MTCNA 2

When viewing the routes in Winbox, some routes will show "DAC"
in the first column. These flags mean: 
2 points
A. Dynamic, Available, Created
B. Direct, Available, Connected
C. Dynamic, Active, Connected
D. Dynamic, Active, Console
When using routing option 'check-gateway=ping' after how many
timeouts is gateway considered unreachable:
2 points
A. 4
B. 1
C. 2
D. 3
Simple Queue number 0 defines 2M for upload and download for
target IP 10.10.0.33. Simple Queue number 1 defines 4M for
upload and download for target IP 10.10.0.33. The maximum
bandwidth that the client 10.10.0.33 is be able to obtain is:
2 points
A. 0M upload/download
B. 4M upload/download
C. 6M upload/download
D. 2M upload/download
What kind of packet is marked by connection-state=established
matcher?
2 points
A. Packet is related to, but not part of an existing connection
B. Packet belongs to an existing connection, for example a reply packet or a
packet which belongs to already replied connection
C. Packet does not correspond to any known connection
D. Packet begins a new TCP connection
What can be used as "Target" in the simple queue?
2 points
A. Client IP address
B. Client MAC address
C. Address list name
D. Server IP address
In RouterOS queue configurations the word "total" usually
represents
2 points
A. download - upload
B. upload
C. upload + download
D. Download
For static routing functionality, additionally to the RouterOS
'system' package, you will also need the following software
package:
2 points
A. no extra package required
B. advanced-tools
C. dhcp
D. routing
Simple Queue number 0 defines 2M for upload and download for
target IP 10.10.0.33. Simple Queue number 1 defines 4M for
upload and download for target IP 10.10.0.33. Client 10.10.0.33 is
be able to obtain
2 points
A. 6M upload/download
B. 0M upload/download
C. 4M upload/download
D. 2M upload/download
To apply bandwidth restrictions using Simple queue on traffic that
travels from one bridge port to another bridge port within the
same bridge interface, following must be done:
2 points
A. Enable 'Use IP Firewall' in bridge settings
B. Use mangle to mark the connections
C. Configure an IP address on the bridge interface
D. Associate the Simple queue to the bridge interface
It is required to make a web server residing on a private subnet in
a LAN visible on the public Internet. Only the web server port
should be visible to the public. Which of the following
configuration steps must be met (select all that apply):
2 points
A. A route between the NAT Router and the web server must exist
B. LAN address of the web server should be routable on the Internet
C. Connection tracking must be enabled on the NAT router
D. In IP firewall NAT there should be a dst-nat between the public IP address
of the router and the private IP of the web server
E. Public IP address of the web server must be installed on the NAT Router
Which configuration menu should you use to change router's
Winbox default port?
2 points
A. /ip firewall service-ports
B. /system resource
C. /ip firewall filter
D. /ip service
How long is level 1 (free) license valid?
2 points
A. Infinite time
B. 24 hours
C. 1 year
D. 1 month
The 'check-gateway' option is enabled for one route. Select all
statements that are true:
2 points
A. In case of failure of the gateway, routes pointing to that gateway will
become inactive
B. Gateway is checked every 10 seconds and after 2 failures, the gateway is
considered unreacheable
C. Gateway is checked every 10 seconds and after a single failure, the
gateway is considered unreacheable
D. Check gateway option can be configured for Ping, ARP and RARP (reverse
ARP)
Where should you upload new MikroTik RouterOS version
packages for upgrading router?
2 points
A. System Backup menu
B. Any directory in /files
C. FTP root directory or /files directory of the router
D. System Package menu
Consider a wireless access point with mode=ap-bridge. What is
the maximum number of concurrent clients that can connect to it?
2 points
A. 2007
B. 2012
C. 2048
D. 1024
What kind of users are listed in the "/user" menu?
2 points
A. router users
B. wireless users
C. hotspot users
D. pptp users
What is necessary for PPPoE client configuration?
2 points
A. Static IP address on PPPoE client interface
B. ip firewall nat masquerade rule
C. Interface (on which PPPoE client is going to work)
In the Route List, the identification DAb for a route stands for
2 points
A. dynamic - active - bgp
B. dynamic - active - backup
C. direct - acknowledge - backup
D. direct - active - bgp
When viewing the routes in Winbox, some routes will show "DAC"
in the first column. These flags mean: 
2 points
A. Dynamic, Available, Created
B. Dynamic, Active, Connected
C. Direct, Available, Connected
D. Dynamic, Active, Console
What does the firewall action "log" do?
2 points
A. It logs and blocks the packet
B. It blocks and logs the packet
C. It adds a prefix to the packet and passes it through
D. It logs the packet
If ARP=reply-only is configured on an interface, tcarmehis
interface will
2 points
A. accept all IP addresses listed in '/ip arp' as static entries
B. add new MAC addresses in '/ip arp' list
C. accept IP and MAC address combinations listed in '/ip arp' list
D. accept all MAC-addresses listed in '/ip arp' as static entries
E. add new IP addresses in '/ip arp' list
Router has wireless and ethernet client interfaces, all client
interfaces are bridged. To create a DHCP service for all clients,
DHCP server must be configured on:
2 points
A. Ethernet and wireless interfaces
B. DHCP service is not possible in this setup
C. Only on the bridge interface
D. Every bridge port
Consider the following diagram. We want to communicate from a
device on LAN1 to a device on LAN2. Assuming that all
necessary configurations are already included on R2, which of the
following configurations in R1 would enable this communication?
2 points

A. /ip route add dst-address=192.168.1.0/24 src-

address=192.168.0.0/24gateway=192.168.99.2
B. /ip route add dst-address=0.0.0.0/0 gateway=Ether1
C. /ip route add dst-address=192.168.0.0/24 gateway=192.168.0.1
D. /ip route add dst-address=192.168.1.0/24 gateway=192.168.99.2
E. /ip route add dst-address=0.0.0.0/0 gateway=192.168.99.2
Which firewall chain should you use to filter ICMP packets from
the router itself?
2 points
A. input
B. postrouting
C. forward
D. output
You have a DHCP server on your MikroTik router. The IP
addresses 10.1.2.2-10.2.2.20 are distributed in the DHCP
network. Additionally, 3 static IP address are defined for your
servers: 10.1.2.31-10.1.2.33. After a while 20 more IP addresses
need to be distributed in the network. It is possible to distribute
the extra IP address without adding another DHCP Server:
2 points
False

In which order are the entries in Access List and Connect List
processed?
2 points
A. By Signal Strength Range
B. In sequence order
C. In a random order
D. By interface name
Which of the following is used in standard 802.11 wireless
networks?
2 points
A. CSMA/CA
B. CDMA
C. FDD
D. CSMA/CD
Select minimal set of software packages in RouteOS required to
configuring a wireless AP 
2 points
A. advanced-tools
B. routing
C. system
D. dhcp
E. wireless
PPPoE server only works within one Ethernet broadcast domain
that it is connected to. If there is a router between server and end-
user host, it will not be able to create PPPoE tunnel to that
PPPoE server.
2 points
False
Which port does PPTP use by default?
2 points
A. TCP 1721
B. TCP 1723
C. UDP 1723
D. UDP 1721
Which type of encryption could be used to establish a connection
with a simple passkey without using a 802.1X authentication
server?
2 points
A. WPA EAP/WPA2 EAP
B. WPA PSK/WPA2 PSK
Which of the following would prevent unknown clients from
connecting to your AP? Choose the BEST answer.
2 points
A. Uncheck 'Default Authenticate' in the wireless card configuration, and add
each known client's MAC address to your access-list configuration ensuring
that you enable 'authenticate' in the entry
B. Uncheck 'Default Authenticate' in the wireless card configuration, and add
each known client's MAC address to your connect-list configuration
C. Configure the radius server under '/radius'
D. Add each known client's MAC address to your access-list configuration is
the only step needed
E. Check the 'Do not permit unknown client' box in the wireless configuration
It is possible to create an encrypted PPPoE tunnel in RouterOS:
2 points
True
False
You can control bandwidth of a client connected to AP with the
resource / interface wireless access-list ( assume the client uses
MikroTik RouterOS). 
2 points
True
False
Your Company has been assigned a 172.16.25.0/25network from
your ISP. What are the possible options to divide the network into
subnets?
2 points
A. one /23 and one /27
B. four times /27
C. two times /24
D. two times /26
Which option in the configuration of a wireless card must be
disabled to cause the router to permit ONLY known clients listed
in the access list to connect? 
2 points
A. Security Profile
B. Default Forward
C. Enable Access List
D. Default Authenticate
RouterOS log messages are stored on disk by default
2 points
False
Which of the following keystrokes enables safe mode in console:
2 points
A. Ctrl+x
B. Ctrl+c
C. Ctrl+d
D. Ctrl+s
Consider the following network diagram. In R1, you have the
following configuration: /ip route add dst-
address=192.168.1.0/24 gateway=192.168.99.2 /ip firewall
nat add chain=srcnat out-interface=Ether1
action=masquerade On R2, if you wish to prevent all access to a
server located at 192.168.1.10 from LAN1 devices, which of the
following rules would be needed?
2 points

A. /ip firewall filter add chain=forward src-address=192.168.99.1 dst-

address=192.168.1.10 action=drop
B. /ip firewall filter add chain=forward src-address=192.168.0.0/24 dst-
address=192.168.1.10 action=drop
C. /ip firewall filter add chain=input src-address=192.168.99.1 dst-
address=192.168.1.10 action=drop
D. /ip firewall nat add chain=dstnat src-address=192.168.99.1 dst-
address=192.168.1.10 action=drop
Why is it useful to set a Radio Name on the radio interface?
2 points
A. To identify a station in a list of connected clients
B. To identify a station in Neighbor discovery
C. To identify a station in the Access List:
Consider the following network diagram. In R1, you have the
following configuration: /ip route add dst-
address=192.168.1.0/24 gateway=192.168.99.2  ||| /ip firewall
nat add chain=srcnat out-interface=Ether1 action=masquerade  |||
On R2, if you wish to prevent all access to a server located at
192.168.1.10 from LAN1 devices, which of the following rules
would be needed?
2 points

A. /ip firewall filter add chain=input src-address=192.168.99.1 dst-

address=192.168.1.10 action=drop
B. /ip firewall nat add chain=dstnat src-address=192.168.99.1 dst-
address=192.168.1.10 action=drop
C. /ip firewall filter add chain=forward src-address=192.168.99.1 dst-
address=192.168.1.10 action=drop
D. /ip firewall filter add chain=forward src-address=192.168.0.0/24 dst-
address=192.168.1.10 action=drop
What is the meaning of the status letter "R" on a PPPoE client
interface in RouterOS Interfaces menu?
2 points
A. Running
B. Remote
C. Radius
D. Reconnecting
Destination NAT (chain dstnat, action dst-nat) can be used to:
2 points
A. Change destination port
B. Direct users from the Internet to a server within your local network
C. Change source port
D. Hide your local network from the Internet
Which is the default port of IP-Winbox?
2 points
A. UDP 8291
B. TCP 80
C. TCP 8291
D. TCP 8192
There can be more than one PPPoE server in a single broadcast
domain:
2 points
True
What does the firewall action "Redirect" do? Select all true
statements.
2 points
A. Redirects a packet to a specified IP
B. Redirects a packet to a specified port on a host in the network
C. Redirects a packet to the router
D. Redirects a packet to a specified port on the router
Which is a default baud-rate of currently manufactured
RouterBOARDs?
2 points
A. 9600
B. 115200
C. 38400
D. 11520
Which of the following is true for connection tracking
2 points
A. Connection tracking must be enabled for NAT'ed network
B. Enabling connection tracking reduces CPU usage in RouterOS
C. Disable connection tracking for mangle to work
D. Connection tracking must be enabled to be able to use all firewall features
By default info, error and warning messages are logged into
memory of your RouterOS device. You can add logging of visited
web-pages and other message topics
2 points
True
A routing table has following entries: 0 dst-
address=10.0.0.0/24 gateway=10.1.5.126 1 dst-
address=10.1.5.0/24 gateway=10.1.1.1 2 dst-
address=10.1.0.0/24 gateway=25.1.1.1 3 dst-
address=10.1.5.0/25 gateway=10.1.1.2 Which gateway will be
used for a packet with destination address 10.1.5.126? 
2 points
A. 10.1.1.1
B. 10.1.5.126
C. 10.1.1.2
D. 25.1.1.1