CONTOH SOAL MTCNA

(MikroTik Certified Network Associate)

1. Select valid MAC-address ?

A) 00:00:5E:80:EE:B0
B) 192.168.0.0/16
C) AEC8:21F1:AA44:54FF:1111:DDAE:0212:1201
D) G2:60:CF:21:99:H0

2. A network ready device is directly connected to a MikroTik RouterBOARD with a correct U.T.P.
RJ45 functioning cable. The device is configured with an IPv4 address of 192.168.100.70 using
a subnet mask of 255.255.255.252. What will be a valid IPv4 address for the RouterBOARD
750 for a successful connection to the device?
A) 192.168.100.69/255.255.255.252
B) 192.168.100.70/255.255.255.252
C) 192.168.100.68/255.255.255.252
D) 192.168.100.71/255.255.255.252

3. Which computers would be able to communicate directly (without any routers involved):
(Multiple Answer)
A) 192.168.0.5/26 and 192.168.0.100
B) 10.10.0.17/22 and 10.10.1.30/23
C) 192.168.17.15/29 and 192.168.17.20/28
D) 10.5.5.1/24 and 10.5.5.100/25

4. What is term for the hardware coded address found on an interface?

A) Interface Address
B) MAC Address
C) FQDN Address
D) IP Address

5. What protocol does ping use?

A) ICMP
B) TCP
C) UDP
D) ARP

6. How many IP addresses can one find in the header of an IP packet?

A) 2
B) 4
C) 3

Example Test MTCNA (MikroTik Certified Network Associate)

 D) 1
7. Which of the following protocols / port s are used for SNMP. (Simple Network Managemnt
Protocol) : (Multiple Answer)
A) TCP 162
B) UDP 162
C) UDP 161
D) TCP 123
E) TCP 25
F) TCP 161

8. In MikroTik RouterOS, Layer-3 communication between 2 hosts can be achieved by using an

address subnet of: (Multiple Answer)
A) /30
B) /32
C) /29
D) /31

9. You have a router with configuration:

- Public IP : 202.168.125.45/24
- Default gateway : 202.168.125.1
- DNS server : 248.115.148.136, 248.115.148.137
- Local IP : 192.168.2.1/24

Mark the correct configuration on client PC to access to the Internet

A) IP:192.168.2.253/24 gateway:202.168.0.1
B) IP:192.168.1.223/24 gateway:248.115.148.136
C) IP:192.168.0.1/24 gateway:192.168.2.1
D) IP:192.168.2.115/24 gateway: 192.168.2.1
E) IP:192.168.2.2/24 gateway:202.168.125.45

10. Collisions are possible in full-duplex Ethernet networks (True / False)

11. The network address is

A) The last address of the subnet
B) The first usable address of the subnet
C) The first address of the subnet
D) None of the mentioned

Example Test MTCNA (MikroTik Certified Network Associate)

12. Choose all valid hosts address range for subnet 15.242.55.62/27
A) 15.242.55.31-15.242.55.62
B) 15.242.55.33-15.242.55.62
C) 15.242.55.32-15.242.55.63
D) 15.242.55.33-15.242.55.63

13. Select which of the following are 'Public IP addresses': (Multiple Answer)
A) 192.168.0.1
B) 172.28.73.21
C) 172.168.254.2
D) 10.110.50.37
E) 11.63.72.21

14. Select valid subnet masks: (Multiple Answer)

A) 255.255.192.255
B) 192.0.0.0
C) 255.255.224.0
D) 255.192.0.0

15. Which of the following are valid IP addresses? (Multiple Answer)

A) 10.10.14.0
B) 192.168.13.255
C) 192.168.256.1
D) 1.27.14.254

16. MAC layer by OSI model is also known as

A) Layer 3
B) Layer 6
C) Layer 1
D) Layer 7
E) Layer 2

17. How many usable IP addresses are there in a 20-bit subnet?

A) 2048
B) 4096
C) 2046
D) 2047
E) 4094

Example Test MTCNA (MikroTik Certified Network Associate)

18. The basic unit of a physical network (OSI Layer 1) is the:
A) Header
B) Byte
C) Bit
D) Frame

19. How many layers does Open Systems Interconnection model have?
A) 9
B) 6
C) 7
D) 5
E) 12

20. Which of the following is NOT a valid MAC Address?

A) 88:0C:00:99:5F:EF
B) EA:BA:AA:EE:FF:CB
C) 95:B5:DD:EE:78:8A
D) 80:GF:AA:67:13:5D
E) 13:16:86:53:89:43

21. Mark all correct Statement about /export (rsc file)

A) Exports logs from /log print
B) Exports full configuration of the router
C) Exports only part of the configuration (for example /ip firewall)
D) Exports scripts from /system script
E) Exports files could not edited

22. For static routing functionality, additionally to the RouterOS system package, you will also
need the following software package:
A) None
B) DHCP
C) Routing
D) Advance-Tools

23. From which of the following locations can you obtain Winbox?
A) Router’s webpage
B) Files menu in your router
C) Via the console cable
D) mikrotik.com

Example Test MTCNA (MikroTik Certified Network Associate)

24. Which default route will be active?
/ip route
add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.1
add disabled=no distance=5 dst-address=0.0.0.0/0 gateway=2.2.2.2
A) Route via gateway 1.1.1.1
B) Route via gateway 2.2.2.2

25. What protocol is used for Ping and Trace Route?

A) IP
B) DHCP
C) ICMP
D) UDP
E) TCP

26. / interface wireless access-list is use for :

A) Shows a list of clients MAC address to permit/deny registered to AP
B) Autenticate Hotspot users
C) Handles a list of clients MAC address to permit/deny connection to AP
D) Contains the security profiles settings

27. It is impossible to disable user "admin" at the menu "/user (True / False)

28. Is ARP used in the IPv6 protocol ? (True / False)

29. You need to reboot a RouterBoard after importing a previously exported rsc file to activate
the new configuration. (True / False)

30. What is the maximum number of ARP entries on a Mikrotik RouterOS device ?
A) Unlimited
B) 2048
C) 8192
D) 10240

31. How many usable IP addresses are there in a 23-bit (255.255.254.0) subnet?
A) 510
B) 254
C) 208
D) 512

Example Test MTCNA (MikroTik Certified Network Associate)

32. How many different priorities can be selected for queues in MikroTik RouterOS?
A) 8
B) 16
C) 0
D) 1

33. How many bits are in a subnet mask for an IPV4 network ?
A) 16
B) None
C) 8
D) 32

34. Which of the following actions are available for '/ip firewall mangle' (select all valid actions)
A) change MSS
B) mark connection
C) accept
D) jump
E) drop
F) mark packet

35. Mode wireless apakah yang bisa digunakan untuk mengkonfigurasikan WDS?
A) ap-bridge
B) nstreme-dual-slave
C) bridge
D) station-wds
E) station

36. You need to set up an E1(T1) connection with PPP configured. Which License level is needed?
A) Level 4
B) It cannot be done in RouterOS.
C) Level 5

37. When sending out an ARP request, an IP host is expecting what kind of address for an answer?
A) VLAN ID
B) IP address
C) MAC Address
D) 802.11g

Example Test MTCNA (MikroTik Certified Network Associate)

38. Which option in configuration of a wireless card must be disabled to make router to permit
only known clients listed in the access list to connect?
A) Default Forward
B) Enable Access List
C) Default Authenticate
D) Security Profile

39. What is the default protocol/port of (secure) winbox?

A) TCP/8080
B) TCP/22
C) UDP/5678
D) TCP/8291

40. A backup file from a MikroTik router is stored in plain text format (True / False)

41. NStreme works only on 40mhz Channel width (True / False)

42. What kind of users are listed in the Secrets window of the PPP menu? (Multiple Answer)
A) L2TP users
B) PPPOE users
C) Hotspot users
D) PPTP users
E) Winbox users
F) Wireless users

43. /interface wireless access list is used for

A) Handles a list of Client's MAC Address to permit/deny connection to AP
B) Contains the security profiles settings
C) Shows a list of Client's MAC address that are already registered at AP
D) Authenticate Hotspot users

44. Check the allowed input formats for wireless scan-list

A) 5500,5700
B) 5500 5700
C) 5500/5700
D) 5500 – 5700
E) 5500-5700

Example Test MTCNA (MikroTik Certified Network Associate)

45. MikroTik RouterOS DHCP client can receive following options (Multiple Answer)
A) Byte limit
B) IP Gateway
C) Rate limit
D) Uptime limit
E) IP Address and Subnet

46. Mark the queue types that are available in RouterOS (Multiple Answer)
A) SFQ – Stochastic Fairness Queuing
B) DRR - Deficit Round Robin
C) FIFO - First In First Out (for Bytes or for Packets)
D) LIFO - Last In First Out
E) PCQ – Per Connection Queuing
F) RED – Random Early Detect (or Drop)

47. Is it possible for a client to get an IP address but no gateway after a successful DHCP request?
(True / False)

48. It is necessary to configure a local DNS server to be able to give out a DNS setting to clients
via DHCP server. (True / False)

49. Which of the following Routes statuses are possible? (Multiple Answer)
A) S = Static
B) D = Drop
C) C = Connected
D) A = Active

50. Can you limit how many clients than are able to connect to access point (routeros)?
A) Yes, but only with access-lists
B) No it's not possible at all
C) Yes

51. In RouterOS queue configurations the word "total" usually represents

A) Download
B) upload + download
C) download – upload
D) upload

Example Test MTCNA (MikroTik Certified Network Associate)

52. What packages allow ROS to perform static routing?
A) System
B) Routing
C) Multicast
D) Wireless

53. Wireless clients (mode=station) will work properly if bridged to Ethernet (True / False)

54. What is possible with Netinstall? (Multiple Answer)

A) MikroTik RouterOS reinstall
B) MikroTik RouterOS configuration reset
C) MikroTik RouterOS password reset with saving router's configuration

55. Mark possible TCP states in the connection tracking table (Multiple Answer)
A) New
B) Syn
C) Related
D) Invalid
E) Established
F) Closed

56. Mark correct statements about Backup Files (Multiple Answer)

A) Export files are not editable
B) Backup files are not editable
C) Backup files are editable

57. What is the default TTL (time to live) on a router that an IP packet can experience before it will be
discarded? (Multiple Answer)
A) 60
B) 30
C) 1
D) 64

58. You have 802.11b/g wireless card. What frequencies are available to you? (Multiple Answer)
A) 2327MHz
B) 5210MHz
C) 2412MHz
D) 2422MHz
E) 5800MHz

Example Test MTCNA (MikroTik Certified Network Associate)

59. Simple Queue number 0 defines 2M for upload and download for target IP 10.10.0.33. Simple
Queue number 1 defines 4M for upload and download for target IP 10.10.0.33. Client
10.10.0.33 is be able to obtain
A) 2M upload/download
B) 4M upload/download
C) 0M upload/download
D) 6M upload/download

60. If ARP=reply-only is configured on an interface, what will this interface do?

A) Accept all IP addresses listed in /ip arp as static entries
B) Accept all MAC-addresses listed in /ip arp as static entries
C) Add new MAC addresses in /ip arp list
D) Add new IP addresses in /ip arp list
E) Accept all IP/MAC combinations listed in /ip arp as static entries

61. Which of the following IP addresses are publicly routable? (Multiple Answer)
A) 127.34.155.3
B) 192.168.1.4
C) 11.3.10.4
D) 172.16.13.23

62. What does the firewall action "Redirect" do? Select all true statements. (Multiple Answer)
A) Redirects a packet to a specified port on the router
B) Redirects a packet to the router
C) Redirects a packet to a specified IP
D) Redirects a packet to a specified port on a host in the network

63. What is necessary for PPPoE client configuration?

A) ip firewall nat masquerade rule
B) Interface (on which PPPoE client is going to work)
C) Static IP address on PPPoE client interface

64. MikroTik RouterOS commands can be run once a day by:

A) /system cron
B) /system watchdog
C) /system scheduler

Example Test MTCNA (MikroTik Certified Network Associate)

65. For user in local ppp secrets/ppp profiles database, it is possible to (Multiple Answer)
A) Allow only pppoe login
B) Deny services (like telnet) only for this user or for one group of users
C) Set max values for total transferred bytes (up- and download)
D) Allow/deny use of more than one login by this user
E) Allow login by pppoe and pptp, but deny login by l2tp

66. PPP Secrets are used for (Multiple Answer)

A) L2TP clients
B) PPP clients
C) IPSec clients
D) Router users
E) PPtP clients
F) PPPoE client

67. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there
is a router between server and end-user host, it will not be able to create PPPoE tunnel to
that PPPoE server. (True / False)

68. How many usable IP addresses are there in a 23-bit (255.255.254.0) subnet?
A) 254
B) 510
C) 512
D) 508

69. It is possible to use WPA and WPA2 authentication type at the same time with one security
profile. (True / False)

70. Router A and B are both running as PPPoE servers on different broadcast domains of your
network. Is it possible to set Router A to use "/ppp secret" accounts from Router B to
authenticate PPPoE customers? (True / False)

71. Which is correct masquerade rule for 192.168.0.0/24 network on the router with outgoing
interface=ether1?
A) /ip firewall nat add action=masquerade chain=srcnat
B) /ip firewall nat add action=masquerade chain=srcnat src-address=192.168.0.0/24
C) /ip firewall nat add action=masquerade out-interface=ether1 chain=dstnat
D) /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1

72. It is necessary to configure a local DNS server to be able to give out a DNS setting to clients
via DHCP server. (True / False)

Example Test MTCNA (MikroTik Certified Network Associate)

73. To make all DNS requests coming from your network to resolve on your router (regardless of
the clients’ configuration), which action would you specify for the DST-NAT rule?
A) masquerade
B) dst-nat
C) you can’t use DST-NAT to achieve this
D) redirect

74. Is it posible to have PPTP Client an PPTP Server on one MikroTik router at same time? (True /
False)

75. You want to use PCQ and allow 256k maximum download and upload for each client. Choose
correct argument values for the required queue. (Multiple Answer)
A) kind=pcq pcq-limit=1256000 pcq-classifier=dst-address
B) kind=pcq pcq-limit=1256000 pcq-classifier=dst-address
C) kind=pcq pcq-limit=5000000 pcq-classifier=src-address
D) kind=pcq pcq-limit=256000 pcq-classifier=src-address
E) kind=pcq pcq-limit=256000 pcq-classifier=dst-address

76. You have to connect to a RouterBOARD without any previous configuration. Select all
possibilities to connect and do some basic configuration (Multiple Answer)
A) Serial Connection
B) MAC-Winbox
C) Attach monitor/keyboard
D) Telnet

77. Which of these are possible solutions to bridge two networks over a wireless link: (Multiple
Answer)
A) Both devices in AP mode and enable WDS mode
B) One device in AP mode, another one in station-pseudobridge-clone
C) One device in AP mode, another one in station-pseudobridge
D) One device in AP mode, another one in station

78. Which of the following is true for connection tracking (Multiple Answer)
A) Enabling connection tracking reduces CPU usage in RouterOS
B) Connection tracking must be enabled for firewall to be effective
C) Connection tracking must be enable for NAT'ed network
D) Disable connection tracking for mangle to work

Example Test MTCNA (MikroTik Certified Network Associate)

79. What is marked by connection-state=established matcher? (Multiple Answer)
A) Packet is related to, but not part of an existing connection
B) Packet begins a new TCP connection
C) Packet does not correspond to any known connection
D) Packet belongs to an existing connection,for example a reply packet or a packet which
belongs to already replied connection

80. What wireless card can we use to achieve 100 Mbps actual wireless throughput?
A) 802.11 b/g
B) 802.11 a/b/g
C) 802.11 a
D) 802.11 a/n
E) 802.11 a/b/g/n

81. If you need to make sure that one computer in your Hotspot network can access the internet
without Hotspot authentication, which menu allows you to do this?
A) Walled-garden
B) Users
C) IP bindings
D) Walled-garden IP

82. Why is it useful to set a Radio Name on the radio interfaces?

A) To identify a station in a list of connected clients
B) To identify a station in the Access List
C) To identify a station in Neighbor discovery

83. Action = Redirect is applied in

A) Chain=srcnat
B) Chain=forward
C) Chain=dstnat

84. Which are necessary section in /queue simple to set bandwith limitation ?
A) Max-limit
B) Target-address, max limit
C) Target-address, max-limit, dst-address
D) Target-address, dst-address

85. The hotspot feature can be used only on ethernet interfaces. You have to use a separate
access point if you want to use this feature with wireless (True / False)

Example Test MTCNA (MikroTik Certified Network Associate)

86. If a packet comes to a router and starts a new, previously unseen connection, which
connection state would be applied to it?
A) new
B) established
C) unknown
D) invalid
E) No connection state would be applied to such packet

87. Can you manually add drivers to RouterOS in case your PCI Ethernet card is not recognized,
and it's a driver issue ? (True / False)

88. Possible actions of ip firewall filter are:

A) Accept
B) Add-to-address-list
C) Bounce
D) Tarp
E) Tarpit
F) Log

89. NStreme works only on 40mhz Channel width (True / False)

90. What Letter appear next to route, which is automatically created by ROS (RouterOS) when
user adds a valid address to an active interface?
A) C
B) A
C) I
D) D
E) S

91. A PC with IP 192.168.1.2 can access internet, and static ARP has been set for that IP address
on gateway. When the PC Ethernet card failed, the user change it with a new card and set the
same IP for it. What else should be done?
A) Old static ARP entry on gateway has to be updated for the new card
B) Nothing - it will work as before
C) MAC-address of the new card has to be changed to MAC address of old card
D) Another IP has to be added for Internet access

Example Test MTCNA (MikroTik Certified Network Associate)

92. How long is level 1 (demo) license valid?
A) 24 hours JADI JAWABAN NYA A, 24 HOURS
B) Infinite time DEMO MEMILIKI BATAS WAKTU 24 JAM, YANG SELAMANYA ADALAH LV 4,5,6
C) 1 month
D) 1 year

93. Mark all features that are compatible with Nstreme

A) WDS between a device in station-wds mode and a device in station-wds mode X
B) Encryption X
C) WDS between a device in ap-bridge mode with a device in station-wds mode
D) Bridging a device in station mode with a device in ap-bridge mode X

94. A MikroTik PPPoE Server can be used only within a broadcast domain, thatis, users can not
run PPPoE protocol if there is a router that splits broadcast domain between the customer
and tha PPPoE server. (True / False)

95. The connect-list is used by ROS to determine which access point a card configured in station
mode is allowed to connect list. (True / False)

96. A client uses a RouterBOARD 1000. The clock is configured in ‘/system clock’. The clock resets
to default after each reboot. Select the best solution for the problem.
A) Open the router and ensure the CMOS battery is fine
B) Write a script in ‘/system script’ to set the clock
C) Configure ‘/system ntp client’ and set a valid and reachable NTP server address.
D) Configure ‘/system ntp server and set a valid and reachable NTP client address.

97. It is possible to have PPTP Client and PPTP server on one MikroTik router at the same time?
(True / False)

98. When viewing the routers in Winbox, some routes will show “DAC” in the first column. The
flags mean :
A) Dynamic, Available, Created
B) Direct, Available, Connected
C) Dynamic, Active, Console
D) Dynamic, Active, Connected

99. Which of the following Routes statuses are possible? (Multiple Answer)
A) A = Active
B) D = Drop
C) C = Connected
D) S = Static

Example Test MTCNA (MikroTik Certified Network Associate)

100. Which RouterOS packages should be installed on router for SSH server support?
A) system
B) security
C) ssh
D) advanced-tools

Example Test MTCNA (MikroTik Certified Network Associate)

 file foto 3-82 atau 82_ (1)sama

1. which firewall chain should you use to filter clients HTTP traffic going through the router?
a. forward
b. output
c. input
d. prerouting
2. domain name system (DNS) can use protocol/port:
a. UDP 80
b. TCP 80
c. UDP 53
d. TCP 53
3. which of the following would prevent unknown clients from connecting to your AP?
choose the best answer
a. uncheck ‘default authenticate’ in the wireless card configuration, and
add each know client’s MAC address to you access-list configuration
ensuring that you enable ‘authenticate’ in the entry
b. uncheck ‘default authenticate’ in the wireless card configuration, and add
each know client’s MAC address to you access-list configuration
c. configuration the radius server under ‘/radius’
d. each know client’s MAC address to you access-list configuration is the only
step needed
e. check the ‘do not permit unknown client’ box in the wireless configuration
4. which port does PPTP use by default?
a. UDP 1721
b. TCP 1721
c. TCP 1723
d. UDP 1723
5. it is required to set up a web server residing on a private subnet in a lan to be accessible
from the public internet. the web server is directly connection to a route which is facing
the public internet. only the web server port should be accessible from the public. which
of the following configuration steps must be met(select all that apply):
a. in IP firewall NAT there should be a dst-nat rule between the public IP
Address of the route and private IP of the web server
b. the public IP address of the web server must be installed on the router
c. connection tracking must be enable on the router
d. a router between the router and the web server must exist
e. the private IP address of the address of the web server should be routable on
the internet
6. how many wireless clients can connect, when wireless card is configured to
mode=bridge?
a. 2
b. 100
c. 2007
d. 1
7. A PC with IP 192.168.1.2 can access internet, and static ARP has been set for that IP
address on gateway. When the Ethernet card failed, the user change it with a new card
 and set the same IP for it. What else should be done in order to restore access to the
internet ?
a. Old static ARP entry on gateway has to be updated for the new card
b. Nothing - it will work as before
c. MAC-address of the new card has to be changed to MAC address of old
card
d. Another IP has to be added for Internet access
8. to block communications between wireless clients connected to the same access point
interface, you should set
a. ‘default-authentication=no’ and ‘default-forwarding=no’
b. ‘default-forwarding=no’
c. ‘default-authentication=no’
d. ‘max-station-count=1’
9. the highest queue priority is
a. 16
b. 256
c. 1
d. 8
10. which configuration menu should you use to change route’s winbox default port?
a. /ip firewall filter
b. /system resource
c. /ip service
d. ip firewall service-ports
11. what kind of users are listed in the “/user” menu?
a. wireless users
b. router users
c. hotspot users
d. pptp users
12. NAT rule is going to catch SMTP traffic and send it to a specific main server
a. dst-nat
b. passthrough
c. tarpit
d. redirect
13. select statement that are true regarding the following command:
/ip route add dst-address=172.16.4.0/24 gateway 192.168.4.2
a. the command is used to establish a static: true
b. the subnet mask for the destination network is 255.255.255.0
c. the default administrative distance of 100 is used
d. the command is used to configure the default route
14. If ARP=reply-only is configured on an interface, what will this interface do?
a. Accept all IP addresses listed in /ip arp as static entries
b. Accept all MAC-addresses listed in /ip arp as static entries (jawaban dari
foto)
c. Add new MAC addresses in /ip arp list
d. Add new IP addresses in /ip arp list
e. Accept all IP/MAC combinations listed in /ip arp as static entries
(jawaban dari bank soal pdf)
 file foto - 82_v2
1. DHCP server is configured on an ether1 interface of a RouterOS device. IP address
192.168.0.0/24 network that do not overlap with statically assigned one the valid IP
pool ranges are
a. 192.168.0.1-192.168.0.99
b. 192.168.0.1-192.168.0.255
c. 192.168.0.1-192.168.0.14
d. 192.168.0.101-192.168.0.254
e. 192.168.0.1-192.168.0.254
2. Netinstall can be used to
a. Reinstall software without losing licence
b. install different software version (upgrade or downgrade)
c. keep configuration, but reset a lost admin password
d. install package for different hardware architecture
3. what is the meaning of the status letter “R” on a PPPoE client interface in RouterOS
Interfaces menu?
a. Reconnecting
b. Remote
c. Running
d. Radius
4. when frequency mode is set to ‘regulatory domain’ in wireless interface configuration:
a. allows any transmit power to be set with any frequency
b. it ignores transmit power restrictions, but obeys frequency limitations for the
value of country selected
c. it ignores all restrictions
d. it restricts operation to only the permitted channels and transmit powers
according to the value of country
5. mark all the features that can be used for limiting clinet registrations to your access
point:
a. WDS
b. access-list
c. wpa
d. registration-table
6. /ip route configuration on router:
/ip route add gateway = 192.168.0.1
/ip route add dst-gateaway = 192.168.0.1/24 gateway = 192.168.0.2
/ip route add dst-gateaway = 192.168.0.2/24gateway = 192.168.0.3
/ip route add dst-gateaway = 192.168.0.3/26 gateway = 192.168.0.4
router needs to send packets to 192.168.0.3.240. which gateway will be used?
a. 192.168.0.1
b. 192.168.0.3
c. 192.168.0.2
d. 192.168.0.4
7. consider the following network diagram. In R1, you have the following configuration :
/ip route
add dst-address=192.168.1.0/24 gateway =192.168.99.2
/ip firewall nat
add chain = srcnat out-interdace=Ether1 action=masquerade
 on R2, if you wish to prevent all access to a server located at 192.168.1.10 from
LAN1 devices, which of the following rules would be needed ?

a. /ip firewall filter add chain=input src-address=192.168.99.1

dst-address=192.168.1.10 action=drop
b. /ip firewall nat add chain=input src-address=192.168.99.1
dst-address=192.168.1.10 action=drop
c. /ip firewall filter add chain=forward src-address=192.168.0.0/24
dst-address=192.168.1.10 action=drop
d. /ip firewall filter add chain=forward src-address=192.168.99.1
dst-address=192.168.1.10 action=drop
8. the RouterOS graphing is used for
a. bandwitch limitation
b. average traffic and resource usage display
c. bandwitch testing
d. real-time traffic and resource usage display
9. what can be used as “Target” in the simple queue?
a. client IP address
b. vlient MAC address
c. address list name
d. server ip address
10. RouterOS log messages are stored on disk by default
jawab: false
11. when using routing optin ‘check-gateaway=ping’ what is the ICMP echo request
interval (in seconds)?
a. 20s
b. 30s
c. 10s
d. 60s
12. a routing table has following entries :
0 dst-address=10.0.0.0/24 gateway=10.1.5.126
1 dst-address=10.1.5.0/24 gateway=10.1.1.1
2 dst-address=10.1.0.0/24 gateway=25.1.1.1
3 dst-address=10.1.5.0/25 gateway=10.1.1.2
which gateway will be used for a packet with destination address 10.1.5.126?
a. 25.1.1.1
b. 10.1.5.126
c. 10.1.1.2
d. 10.1.1.1
13. what is the correct action for a NAT rule on a router that should intercept SMTP traffic
and send it over to a specified mail server?
a. dst-nat
b. passthrough
c. redirect
 d. tarpit
14. besides enabling the interface what is the minimal required wireless configuration
needes to be set (after interface configuration is reset) to create an access point?
a. mode
b. SSID
c. WDS
d. radio name
e. frequency
f. scan-list
g. band
h. DFS mode
15. which of the followwing keystrokes enables safe mode in console:
a. ctrl+c
b. ctrl+x
c. ctrl+s
d. ctrl+d
 tambahan
57. Firewall NAT rules process only the first packet of each connection.(FALSE)

63. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If
there is a router
between server and end-user host, it will not be able to create PPPoE tunnel to that PPPoE
server.
FALSE

66.We have two radio cards in a point-to-point link with settings:

Card Nr 1: mode ap-bridge ssid=”office”
ftequency=244l band=24ghz-Wg default-authentication=yes default-forwarding=yes
security-profile=wpa
Card Nr2.: mode=station ssid’office”
frequency24l2 band=2.4ghz-b/g default-authentication=yes default-forwarding=yes
security-profile=wpa2
Is Card Nrl able to connect to Card Nr 1.?
A. Yes, if Nstreme is enabled or disabled on both
B. Yes, when security profile settings are compatible with each other and Nstreme is
enabled or disabled on
both
C. No. because of the different frequencies
D. No. because of the different security profiles

71. When backing up your router by using the Exporf command, the following happens:
A. Win box usernames and passwords are backed up
B. The Export file can be edited with a standard text editor after its creation
C. You are requested to give the export file a name

10. Action redirect allows you to make

A. Transparent DNS Cache
B. Forward DNS to another device IP address
C. Enable Local Service
D. Transparent HTTP Proxy

92. Action=redirect is applied in:

A. chainsrcnat
B. chaindstnat
C. chaimforward
D. chainoutput

97. Hotspot is required on the interfaces ether2, ehter3. wiani (in ap-bridge mode)
These interfaces are bridged in the bridge 1 interface
Which interface should the Hotspot server be configured on?
A. ether2
B ether3
C bridge 1
D. wlan 1