1.

In RouterOS queue connections the word “total’ usually represents

A. download
B. upload
C. download
D. upload + download
2. RouterOS log messages are stored on disk by default
True
False
3. Mark the queue types that are available in RouterOS
A. RED – Random Early Detect (or Drop)
B. LIFE – Last In First Out
C. SFQ – Stochastic Fairness Queuing
D. DRR – Deficit Round Robin
E. FIFO – First In First Out (for Bytes or for Packets)
F. PCQ – Per Connection Queuing
4. You have a queue structure :
queue “GP” max-limit = 10M
- queue “M” parent= “GP” limit-at=4M max- limit=6M
-- queue “C1” parent= “M” limit-at=1M max- limit=7M priority=4
-- queue “C2” parent= “M” limit-at=1M max- limit=4M priority=1
-- queue “C3” parent= “M” limit-at=2M max- limit=7M priority=8
- queue “F” parent= “GP” limit-at=5M max- limit=8M
-- queue “D1” parent= “F” limit-at=3M max- limit=4M priority=5
-- queue “D2” parent= “F” limit-at=2M max- limit=5M priority=2
Which queue will get more than limit-at in worst case scenario?
C2
5. You have a queue structure :
queue “MK” max-limit = M
- queue “A” parent= “MK” limit-at=10M max- limit=18M
-- queue “AA” parent= “A” limit-at=3M max- limit=5M priority=1
-- queue “AB” parent= “A” limit-at=1M max- limit=2M priority=2
-- queue “AC” parent= “A” limit-at=4M max- limit=8M priority=4
- queue “B” parent= “MK” limit-at=10M max- limit=18M
-- queue “BA” parent= “B” limit-at=1M max- limit=10M priority=1
-- queue “BB” parent= “B” limit-at=2M max- limit=3M priority=3
Select the correct answer for the worst case scenario when all queues are trying to
get all available traffic.
A. queue “AA” will get5M,”AB”2M,”AC”8M,”BA”10M,”BB”2M
B. queue “AA” will get5M,”AB”2M,”AC”4M,”BA”10M,”BB”2M
C. queue “AA” will get3M,”AB”2M,”AC”4M,”BA”10M,”BB”2M
 D. queue “AA” will get5M,”AB”2M,”AC”8M,”BA”10M,”BB”3M
E. queue “AA” will get3M,”AB”1M,”AC”8M,”BA”1M,”BB”3M
6. What does the firewall action “Redirect” do? Select all true statements.
A. Redirects a packet to the router
B. Redirects a packet to a specified port on a host in the network
C. Redirects a packet to a specified port on the router
D. Redirects a packet to specified IP

7. IP Firewall Mangle is used for:

A. Marking Connections
B. Changing TTL Values
C. Marking Packets
D. Changing Source Ports for IP Packets
8. In RouterOS queue configurations the word "total" usually represents
A. upload
B. download
C. download - upload
D. upload + download
9. What does the firewall action "Redirect" do? Select all true statements.
A. Redirects a packet to a specified port on a host in the network
B. Redirects a packet to a specified IP
C. Redirects a packet to the router
D. Redirects a packet to a specified port on the router

11. An IP packet has matched all the conditions of a firewall rule and the action reject
and the option icmp-network-unreachable was initiated for that packet. What will happen
with the contents of the packet?
A. The whole packet will be forwarded back to the sender regardless of its contents
B. The packet will be rejected only if the destination network is unreachable
C. The packet header will receive a flag of 'icmp-network-unreacheble'
D. The packet will be discarded regardless of its content
 12. Consider the following network diagram. You need to permit the users on the
192.168.0.0/24 network access to a webserver (tcp/80) at IP address 192.168.1.199. You
do NOT want them to access any other services or devices on the 192.168.1.0/24 network.
Which of the following rulesets would accomplish this task?
A. /ip firewall filter add chain-forward protocol=tcp dst-port=80 action=accept add
chain-forward dst-address 192.168.1.0/24 action=drop
B. /ip firewall filter add chain-forward dst-address=192.168.1.199 protocol=tcp src-
port=80 action=accept add chain-forward dst-address=192.168.1.0/24 action=drop
C. /ip firewall filter add chain-output dst-address=192.168.1.199 action=accept add
chain-output dst- address=192.168.1.0/24 action=drop
D. /ip firewall filter add chain-output dst-address=192.168.1.199 protocol=tcp dst-
port=80 action=accept add chain-output dst-address=192.168.1.0/24 action=drop
E. /ip firewall filter add chain-forward dst-address=192.168.1.199 protocol=tcp dst-
port=80 action=accept add chain-forward dst-address=192.168.1.0/24 action=drop

13. How can Mangle rules be applied to dynamically created PPTP client interfaces:
A. By enabling the 'PPTP Use Firewall' setting in the associated PPP Profile
B. It is not possible to do this
C. By using the Address List feature in the associated PPP Profile
D. By directly using the dynamic PPTP interface as a Mangle 'In interface’

14. The Simple Queue Total tab controls both upload and download totals aggregated
together.
A. False
B. True

16. Router has wireless and ethernet client interfaces, all client interfaces are
bridged. To create a DHCP service for all clients, DHCP server must be configured on:
A. Only on the bridge interface
B. DHCP service is not possible in this setup
C. Ethernet and wireless interfaces
D. Every bridge port
 17. You have a queue structure:
queue "MK" max-limit=23M
-queue "A" parent="MK" limit-at-10M max-limit=18M
--queue "AA" parent="A" limit-at-3M max-limit=5M priority=1
--queue "AB" parent="A" limit-at-1M max-limit=2M priority=2
--queue "AC" parent="A" limit-at-4M max-limit=8M priority=4
-queue "B" parent="MK" limit-at=10M max-limit=18M
--queue "BA" parent="B" limit-at-1M max-limit=10M priority=1
--queue "BB" parent="B" limit-at-2M max-limit=3M priority=3
Select the correct answer for the worst case scenario when all queues are trying to
get all available traffic.
A. queue "AA" will get 5M, "AB" 2M, "AC" 8M, "BA" 10M, "BB" 2M
B. queue "AA" will get 5M, "AB" 2M, "AC" 8M, "BA" 10M, "BB" 3M
C. queue "AA" will get 3M, "AB" 1M, "AC" 8M, "BA" 1M, "BB" 3M
D. queue "AA" will get 5M, "AB" 2M, "AC" 4M, "BA" 10M, "BB" 2M
E. queue "AA" will get 3M, "AB" 2M, "AC" 4M, "BA" 10M, "BB" 2M

18. If ARP=reply-only is configured on an interface, this interface will

A. accept all IP addresses listed in '/ip arp' as static entries
B. accept IP and MAC address combinations listed in /ip arp' list
C. add new IP addresses in '/ip arp' list
D. accept all MAC-addresses listed in '/ip arp' as static entries
E. add new MAC addresses in /ip arp' list

19. MikroTik RouterOS commands can be run once a day by :

A. /system scheduler
B. / system crom
C. / system watchdog

20. 12. You have a queue structure:

queue "GP" max-limit=10M
- queue "M" parent="GP" limit-at-4M max-limit=6M
-- queue "C1" parent="M" limit-at-1M max-limit=7M priority=4
- queue "C2" parent="M" limit-at-1M max-limit=4M priority=1
- queue "C3" parent="M" limit-at-3M max-limit=7M priority=8
-queue "F" parent="GP" limit-at=5M max-limit=8M
queue "D1" parent="F" limit-at-3M max-limit=4M priority=5
 -queue "D2" parent="F" limit-at-2M max-limit=5M priority=2
If queues "C2" and "C3" are not requiring any traffic, how is all the
available bandwidth going to be distributed in worst case scenario when all other
queues are trying to get all available traffic?
A. queue "C1" will get 3M, "D2" 3M, "D1" 5M
B. queue "C1" will get 2M, "D2" 5M, "D1" 3M
C. queue "C1" will get 4M, "D2" 7M, "D1" 4M
D. queue "C1" will get 4M, "D2" 3M, "D1" 3M
E. queue "C1" will get 5M, "D2" 2M, "D1" 3M

22. Choose the correct PCQ argument values to allow 256kbps maximum download
and upload for each client:
A. kind=pcq pcq-rate=256000 pcq-classifier-src-address
B. kind=pcq pcq-rate=1256000 pcq-classifier=dst-address
C. kind=pcq pcq-rate=5000000 pcq-classifier-src-address
D. kind-pcq pcq-rate=5000000 pcq-classifier=dst-address
E. kind=pcq pcq-rate=256000 pcq-classifier-dst-address

23. You have a queue structure:

queue "GP" max-limit=10M
-queue "M" parent="GP" limit-at-4M max-limit=6M
queue "C1" parent="M" limit-at-1M max-limit=7M priority=4
queue "C2" parent="M" limit-at-1M max-limit=4M priority=1
queue "C3" parent="M" limit-at-2M max-limit=7M priority=8
queue "F" parent="GP" limit-at-5M max-limit=8M
queue "D1" parent="F" limit-at-3M max-limit=4M priority=5
queue "D2" parent="F" limit-at-2M max-limit=5M priority=2
Which queue will get more than limit-at in worst case scenario?
A. D1
B. C2
C. C1
D. C3
E. D2
24. Evaluate the following information:
Access Point configuration:
-- wlan1 is in 'AP-Bridge' mode
--Bridge1 has wlan1 and ether1 as ports CPE configuration:
-- wlan1 is in 'Station-Bridge' mode
--Bridge1 has wlan1 and ether1 as ports
Select protocols that will pass from ether1 on the CPE to ether1 on the Access
Point.
A. BGP
B. IPv6
C. USB
D. ARP
E. DHCP
F. IPv4
G. PPPOE
H. Firewire

25. The configuration of the router is,

/ip firewall address-list add address=192.168.0.1 list allowed
/ip firewall address-list add address=192.168.0.2 list-allowed
/ip firewall address-list add address=192.168.0.3 list=allowed2
/ip firewall address-list add address=192.168.0.4 list=allowed2
/ip firewall filter add chain=input src-address-list-allowed action=accept
/ip firewall filter add chain=input src-address-list-allowed2 action=drop
/ip firewall filter add chain=input action=drop
Select the hosts allowed to access the router.
A. 192.168.0.1, 192.168.0.2, 192.168.0.3, 192.168.0.4
B. 192.168.0.1, 192.168.0.2
C. 192.168.0.3, 192.168.0.4
D. None of these hosts

26. RouterOS log messages are stored on disk by default

A. false
B. true
 27. Using the mangle facility, it is more efficient (uses less router CPU) to mark
packets than to mark connections.
A. false
B. true

28. SFQ - Stochastic Fairness Queuing (SFQ) is ensured by hashing and round-robin
algorithms. How many different hash values (substreams) can SFQ have?
A. 65535
B. depends on free memory C. 128
D. 1024

29. You wish to secure your RouterOS system. You do not want the RouterOS to be
discoverable using MNDP or CDP. You also want to deny management via the MAC addresses
on all interfaces. Select the correct actions to accomplish this.
A. Remove/Disable all interfaces under mac-Server winbox
B. Remove/Disable all discovery interfaces
C. Add a Deny All input firewall rule
D. Remove/Disable all interfaces under mac-server telnet
E. Place a proper forward firewall rule to block mac discovery
F. Place a proper input firewall rule to block mac discovery

30. If router receives packet with TTL=1 then:

A. packet will always reach its destination
B. packet will be forwarded only to next L3 device
C. packet will not be forwarded

31. It is required to make a web server on a private LAN visible on the Public
Internet. Only the web server port should be visible to the public. Which of the following
configuration steps must be met. (select all that apply)
A. Connection Tracking must be enabled on NAT router
B. Public IP address of the webserver must be installed on the NAT Router
C. A route between the NAT Router and the webserver must exist
32. It is required to make a web server on a private LAN visible on the Public
Internet. Only the web server port should be visible to the public. Which of the
following configuration steps must be met. (select all that apply)
A. Connection Tracking must be enabled on NAT router
B. Public IP address of the webserver must be installed on the NAT Router
C. A route between the NAT Router and the webserver must exist
D. in ip firewall NAT there should be a dst-nat between the public ip of the router
and the private ip of the webserver
E. LAN address of the webserver should be routable on the internet

33. Possible actions of ip firewall filter are:

A. bounce
B. accept
C. add-to-list
D. log
E. tarp
F. tarpit

34. Rate-Limit rule below can be used to create a dynamic queue at MikroTik
HotSpot. Select the corresponding settings which will be created, 128k/128k 200k/
200k 170k/170k 60/60 1 64k/64k
A. [Rate] [Burst] [Burst Threshold] [Time] [Priority] [MIR]
B. [Rate] [Time] [Burst Threshold] [Time] [Priority] [CIR] OC. [Rate] [Burst Time]
[Burst Threshold] [Priority] [CIR]
D. [Burst] [Rate] [Burst Threshold] [Time] [Priority] [CIR]
E. [Rate] [Burst] [Burst Threshold] [Time] [Priority] [CIR]

35. You want to offer a static route to your DHCP clients (besides the default-
route). What is the best way to do that?
A. Set DHCP options 3
B. Set DHCP options 121
C. Set a static IP into /ip route and it will automatically be sent to clients
D. There is no way to send a static-route to DHCP clients
36. Which of the following configuration steps must be met. (select all that apply)
A. Connection Tracking must be enabled on NAT router
B. Public IP address of the webserver must be installed on the NAT Router
C. A route between the NAT Router and the webserver must exist
D. in ip firewall NAT there should be a dst-nat between the public ip of the router
and the private ip of the
webserver
E. LAN address of the webserver should be routable on the internet

37. Possible actions of ip firewall filter are:

A. bounce
B. accept
C. add-to-list
D.log
E. tarp
F. tarpit

38. Rate-Limit rule below can be used to create a dynamic queue at MikroTik
HotSpot. Select the corresponding settings which will be created, 128k/128k 200k/
200k 170k/170k 60/60 1 64k/64k
A. [Rate] [Burst] [Burst Threshold] [Time] [Priority] [MIR]
B. [Rate] [Time] [Burst Threshold] [Time] [Priority] [CIR]
C. [Rate] [Burst Time] [Burst Threshold] [Priority] [CIR]
D. [Burst] [Rate] [Burst Threshold] [Time] [Priority] [CIR]
E. [Rate] [Burst] [Burst Threshold] [Time] [Priority] [CIR]

39. You want to offer a static route to your DHCP clients (besides the default-
route). What is the best way to do that?
A. Set DHCP options 3
B. Set DHCP options 121
C. Set a static IP into /ip route and it will automatically be sent to clients
D. There is no way to send a static-route to DHCP clients
40. Mangle rule "Change MSS" applies to
A. GRE
B. TCP
C. UDP
D. ICMP
E. IGMP

41. Consider the following scenario:

There are two subnets configured on a RouterOS device. One subnet for regular
employees and one for guests.The internal subnet for employees is 192.168.0.0/24,
gateway IP 192.168.0.254. IP's to the clients devices are assigned manually. The
guest subnet is 192.168.10.0/24, gateway IP 192.168.10.254.Both subnets are
NAT'ed using a single SRC-NAT Masquerade rule on the 'Internet' interface.Problem:
The ISP will be changing the DNS servers because of an attack. The new ones are
195.213.7.1 and 195.213.7.6.

Which of the following CLI commands in Terminal will route all users' DNS requests
to use these new DNS servers without requiring any change to the configurations on
their computers (select any that are required):
A. ip dns set servers 195.213.7.1,195.213.7.6
B. ip dhcp-server network set [find gateway=-192.168.10.254] dns-
server-192.168.10.254
Clip dns set allow-remote-requests=yes servers=195.213.7.1,195.213.7.6
D. /ip firewall nat add chain=srcnat protocol=tcp port=53 action=redirect to-
ports=53
E. /ip firewall nat add chain=dstnat protocol=tcp dst-port=53 action=redirect to-
ports=53
F /ip firewall nat add chain=srcnat protocol=udp port=53 action=redirect to-
ports=53
G. /ip firewall nat add chain=dstnat protocol=udp dst-port=53 action=redirect to-
ports=53

42. An IP packet has mall the conditions of a firewall rule and the action reject and
the option icmp-network-unreachable was initiated for that packet. What will
happth the contents of the packet?
A. The whole packet will be lo,warded back to the sender regardless of its contents
B. The packet will be discarded regardless of its content
C. The packet header will receive a flag of icmp-network-unreacheble'
D. The packet will be rejected only if the destination network is unreachable
43. Simple Queue number 0 defines 2M for upload and download for target IP
10.10.0.33. Simple Queue number 1 defines 4M for upload and download for target
IP 10.10.0.33.
The maximum bandwidth that the client 10.10.0.33 is be able to obtain is:
A. 6M upload/download
B. 4M upload/download
C. OM upload/download
D. 2M upload/download

44. What does this simple queue do (check the image)?

A. Queue guarantees download data rate of one megabit per second for host
192.168.1.10
B. Queue limits host 192.168.1.10 upload data rate to one megabit per second.
C. Queue limits host 192.168.1.10 download data rate to one megabit per second.
D. Queue guarantees upload data rate of one megabit per second for host
192.168.1.10

45. An ISP is running a torent proxy on the router. You want to restrict certain
clients from accessing the proxy. Which firewall chain would you create the rule in:
A. Output
B. Prerouting
C. Postrouting
D. Input
E. Forward

46. Using the mangle facility, it is more efficient (uses less router CPU) to mark
packets than to mark connections.
A. False
B. true
47. Which of the following actions have an implicit "passthrough"? (select all that
apply)
A. add src to address list
B. log
C. drop
D. accept

48. An IP packet has matched all the conditions of a firewall rule and the action
reject and the option icmp-network-unreachable was initiated for that packet.
What will happen with the contents of the packet?
A. The whole packet will be forwarded back to the sender regardless of its
contents
B. The packet will be discarded regardless of its content
C. The packet header will receive a flag of 'icmp-network-unreacheble
D. The packet will be rejected only if the destination network is unreachable

49. If ARPply-on figured on an interface, this interface will

A accept all MAC-ados listed in 'ip arp' as static entries
B. accept all IP addresses listed in ip arp' as static entries
c. add new IP addresses in ip arp' list
D. accept IP and MAC address combinations listed in 'ip arp' list
E add new MAC addresses in 'ip arp' list

50. A firewall rule is used to redirect all incoming DNS requests. What is the source
IP address generated in the response by the router?
A. Source IP address of the response is broadcast to indicate the response was
generated by proxy
B. Source IP address of the response is the same as destination IP address of the
original request
c. Source IP address of the response is the highest active loopback bridge interface
of the router
D. Source IP address of the response is IP address of router's out interface
51. Domain Name System (DNS) requests can use protocol/port:
A. TCP 80
B. UDP 53
C. UDP 80
D. TCP 53

52. An ISP is running a transparent proxy on the router. You want to restrict certain
clients from accessing the proxy. Which firewall chain would you create the rule in:
A. Output
B. Prerouting
C. Postrouting
D. Input

53. Where can a routing mark be used?

A. In firewall filters
B. In firewall mangle
C. In queues
D. In routing

54. If ARP=reply-only is configured on an interface, this interface will

A accept all MAC-addresses listed in '/ip arp' as static entries
B. accept all IP addresses listed in /ip arp' as static entries
C. add new IP addresses in /ip arp' list
D. accept IP and MAC address combinations listed in /ip arp' list

55. According to the picture, if both laptops have same priority, how much
bandwidth will be available for every laptop?
A.4
B.3
C.1
D.2
56. You wa to offeic route to your DHCP clients (besides the default-route). What is
the best way to that?
A. Set DHC options
B. Set a static IP into fip r and it will automatically be sent to clients
C. Set DHCP options 121
D. There is no way to send a static-route to DHCP clients

57. One DHCP relay can work with several DHCP servers from the same router
(using specific addresses ranges).
A. false
B. true

58. Router has wireless and ethernet client interfaces, all client interfaces are
bridged. To create a DHCP service for all clients, DHCP server must be configured
on:
A. Only on the bridge interface
B. DHCP service is not possible in this setup
C. Every bridge port
D. Ethernet and wireless interfaces

59. How to Mangle be applied to dynamically created PPTP client interfaces:

A. It is no possibthis
B. By using the Address list in the associated PPP Profile
c. By enabling the PPTP Use Firewall' setting in the associated PPP Profile
D. By directly using the dynamic PPTP interface as a Mangle "In interface'