Sunteți pe pagina 1din 17

1.

Which options can be used when you want to prevent access from one specific address to your router web interface?

A Firewall Filter Chain Input

B. WWW service from IP Services

C. Group settings for System users

D. Firewall Filter Chain Forward

2. Which configuration menu should you use to change router's Winbox default port ?

o

A

/ip firewall service-ports

o

B

/ip service

o

C /system resource

o

D /ip firewall filter

3. Possible actions of ip firewall filter are:

A tarp

B accept

C tarpit

D bounce

add-to-address-list

E

F

log

4. You want to use PCQ and allow 256k maximum download and upload for each client. Choose correct argument values for the required queue.

A kind=pcq pcq-rate=256000 pcq-classifier=src-address

B kind=pcq pcq-rate=256000 pcq-classifier=dst-address

C kind=pcq pcq-rate=5000000 pcq-classifier=src-address

D kind=pcq pcq-rate=5000000 pcq-classifier=dst-address

E kind=pcq pcq-rate=1256000 pcq-classifier=dst-address

5. To understand the operation of bridges it is essential to understand the operation of switches. Select which of the following characterize the correct operation of bridges and switches:

Both switches and bridges forward link layer broadcast

Both bridges and switches forward traffic based on layer 2 addresses

Switches are mainly software based while bridges are hardware based

Switches operate on link layer while bridges operate on physical layer

Bridges are more robust and faster than switches

A

B

C

D

E

6.

Why is it useful to set a Radio Name on the radio interface?

o

A

To identify a station in Neighbor discovery

o

B

To identify a station in a list of connected clients

o

C

To identify a station in the Access List

7. How many different priorities can be selected for queues in MikroTik RouterOS?

o

A

1

o

B

8

o

C

0

o

D

16

8. It is required to make a web server on a private LAN visible on the Public Internet. Only the web server port should be visible to the public. Which of the following configuration steps must be met. (select all that apply)

A

in ip firewall NAT there should be a dst-nat between the public ip of the router and

the private ip of the webserver

Connection Tracking must be enabled on NAT router

Public IP address of the webserver must be installed on the NAT Router

LAN address of the webserver should be routable on the internet

A route between the NAT Router and the webserver must exist

B

C

D

E

9. You have to connect to a RouterBOARD without any previous configuration. Select all possibilities to connect and do some basic configuration

A

Attach monitor/keyboard

Telnet

B

C

MAC-Winbox

D

Serial Connection

10. Which route will be used to reach host 192.168.1.55?

/ip route add disabled=no distance=1 dst-address=192.168.1.0/24 gateway=1.1.1.1 add disabled=no distance=1 dst-address=192.168.1.0/25 gateway=2.2.2.2 add disabled=no distance=1 dst-address=192.168.0.0/16 gateway=3.3.3.3

o

A

Route via gateway 3.3.3.3

o

B

Route via gateway 2.2.2.2

o

C

Route via gateway 1.1.1.1

11.

Which port does PPTP use by default?

o

A

TCP 1721

o

B

UDP 1723

o

C

UDP 1721

o

D

TCP 1723

12. What will happen if "Default forward" is disabled in wireless menu on a RouterOS AP?

o

A

Only clients with matching access control list rule will be able to connect to the AP

o

B

Clients will not be able to connect to the AP

o

C

AP will not be able to connect to the clients

o

D

Clients will not be able to connect to each other

13. Which firewall chain should you use to filter ICMP packets from the router itself?

o

A

postrouting

o

B

input

o

C

forward

o

D

output

14. Is it possible to limit how many clients are able to connect to an access point?

o

A

Yes, but only with access-lists

o

B

No it's not possible at all

o

C

Yes

15. PPP Secrets are used for

A

PPtP clients

B

PPP clients

C

IPSec clients

D

Router users

E

PPPoE clients

F

L2TP clients

16. Simple Queue number 0 defines 2M for upload and download for target IP 10.10.0.33. Simple Queue number 1 defines 4M for upload and download for target IP 10.10.0.33.

The maximum bandwidth that the client 10.10.0.33 is be able to obtain is:

o

A

4M upload/download

o

B

6M upload/download

o

C

0M upload/download

o

D

2M upload/download

17.

Mark correct statement.

o

A Backup files are editable

o

B Export files are not editable

o

C Backup files are not editable

18. When frequency mode is set to ‘regulatory domain’ in wireless interface configuration:

o

A

It restricts operation to only the permitted channels and transmit powers according to the value of country selected

o

B

It ignores all restrictions

o

C

It ignores transmit power restrictions, but obeys frequency limitations for the value of country selected

o

D

Allows any transmit power to be set with any frequency

19. Select statements that are true regarding the following command:

/ip route add dst-address=172.16.4.0/24 gateway=192.168.4.2

The command is used to configure the default

The command is used to establish a static route

The subnet mask for the destination network is 255.255.255.0

The default administrative distance of 100 is used

A

B

C

D

20. There are two routes in the routing table:

0 dst-addr=10.1.1.0/24 gateway=5.5.5.5

1 dst-addr=10.1.1.4/30 gateway=5.6.6.6

Which gateway will be used to get to the IP address 10.1.1.6?

o

A 5.6.6.6

o

B the required route is not in the routing table.

o

C both - half of the traffic will be routed through one gateway, half through the other.

o

D 5.5.5.5

21. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package:

o

A no extra package required

o

B routing

o

C advanced-tools

o

D dhcp

22. What is the meaning of the status letter "R" on a PPPoE client interface in RouterOS Interfaces menu?

o

A Radius

o

B Running

o

C Remote

o

D Reconnecting

23. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is a router between server and end-user host,it will not be able to create PPPoE tunnel to that PPPoE server. {True/False)

24. Netinstall can be used to

A Keep configuration, but reset a lost admin password

B Install different software version (upgrade or downgrade).

C Install package for different hardware architecture

D Reinstall software without losing licence

25. Evaluate the following information:

Access Point configuration:

-- wlan1 is in 'AP-Bridge' mode -- Bridge1 has wlan1 and ether1 as ports

CPE configuration:

-- wlan1 is in 'Station-Bridge' mode -- Bridge1 has wlan1 and ether1 as ports

Select protocols that will pass from ether1 on the CPE to ether1 on the Access Point.

A

BGP

B

Firewire

C

IPv4

D

PPPoE

E

DHCP

F

IPv6

G

USB

H

ARP

26. If ARP=reply-only is configured on an interface, this interface will

o

A accept all IP addresses listed in '/ip arp' as static entries

o

B add new IP addresses in '/ip arp' list

o

C accept all MAC-addresses listed in '/ip arp' as static entries

o

D add new MAC addresses in '/ip arp' list

o

E accept IP and MAC address combinations listed in '/ip arp' list

27. Router has wireless and ethernet client interfaces, all client interfaces are bridged. To create a DHCP service for all clients, DHCP server must be configured on:

o

A Every bridge port

o

B Ethernet and wireless interfaces

o

C Only on the bridge interface

o

D DHCP service is not possible in this setup

28. How many wireless clients can connect, when wireless card is configured to mode=bridge ?

o

A 100

o

B

1

o

C 2007

o

D

2

29. Consider the following network diagram. In R1, you have the following configuration:

/ip route add dst-address=192.168.1.0/24 gateway=192.168.99.2

/ip firewall nat add chain=srcnat out-interface=Ether1 action=masquerade

On R2, if you wish to prevent all access to a server located at 192.168.1.10 from LAN1 devices, which of the following rules would be needed?

to prevent all access to a server located at 192.168.1.10 from LAN1 devices, which of the

o

A

/ip firewall filter add chain=input src-address=192.168.99.1 dst- address=192.168.1.10 action=drop

o

B

/ip firewall nat add chain=dstnat src-address=192.168.99.1 dst-address=192.168.1.10 action=drop

o

C

/ip firewall filter add chain=forward src-address=192.168.0.0/24 dst- address=192.168.1.10 action=drop

o

D

/ip firewall filter add chain=forward src-address=192.168.99.1 dst- address=192.168.1.10 action=drop

30. One host on an internal network is accessing an external web page through a MikroTik router that is doing source NAT. Select correct statement about the packets that flow from that web page to the host ?

o

A

Packets go through the input chain

o

B

Packets go through the output chain

o

C

Packets go through the forward chain

o

D

Packets go through the input chain before the routing decision and after that through output chain

31. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These flags mean:

o

A

Dynamic, Available, Created

o

B

Dynamic, Active, Console

o

C

Dynamic, Active, Connected

o

D

Direct, Available, Connected

32. DHCP server is configured on a router’s ether1 interface. IP address 192.168.0.100/24 is assigned to the interface. Correct IP pool configuration, that can be used by this DHCP server, is:

o

A

192.168.0.1-192.168.0.14

o

B

192.168.0.1-192.168.0.99,192.168.0.101-192.168.0.254

o

C

192.169.0.1-192.169.0.254

o

D

192.168.0.1-192.168.0.255

33. When sending out an ARP request, an IP host is expecting what kind of address for an answer?

A VLAN ID

B 802.11g

C MAC Address

D IP address

34. The RouterOS graphing is used for

o

A bandwidth limitation

o

B average traffic and resource usage display

o

C real-time traffic and resource usage display

o

D bandwidth testing

35. What is necessary for PPPoE client configuration?

o

A Static IP address on PPPoE client interface

o

B ip firewall nat masquerade rule

o

C Interface (on which PPPoE client is going to work)

36. What is possible with Netinstall?

A MikroTik RouterOS reinstall

B MikroTik RouterOS configuration reset

C MikroTik RouterOS password reset with saving router's configuration

37. Is action=masquerade allowed in chain=dstnat?

o

A yes

o

B yes, but only if dst-addr is specified

o

C no

o

D yes, but it works only for incoming connections

38. Action=redirect allows you to make

A Transparent HTTP Proxy

B Enable Local Service

C Transparent DNS Cache

D Forward DNS to another device IP address

39. Which of the following would prevent unknown clients from connecting to your AP? Choose the BEST answer.

o

A Add each known client's MAC address to your access-list configuration is the only step needed

o

B Uncheck 'Default Authenticate' in the wireless card configuration, and add each

 

known client's MAC

address to your access-list configuration ensuring that you

enable

'authenticate' in the entry

o

C

Uncheck 'Default Authenticate' in the wireless card configuration, and add each known client's MAC Address to your connect-list configuration

o

D Configure the radius server under '/radius'

o

E Check the 'Do not permit unknown client' box in the wireless configuration

40. Which option in the configuration of a wireless card must be disabled to cause the router to permit ONLY known clients listed in the access list to connect?

o

A Enable Access List

o

B Security Profile

o

C Default Authenticate

o

D Default Forward

41. In RouterOS queue configurations the word "total" usually represents

o

A upload

o

B download - upload

o

C upload + download

o

D download

42. Which are necessary sections in /queue simple to set bandwidth limitation?

o

A target-address, max-limit

o

B target-address, dst-address

o

C max-limit

o

D target-address, dst-address, max-limit

43. A client uses a RouterBOARD1000.The clock is configured in '/system clock'. The clock resets to default after each reboot. Select the best solution for the problem.

A Open the router and ensure the CMOS battery is fine.

B Write a script in '/system script' to set the clock

C Configure '/system ntp client' and set a valid and reachable NTP server address.

D Configure '/system ntp server' and set a valid and reachable NTP client address.

44. Which features are removed when advanced-tools package is uninstalled?

A bandwidth-test

B

ip-scan

C

neighbors

D

netwatch

E

ping

F

LCD support

45. Mark all features that can be help to assign bandwidth limitation for a group of users?

A NAT

B Queue Tree

C Address-list

D Mangle

46. Rate Flapping can be avoided by

o

A Reduce supported rates

o

B Change ap-bridge to bridge

o

C Choose larger channels (40 MHz instead of 20 MHz)

o

D Set basic rates to only one data rate like 24 Mbps

47. Is it possible to have PPTP Client and PPTP server on one MikroTik router at the same time? (True/False)

48. Two mangle rules defining different mangle marks for the same traffic type, will make it have both mangle marks {TRUE/FALSE}

49. In which order are the entries in Access List and Connect List processed?

o

A

In a random order

o

B

By interface name

o

C

In sequence order

o

D

By Signal Strength Range

50. Can you manually add drivers to RouterOS in case your PCI Ethernet card is not recognized, and you suspect it is a driver issue?

o

o

A Yes

B

No

51. A MikoTik PPPoE Server can be used only within a broadcast domain, that is, users can not run PPPoE protocol with a server if there is a router between the customer and that PPPoE server. (TRUE/FALSE)

52. You have a wireless interface with SSID="WAN1"mode="ap-bridge" and a VirtualAP with SSID="VAP1" on the router. Is it possible to use nstreme protocol?

o

A

No, Nstreme can not be used on wireless interface if a VirtualAP is on it.

o

B

Yes, but Nstreme can be used only for SSID=VAP1.

o

C

Yes, but Nstreme can be used only for SSID=WLAN1.

o

D

Yes, Nstreme can be used for both SSIDs

53. In MikroTik RouterOS, Layer-3 communication between 2 hosts can be achieved by using an address subnet of:

A

/32

B

/31

C

/29

D

/30

54. To make all DNS requests coming from your network to resolve on your router (regardless of the clients' configuration), which action would you specify for the DST-NAT rule?

o

A

redirect

o

B

you can't use DST-NAT to achieve this

o

C

dst-nat

o

D

masquerade

55. Mark all correct answers

/ip firewall filter allows to deny authentication to AP

Default-Forwarding could be enabled for a specific clients by wireless access-list

Wireless access-list could allow and deny access to your AP

The only way to prevent wireless clients connections - disable wireless interface

A

B

C

D

56. Firewall configuration is the following:

1) /ip firewall filter add chain=input protocol=icmp action=jump jump-target=ICMP 2) /ip firewall filter add chain=input protocol=icmp action=log log-prefix=ICMP-DENY 3) /ip firewall filter add chain=input protocol=icmp action=drop 4) /ip firewall filter add chain=ICMP protocol=icmp action=log log-prefix=JUMP-IMCP-DENY 5) /ip firewall filter add chain=ICMP protocol=icmp action=drop

Client sends "ping" to router. What will the router do?

Router will drop the packet at the Input drop rule (3rd rule)

Router will log it with prefix: JUMP-ICMP-DENY

Router will drop the packet at ICMP (jump) chain drop rule (5th rule)

Router will log it with prefix: ICMP-DENY

A

B

C

D

57. When backing up your router by using the 'Export' command, the following happens:

A You are requested to give the export file a name

B The Export file can be edited with a standard text editor after its creation

C Winbox usernames and passwords are backed up

58. It is impossible to disable user "admin" at the menu "/user"

(TRUE/FALSE)

59. OSPF starts working on the router as soon as

o

A

OSPF starts working on the router as soon as

o

B

at least one interface is defined in the ospf interface menu

o

C

the routing package is enabled on the router

o

D

at least one IP network is assigned in the ospf network menu

60. Hotspot can be configured on a Virtual Access point interface (TRUE/FALSE)

61. You wish to secure your RouterOS system. You do not want the RouterOS to be discoverable using MNDP or CDP locally. You also want to deny management via the MAC addresses on all interfaces. Select the correct actions to accomplish this.

A Remove/Disable all discovery interfaces

B Add a Deny All input firewall rule

C Remove/Disable the Interfaces

D Place a proper forward firewall rule to block mac discovery

E Remove/Disable all interfaces under mac-Server winbox

F Remove/Disable all interfaces under mac-server telnet

G Place a proper input firewall rule to block mac discovery

62. To limit wireless access for your HotSpot users

A Create MAC Address restriction on HotSpot user login

B Create MAC Address restriction in the Wireless Access List

C Create MAC Address restriction on PPP user login

D Create IP Address restriction in the Wireless Access List

63. What does the firewall action "Redirect" do?

Redirects a packet to the router

Redirects a packet to a specified port on a host in the network

Redirects a packet to a specified port on the router

Redirects a packet to a specified IP

A

B

C

D

64. What can be used as “Target” in the simple queue ?

Address list name

Client’s MAC Address

Client’s IP Address

Server’s IP Address

A

B

C

D

65. Which of the following Routes statuses are possible?

A

A=Active

B

C=Connected

C

D=Drop

D

S=Static

66. Which type of encryption could be used to establish a connection with a simple passkey without using a 802.1X authentication server ?

o

A

WPA EAP/WPA2 EAP

o

B

WPA PSK/WPA2 PSK

67. Where can you monitor (see addresses and ports) real-time connections which are processed by the router ?

Firewall Connection Tracking

A

B

Tool Torch

C

Queue Tree

D

Firewall Counters

68. What is default protocol/ports of (secure) winbox ?

o

A TCP/8080

o

B TCP/22

o

C

TCP/8291

o

D UDP/5678

69. /ip route configuration on router, /ip route add gateway = 192.168.0.1 /ip route add dst-address=192.168.1.0/24 gateway=192.168.0.2 /ip route add dst-address=192.168.2.0/24 gateway=192.168.0.3 /ip route add dst-address 192.168.3/0/26 geteway=192.168.0.4

Router needs to send packets to 192.168.3.240. Wihich gateway will be used?

o

A

192.168.0.2

o

B

192.168.0.3

o

C

192.168.0.4

o

D

192.168.0.1

70. What kind of packed is marked by connection-state=established matcher?

o

A Packet begins a new TCP connection

o

B Packet does not correspond to any known connection

o

C Packet is related to, but not part of an existing connection

o

D Packet belongs to an existing connection, for example a reply packet or a packet which belong to already replied connection.

71. Which firewall chain you should use to filter SSH access to the router itself?

o

A output

o

B prerouting

o

C forward

o

D input

72. Which is the default port of IP-Winbox?

o

A TCP 8192

o

B UDP 8291

o

C TCP 80

o

D TCP 8291

73. RouterOS log messages are stored on disk by default (TRUE/FALSE)

74. To apply bandwith restriction using Simple queue on traffic that travels from one bridge port to another bridge port within same bridge interface, following must be done:

o

A

Use mangle to mark the connection

o

B

Associate the Simple queue to the bridge interface

o

C

Enable 'Use IP Firewall' in bridge settings

o

D

Configure an IP address on the bridge interface

75. Action of type 'masquerade' in IP -> Firewall -> NAT is a 'special case' of the following action :

o

A

redirect

o

B

netmap

o

C

same

o

D

src-nat

o

E

dst-nat

76. Assuming a functional wireless interface is present and working, is it possible to create a wireless access point with level 5 license ?

o

A No, only with level 6 license

o

B Yes

o

C No, Only with level 4 license

o

D No, only with level 3 license

77. Destination NAT (chain dstnat, action dst-nat) can be used to :

A Change source port

B Direct users from the Internet to a server within your local network

C Change destination port

D Hide your local network from the Internet

78. The 'connect-list' of wireless interfaces is used

for configuring SSID on the interface

for specifying APs not to connect to

for preventing communications between the clients

for specifying APs to connect to

A

B

C

D

79. Mark correct answer for action=dstnat in chain=dst-nat.

o

A

Add destination address to address-list

o

B

NAT source address

o

C

Change destination address and port

o

D

Change source address and port

80. What does this simple queue do (check the image)?

o

A Queue guarantees download data rate of one megabit per second for host

192.168.1.10

o

B Queue limits host 192.168.1.10 upload data rate to one megabit per second.

o

C Queue limits host 192.168.1.10 download data rate to one megabit per second.

o

D Queue guarantees upload data rate of one megabit per second for host 192.168.1.10

to one megabit per second. o D Queue guarantees upload data rate of one megabit per

81.

A

client that has successfully connected to a wireless network is considered to be which of the

following? Choose all that apply:

 

A Authenticated

B Unauthenticated

C Associated

D Unassociated

82.

Sending a broadcast ARP message (FF:FF:FF:FF:FF:FF) is used to:

A Address conflict detection in IPv4

B Send a request to a destination in the same network to clarify a MAC address of a host

C It is not possible to send such message

D For a device to promote itself in broadcast network

83. Router A and B are both running as PPPoE servers on different broadcast domains of your network. It is possible to set Router A to use "/ppp secret" accounts from Router B to authenticate PPPoE customers. (TRUE/FALSE)

If

84. a packet comes to a router and starts a new, previously unseen connection, which connection state would be applied to it?

 

o

A

established

o

B

no connection state would be applied to such packet

 

o

C

invalid

o

D

new

o

E

unknown

85. To

block

communications

between

wireless

clients

connected

to

the same access

point

interface, you should set

o

A 'default-authentication=no' and 'default-forwarding=no'

o

B 'default-forwarding=no'

o

C 'max-station-count=1'

o

D 'default-authentication=no'

86. The highest queue priority is

o

A

8

o

B

1

o

C 256

o

D

16

87. What is the minimal possible wireless configuration to create an Access Point?

o

A ssid

o

B frequency

o

C radio name

o

D scan-list

o

E WDS

o

F DFS mode

o

G mode

o

H band

88. In the Route List, the identification DAb for a route stands for

o

A direct - active - bgp

o

B direct - acknowledge - backup

o

C dynamic - active - backup

o

D dynamic - active bgp

89. It is possible to have PPTP Client and PPTP server on one MikroTik router at the same time. (TRUE/FALSE)

90. More than one DHCP relay can be used on the same interface. (TRUE/FALSE)

91. What kind of users are listed in the "/user" menu?

o

A hotspot users

o

B pptp users

o

C wireless users

o

D router users

92. /ip firewall nat

add

address=192.168.1.2 to-ports=81

chain=dstnat

in-interface=ether1

The command shown above:

protocol=tcp

dst-port=3389

action=dst-nat

to-

o

A Forwards any TCP traffic incoming through ether1 port 3389 to the port 81 of the internal host 192.168.1.2

o

B Forwards all TCP traffic from 192.168.1.2 to port 81 of the interface ether1

o

C Adds IP address 192.168.1.2 to the interface ether1

o

D Forwards any TCP traffic incoming through ether1 port 81 to the port 3389 of the internal host 192.168.1.2