1. In Ip Firewall NAT, you can Classify Traffic in SRC Nat Chain based on ” in-interface”.

False

2. To use masquerade, you need to specify

 A. action=masquerade, out-interface, chain=src-nat
B. action=accept, out-interface, chain=src-nat
C. action=masquerade, in-interface, chain=src-nat
D. action=masquerade, out-interface, chain=dst-nat

3. Which option in the configuration of a wireless card must be disabled to cause the router to
permit ONLY known clients listed in the access list to connect?
A. Default Forward
B. Enable Access List
C. Default Authenticate
D. Security Profile

4. Is it possible to limit how many clients are able to connect to an access point?
A. Yes, but only with access-lists
B. No it’s not possible at all
C. Yes

5. Which of the following Routes statuses are possible?

A. D = Drop
B. C = Connected
C. S = Static
D. A = Active

6. It is necessary to configure a local DNS server to be able to give out a DNS setting to clients
via DHCP server.
True

7. What kind of users are listed in the “/user” menu?

A. pptp users
B. hotspot users
C. router users
D. wireless users

8. How many DHCP servers could you run on one interface?

A. 255
B. 1024
C. 4
D. 1

9. What configuration is added by /ip hotspot setup command? (select all that apply)
 A. /ip hotspot user
B. /queue tree
C. /ip service
D. /ip dhcp-server
E. /ip hotspot walled-garden

10. What is the default protocol/port of (secure) winbox?

A. TCP/8080
B. TCP/22
C. UDP/5678
D. TCP/8291

11. Router has Wireless and Ethernet client interfaces, all client interfaces are bridged.
To create a DHCP service for all clients you must configure DHCP server on
 A. only on bridge interface
B. every bridge port
C. DHCP service is not possible in this setup
D. Ethernet and wireless interfaces

12. A routing table has following entries:

0 dst-address=10.0.0.0/24 gateway=10.1.5.126
1 dst-address=10.1.5.0/24 gateway=10.1.1.1
2 dst-address=10.1.0.0/24 gateway=25.1.1.1
3 dst-address=10.1.5.0/25 gateway=10.1.1.2

Which gateway will be used for a packet with destination address 10.1.5.126?
A. 10.1.1.1
B. 10.1.1.2
C. 10.1.5.126
D. 25.1.1.1

13. Is it possible to have PPTP Client and PPTP server on one MikroTik router at the same time?
True

14. Router A and B are both running as PPPoE servers on different broadcast domains of your
network. Is it possible to set Router A to use “/ppp secret” accounts from Router B to
authenticate PPPoE customers ?
False

15. You want to skip HotSpot (authorization, accounting, etc.) for a specific host. What should
you use?
A. /ip hotspot ip-binding
B. /ip hotspot walled-garden ip
C. /ip hotspot walled-garden
D. /ip address

16. What does the firewall action “Redirect” do?

A. Redirects a packet to a specified port on a host in the network
B. Redirects a packet to a specified IP
C. Redirects a packet to the router
D. Redirects a packet to a specified port on the router

17. Which wireless mode allows you to connect to any standard AP (not only MikroTik) and to
be able to bridge this wireless interface to an Ethernet?
A. station
B. bridge
C. station-pseudobridge
D. station-wds

18. Possible actions of ip firewall filter are:

A. bounce
B. accept
C. tarp
D. add-to-list
E. log
F. tarpit

19. How many layers does Open Systems Interconnection model have?
A. 9
B. 6
C. 5
D. 7
E. 12

20. What does this simple queue do (check the image)? Image can not display
A. Queue guarantees download data rate of one megabit per second for host 192.168.1.10
B. Queue limits host 192.168.1.10 upload data rate to one megabit per second.
C. Queue guarantees upload data rate of one megabit per second for host 192.168.1.10
D. Queue limits host 192.168.1.10 download data rate to one megabit per second.

21. You can control bandwidth of a client connected to AP with the resource / interface wireless
access-list ( assume the client uses MikroTik RouterOS).
True

22. Choose all valid hosts address range for subnet 15.242.55.62/27
A. 15.242.55.33-15.242.55.63
B. 15.242.55.33-15.242.55.62
C. 15.242.55.31-15.242.55.62
D. 15.242.55.32-15.242.55.63

23. Which configuration menu should you use to change router’s Winbox default port?
A. /ip service
B. /ip firewall service-ports
C. /ip firewall filter
D. /system resource

24. A backup file from a MikroTik router is stored in plain text format
False

25. In RouterOS queue configurations the word “total” usually represents

A. download
B. upload + download
C. download – upload
D. upload

26. Choose correct statements for MikroTik proxy (MULTI)

A. Controls domains or servers which are allowed to cache by Proxy
B. To deny access to a specific website, caching should be enabled
C. Destination NAT rule is required to utilize transparent proxy facility
D. Can deny access to a specific domains or servers, but not specific web pages

27. What can be used as ’target-address’ in the simple queue? (ONE)

A. server’s address
B. client’s address
C. client’s MAC address
D. address list name

28. A MikoTik PPPoE Server can be used only within a broadcast domain, that is, users can not
run PPPoE protocol with a server if there is a router between the customer and that PPPoE
server.
TRUE/FALSE

29. What is the minimal possible wireless configuration to create an Access Point? (ONE)
A. ssid
B. DFS mode
C. radio name
D. scan-list
E. band
F. WDS
G. frequency
H. mode

30. What is marked by connection-state=established matcher? (ONE)

A. Packet begins a new TCP connection
B. Packet does not correspond to any known connection
C. Packet is related to, but not part of an existing connection
D. Packet belongs to an existing connection,for example a reply packet or a packet which
belongs to already replied connection

31. To be able to do NAT the connection tracking does not need to be enabled.
TRUE/FALSE

32. You want to use PCQ and allow 256k maximum download and upload for each client.
Choose correct argument values for the required queue. (MULTI)
A. kind=pcq pcq-limit=256000 pcq-classifier=dst-address
B. kind=pcq pcq-limit=1256000 pcq-classifier=dst-address
C. kind=pcq pcq-limit=5000000 pcq-classifier=dst-address
D. kind=pcq pcq-limit=256000 pcq-classifier=src-address
E. kind=pcq pcq-limit=5000000 pcq-classifier=src-address

33. There are two routes in the routing table:

0 dst-addr=10.1.1.0/24 gateway=5.5.5.5
1 dst-addr=10.1.1.4/30 gateway=5.6.6.6

Which gateway will be used to get to the IP address 10.1.1.6? (ONE)

A. both - half of the traffic will be routed through one gateway, half through the other
B. the required route is not in the routing table
C. 5.5.5.5
D. 5.6.6.6

9. The first two rules in the forward chain of the filter table are:
/ip firewall filter add chain=forward connection-state=established action=accept
/ip firewall filter add chain=forward connection-state=invalid action=drop

Connection-state=related packets are not filtered by the rules above.

TRUE/FALSE

10. If a packet comes to a router and starts a new, previously unseen connection, which
connection state would be applied to it? (ONE)
A. established
B. unknown
C. new
D. invalid
E. no connection state would be applied to such packet

11. How many usable IP addresses are there in a 20-bit subnet? (ONE)
A. 2047
B. 4094
C. 2048
D. 2046
E. 4096

12. Hotspot ip-binding is used to allow access to Internet web servers specifing the IP
address of the web server instead of the URL.
TRUE/FALSE
13. Netinstall can be used to (MULTI)
A. Keep configuration, but reset a lost admin password
B. Install different software version (upgrade or downgrade)
C. Install package for different hardware architecture
D. Reinstall software without losing licence

14. When viewing the routes in Winbox, some routes will show "DAC" in the first column.
These flags mean: (MULTI)
A. Dynamic,Available,Created
B. Dynamic,Active,Console
C. Direct,Available,Connected
D. Dynamic,Active,Connected

15. You have a wireless interface with SSID="WAN1"mode="ap-bridge" and a VirtualAP

with SSID="VAP1" on the router. Is it possible to use nstreme protocol? (ONE)
A. No, Nstreme can not be used on wireless interface if a VirtualAP is on it.
B. Yes, but Nstreme can be used only for SSID=VAP1.
C. Yes, but Nstreme can be used only for SSID=WLAN1.
D. Yes, Nstreme can be used for both SSIDs

16. /store allows you to save to external disk (MULTI)

A. web-proxy data
B. system configuration
C. dude data
D. User-Manager data

17. You wish to secure your RouterOS system. You do not want the RouterOS to be
discoverable using MNDP or CDP locally. You also want to deny management via the
MAC addresses on all interfaces. Select the correct actions to accomplish this. (MULTI)
A. Remove/Disable the Interfaces
B. Add a Deny All input firewall rule
C. Place a proper input firewall rule to block mac discovery
D. Place a proper forward firewall rule to block mac discovery
E. Remove/Disable all discovery interfaces
F. Remove/Disable all interfaces under mac-server telnet
G. Remove/Disable all interfaces under mac-Server winbox

18. You need to redirect a browser page from a search of "xxx" in google to another
website such as www.mikrotik.com

Choose correct proxy access rule. (ONE)

A. /ip proxy access add dst-host=*.google.* path=*xxx* action=deny redirect-
to=www.mikrotik.com
B. /ip proxy access add path=*xxx* action=allow redirect-to=www.mikrotik.com
C. /ip proxy access add dst-host=*xxx* action=allow redirect-to=www.mikrotik.com
D. /ip proxy access add dst-host=*xxx* action=deny redirect-to=www.mikrotik.com
19. Is it possible to have PPTP Client and PPTP server on one MikroTik router at the same
time?
TRUE/FALSE

20. In which situations can Netinstall NOT be used to install a RouterBOARD? (MULTI)
A. The router does not have an operating system
B. The router is connected only to a secondary Ethernet port
C. You do not know the password of the router

D. The router is connected only to a wireless network

21. Check the allowed input formats for wireless scan-list. (MULTI)

A. 5500 5700
B. 5500 - 5700
C. 5500/5700
D. 5500,5700
E. 5500-5700

22. Collisions are possible in full-duplex Ethernet networks

TRUE/FALSE

23. In case when router login password is lost, it is necessary to reinstall RouterOS or use
hardware reset funcion.
TRUE/FALSE

24. You would like to allow multiple logins with one user name on a HotSpot server. How
should this be configured? (MULTI)
A. Set "Shared Users" option at /ip hotspot
B. It's not possible
C. Set "only-one=no' at /ip hotspot
D. Set "Shared Users" option at /ip hotspot user profile

25. What wireless modes can be used in a WDS setup? (MULTI)

A. station-wds
B. ap-bridge
C. nstreme-dual-slave
D. bridge
E. station

26. Which rule is used to block SMTP protocol from Lan interface for clients? (ONE)
A. /ip firewall filter add chain=forward protocol=tcpdst-port=25 action=drop in-interface=Lan
B. /ip firewall filter add chain=input protocol=tcpdst-port=25 action=drop in-interface=Lan
C. /ip firewall filter add chain=forward dst-port=25 action=drop in-interface=Lan
D. /ip firewall filter add chain=output protocol=tcpdst-port=25 action=drop in-interface=Lan
27. The highest queue priority is
A. 1
B. 16
C. 8
D. 256

28. A client uses a RouterBOARD1000.The clock is configured in '/system clock'. The clock
resets to default after each reboot.
Select the best solution for the problem. (MULTI)
A. Configure '/system ntp server' and set a valid and reachable NTP client address.
B. Configure '/system ntp client' and set a valid and reachable NTP server address.
C. Write a script in '/system script' to set the clock
D. Open the router and ensure the CMOS battery is fine

29. When backing up your router by using the 'Export' command, the following happens:
(MULTI)
A. You are requested to give the export file a name
B. Winbox usernames and passwords are backed up
C. The Export file can be edited with a standard text editor after its creation

30. Select which of the following are 'Public IP addresses': (MULTI)

A. 10.110.50.37
B. 172.28.73.21
C. 192.168.0.1
D. 172.168.254.2
E. 11.63.72.21

31. Define a routing loop (choose the most precise description) (ONE)

A. situation where the TTL of the packet expires
B. situation where the packet is routed through the same router twice
C. Situation where the packet does not reach it\'s destination
D. situation where the packet is routed through the same sequence of routers until the TTL
expires

32. What can you do with Netinstall? (MULTI)

A. Reinstall RouterOS
B. Install Linux
C. Reset password in RouterOS
D. Add configuration to RouterOS

33. The basic unit of a physical network (OSI Layer 1) is the: (ONE)

A. Byte
B. Header
C. Bit
D. Frame
34. Which of the following would prevent unknown clients from connecting to your AP?
Choose the BEST answer. (ONE)
A. Uncheck "Default Authenticate" in the wireless card configuration, and add each known
client's MAC address to your access-list configuration ensuring that you enable "authenticate" in
the entry
B. Add each known client's MAC address to your access-list configuration is the only step
needed
C. Configure the radius server under "/radius"
D. Check the "Do not permit unknown client" box in the wireless configuration
E. Uncheck "Default Authenticate" in the wireless card configuration, and add each known
client's MAC address to your connect-list configuration

36. You can not use OSPF and RIP routing protocols simultaneously on the RouterOS.
TRUE/FALSE

37. When adding a user to your local ppp secrets/ppp profiles database, it is possible to
(MULTI)
A. Allow/deny use of more than one login by this user
B. Set max values for total transferred bytes (up- and download)
C. Allow login by pppoe and pptp, but deny login by l2tp
D. Deny services (like telnet) only for this user or for one group of users
E. Allow only pppoe login

38. What is true about Bandwidth Test Tool? (select all that apply) (MULTI)
A. Only work on MikroTik Router OS
B. Can be downloaded on default router webpage
C. Tests throughput between two MikroTik devices
D. Can be used to monitor throughput to a remote device

39. Using wireless connect-list it’s possible to prioritize connection to one Access Point over
another Access Point by changing the order of the entries.
TRUE/FALSE

40. Action=redirect can be used in NAT chain src-nat

TRUE/FALSE

41. Mark all packages required for PPPoE server on MikroTikRouterOS (MULTI)

A. synchronous
B. radius
C. user-manager
D. ppp
E. system

42. It is impossible to disable user "admin" at the menu "/user"

TRUE/FALSE

43. It is required to make a web server on a private LAN visible on the Public Internet.
Only the web server port should be visible to the public. Which of the following
configuration steps must be met. (select all that apply) (MULTI)
A. A route between the NAT Router and the webserver must exist
B. Connection Tracking must be enabled on NAT router
C. LAN address of the webserver should be routable on the internet
D. in ip firewall NAT there should be a dst-nat between the public ip of the router and the private
ip of the webserver
E. Public IP address of the webserver must be installed on the NAT Router

44. A backup file from a MikroTik router is stored in plain text format
TRUE/FALSE

45. What configuration is added by /ip hotspot setup command? (select all that apply)
(MULTI)
A. /queue tree
B. /ip hotspot walled-garden
C. /ip hotspot user
D. /ip service
E. /ipdhcp-server

46. /interface wireless access-list is used for (MULTI)

A. Shows a list of Client's MAC Address that are already registered at AP
B. Handles a list of Client's MAC Address to permit/deny connection to AP
C. Contains the security profiles settings
D. Authenticate Hotspot users

47. What action should be used to inform source that packets reached destination, but was
not accepted ? (ONE)
A. action=accept
B. action=drop
C. action=tarpit
D. action=reject

48. In which order are the entries in Access List and Connect List processed? (ONE)
A. By Signal Strength Range
B. In sequence order
C. In a random order
D. By interface name

49. You want to skip HotSpot (authorization, accounting, etc.) for a specific host. What
should you use? (ONE)
A. /ip hotspot walled-garden ip
B. /ip hotspot walled-garden
C. /ip address
D. /ip hotspot ip-binding

50. Two mangle rules defining different mangle marks for the same traffic type, will make
it have both mangle marks. 
TRUE/FALSE

51. Which firewall chain should you use to filter ICMP packets from the router itself?
(ONE)
A. input
B. forward
C. output
D. postrouting
52. When adding a static route, you must always ensure that you add both the gateway and
the interface.  
TRUE/FALSE

53. What does this simple queue do (check the image)? (ONE)

A. Queue limits host 192.168.1.10 download data rate to one megabit per second.
B. Queue guarantees download data rate of one megabit per second for host 192.168.1.10
C. Queue guarantees upload data rate of one megabit per second for host 192.168.1.10
D. Queue limits host 192.168.1.10 upload data rate to one megabit per second.

54. Router A and B are both running as PPPoE servers on different broadcast domains of
your network. Is it possible to set Router A to use "/ppp secret" accounts from Router B to
authenticate PPPoE customers ?
TRUE/FALSE

55. Is it possible for a client to get an IP address but no gateway after a successful DHCP
request?
TRUE/FALSE

56. A network ready device is directly connected to a MikroTik RouterBOARD 750 with a
correct U.T.P. RJ45 functioning cable. The device is configured with an IPv4 address of
192.168.100.70 using a subnet mask of 255.255.255.252. What will be a valid IPv4 address
for the RouterBOARD 750 for a successful connection to the device? (MULTI)
A. 192.168.100.68/255.255.255.252
B. 192.168.100.69/255.255.255.252
C. 192.168.100.71/255.255.255.252
D. 192.168.100.70/255.255.255.252

57. The gateway router is configured with a transparent proxy with the following
parameters:

/ip proxy access add dst-host=www.mikrotik.com action=allow

/ip proxy access add dst-host=www.mt.lv action=deny redirect-to=forum.mikrotik.com
When the user is opening www.mt.lv, what is shown in the browser? (ONE)

A. www.mt.lv
B. forum.mikrotik.com
C. www.mikrotik.com

58. Simple Queue number 0 defines 2M for upload and download for target IP 10.10.0.33.
Simple Queue number 1 defines 4M for upload and download for target IP 10.10.0.33.
Client 10.10.0.33 is be able to obtain (MULTI)
A. 4M upload/download
B. 6M upload/download
C. 0M upload/download
D. 2M upload/download

59. Hotspot can be configured on a Virtual Access point interface

TRUE/FALSE

63. Wireless clients (mode=station) will work properly if bridged to Ethernet

TRUE/FALSE

60. Where should you upload new MikroTik RouterOS version packages for upgrading
router? (ONE)
A. Any directory in /files
B. System Backup menu
C. FTP root directory or files directory of the router
D. System package menu

61. When sending out an ARP request, an IP host is expecting what kind of address for an
answer? (MULTI)
A. VLAN ID
B. MAC Address
C. IP address
D. 802.11g

62. Is it possible to create a custom firewall chain and use it in both input and forward
chains at the same time?
TRUE/FALSE