Mtctce
Mtctce
11. An IP packet has matched all the conditions of a firewall rule and the action reject
and the option icmp-network-unreachable was initiated for that packet. What will happen
with the contents of the packet?
A. The whole packet will be forwarded back to the sender regardless of its contents
B. The packet will be rejected only if the destination network is unreachable
C. The packet header will receive a flag of 'icmp-network-unreacheble'
D. The packet will be discarded regardless of its content
12. Consider the following network diagram. You need to permit the users on the
192.168.0.0/24 network access to a webserver (tcp/80) at IP address 192.168.1.199. You
do NOT want them to access any other services or devices on the 192.168.1.0/24 network.
Which of the following rulesets would accomplish this task?
A. /ip firewall filter add chain-forward protocol=tcp dst-port=80 action=accept add
chain-forward dst-address 192.168.1.0/24 action=drop
B. /ip firewall filter add chain-forward dst-address=192.168.1.199 protocol=tcp src-
port=80 action=accept add chain-forward dst-address=192.168.1.0/24 action=drop
C. /ip firewall filter add chain-output dst-address=192.168.1.199 action=accept add
chain-output dst- address=192.168.1.0/24 action=drop
D. /ip firewall filter add chain-output dst-address=192.168.1.199 protocol=tcp dst-
port=80 action=accept add chain-output dst-address=192.168.1.0/24 action=drop
E. /ip firewall filter add chain-forward dst-address=192.168.1.199 protocol=tcp dst-
port=80 action=accept add chain-forward dst-address=192.168.1.0/24 action=drop
13. How can Mangle rules be applied to dynamically created PPTP client interfaces:
A. By enabling the 'PPTP Use Firewall' setting in the associated PPP Profile
B. It is not possible to do this
C. By using the Address List feature in the associated PPP Profile
D. By directly using the dynamic PPTP interface as a Mangle 'In interface’
14. The Simple Queue Total tab controls both upload and download totals aggregated
together.
A. False
B. True
16. Router has wireless and ethernet client interfaces, all client interfaces are
bridged. To create a DHCP service for all clients, DHCP server must be configured on:
A. Only on the bridge interface
B. DHCP service is not possible in this setup
C. Ethernet and wireless interfaces
D. Every bridge port
17. You have a queue structure:
queue "MK" max-limit=23M
-queue "A" parent="MK" limit-at-10M max-limit=18M
--queue "AA" parent="A" limit-at-3M max-limit=5M priority=1
--queue "AB" parent="A" limit-at-1M max-limit=2M priority=2
--queue "AC" parent="A" limit-at-4M max-limit=8M priority=4
-queue "B" parent="MK" limit-at=10M max-limit=18M
--queue "BA" parent="B" limit-at-1M max-limit=10M priority=1
--queue "BB" parent="B" limit-at-2M max-limit=3M priority=3
Select the correct answer for the worst case scenario when all queues are trying to
get all available traffic.
A. queue "AA" will get 5M, "AB" 2M, "AC" 8M, "BA" 10M, "BB" 2M
B. queue "AA" will get 5M, "AB" 2M, "AC" 8M, "BA" 10M, "BB" 3M
C. queue "AA" will get 3M, "AB" 1M, "AC" 8M, "BA" 1M, "BB" 3M
D. queue "AA" will get 5M, "AB" 2M, "AC" 4M, "BA" 10M, "BB" 2M
E. queue "AA" will get 3M, "AB" 2M, "AC" 4M, "BA" 10M, "BB" 2M
22. Choose the correct PCQ argument values to allow 256kbps maximum download
and upload for each client:
A. kind=pcq pcq-rate=256000 pcq-classifier-src-address
B. kind=pcq pcq-rate=1256000 pcq-classifier=dst-address
C. kind=pcq pcq-rate=5000000 pcq-classifier-src-address
D. kind-pcq pcq-rate=5000000 pcq-classifier=dst-address
E. kind=pcq pcq-rate=256000 pcq-classifier-dst-address
28. SFQ - Stochastic Fairness Queuing (SFQ) is ensured by hashing and round-robin
algorithms. How many different hash values (substreams) can SFQ have?
A. 65535
B. depends on free memory C. 128
D. 1024
29. You wish to secure your RouterOS system. You do not want the RouterOS to be
discoverable using MNDP or CDP. You also want to deny management via the MAC addresses
on all interfaces. Select the correct actions to accomplish this.
A. Remove/Disable all interfaces under mac-Server winbox
B. Remove/Disable all discovery interfaces
C. Add a Deny All input firewall rule
D. Remove/Disable all interfaces under mac-server telnet
E. Place a proper forward firewall rule to block mac discovery
F. Place a proper input firewall rule to block mac discovery
31. It is required to make a web server on a private LAN visible on the Public
Internet. Only the web server port should be visible to the public. Which of the following
configuration steps must be met. (select all that apply)
A. Connection Tracking must be enabled on NAT router
B. Public IP address of the webserver must be installed on the NAT Router
C. A route between the NAT Router and the webserver must exist
32. It is required to make a web server on a private LAN visible on the Public
Internet. Only the web server port should be visible to the public. Which of the
following configuration steps must be met. (select all that apply)
A. Connection Tracking must be enabled on NAT router
B. Public IP address of the webserver must be installed on the NAT Router
C. A route between the NAT Router and the webserver must exist
D. in ip firewall NAT there should be a dst-nat between the public ip of the router
and the private ip of the webserver
E. LAN address of the webserver should be routable on the internet
34. Rate-Limit rule below can be used to create a dynamic queue at MikroTik
HotSpot. Select the corresponding settings which will be created, 128k/128k 200k/
200k 170k/170k 60/60 1 64k/64k
A. [Rate] [Burst] [Burst Threshold] [Time] [Priority] [MIR]
B. [Rate] [Time] [Burst Threshold] [Time] [Priority] [CIR] OC. [Rate] [Burst Time]
[Burst Threshold] [Priority] [CIR]
D. [Burst] [Rate] [Burst Threshold] [Time] [Priority] [CIR]
E. [Rate] [Burst] [Burst Threshold] [Time] [Priority] [CIR]
35. You want to offer a static route to your DHCP clients (besides the default-
route). What is the best way to do that?
A. Set DHCP options 3
B. Set DHCP options 121
C. Set a static IP into /ip route and it will automatically be sent to clients
D. There is no way to send a static-route to DHCP clients
36. Which of the following configuration steps must be met. (select all that apply)
A. Connection Tracking must be enabled on NAT router
B. Public IP address of the webserver must be installed on the NAT Router
C. A route between the NAT Router and the webserver must exist
D. in ip firewall NAT there should be a dst-nat between the public ip of the router
and the private ip of the
webserver
E. LAN address of the webserver should be routable on the internet
38. Rate-Limit rule below can be used to create a dynamic queue at MikroTik
HotSpot. Select the corresponding settings which will be created, 128k/128k 200k/
200k 170k/170k 60/60 1 64k/64k
A. [Rate] [Burst] [Burst Threshold] [Time] [Priority] [MIR]
B. [Rate] [Time] [Burst Threshold] [Time] [Priority] [CIR]
C. [Rate] [Burst Time] [Burst Threshold] [Priority] [CIR]
D. [Burst] [Rate] [Burst Threshold] [Time] [Priority] [CIR]
E. [Rate] [Burst] [Burst Threshold] [Time] [Priority] [CIR]
39. You want to offer a static route to your DHCP clients (besides the default-
route). What is the best way to do that?
A. Set DHCP options 3
B. Set DHCP options 121
C. Set a static IP into /ip route and it will automatically be sent to clients
D. There is no way to send a static-route to DHCP clients
40. Mangle rule "Change MSS" applies to
A. GRE
B. TCP
C. UDP
D. ICMP
E. IGMP
Which of the following CLI commands in Terminal will route all users' DNS requests
to use these new DNS servers without requiring any change to the configurations on
their computers (select any that are required):
A. ip dns set servers 195.213.7.1,195.213.7.6
B. ip dhcp-server network set [find gateway=-192.168.10.254] dns-
server-192.168.10.254
Clip dns set allow-remote-requests=yes servers=195.213.7.1,195.213.7.6
D. /ip firewall nat add chain=srcnat protocol=tcp port=53 action=redirect to-
ports=53
E. /ip firewall nat add chain=dstnat protocol=tcp dst-port=53 action=redirect to-
ports=53
F /ip firewall nat add chain=srcnat protocol=udp port=53 action=redirect to-
ports=53
G. /ip firewall nat add chain=dstnat protocol=udp dst-port=53 action=redirect to-
ports=53
42. An IP packet has mall the conditions of a firewall rule and the action reject and
the option icmp-network-unreachable was initiated for that packet. What will
happth the contents of the packet?
A. The whole packet will be lo,warded back to the sender regardless of its contents
B. The packet will be discarded regardless of its content
C. The packet header will receive a flag of icmp-network-unreacheble'
D. The packet will be rejected only if the destination network is unreachable
43. Simple Queue number 0 defines 2M for upload and download for target IP
10.10.0.33. Simple Queue number 1 defines 4M for upload and download for target
IP 10.10.0.33.
The maximum bandwidth that the client 10.10.0.33 is be able to obtain is:
A. 6M upload/download
B. 4M upload/download
C. OM upload/download
D. 2M upload/download
45. An ISP is running a torent proxy on the router. You want to restrict certain
clients from accessing the proxy. Which firewall chain would you create the rule in:
A. Output
B. Prerouting
C. Postrouting
D. Input
E. Forward
46. Using the mangle facility, it is more efficient (uses less router CPU) to mark
packets than to mark connections.
A. False
B. true
47. Which of the following actions have an implicit "passthrough"? (select all that
apply)
A. add src to address list
B. log
C. drop
D. accept
48. An IP packet has matched all the conditions of a firewall rule and the action
reject and the option icmp-network-unreachable was initiated for that packet.
What will happen with the contents of the packet?
A. The whole packet will be forwarded back to the sender regardless of its
contents
B. The packet will be discarded regardless of its content
C. The packet header will receive a flag of 'icmp-network-unreacheble
D. The packet will be rejected only if the destination network is unreachable
50. A firewall rule is used to redirect all incoming DNS requests. What is the source
IP address generated in the response by the router?
A. Source IP address of the response is broadcast to indicate the response was
generated by proxy
B. Source IP address of the response is the same as destination IP address of the
original request
c. Source IP address of the response is the highest active loopback bridge interface
of the router
D. Source IP address of the response is IP address of router's out interface
51. Domain Name System (DNS) requests can use protocol/port:
A. TCP 80
B. UDP 53
C. UDP 80
D. TCP 53
52. An ISP is running a transparent proxy on the router. You want to restrict certain
clients from accessing the proxy. Which firewall chain would you create the rule in:
A. Output
B. Prerouting
C. Postrouting
D. Input
55. According to the picture, if both laptops have same priority, how much
bandwidth will be available for every laptop?
A.4
B.3
C.1
D.2
56. You wa to offeic route to your DHCP clients (besides the default-route). What is
the best way to that?
A. Set DHC options
B. Set a static IP into fip r and it will automatically be sent to clients
C. Set DHCP options 121
D. There is no way to send a static-route to DHCP clients
57. One DHCP relay can work with several DHCP servers from the same router
(using specific addresses ranges).
A. false
B. true
58. Router has wireless and ethernet client interfaces, all client interfaces are
bridged. To create a DHCP service for all clients, DHCP server must be configured
on:
A. Only on the bridge interface
B. DHCP service is not possible in this setup
C. Every bridge port
D. Ethernet and wireless interfaces