15.242.55.63

15. After putting this rule: /ipfirewall add chain=input action=drop, you will still be able to access the Router using the mac-address.
Yes

16. You need to reboot a RouterBoard after importing a previously exported rsc file to activate the new configuration.

True
False

17. What is necessary for PPPoE client configuration?

a. ip firewall nat masquerade rule
b. Interface (on which PPPoE client is going to work)
c. Static IP address on PPPoE client interface

18. In order to use dynamic keys in your security profile for an AP, you MUST set up the dhcp server to provide the dynamic keys.

19. You have a router with configuration

- Public IP :202.168.125.45/24
- Default gateway:202.168.125.1
- DNS server: 248.115.148.136, 248.115.148.137
- Local IP: 192.168.2.1/24

Mark the correct configuration on client PC to access to the Internet

a. IP:192.168.0.1/24 gateway:192.168.2.1
b. IP:192.168.2.2/24 gateway:202.168.125.45
c. IP:192.168.1.223/24 gateway:248.115.148.136
d. IP:192.168.2.115/24 gateway: 192.168.2.1
e. IP:192.168.2.253/24 gateway:202.168.0.1

20. Router OS can set vlan-id value from - to :

a. 1-2049
b. 1-4096
c. 1-4095
d. 1-2048

21. Collisions are possible in full-duplex Ethernet networks

True
False

22. Where can you monitor (see addresses and ports) real-time connections which are processed by the router?
a. Queue Tree
b. Tool Torch
c. Firewall Counters
d. Firewall Connection Tracking

23. Action=redirect applies to

a. SRC-NAT rules
b. DST-NAT rules
c. Firewall Filter rules
d. Route rules

24. What does this simple queue do (check the image)?

a. Queue limits host 192.168.1.10 download data rate to one megabit per second.
b. Queue guarantees download data rate of one megabit per second for host 192.168.1.10
c. Queue guarantees upload data rate of one megabit per second for host 192.168.1.10
d. Queue limits host 192.168.1.10 upload data rate to one megabit per second.

25. Is it possible that the same IP address is included in multiple address lists and still be used by these multiple address lists?

a. Destination NAT rule is required to utilize transparent proxy facility

b. To deny access to a specific website, caching should be enabled
c. Controls domains or servers which are allowed to cache by Proxy
d. Can deny access to a specific domains or servers, but not specific web pages