NUMERO

6
7

10

11

12

13

15
16

17

18

19

20

21

22

23

24

25
26

27

28
29

30

31

32
33

34

35
36

37

38

39
40

41

42

43
44

45

46

47

48

49

50

51

52

53

54

55

56

57
58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77
78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95
96

97

98

99

100

101

102

103

104

105

106

107

108

109
PREGUNTAS

You have a DHCP server on your MikroTik router. The IP addresses 10.1.2.2-10.2.2.20 are distributed in the DHCP
network. Additionally, 3 static IP address are defined for your servers: 10.1.2.31-10.1.2.33. (T/F)

After a while 20 more IP addresses need to be distributed in the network. It is possible to distribute the extra IP
address without adding another DHCP Server:

What wireless card can we use to achieve 100 Mbps actual wireless throughput?

Using wireless connect-list it's possible to prioritize connection to one Access Point over another Access Point by
changing the order of the entries. (T/F)

In a network with dozens of switches, how many root bridges would you have?

For a Simple Queue to apply a bandwidth restrictions on a bridged interface, following must be done:

What is the Cloud Hosted Router (CHR)?

What are the virtual disk formats in which the CHR (Cloud Hosted Router ) distributed?

What is the minimum hardware required to run the CHR(Cloud Hosted Router)?

Where can one request a Level 1 Demo license for RouterOS?

What layer in the TCP/IP stack is equivalent to the Transport layer of the OSI model?

What are some restrictions applied to demo license keys?

What are the key differences between Levels 4 and 5 licenses?

How is the CHR virtual image licensed out-of-the-box?

What protocols are used to configure trunking on a switch? 1 /VLAN Trunking Protocol
2/VLAN
3/802.1Q
4/ISL
In which situations can Netinstall NOT be used to install a RouterBOARD?

Which of the following protocols uses both TCP and UDP?

How long do you have to enter a valid license key on an x86 installation?

What is the minimum amount of RAM required to run a CHR?

What command will output the license level and product key in RouterOS?

. What is the most appropriate RouterOS release channel for production router devices?

What additional packages can be installed on RouterOS to extend its functionality?

What is the role of the "Security" package in RouterOS?

What commands are used to download and install software updates in RouterOS?

Destination NAT (chain dstnat, action dst-nat) can be used to:

In MikroTik RouterOS, Layer3 communication between 2 hosts can be achieved by using an address subnet of:

A network-ready device is directly connected to a MikroTik RouterBOARD 750 with a correct U.T.P. RJ45
functioning cable. The device is configured with an IPv4 address of 192.168.100.70 using a subnet mask of
255.255.255.252. What will be a valid IPv4 address for the RouterBOARD 750 for a successful connection to the
device?

What protocol does ping use?: A. TCP B. ARP C. UDP D. ICMP

How many IP addresses can one find in the header of an IP packet?

How many usable IP addresses are there in a 23-bit (255.255.254.0) subnet?

How many usable IP addresses are there in a 20-bit subnet?

If ARP=reply-only is configured on an interface, what will this interface do?

What is necessary for PPPoE client configuration?

MikroTik RouterOS commands can be run once a day by:

It is possible to use WPA and WPA2 authentication type at the same time with
one security profile.
Is it possible to limit how many clients are able to connect to an access point?

Wireless clients (mode=station) will work properly if bridged to the ethernet.

(T/F)

For static routing functionality, additionally to the RouterOS 'system' package,

you will also need the following software package: A.Dhcp

B.
No extra package required

C.
Routing

D.
Advanced-tools

For a user in local PPP secrets/PPP profiles database, it is possible to

Router A and B are both running as PPPoE servers on different broadcast
domains of your network Are it possible to set Router A to use "/PPP secret"
accounts from Router B to authenticate PPPoE customers?

How long is the level 1 (demo) license valid?

We have two radio cards in a point-to-point link with settings: Card Nr 1.:
mode=ap-bridge ssid="office" frequency=2447 band=2.4ghz-b/g default-
authentication=yes default-forwarding=yes security-profile=wpa Card Nr 2.:
mode=station ssid="office" frequency=2412 band=2.4ghz-b/g default-
authentication=yes default-forwarding=yes security-profile=wpa2 Is Card Nr2.
able to connect to Card Nr 1.?

You want to use PCQ and allow 256k maximum download and upload for each
client. Choose correct argument values for the required queue.
To use masquerade, you need to specify

You have 802.11b/g wireless card. What frequencies are available to you?

Mark all correct statements about /export (rsc file)

Which is correct masquerade rule for 192.168.0.0/24 network on the router with
outgoing interface=ether1?

Can you manually add drivers to RouterOS in case your PCI Ethernet card is not
recognized, and it's a driver issue?
What kind of users are listed in the Secrets window of the PPP menu?
To make all DNS request coming from your network to resolve on your router
(regardless of clients configuration), which action would you specify for the DST-
NAT rule?
Which is a default baud-rate of currently manufactured RouterBOARDs?

NStreme works only on 40mhz Channel width

If you need to make sure that one computer in your Hotspot network can access
the internet without Hotspot authentication, which menu allows you to do this?

Which of the following is true for connection tracking

Which of these are possible solutions to bridge two networks over a wireless
link:
Action=redirect applies to
When backing up your router by using the 'Export' command, the following
happens:
You need to reboot a RouterBoard after importing a previously exported rsc file
to activate the new configuration.
It is impossible to disable user "admin" at the menu "/user"
If a packet comes to a router and starts a new, previously unseen connection,
which connection state would be applied to it?
What is the default protocol/port of (secure) winbox?

Is ARP used in the IPv6 protocol ?

What is the default TTL (time to live) on a router that an IP packet can
experience before it will be discarded ?
What menus should be used to allow certain websites to be accessed from
behind a hotspot interface, without client authentication
What letters appear next to a route, which is automatically created by RouterOS
when user adds a valid address to an active interface?
Which are necessary sections in /queue simple to set bandwidth limitation?

Why is it useful to set a Radio Name on the radio interface?

Router A and B are both running as PPPoE servers on different broadcast
domains of your network. Is it possible to set Router A to use "/ppp secret"
accounts from Router B to authenticate PPPoE customers ?
The HotSpot feature can be used only on ethernet interfaces. You have to use a
separate access point if you want to use this feature with wireless.
How many different priorities can be selected for queues in MikroTik RouterOS?
Hotspot is required on the interfaces ether2, ehter3, wlan1 (in ap-bridge mode).
These interfaces are bridged in the bridge1 interface. Which interface should the
Hotspot server be configured on?
Mark all the configuration where RouterOS is utilizing the DNS feature
Which facility should be used, to ensure that clients with radio signal strength
poorer than -90 dBm can't connect to interface wlan1 on Mikrotik Access Point?
What packages allow ROS to perform static routing?
ip firewall nat add chain=dstnat in-interface=ether1 protocol=tcp dst-port=3389
action=dst-nat to- address=192.168.1.2 to- ports=81

Mark the queue types that are available in RouterOS

A MikoTik PPPoE Server can be used only within a broadcast domain, that is,
users can not run PPPoE protocol with a server if there is a router between the
customer and that PPPoE server. *
To limit wireless access for your HotSpot users
To block access to web proxies running on TCP port 8080, you have to create a
firewall rule and specify:
Which option in the configuration of a wireless card must be disabled to cause
the router to permit ONLY known clients listed in the access
Mark possible TCP states in the connection tracking table
When sending out an ARP request, an IP host is expecting what kind of address
for an answer?

What is the maximum number of ARP entries on a Mikrotik RouterOS device

You wish to secure your RouterOS system. You do not want the RouterOS to be
discoverable using MNDP or CDP. You also want to deny management via the
MAC addresses on all interfaces. Select the correct actions to accomplish this
What is the correct action for a NAT rule on a router that should intercept SMTP
traffic and send it over to a specified mail server?
To be able to do NAT the connection tracking does not need to be enabled

Which port does PPTP use by default?

PPPoE server only works within one Ethernet broadcast domain that it is
connected to. If there is a router between server and end-user host, it will not be
able to create PPPoE tunnel to that PPPoE server
In the Route List, the identification DAb for a route stands for

/interface wireless access-list is used for

Which configuration menu should you use to change router's Winbox default
port?
n which order are the entries in Access List and Connect List processed?
During a scan, in order to see all the available wireless frequencies that are
supported by the card, the following option must be selected in the wireless
card's "Frequency Mode":
It is required to make a web server on a private LAN visible on the Public
Internet. Only the web server port should be visible to the public. Which of the
following configuration steps must be met. (select all that apply)
PPP Secrets are used for
When using routing option 'check-gateway=ping' after how many timeouts is
gateway considered unreachable:

Which of the following protocols uses both TCP and UDP?

Which of the protocols below is used by Netinstall?

What is the correct action to be specified in the NAT rule to hide a private
network when communicating to the outside world?

Mangle Routing (routing-mark) is possible, by using chains

On the advanced menu of the wireless setup there is a parameter called "Area",
it works directly with:

You can not use OSPF and RIP routing protocols simultaneously on the
RouterOS.
What does a VLAN do?

Is action=masquerade allowed in chain=dstnat?

Action=redirect allows
What menus should beyou to to
used make?
allow A.
certain websites to be accessed from
Transparent DNS Cache
behind a Hot-Spot interface, without client authentication?
A client that has successfully connected to a wireless network is considered to
be
B. which of the following? Choose all that apply : A, Authenticated
B,Associated
Foward DNS to another device IP address
C,Unauthenticated
D,Unassociated
C.
To limitlocal
Enable wireless access for your HotSpot users
service
Mark all features that can be help to assign bandwidth limitation for a group
of users?
D.
Transparent HTTP Proxy
RESPUESTAS

False

802.11 b/g

False or not

Use mangle to mark the connections

The Cloud Hosted Router (CHR) is a pre-rolled virtual RouterOS installation purpose-built for
virtualization.
The CHR is distributed in virtual disk formats like .vmdk and .vdi.

The minimum hardware required to run the CHR includes a 64-bit CPU with virtualization
support, 128 MB RAM, and 128 MB hard disk space.

A Level 1 Demo license for RouterOS can be requested for free via the MikroTik client portal.

Host-to-Host

Some restrictions applied to demo license keys include limited connections for tunnels, no
wireless support, no included version upgrades, no included support from MikroTik, and not
being eligible for resale.

Levels 4 and 5 licensed routers can function as infrastructure devices and APs in WISP and
Enterprise environments, but the number of supported features varies based on the license
level.

The CHR virtual image is licensed out-of-the-box as a fully functional router, but all interfaces
are limited to 1Mb/sec speeds until a valid license key is entered.

3 and 4
The router is connected only to a wireless network / The router is connected only to a
secondary Ethernet port

DNS

24 hours

128 MB

/system license prin

Current

Additional packages can be installed to add more advanced features like MPLS, IPv6,
CALEA, etc.

The "Security" package includes software for encrypted connections such as IPSEC, SSH,
among others.

The commands "/system package update download" and "/system package update install"
are used to download and install software updates in RouterOS.

Change destination port

/29
/32
/30

192.168.100.69/255.255.255.252

ICMP (Internet Control Message Protocol )

2

510

4094

Accept all IP/MAC combinations listed in /ip arp as static entries

O accept all IP addresses listed in '/ip arp' as static entries
Interface (on which PPPoE client is going to work)

/system scheduler

True
Yes, but only with access-lists

False

No extra package required

A. Allow only pppoe login

D. Allow/deny use of more than one login by this user
False

24 Hrs

No. because of the different frequencies OR Yes, when security

profile settings are compatible with each other and Nstreme is
enabled or disabled on both

Kind=pcq pcq-rate=256000 pcq-classifier=dst-address

Kind=pcq pcq-rate=256000 pcq-classifier=src-address
Action=masquerade, out-interface, chain=src-nat

2412MHz / 2422MHz
B.Exports full configuration of the router C. Exports only part of
the configuration (for example /ip firewall) D. Exports scripts from
/system script
ip firewall nat add action=masquerade chain=srcnat // ip firewall
nat add action=masquerade chain=srcnat src-
address=192.168.0.0/24 // /ip firewall nat add
action=masquerade chain=srcnat out-interface=ether1
NO

A.pptp users B. l2tp users, C.pppoe users

Redirect

115200

false

IP bindings o

Connection tracking must be enabled for firewall to be effective

C. Connection tracking must be enable for NAT'ed network
One device in AP mode, another one in station-pseudobridge-
clone C. One device in AP mode, another one in station-
pseudobridge
DST-NAT rules
B. The Export file can be edited with a standard text editor after
its creation C. You are requested to give the export file a name
No

False

new

B. TCP/8291

FALSE

A. 60 B. 30 D. 64

ip hotspot walled-garden

D, A, C

target-address, max-limit

To identify a station in a list of connected clients

False

False

bridge1

B. Hotspot configuration

Access List

system
Forwards any TCP traffic incoming through ether1 port 3389 to
the port 81 of the internal host 192.168.1.2
FIFO - First In First Out (for Bytes or for Packets) / SFQ -
Stochastic Fairness Queuing // RED - Random Early Detect (or
Drop) // PCQ - Per Connection Queuing

true
Create MAC Address restriction on HotSpot user login // Create
MAC Address restriction in the Wireless Access List
"chain", "action", "protocol", "port"
Default Authenticate O Enable Access List

A. New C. Related D. Invalid E. Estabilished

MAC Address

8192

Remove/Disable all interfaces under mac-server telnet B.

Remove/Disable all discovery interfaces C. Remove/Disable all
interfaces under mac-Server winbox
Dst-nat

FALSE

TCP 1723

True

dynamic - active - bgp

Handles a list of Client's MAC Address to permit/deny
connection to AP
/ip service

By interface name

superchannel

A route between the NAT Router and the webserver must exist //
D. in ip firewall NAT there should be a dst-nat between the public
ip of the router and the private ip of the webserver
PPPoE clients B. L2TP clients , PPtP clients
2

DNS

bootp

masquerade

forward and output

Connect List

false

Breaks up broadcast domains in a layer 2 switch internetwork.

NO

ip Hot-Spot walled-garden

Authenticated
A. Transparent DNS Cache
D. Transparent HTTP Proxy
. Create MAC Address restriction on HotSpot user login // Create
MAC Address restriction in the Wireless Access List
A. Mangle
C. Queue Tree
D. Address-list
EXPLICACION

Wireless connect-list allows

users to prioritize their
connection to one Access Point
over another by changing the
order of the entries. This means
that users can specify which
Access Point they want to
connect to first, ensuring a
higher level of preference for
that particular Access Point.
This feature is useful in
situations where multiple Access
Points are available, but the
user wants to prioritize their
connection to a specific one.

Es una instalación preconfigurada de RouterOS

virtualizada, diseñada específicamente para
entornos de virtualización.
The current branch is the latest stable version of
RouterOS. This includes the latest tested features,
bugfixes, and patches. It is recommended for
production environments that you run the current
software branch available for your devices
In MikroTik RouterOS, a /30 subnet mask is used for
Layer-3 communication between 2 hosts. A /30
subnet mask provides 2 usable IP addresses,
allowing for communication between the two hosts. A
/31 subnet mask is not commonly used as it only
provides 1 usable IP address. A /32 subnet mask is
used for loopback addresses and a /29 subnet mask
provides 6 usable IP addresses, which is more than
what is required for communication between 2 hosts.

The given device is configured with an IPv4 address

of 192.168.100.70 using a subnet mask of
255.255.255.252. This means that the device is
using a /30 subnet, which allows for only 2 usable IP
addresses. The valid IP addresses in this subnet
range are 192.168.100.68 and 192.168.100.69.
Since the device is already using 192.168.100.70,
the valid IP address for the RouterBOARD 750 to
successfully connect to the device would be
192.168.100.69.

ICMP is probably most well known

as the message protocol used for
the ping command. A ping command
sends an ICMP echo request to the
target host. The target host responds
with an echo reply.
In the header of an IP packet, there
are two IP addresses. The first IP
address is the source IP address,
which identifies the sender of the
packet. The second IP address is
the destination IP address, which
identifies the intended recipient of
the packet. These IP addresses are
crucial for routing the packet across
the network and ensuring it reaches
the correct destination.
A 23-bit subnet mask
(255.255.254.0) allows for a total of
9 bits to be used for host addresses.
Since each bit can be either 0 or 1,
this results in 2^9 possible
combinations. However, the first and
last combinations are reserved for
network and broadcast addresses,
leaving 2^9 - 2 = 510 usable IP
addresses.

When ARP=reply-only is configured

on an interface, the interface will
accept all IP/MAC combinations
listed in the /ip arp list as static
entries. This means that any IP
address and MAC address
combination listed in the ARP table
will be considered as valid and
static, and the interface will not send
ARP requests for these entries. This
can be useful in scenarios where
specific IP/MAC combinations need
to be treated as static and not be
subject to ARP requests.
The necessary requirement for
PPPoE client configuration is the
interface on which the PPPoE client
is going to work. This is because the
interface is the connection point
between the client and the PPPoE
server, allowing the client to
establish and maintain the PPPoE
connection. Without specifying the
interface, the client would not be
able to connect to the PPPoE server
and establish the required
connection.
The correct answer is /system
scheduler. MikroTik RouterOS
commands can be scheduled to run
at specific times using the /system
scheduler command. This allows
users to automate tasks and execute
commands at regular intervals, such
as once a day. The scheduler can be
configured to run commands at a
specific time, on specific days of the
week, or even periodically with a
defined interval. This feature
provides flexibility and convenience
for managing and automating tasks
on the MikroTik router.
It is possible to use both WPA and
WPA2 authentication types
simultaneously within a single
security profile. This allows for
increased flexibility and compatibility
with different devices and network
configurations. By supporting both
authentication types, the network
can accommodate devices that only
support WPA or WPA2, ensuring
that all devices can connect
securely. This capability enhances
the overall security and accessibility
of the network.
Yes, it is possible to limit how many
clients are able to connect to an
access point using access-lists.
Access-lists allow network
administrators to control and filter
network traffic based on specific
criteria, such as the number of
clients allowed to connect. By
configuring access-lists on the
access point, the administrator can
set a limit on the maximum number
of clients that can connect to the
access point simultaneously.
Wireless clients (mode=station) will
not work properly if bridged to the
ethernet. This is because when a
wireless client is bridged to the
ethernet, it essentially becomes a
part of the wired network and loses
its ability to connect to the wireless
network. As a result, it will not be
able to communicate with other
wireless devices or access the
internet wirelessly. Therefore, the
statement is false.

For static routing functionality, you

do not need any additional software
package apart from the RouterOS
'system' package. This implies that
the necessary routing functionality is
already included in the 'system'
package itself, and there is no need
to install any other package for static
routing.

The given correct answer suggests

that in the local PPP secrets/PPP
profiles database, it is possible to
allow only pppoe login and also
allow or deny the use of more than
one login by a specific user. This
means that the user can only log in
using pppoe and can have multiple
logins or be restricted to only one
login.
It is not possible to set Router A to
use "/PPP secret" accounts from
Router B to authenticate PPPoE
customers. Each router running as a
PPPoE server operates on its own
broadcast domain and manages its
own set of accounts for
authentication. The "/PPP secret"
accounts are specific to Router B
and cannot be accessed or used by
Router A for authentication
purposes. Therefore, the correct
answer is False.

Card Nr 2 is not able to connect to

Card Nr 1 because they are
operating on different frequencies.
The frequency of Card Nr 1 is 2447,
while the frequency of Card Nr 2 is
2412. In order for two devices to
connect in a point-to-point link, they
need to be operating on the same
frequency.
The correct answer is "kind=pcq
pcq-rate=256000 pcq-classifier=dst-
address,kind=pcq pcq-rate=256000
pcq-classifier=src-address". This is
because the question states that the
desired maximum download and
upload for each client is 256k.
Therefore, the pcq-rate should be
set to 256000. Additionally, the
question does not specify whether
the classifier should be based on the
destination address or the source
address, so both options are valid.
The correct answer is
"action=masquerade, out-interface,
chain=src-nat" because when using
masquerade, the action needs to be
set as "masquerade" to modify the
source IP address of outgoing
packets. The "out-interface"
parameter specifies the interface
that the packets will be going out
through, and the "chain=src-nat"
The given answer
parameter states
indicates that the
that the
frequencies
masqueradeavailable for a 802.11b/g
action should be
wireless card are 2412MHz and
applied in the source NAT chain.
2422MHz. This is because
802.11b/g wireless cards operate in
the 2.4GHz frequency range, and
the frequencies 2412MHz and
2422MHz fall within this range.

Wall garden allows specified

websites to be accessed with users
authentication to the hotspot
Neiborgth discovery
La IP pública del servidor web debe
traducirse a una IP privada para
poder configurarla.
check-gateway verificará la conexión
2x10 segundos cuando se agote el
tiempo de espera y cambiará de
carril inmediatamente

The action=redirect allows you to

configure a transparent DNS cache
and a transparent HTTP proxy. A
transparent DNS cache stores DNS
responses locally, reducing the need
to query external DNS servers
repeatedly. This improves DNS
resolution time and reduces network
latency. On the other hand, a
transparent HTTP proxy intercepts
and forwards HTTP requests to
another device's IP address,
allowing for various functionalities
like caching, filtering, and logging.
Both of these options can be
enabled using the action=redirect
command.