1.

Is it possible to limit how many clients are able to connect to an access

point?
A. Yes, but only with access-lists
B. No it's not possible at all
C. Yes
2. PPP Secrets are used for
A. PPP clients
B. L2TP clients
C. PPtP clients
D. IPSec clients
E. Router users
F. PPPoE clients
3. Which of the following Routes statuses are possible?
A. A = Active
B. C = Connected
C. D = Drop
D. S = Static
4. Which is correct masquerade rule for 192.168.0.0/24 network on the
router with outgoing interface=ether1?
A. /ip firewall nat add action=masquerade
chain=srcnat
B. /ip firewall nat add action=masquerade
chain=srcnat src-address=192.168.0.0/24
C. /ip firewall nat add
action=masquerade out-interface=ether1
chain=dstnat
D. /ip firewall nat add
action=masquerade chain=srcnat out-
interface=ether1
5. In WinBox, Hide Passwords unchecked shows passwords for the
following
A. Hotspot User
B. PPP secrets
 C. RADIUS shared secret
D. RouterOS user
6. In RouterOS queue configurations the word "total" usually represents
A. upload
B. download - upload
C. download
D. upload + download
7. It is possible to have PPTP Client and PPTP server on one MikroTik
router at the same time.
true

8. You have to connect to a RouterBOARD without any previous

configuration. Select all possibilities to connect and do some basic
configuration
A. MAC-Winbox
B. Serial Connection
C. Attach monitor/keyboard
D. Telnet
9. Which port does PPTP use by default?
A. UDP 1721
B. TCP 1723
C. TCP 1721
D. UDP 1723
10. What is the minimal possible wireless configuration to create an
Access Point?
A. scan-list
B. DFS mode
C. WDS
D. frequency
E. band
F. mode
G. radio name
H. ssid
11. The RouterOS graphing is used for
A. bandwidth limitation
B. bandwidth testing
C. real-time traffic and resource usage
display
D. average traffic and resource usage
display
12. Consider the following diagram. We want to communicate from a
device on LAN1 to a device on LAN2. Assuming that all necessary
configurations are already included on R2, which of the following
configurations in R1 would enable this communication?
A. /ip route add dst-address=0.0.0.0/0
gateway=192.168.99.2
B. /ip route add dst-
address=192.168.1.0/24 src-
address=192.168.0.0/24
gateway=192.168.99.2
C. /ip route add dst-
address=192.168.0.0/24
gateway=192.168.0.1
D. /ip route add dst-address=0.0.0.0/0
gateway=Ether1
E. /ip route add dst-
address=192.168.1.0/24
gateway=192.168.99.2
13. A wireless interface 'wlan1' is added to a bridge interface 'br-lan'. To
enable dhcp-server for wireless interface 'wlan1', on which interface
should dhcp-server be configured?

A. On 'br-lan'
B. On both 'br-lan' and 'wlan1'
C. On 'wlan1'
D. The dhcp-server cannot be enabled
neither on 'wlan1', nor on 'br-lan'
14. What kind of users are listed in the "/user" menu?
A. router users
 B. wireless users
C. pptp users
D. hotspot users
15. For static routing functionality, additionally to the RouterOS 'system'
package, you will also need the following software package:
A. routing
B. dhcp
C. advanced-tools
D. no extra package required
16. Possible actions of ip firewall filter are:
A. add-to-list
B. bounce
C. log
D. tarp
E. accept
F. tarpit
17. Mark all correct statements about /export file={name of an rsc file}.
A. Exports full configuration of the router
(without RouterOS user passwords)
B. Exports files which can not edited
C. Exports only part of the configuration
(for example /ip firewall)
D. Exports logs from /log print
18. Which option in the configuration of a wireless card must be disabled
to cause the router to permit ONLY known clients listed in the access list
to connect?

A. Default Authenticate
B. Security Profile
C. Enable Access List
D. Default Forward
19. It is required to make a web server on a private LAN visible on the
Public Internet. Only the web server port should be visible to the public.
Which of the following configuration steps must be met. (select all that
apply)
A. LAN address of the webserver should
be routable on the internet
B. Public IP address of the webserver
must be installed on the NAT Router
C. A route between the NAT Router and
the webserver must exist
D. Connection Tracking must be enabled
on NAT router
E. in ip firewall NAT there should be a
dst-nat between the public ip of the router
and the private ip of the webserver
20. Mark correct answer for action=dstnat in chain=dst-nat.
A. Add destination address to address-
list
B. NAT source address
C. Change source address and port
D. Change destination address and port
21. A DHCP server is configured on a LAN interface which is a port on a
bridge. The DHCP server does not start. What could be the reason(s)?

A. The DHCP server can not run on an

interface which is also a bridge port
B. There may be multiple IP addresses
set on the LAN interface
C. The IP address pool could be
incorrectly defined
D. There might not be an IP address
assigned to the LAN Interface
22. Where should you upload new MikroTik RouterOS version packages
for upgrading router?
A. System Package menu
B. Any directory in /files
 C. System Backup menu
D. FTP root directory or /files directory of
the router
23. What letters appear next to a route, which is automatically created by
RouterOS when user adds a valid address to an active interface?
A. I
B. D
C. A
D. S
E. C
24. PPPoE server only works within one Ethernet broadcast domain that it
is connected to. If there is a router between server and end-user host, it
will not be able to create PPPoE tunnel to that PPPoE server.
true

25. The highest queue priority is

A. 16
B. 256
C. 1
D. 8

1. It is possible to create an encrypted PPPoE tunnel in RouterOS:

true

4. Which are necessary sections in /queue simple to set bandwidth limitation?

A. max-limit

B. target-address, dst-address

C. target-address, dst-address, max-limit

D. target-address, max-limit

5. A DHCP server is configured on a LAN interface which is a port on a bridge. The DHCP
server does not start. What could be the reason(s)?

A. There might not be an IP address assigned to the LAN Interface

 B. The IP address pool could be incorrectly defined

C. The DHCP server can not run on an interface which is also a bridge port

D. There may be multiple IP addresses set on the LAN interface

7. There can be more than one PPPoE server in a single broadcast domain:
true

8. If you wish to block user access to MSN messenger, which chain should the firewall
rule be placed in?

A. process

B. input

C. forward

D. output

9. In which order are the entries in Access List and Connect List processed?

A. By Signal Strength Range

B. By interface name

C. In sequence order

D. In a random order

10. You want to use PCQ and allow 256k maximum download and upload for each
client. Choose correct argument values for the required queue.

A. kind=pcq pcq-rate=5000000 pcq-classifier=dst-address

B. kind=pcq pcq-rate=256000 pcq-classifier=src-address

C. kind=pcq pcq-rate=256000 pcq-classifier=dst-address

D. kind=pcq pcq-rate=1256000 pcq-classifier=dst-address

E. kind=pcq pcq-rate=5000000 pcq-classifier=src-address

11. For a Simple Queue to apply a bandwidth restrictions on a bridged interface,

following must be done:

A. Associate the Simple Queue to the bridge interface

B. Configure an IP address on the bridge interface

C. Use mangle to mark the connections

D. Enable 'Use IP Firewall' in bridge settings

12. When using routing option 'check-gateway=ping' what is the ICMP echo request
interval (in seconds)?

A. 30s

B. 10s
 C. 60s

D. 20s

13. You want to transfer existing '/ip firewall filter' configuration from one router to a
new system. Choose the best possible way to do:

A. Create backup, edit backup file and restore on target router

B. Export global configuration and remove everything apart from '/ip firewall filter'

C. Create backup only of '/ip firewall filter' rules

D. Export only '/ip firewall filter'

14. Why is it useful to set a Radio Name on the radio interface?

A. To identify a station in a list of connected clients

B. To identify a station in the Access List

C. To identify a station in Neighbor discovery

15. If ARP=reply-only is configured on an interface, this interface will

A. add new MAC addresses in '/ip arp' list

B. accept IP and MAC address combinations listed in '/ip arp' list

C. accept all MAC-addresses listed in '/ip arp' as static entries

D. accept all IP addresses listed in '/ip arp' as static entries

E. add new IP addresses in '/ip arp' list

16. To set up masquerading of the network 192.168.0.0/24, configured on the interface

ether1, you should add rule

A. /ip firewall nat add chain=srcnat src-address=192.168.1.0/24 action=masquerade

B. /ip firewall nat add chain=dstnat out-interface=ether1 src-address=192.168.0.0/24 action=masquerade

C. /ip firewall nat add chain=srcnat out-interface=ether1 src-address=192.168.0.0/24 action=masquerade

D. /ip firewall nat add chain=dstnat in-interface=ether1 src-address=192.168.0.0/24 action=masquerade

17. To be able to do NAT the connection tracking does not need to be enabled.
false

18. What is marked by connection-state=established matcher?

A. Packet does not correspond to any known connection

B. Packet is related to, but not part of an existing connection

C. Packet belongs to an existing connection,for example a reply packet or a packet which belongs to
already replied connection

D. Packet begins a new TCP connection

 19. Router A and B are both running as PPPoE servers on different broadcast domains of
your network. It is possible to set Router A to use "/ppp secret" accounts from Router B
to authenticate PPPoE customers.
false

20. /interface wireless access-list is used for

A. Shows a list of Client's MAC Address that are already registered at AP

B. Contains the security profiles settings

C. Handles a list of Client's MAC Address to permit/deny connection to AP

D. Authenticate Hotspot users

23. RouterOS log messages are stored on disk by default

false

24. How long is level 1 (free) license valid?

A. 1 year

B. Infinite time

C. 24 hours

D. 1 month

6. What is the correct action for a NAT rule on a router that should intercept SMTP traffic and send it
over to a specified mail server?

A. redirect

B. dst-nat

C. tarpit

D. passthrough

7. What does this simple queue do (check the image)?

 A. Queue limits host 192.168.1.10 download data rate to one
megabit per second.

B. Queue guarantees download data rate of one megabit per

second for host 192.168.1.10

C. Queue limits host 192.168.1.10 upload data rate to one

megabit per second.

D. Queue guarantees upload data rate of one megabit per

second for host 192.168.1.10

11. What does the firewall action "Redirect" do? Select all true statements.

A. Redirects a packet to the router

B. Redirects a packet to a specified IP

C. Redirects a packet to a specified port on the router

D. Redirects a packet to a specified port on a host in the

network

12. Mark all packages required for PPPoE server on MikroTik RouterOS

A. system

B. user-manager

C. radius

D. synchronous

E. ppp

13. There can be more than one PPPoE server in a single broadcast domain:
true

21. What action should be used to inform source that packets reached destination, but was not
accepted ?

A. action=drop

B. action=accept

C. action=reject

D. action=tarpit
4. Evaluate the following information:

Access Point configuration:

-- wlan1 is in 'AP-Bridge' mode
-- Bridge1 has wlan1 and ether1 as ports

CPE configuration:
-- wlan1 is in 'Station-Bridge' mode
-- Bridge1 has wlan1 and ether1 as ports

Select protocols that will pass from ether1 on the CPE to ether1 on the Access Point.

A. ARP

B. PPPoE

C. Firewire

D. BGP

E. DHCP

F. USB

G. IPv6

H. IPv4

5. What will happen if "Default forward" is disabled in wireless menu on a RouterOS AP?

A. Only clients with matching access control list rule will be able to connect to the AP

B. AP will not be able to connect to the clients

C. Clients will not be able to connect to the AP

D. Clients will not be able to connect to each other

6. Which firewall chain should you use to filter clients HTTP traffic going through the
router?

A. output

B. prerouting

C. input

D. forward

7. Where can you monitor (see addresses and ports) real-time connections which are
processed by the router?

A. Tool Torch

B. Firewall Connection Tracking

C. Firewall Counters

D. Queue Tree
9. In the Route List, the identification DAb for a route stands for

A. direct - acknowledge - backup

B. direct - active - bgp

C. dynamic - active - bgp

D. dynamic - active - backup

10. Netinstall can be used to

A. Keep configuration, but reset a lost admin password

B. Reinstall software without losing licence

C. Install different software version (upgrade or downgrade)

D. Install package for different hardware architecture

11. To use masquerade, you need to specify

A. action=masquerade, out-interface, chain=src-nat

B. action=accept, out-interface, chain=src-nat

C. action=masquerade, out-interface, chain=dst-nat

D. action=masquerade, in-interface, chain=src-nat

13. Which route will be used to reach host 192.168.1.55?

/ip route
add disabled=no distance=1 dst-address=192.168.1.0/24 gateway=1.1.1.1
add disabled=no distance=1 dst-address=192.168.1.0/25 gateway=2.2.2.2
add disabled=no distance=1 dst-address=192.168.0.0/16 gateway=3.3.3.3

A. Route via gateway 3.3.3.3

B. Route via gateway 2.2.2.2

C. Route via gateway 1.1.1.1

14. A client uses a RouterBOARD1000. The clock is configured in '/system clock'. The
clock resets to default after each reboot.
Select the best solution for the problem.

A. Write a script in '/system script' to set the clock

B. Configure '/system ntp server' and set a valid and reachable NTP client address.

C. Configure '/system ntp client' and set a valid and reachable NTP server address.

D. Open the router and ensure the CMOS battery is fine.

15. PPP Secrets are used for

A. L2TP clients
 B. PPPoE clients

C. IPSec clients

D. PPtP clients

E. Router users

F. PPP clients

16. How many wireless clients can connect, when wireless card is configured to
mode=bridge ?

A. 2007

B. 100

C. 1

D. 2

18. The 'connect-list' of wireless interfaces is used

A. for specifying APs not to connect to

B. for configuring SSID on the interface

C. for preventing communications between the clients

D. for specifying APs to connect to

19. In WinBox when clicking the 'Backup' button in the Files window, the following
happens (select all that apply):

A. Optionally backup name and password can be specified

B. Backup file will contain usernames and passwords of the router

C. Backup file is created. Name contains the router identity, the date and time of its creation

D. Backup file is saved to the computer desktop

22. For user in local PPP Secrets/PPP Profiles database, it is possible to

A. Allow only PPPoE login

B. Allow/deny use of more than one login by this user

C. Deny services (like telnet) only for this user or for one group of users

D. Set max values for transferred data (Rx/Tx)

E. Allow login by PPPoE and PPTP, but deny login by L2TP

23. You can control bandwidth of a client connected to AP with the resource / interface
wireless access-list ( assume the client uses MikroTik RouterOS).
 true

24. Which rule is used to block SMTP protocol from Lan interface for clients?

A. /ip firewall filter add chain=forward protocol=tcp dst-port=25 action=drop in-interface=Lan

B. /ip firewall filter add chain=output protocol=tcp dst-port=25 action=drop in-interface=Lan

C. /ip firewall filter add chain=input protocol=tcp dst-port=25 action=drop in-interface=Lan

D. /ip firewall filter add chain=forward dst-port=25 action=drop in-interface=Lan

2. What is possible with Netinstall?

A. MikroTik RouterOS password reset with saving router's configuration

B. MikroTik RouterOS configuration reset

C. MikroTik RouterOS reinstall

3. The RouterOS graphing is used for

A. bandwidth limitation

B. average traffic and resource usage display

C. real-time traffic and resource usage display

D. bandwidth testing

7. Which default route will be active?

/ip route
add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.1
add disabled=no distance=5 dst-address=0.0.0.0/0 gateway=2.2.2.2

A. Route via gateway 1.1.1.1

B. Route via gateway 2.2.2.2

10. In which situations Netinstall can not be used to install RouterOS on a RouterBOARD?

A. The router is connected only to a wireless network

B. The password of the router is not known

C. The router is connected only to a secondary Ethernet port

D. The router does not have an operating system

11. More than one DHCP relay can be used on the same interface.
false
14. Which of the protocols below is used by Netinstall?

A. bootp

B. rarp

C. arp

D. dhcp

15. How to restore a RouterOS device configuration from a .backup file?

A. /load name=routerboard.backup

B. /file load name=routerboard.backup

C. /system backup load name=routerboard.backup

D. /system import file=routerboard.backup

17. The total-max-limit under Simple Queues will limit the combined upload and download of the target-address of
your simple queue.
true

21. /ip firewall nat

add chain=dstnat in-interface=ether1 protocol=tcp dst-port=3389 action=dst-nat to-address=192.168.1.2 to-
ports=81

The command shown above:

A. Forwards all TCP traffic from 192.168.1.2 to port 81 of the interface ether1

B. Forwards any TCP traffic incoming through ether1 port 81 to the port 3389 of the internal host 192.168.1.2

C. Forwards any TCP traffic incoming through ether1 port 3389 to the port 81 of the internal host 192.168.1.2

D. Adds IP address 192.168.1.2 to the interface ether1

23. In order to use dynamic keys in your wireless security profile for an AP, you MUST set up the dhcp server to
provide the dynamic keys.
false

25. To use masquerade, you need to specify

A. action=masquerade, out-interface, chain=dst-nat

B. action=masquerade, in-interface, chain=src-nat

C. action=masquerade, out-interface, chain=src-nat

D. action=accept, out-interface, chain=src-nat