latihan beda banget.pdf MTCNA Alfabet.pdf MTCNA Edward lulus.pdf MTCNA Mas Arya.pdf mtcna.pdf mtcre 1.pdf mtcre 2.pdf mtcre3.pdf My Exam MTCNA 2016 02.pdf SOAL + JAWABAN MTCRE 1_Kusuma.pdf SOAL + JAWABAN MTCRE 2_Giri.pdf soal mikrotik frengky .pdf SOAL TEST MTCNA MIKROTIK.pdf buat pak dedi.pdf Contoh Soal MTCNA.pdf DOC-20160416-WA0001.pdf FULL SOAL UJIAN MIKROTIK.pdf jawaban jon!!! (2).pdf jawaban jon!!!.pdf
00:02:54 last save: 2016-05-20 11:14:47
1. It is possible to create an encrypted PPPoE tunnel in RouterOS:
true 2. How long is level 1 (free) license valid? A. 1 year B. Infinite time C. 24 hours D. 1 month 3. Which type of encryption could be used to establish a connection with a simple passkey without using a 802.1X authentication server? A. WPA PSK/WPA2 PSK B. WPA EAP/WPA2 EAP 4. What is the minimal possible wireless configuration to create an Access Point? A. radio name B. scan-list C. frequency D. band E. ssid F. DFS mode G. WDS H. mode 5. Which port does PPTP use by default? A. TCP 1721 B. UDP 1721 C. TCP 1723 D. UDP 1723 6. Mark all correct answers
A. /ip firewall filter allows to deny authentication to AP B. Wireless access-list could allow and deny connect to your AP C. Default-Forwarding could be enabled for a specific clients by wireless access-list D. The only way to prevent wireless clients connections - disable wireless interface 7. You want to use PCQ and allow 256k maximum download and upload for each client. Choose correct argument values for the required queue. A. kind=pcq pcq-rate=5000000 pcq-classifier=dst-address B. kind=pcq pcq-rate=1256000 pcq-classifier=dst-address
C. kind=pcq pcq-rate=5000000 pcq-classifier=src-address D. kind=pcq pcq-rate=256000 pcq-classifier=dst-address E. kind=pcq pcq-rate=256000 pcq-classifier=src-address 8. To connect your MikroTik router to a wireless access point, you have to: A. Use the same SSID as on accesspoint B. Use the same Radio Name C. Use the same Band (5 GHz, 2.4 GHz, ...) 9. Firewall NAT rules process only the first packet of each connection.
false 10. In which situations Netinstall can not be used to install RouterOS on a RouterBOARD? A. The router is connected only to a secondary Ethernet port B. The router does not have an operating system C. The password of the router is not known D. The router is connected only to a wireless network 11. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. advanced-tools B. routing C. no extra package required D. dhcp 12. When adding a static route, you must always ensure that you add both the gateway and the interface.
false 13. Bridging loops can be avoided by enabling: A. RSTP protocol B. STP protocol C. Connection tracking D. UDP filter E. ICMP filter 14. Netinstall can be used to A. Keep configuration, but reset a lost admin password B. Reinstall software without losing licence C. Install different software version (upgrade or downgrade) D. Install package for different hardware architecture 15. For user in local PPP Secrets/PPP Profiles database, it is possible to
A. Allow/deny use of more than one login by this user B. Allow login by PPPoE and PPTP, but deny login by L2TP C. Set max values for transferred data (Rx/Tx) D. Allow only PPPoE login E. Deny services (like telnet) only for this user or for one group of users 16. What is necessary for PPPoE client configuration? A. Interface (on which PPPoE client is going to work) B. Static IP address on PPPoE client interface C. ip firewall nat masquerade rule 17. Evaluate the following information: Access Point configuration: -- wlan1 is in 'AP-Bridge' mode -- Bridge1 has wlan1 and ether1 as ports CPE configuration: -- wlan1 is in 'Station-Bridge' mode -- Bridge1 has wlan1 and ether1 as ports Select protocols that will pass from ether1 on the CPE to ether1 on the Access Point. A. IPv4 B. ARP C. USB D. BGP E. Firewire F. IPv6 G. DHCP H. PPPoE 18. Mark all packages required for PPPoE server on MikroTik RouterOS A. ppp B. user-manager C. radius D. synchronous E. system 19. Action=redirect applies to
A. Firewall Filter rules B. DST-NAT rules C. Route rules D. SRC-NAT rules
20. One host on an internal network is accessing an external web page through a MikroTik router that is doing source NAT. Select correct statement about the packets that flow from that web page to the host ? A. Packets go through the output chain B. Packets go through the forward chain C. Packets go through the input chain before the routing decision and after that through output chain D. Packets go through the input chain 21. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These flags mean:
A. Dynamic, Active, Connected B. Direct, Available, Connected C. Dynamic, Active, Console D. Dynamic, Available, Created 22. Simple Queue number 0 defines 2M for upload and download for target IP 10.10.0.33. Simple Queue number 1 defines 4M for upload and download for target IP 10.10.0.33. Client 10.10.0.33 is be able to obtain A. 0M upload/download B. 6M upload/download C. 4M upload/download D. 2M upload/download 23. The total-max-limit under Simple Queues will limit the combined upload and download of the targetaddress of your simple queue.
true 24. To be able to do NAT, the connection tracking does not need to be enabled.
true 25. Which of the following Routes statuses are possible? A. S = Static B. C = Connected C. A = Active D. D = Drop
1. When setting "Frequency Mode" value to Regulatory Domain, and setting "country", this changes the available frequencies and power output levels available for selection to only those allowed for the selected country? true
2. You want to use PCQ and allow 256k maximum download and upload for each client. Choose correct argument values for the required queue. A. kind=pcq pcq-rate=5000000 pcq-classifier=srcaddress B. kind=pcq pcq-rate=1256000 pcq-classifier=dstaddress C. kind=pcq pcq-rate=256000 pcq-classifier=dstaddress D. kind=pcq pcq-rate=256000 pcq-classifier=srcaddress E. kind=pcq pcq-rate=5000000 pcq-classifier=dstaddress 3. What is necessary for PPPoE client configuration? A. Interface (on which PPPoE client is going to work) B. Static IP address on PPPoE client interface C. ip firewall nat masquerade rule 4. Which port does PPTP use by default? A. UDP 1723 B. TCP 1723 C. UDP 1721 D. TCP 1721 5. To be able to do NAT the connection tracking does not need to be enabled. true
6. Is it possible to limit how many clients are able to connect to an access point? A. Yes B. No it's not possible at all C. Yes, but only with access-lists 7. Which are necessary sections in /queue simple to set bandwidth limitation? A. target-address, dst-address, max-limit B. target-address, max-limit C. max-limit D. target-address, dst-address
8. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. no extra package required B. routing C. advanced-tools D. dhcp 9. You want to transfer existing '/ip firewall filter' configuration from one router to a new system. Choose the best possible way to do: A. Export global configuration and remove everything apart from '/ip firewall filter' B. Create backup only of '/ip firewall filter' rules C. Export only '/ip firewall filter' D. Create backup, edit backup file and restore on target router 10. The total-max-limit under Simple Queues will limit the combined upload and download of the target-address of your simple queue. true
11. What is the minimal possible wireless configuration to create an Access Point? A. mode B. scan-list C. DFS mode D. WDS E. radio name F. ssid G. frequency H. band 12. Which configuration menu should you use to change router's Winbox default port? A. /ip service B. /ip firewall filter C. /ip firewall service-ports D. /system resource 13. There can be more than one PPPoE server in a single broadcast domain: true
14. Consider the following diagram. We want to communicate from a device on LAN1 to a device on LAN2. Assuming that all necessary configurations are already included on R2, which of the following configurations in R1 would enable this communication?
A. /ip route add dst-address=0.0.0.0/0 gateway=192.168.99.2 B. /ip route add dst-address=192.168.0.0/24 gateway=192.168.0.1 C. /ip route add dst-address=0.0.0.0/0 gateway=Ether1 D. /ip route add dst-address=192.168.1.0/24 srcaddress=192.168.0.0/24 gateway=192.168.99.2 E. /ip route add dst-address=192.168.1.0/24 gateway=192.168.99.2 15. Which following option(s) is/are considered as good practice when dealing with rogue DHCP servers? A. Use the DHCP Server alert system B. Input on CLI '/ip dhcp-server authoritative=yes' C. Enable 'Always Broadcast' option D. Enable 'Add ARP for Leases' option E. Use only static leases 16. For user in local PPP Secrets/PPP Profiles database, it is possible to A. Set max values for transferred data (Rx/Tx) B. Deny services (like telnet) only for this user or for one group of users C. Allow login by PPPoE and PPTP, but deny login by L2TP D. Allow/deny use of more than one login by this user E. Allow only PPPoE login 17. What is the correct action for a NAT rule on a router that should intercept SMTP traffic and send it over to a specified mail server?
A. dst-nat B. passthrough C. redirect D. tarpit 18. What does the firewall action "Redirect" do? Select all true statements. A. Redirects a packet to a specified IP B. Redirects a packet to a specified port on the router
C. Redirects a packet to a specified port on a host in the network D. Redirects a packet to the router 19. When sending out an ARP request, an IP host is expecting what kind of address for an answer?
A. IP address B. VLAN ID C. 802.11g D. MAC Address 20. Mark correct statement. A. Backup files are editable B. Backup files are not editable C. Export files are not editable 21. When using routing option 'check-gateway=ping' what is the ICMP echo request interval (in seconds)? A. 20s B. 60s C. 10s D. 30s 22. Which of the protocols below is used by Netinstall? A. bootp B. arp C. dhcp D. rarp 23. By default info, error and warning messages are logged into memory of your RouterOS device. You can add logging of visited web-pages and other message topics true
24. Which of the following would prevent unknown clients from connecting to your AP? Choose the BEST answer. A. Uncheck "Default Authenticate" in the wireless card configuration, and add each known client's MAC address to your access-list configuration ensuring that you enable "authenticate" in the entry B. Configure the radius server under "/radius" C. Uncheck "Default Authenticate" in the wireless card configuration, and add each known client's MAC
address to your connect-list configuration D. Check the "Do not permit unknown client" box in the wireless configuration E. Add each known client's MAC address to your access-list configuration is the only step needed 25. Consider the following network diagram. In R1, you have the following configuration: /ip route add dst-address=192.168.1.0/24 gateway=192.168.99.2 /ip firewall nat add chain=srcnat out-interface=Ether1 action=masquerade On R2, if you wish to prevent all access to a server located at 192.168.1.10 from LAN1 devices, which of the following rules would be needed? A. /ip firewall filter add chain=forward srcaddress=192.168.0.0/24 dst-address=192.168.1.10 action=drop B. /ip firewall filter add chain=input srcaddress=192.168.99.1 dst-address=192.168.1.10 action=drop C. /ip firewall filter add chain=forward srcaddress=192.168.99.1 dst-address=192.168.1.10 action=drop D. /ip firewall nat add chain=dstnat srcaddress=192.168.99.1 dst-address=192.168.1.10 action=drop
/ 1. / interface wireless access-list is use for : A. Shows a list of clients MAC address to permit/deny registered to AP B. Autenticate Hotspot users C. Handles a list of clients MAC address to permit/deny connection to AP D. Contains the security profiles settings. 2./interface wireless Access-List is use for Handes a list of clients MAC Address to permit/deny connection to AP
A 1. Action=redirect is applied in A. chain=srcnat B. chain=dstnat C. chain=forward 2. Action=redirect allows you to make A. Transparent DNS Cache B. Forward DNS to another device IP address C. Enable Local Service D. Transparent HTTP Proxy 3. A PC with IP 192.168.1.2 can access internet, and static ARP has been set for that IP address on gateway. When the PC Ethernet card failed, the user change it with a new card and set the same IP for it. What else should be done? a. Old static ARP entry on gateway has to be updated for the new card b. Nothing - it will work as before c. MAC-address of the new card has to be changed to MAC address of old card d. Another IP has to be added for Internet access 4. A network ready device is directly connected to a MikroTik RouterBOARD 750 with a correct U.T.P. RJ45 functioning cable. The device is configured with an IPv4 address of 192.168.100.70 using a subnet mask of 255.255.255.252. What will be a valid IPv4 address for the RouterBOARD 750 for a successful connection to the device? A. 192.168.100.70/255.255.255.252 B. 192.168.100.69/255.255.255.252 C. 192.168.100.68/255.255.255.252 D. 192.168.100.71/255.255.255.252
C 1.Choose all valid hosts address range for subnet 15.242.55.62/27 A. 15.242.55.33-15.242.55.63 B. 15.242.55.33-15.242.55.62 C. 15.242.55.32-15.242.55.63 D. 15.242.55.31-15.242.55.62 2. Choose all valid hosts address range for subnet 15.242.55.62/27 A. 15.242.55.31-15.242.55.62 B. 15.242.55.32-15.242.55.63 C. 15.242.55.33-15.242.55.62 D. 15.242.55.33-15.242.55.63 3. Can you manually add drivers to RouterOS in case your PCI Ethernet card is not recognized, and it’s a driver issue? A. Yes B. No 4. Consider the following network diagram. In R1, you have the following configuration: /ip route add dst-address=192.168.1.0/24 gateway=192.168.99.2 /ip firewall nat add chain=srcnat out-interface=Ether1 action=masquerade On R2, if you wish to prevent all access to a server located at 192.168.1.10 from LAN1 devices, which of the following rules would be needed? A. /ip firewall filter add chain=forward src-address=192.168.99.1 dst-address=192.168.1.10 action=drop B. /ip firewall filter add chain=input src-address=192.168.99.1 dst-address=192.168.1.10 action=drop ???? C. /ip firewall nat add chain=dstnat src-address=192.168.99.1 dst-address=192.168.1.10 action=drop D. /ip firewall filter add chain=forward src-address=192.168.0.0/24 dst-address=192.168.1.10 action=drop 5. Check the allowed input formats for wireless scan-list. A. 5500,5700 B. 5500 5700 C. 5500/5700 D. 5500 - 5700 E. 5500-5700 6. Collisions are possible in full-duplex Ethernet networks. FALSE
7. Configuring HotSpot is Possible on Mikrotik RouterOS only with a wireless interface FALSE
D 1.
F 1. For static routing functionality, additionally to the RouterOS system package, you will also need the following software package: A. none B. dhcp C. routing D. advanced-tools 2. From which of the following locations can you obtain Winbox? A. Router’s webpage B. Files menu in your router C. Via the console cable D. mikrotik.com 3. JAWABAN : TRUE
H 1.How many usable IP addresses are there in a 20-bit subnet? 4096 2048 2047 4094 2046 2.How many layers does Open System Interconnection model have? 12 9 6 5 7 3.How many usable IP addresses are there in a 23-bit (255.255.254.0) subnet? 510 254 508 512 4.How many bits are in a subnet mask for an IPV4 network ? 16 none 8 32 5. How long is level 1 (demo) license valid? A. 24 hours B. Infinite time C. 1 month D. 1 year 6. How many different priorities can be selected for queues in MikroTik RouterOS? A. 8 B. 16 C. 0 D. 1 7. Hotspot ip-binding is used to allow access to Internet web servers specifing the IP address of the web server instead of the URL. FALSE 8. How many IP addresses can one find in the header of an IP packet? A.1 B.2 C.3 D.4
I 1.In MikroTik RouterOS layer-3 communication between 2 hosts can be achieved with A. /29 B. /31 C. /32 D. /30 2. It is possible to add user-defined chains in ip firewall mangle ->> TRUE 3. If you need to make sure that one computer in your HotSpot network can access the Internet without HotSpot authentication, which menu allows you to do this? A. Users B. IP bindings C. Walled-garden D. Walled-garden IP
4. If ARP=reply-only is configured on an interface, what will this interface do A. Add new IP addresses in /ip arp list B. Accept all IP/MAC combinations listed in /ip arp as static entries C. Add new MAC addresses in /ip arp list D. Accept all IP addresses listed in /ip arp as static entries E. Accept all MAC-addresses listed in /ip arp as static entries 5. It is impossible to disable user "admin" at the menu "/user" ->> FALSE 6. If a packet comes to a router and starts a new, previously unseen connection, which connection state would be applied to it? A. new B. established C. unknown D. invalid E. no connection state would be applied to such packet 7. Is ARP used in the IPv6 protocol ? ->> FALSE --> menggunakan ndp sebagai pengganti arp 8. If ARP=reply-only is enabled on one router interface, router can add dynamic ARP entries for the particular interface. FALSE 9. Is it possible for a client to get an IP address but no gateway after a successful DHCP request? ->> FALSE 10. Is it posible to have PPTP Client an PPTP Server on one MikroTik router at same time? ->> TRUE 11 JAWABAN : TRUE .
12. JAWABAN : D (Upload+Download)
13. JAWABAN : A C
M 1.Mark Public IP addresses 11.63.72.21 192.168.0.1 172.168.254 172.28.73.21 10.110.50.37 2.MAC layer by OSI model is also known as Layer 3 Layer 2 Layer 1 Layer 6 Layer 7 3. Mark all correct statements about /export (rsc file). A. Exports logs from /log print B. Exports full configuration of the router C. Exports only part of the configuration (for example /ip firewall) D. Exports scripts from /system script E. Exports files could not edited 4. Mark all features that are compatible with Nstreme A. WDS between a device in station-wds mode and a device in station-wds mode X B. Encryption X C. WDS between a device in ap-bridge mode with a device in station-wds mode D. Bridging a device in station mode with a device in ap-bridge mode X 5. MikroTik RouterOS DHCP client can receive following options A. Byte limit B. IP Gateway C. Rate limit D. Uptime limit E. IP Address and Subnet 6. Mark the queue types that are available in RouterOS A. SFQ – Stochastic Fairness Queuing B. DRR - Deficit Round Robin C. FIFO - First In First Out (for Bytes or for Packets) D. LIFO - Last In First Out E. PCQ – Per Connection Queuing F. RED – Random Early Detect (or Drop)
P 1. JAWABAN : A B C
O 1. On the advanced menu of the wireless setup there is a parameter called "Area", it works directly with: A. Connect List +++ B. Access List C. None of these D. Security Profile
R 1.. Router A and B are both running as PPPoE servers on different broadcast domains of your network. Is it possible to set Router A to use "/ppp secret" accounts from Router B to authenticate PPPoE customers ? FALSE 2. JAWABAN : A
S 1.Select valid SUBNET masks: 255.192.0.0 255.255.224.0 192.0.0.0 255.255.192.255 2. Select which of the following are 'Public IP addresses': A. 10.110.50.37 B. 11.63.72.21 C. 172.28.73.21 D. 192.168.0.1 E. 172.168.254.2 3.JAWABAN : A D
T 1.The basic unit of a physical network (OSI Layer 1) is the: Header Bit Byte Frame 2.The network address is A. The first usable address of the subnet B. The last address of the subnet C. The first address of the subnet 3.Two hosts, A and B, are connected to a broadcast LAN. Select all the answers showing pairs of IP address/mask which would allow IP connections to be established between the two hosts. A: 10.2.1.0/23 and B: 10.2.0.1/22 A: 10.2.2.1/23 and B: 10.2.0.1/22
A: 10.1.2.192/24 and B: 10.1.2.129/26 A: 10.1.2.66/25 and B: 10.1.2.109/26 4. Two hosts, A and B, are connected to a broadcast LAN. Select all the answers showing pairs of IP address/mask which would allow IP connections to be established between the two hosts. A. A: 10.1.2.66/25 and B: 10.1.2.109/26 B. A: 10.2.2.1/23 and B: 10.2.0.1/22 C. A: 10.1.2.192/24 and B: 10.1.2.129/26 D. A: 10.2.1.0/23 and B: 10.2.0.1/22 5. The HotSpot feature can be used only on ethernet interfaces. You have to use a separate access point if you want to use this feature with wireless.
6. To make all DNS requests coming from your network to resolve on your router (regardless of the clients configuration) which action would you specify of the DST-NAT rule? A. Masquerade B. DST-NAT C. you can’t use DST-NAT to archive this D. Redirect 7. There are two routes in the routing table: 0 dst-addr=10.1.1.0/24 gateway=5.5.5.5 1 dst-addr=10.1.1.4/30 gateway=5.6.6.6 Which gateway will be used to get to the IP address 10.1.1.6? A. 5.6.6.6 B. the required route is not in the routing table C. 5.5.5.5 D. both - half of the traffic will be routed through one gateway, half through the other 8.
9. JAWABAN : FALSE
w 1.Which ones of the following are valid IP addresses? 1.27.14.254 192.168.256.1 192.168.13.255 10.10.14.0 2.Which one is NOT a valid MAC Address? 88:0C:00:99:5F:EF 13:16:86:53:89:43 95:B5:DD:EE:78:8A 80:GF:AA:67:13:5D
EA:BA:AA:EE:FF:CB
3.What protocol does ping use? ICMP UDP TCP ARP 4. What wireless card can we use to achieve 100 Mbps actual wireless throughput? A. 802.11 b/g B. 802.11 a/b/g C. 802.11 a D. 802.11 a/n E. 802.11 a/b/g/n 5. Which is correct masquerade rule for 192.168.0.0/24 network on the router with outgoing interface=ether1? A. /ip firewall nat add action=masquerade chain=srcnat B. /ip firewall nat add action=masquerade chain=srcnat src-address=192.168.0.0/24 C. /ip firewall nat add action=masquerade out-interface=ether1 chain=dstnat D. /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1 6. What letters appear next to a route, which is automatically created by RouterOS when user adds a valid address to an active interface? A. I B. D C. A D. C E. S 7. Which are necessary sections in /queue simple to set bandwidth limitation? A. target-address, max-limit B. target-address, dst-address, max-limit C. target-address, dst-address D. max-limit 8. What protocol is used for Ping and Trace route? A. DHCP B. IP C. TCP D. ICMP E. UDP
9. Why is it useful to set a Radio Name on the radio interface? A. To identify a station in a list of connected clients B. To identify a station in the Access List C. To identify a station in Neighbor discovery 10. What kind of users are listed in the Secrets window of the PPP menu? A. pptp users B. l2tp users C. winbox users D. wireless users E. pppoe users F. hotspot users 11. Which default route will be active? /ip route add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.1 add disabled=no distance=5 dst-address=0.0.0.0/0 gateway=2.2.2.2 A. Route via gateway 1.1.1.1 B. Route via gateway 2.2.2.2 12. What menus should be used to allow certain websites to be accessed from behind a hotspot interface, without client authentication A. ip hotspot ip-binding B. ip hotspot profile C. ip hotspot walled-garden +++ D. ip hotspot walled-garden ip 13. Which of the following is true for connection tracking A. Enabling connection tracking reduces CPU usage in RouterOS B. Connection tracking must be enabled for firewall to be effective C. Connection tracking must be enable for NAT'ed network D. Disable connection tracking for mangle to work 14. Which of these are possible solutions to bridge two networks over a wireless link: A. Both devices in AP mode and enable WDS mode B. One device in AP mode, another one in station-pseudobridge-clone C. One device in AP mode, another one in station-pseudobridge D. One device in AP mode, another one in station 15. Which of the following Routes statuses are possible? A. C = Connected B. S = Static C. A = Active D. D = Drop
16. When backing up your router by using the 'Export' command, the following happens: A. Winbox usernames and passwords are backed up B. The Export file can be edited with a standard text editor after its creation C. You are requested to give the export file a name 17. We have two radio cards in a point-to-point link with settings: Card Nr 1.: mode=ap-bridge ssid="office" frequency=2447 band=2.4ghz-b/g default-authentication=yes default-forwarding=yes securityprofile=wpa Card Nr 2.: mode=station ssid="office" frequency=2412 band=2.4ghz-b/g default-authentication=yes default-forwarding=yes securityprofile=wpa2 Is Card Nr2. able to connect to Card Nr 1.? A. Yes, if Nstreme is enabled or disabled on both B. Yes, when security profile settings are compatible with each other and Nstreme is enabled or disabled on both C. No, because of the different frequencies D. No, because of the different security profiles 18. What is the default protocol/port of (secure) winbox? A. UDP/5678 B. TCP/8291 C. TCP/22 D. TCP/8080 19. What protocol is used for Ping and Trace route? A. UDP B. ICMP C. IP D. TCP E. DHCP 20. What letters appear next to a route, which is automatically created by RouterOS when user adds a valid address to an active interface? A. S B. I C. A D. D E. C
21. Which is the default port of IP-Winbox? A. TCP 80 B. TCP 8291 C. TCP 8192 D. UDP 8291 22. What kind of users are listed in the "/user" menu? A. router users B. pptp users C. hotspot users D. wireless users 23. Which configuration menu should you use to change router's Winbox default port? A. /ip firewall service-ports B. /ip firewall filter
C. /system resource
D. /ip service
24. What is marked by connection-state=established matcher? A. Packet is related to, but not part of an existing connection B. Packet begins a new TCP connection C. Packet does not correspond to any known connection D. Packet belongs to an existing connection,for example a reply packet or a packet which belongs to already replied connection 25. What wireless modes can be used in a WDS setup? A. ap-bridge B. station C. station-wds D. Bridge E. nstreme-dual-slave 26.Which of the following protocols / port s are used for SNMP. (Simple Network Managemnt Protocol) A.TCP 161 B.TCP 162 C. UDP 161 D.TCP 123 E. UDP 162 F.TCP 25 27.Which computers would be able to communicate directly (without any routers involved) A. 192.168.0.5/26 and 192.168.0.100 B. 10.5.5.1/24 and 10.5.5.100/25 C. 10.10.0.17/22 and 10.10.1.30/23 D. 192.168.17.15/29 and 192.168.17.20/28 28. WPA2Pre-Shared Key (PSK) is enable on AP, all your cliens have to use same PSK. Only virtual AP could be used to allow clients to connect with a different PSK. TRUE 29. What is term for the hardware coded address found on an interface? a. IP Address b. Interface Address c. MAC Address d. FQDN Address 30. What is the default TTL (time to live) on a router that an IP packet can experience before it will be discarded ? a. 60 b. 30 c. 1 d. 64 31. What is the maximum number of ARP entries on a Mikrotik RouterOS device ? A. Unlimited B. 2048 C. 8192
D. 10240
37. What Letters appear next to route, which is automatically created by RouterOS when user adds a valid address to an active interface ? A.I B. C C. S D. D E. A 32. JAWABAN : A
33.JAWABAN : ADF
34. JAWABAN : D
35. JAWABAN : A B C
36. JAWABAN : B C D ???
Y 1.You have a router with configuration - Public IP :202.168.125.45/24 - Default gateway:202.168.125.1 - DNS server: 248.115.148.136, 248.115.148.137 - Local IP: 192.168.2.1/24 Mark the correct configuration on client PC to access to the Internet. IP:192.168.0.1/24 gateway:192.168.2.1 IP:192.168.2.115/24 gateway: 192.168.2.1 IP:192.168.2.2/24 gateway:202.168.125.45 IP:192.168.2.253/24 gateway:202.168.0.1 IP:192.168.1.223/24 gateway:248.115.148.136 2. You have 802.11b/g wireless card. What frequencies are available to you? A. 5800MHz B. 2412MHz C. 5210MHz D. 2422MHz E. 2327MHz 3. You want to use PCQ and allow 256k maximum download and upload for each client. Choose correct argument values for the required queue. A. kind=pcq pcq-limit=1256000 pcq-classifier=dst-address B. kind=pcq pcq-limit=256000 pcq-classifier=dst-address C. kind=pcq pcq-limit=5000000 pcq-classifier=src-address D. kind=pcq pcq-limit=256000 pcq-classifier=src-address E. kind=pcq pcq-limit=5000000 pcq-classifier=dst-address 4. You need to reboot a RouterBoard after importing a previously exported rsc file to activate the new configuration. TRUE 5. You would like to allow multiple logins with one user name on a HotSpot server. How should this be configured? A. Set "Shared Users" option at /ip hotspot
B. It's not possible C. Set "only-one=no' at /ip hotspot D. Set "Shared Users" option at /ip hotspot user profile
3 harusnya false 5. PPP aja + system 7 true
Puji syukur Tuhan, aku Lulus......................... Thx Mas pembimbing
Pak Arya Ture 1. How long is level 1 (free) lisence valid ? infinite time 2. can you manually add drivers to routerOS in case your PCI Ethernet card is not recognized, and you suspect it is a driver issue ? NO 3. which firewall chain should be used for filters that protect your router interface ? INPUT 4. Netinstall can be used to ? (Reinstall software without losing lisence) dan (install different software version/upgrade and downgrade) 5. Wireless acces point is reqquired for customer. Which RaouterBoard can be used for it ? (RB493 with level 4 lisence) dan (RB433 with level 4 lisence) 6. You start a scan for wireless networks on you access point. What will happen ? All connected clients will disconnect 7. Which of the following routes statuses are posible ? (S=static) (A=active) 8. You want to use PCQ and allow 256k maximum download and upload for each client. Chose correct argument values for the required queue.
9. It possible to acces Mikrotik graphs on a different port than HTTP port 80. FALSE 10. a mikrotik PPPoe server can be used only within a broadcast domain, that is, users can not run PPPoe protocol if there is router that splits broadcast domain between the customer and that PPPoE server. TRUE 11. Mark all correct Answers
12. What can be used as target-address in the simple queue ? CLIENT’S Address 13. For user in local PPP secrets/ppp profiles database, it is possible to
14. What is nacessary for PPPoE client Configuration ? Interface (on which PPPoE client is going work) 15. what is meaning of letter “R” on an active session in menu PPP active connections ? Radius 16. in ip firewall NAT. you can classify traffic SRC Nat Chain based on “in-Interface”. FALSE 17. which default route will be active ?
18. DHCP server is configured on a router’s ether1 interface. Ip address 192.168.0.100/24 is assigned to the interface. Possible IP pools, that can be used by this DHCP server, are:
19. After putting this rule: /ip firewall add chain=input action=drop, you will be able to access the router using the mac-address. TRUE 20. Using wirelless connect-list it’s possible to prioritize connection to one access point over another access point by changing the order of the entries. TRUE 21. Where should you upload new Mikrotik RouterOS version packages for upgrading router ? FTP root directory or/files directory other router 22. Log message are stored on disk by default. FALSE 23. What does the firewall action “log” do ? it logs the packet 24. Mark the queue types that are available in RouterOS
25. /ip route configuration on router
1. Why is it useful to set a Radio Name on the radio interfaces? A.To identify a station in Neighbor discovery B.To identify a station in a list of connected clients C.To identify a station in the Access List
2. Which features are removed when advanced-tools packages is uninstalled? A.Bandwith-test B.Ip-scan C.Netwatch D.Neighbors E.LCD support F.Ping
3. /interface wireless access list is used for A.Handles a list of Client's MAC Address to permit/deny connection to AP B.Authenticate Hotspot users C.Contains the security profiles settings D.Shows a list of Client's MAC address that are already registered at AP
4. Action=redirect allows you to make ? A.Transparent DNS Cache B.Enable local service C.Foward DNS to another device IP address D.Transparent HTTP Proxy
5. You have a router with configuration-Public IP : 202.168.125.45/24-Default Gateway : 202.1687.125.1-DNS Server : 248.115.148.136, 248.115.148.137-Local IP : 192.168.2.1/24Mark the connection configuration on client PC to access to the internet A.IP:192.168.2.253/24 gateway:202.168.0.1 B.IP:192.168.0.1/24 gateway:192.168.2.1 C.IP:192.168.1.223/24 gateway:248.115.148.136 D.IP:192.168.2.115/24 gateway:192.168.2.1
6. What protocol is used for Ping and Trace Route? A.IP B.DHCP
C.ICMP D.UDP E.TCP
7. From which of the following locations can you obtain Winbox? A.Mikrotik.com B.Files menu in your router C.Router webpage D.Via the console cable
8. You need to set up an E1(T1) connection with PPP configured. Which License Level is needed? A.Level 4 B.Level 5 C.It cannot be done in RouterOS
9. How many different priorities can be selected for queues in Mikrotik RouterOS? A.16 B.0 C.8 D.1
10. NStreme works only on 40mhz Channel width A.True B.False
11. Which options should be used when you want to prevent access from one spesific address to your router web interface? A.Group setting for System users B.Firewall Filter Chain Forward C.Firewall Filter Chain Input D.WWW service from IP Services
10. Which queue-type is suitable for congested environment but not good on UDP? A.BFIFO
B.RED C.PCQ D.PFIFO E.SCQ
11. What Letter appear next to route, which is automatically created by ROS (RouterOS) when user adds a valid address to an active interface? A.I B.C C.S D.D E.A
13. If you need to make sure that one computer in your Hotspot network can access the internet without Hotspot authentication, which menu allows you to do this? A.Walled-garden B.Users C.IP bindings D.Walled-garden IP
14. Which is a default baud-rate of currently manufactured RouterBOARDs? A.115200 B.3128 C.11520 D.8291
15. In case when router login password is lostm it is necessary to reinstall RouterOS or use hardware reset function. A.True B.False
16. How long is level 1 (demo) license valid? A.24 hours B.1 month C.Infinite time D.1 year
17. Mikrotik RouterOS DHCP client can receive following options A.Uptime Limit B.Byte limit C.IP Address and Subnet D.Rate Limit E.IP Gateway
18. Which is correct masquerade rule for 192.168.0.0/24 network on the router with outgoing interface=ether1 A./ip firewall nat add action=masquerade out-interface=ether1 chain=dstnat B./ip firewall nat add action=masquerade chain=srcnat C./ip firewall nat add action=masquerade chain=srcnat srcaddress=192.168.0.0/24 D./ip firewall nat add action=masquerade chain=srcnat out-interface=ether1
19. Two Host, A and B, are connected to broadcast LAN. Select all the answer showing pairs of IP address/mask which would allow IP connections to be established between the two hosts A.A: 10.1.2.66/25 and B:10.1.2.109/26 B.A: 10.2.2.1/23 and B: 10.2.0.1/22 C.A: 10.1.2.192/24 and B: 10.1.2.129/26 D.A: 10.2.1.0/23 and B: 10.2.0.1/22
20. What kind of users are listed in the Secrets window of the PPP menu? A.Wireless users B.PPPOE users C.Hotspot users D.Winbox users E.L2TP users F.PPTP users
21. Choose all valid hosts address range for subnet 15.242.55.62/27 A.15.242.55.31-15.242.55.62 B.15.242.55.33-15.242.55.63 C.15.242.55.32-15.242.55.63 D.15.242.55.33-15.242.55.62
22. The hotspot feature can be used only on ethernet interfaces. You have to use a separate access point if you want to use this feature with wireless A.Yes B.No
23. Impossible to delete admin user on user table mikrotik A.True B.False
24. Rate Flapping can be avoided by A.Choose larger channels (40 Mhz instead of 20 Mhz) B.Set basic rates to only one data rate like 24 Mbps C.Change ap-bridge to bridge D.Reduce supported rates
25. Which software version can be installed onto the following RouterBoard types? A.Routeros-mipsle-x.xx.npk on a RB133 B.Routeros-x86-x.xx.npk on a RB1100 C.Routeros-mipsbe-x.xx.npk on a RB433 D.Routeros-powerpc-x.xx.npk on a RB333 E.Routeros-mipsbe-x.xx.npk on a RB133
26. Router A and B are both running as PPPoE servers on different broadcast domains of your network. Is it possible to set Router A to use "/ppp secret" accounts from Router B to authenticate PPPoE customers? A.Yes B.No
27. Manakah fakta yang benar mengenai file backup? A.Termasuk file yang tersimpan di /files B.Termasuk username dan password dari /user C.Mencakup seluruh konfigurasi router D.Bisa diedit
28. PPP Secrets are used for A.PPP clients
B.Router users C.L2TP clients D.IPSec clients E.PPPoE clients F.PPTP clients
29. Possible actions of ip firewall filter are: A.Accept B.Tarpit C.Tarp D.Add-to-address-list E.Bounce F.Log
30. Which default route will be active?/ip routeadd disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.1add disabled=no distance=5 dstaddress=0.0.0.0/0 gateway=2.2.2.2 A.Route via gateway 1.1.1.1 B.Route via gateway 2.2.2.2
31. WPA 2 Pre Shared key (PSK) is enabled on AP, all your clients have to use the same PSK. Only Virtual AP could be used to allow clients to connect with a different PSK. A.True B.False
32. An IP address pool can contain address from more than one subnet A.True B.False
33. Mark possible connection states in the connection tracking table A.Syn B.Related C.Invalid D.Closed E.New F.Established
34. To make all DNS request coming from your network to resolve on your router (regardless of clients configuration), which action would you specify for the DST-NAT rule? A.You can't use DST-NAT to achieve this B.Masquerade C.Dst-nat D.Redirect
35. Action = Redirect is applied in A.Chain=dstnat B.Chain=srcnat C.Chain=foward
36. Which of the following actions are available for '/ip firewall mangle' (select all valid actions) A.Accept B.Jump C.Drop D.Mark connection E.Mark packet F.Change MSS
37. For static routing functionality, additionally to the RouterOS system package, you will also need the following software package : A.None B.Advance-tools C.Routing D.Dhcp
38. You have 802.11b/g wireless card. What frequencies are available to you? A.5800MHz B.2327MHz C.5210MHz D.2422MHz E.2412MHz
39. The first two rules in the forward chain of the filter table are :/ip firewall filter add chain=forward connection-
state=established action=accept/ip firewall filter add chain=forward connection-state=invalid action=dropconnection-state=related packets are not filtered by the rules above A.True B.False
40. Can you manually add drivers to RouterOS in case your PCI Ethernet card is not recognized, and it's a driver issue ? A.Yes B.No
7/28/2016
MikroTik Routers and Wireless
Search...
home
software
hardware
support
downloads
purchase
training
account
Overview Support
Logout
[Back To Main Menu] 1. You have a router with the following IP addresses: ether1: 10.40.1.1/24 ether2: 10.250.1.1/30 ether3: 10.251.1.1/30 wlan1: 10.50.1.1/30 wlan2: 10.50.2.1/30 You have a customer directly connected to ether2, and another customer directly connected to ether3. Your wireless radios are used for wireless connectivity to two different towers, and ether1 goes to another wireless access point for other subscribers. You need all of the subnets distributed across your OSPF Network You need to configure OSPF to talk on this router, what would be the best configuration. A. Set Ethernet 1, 2, and 3 to passive mode
00:16:21 Save progress
B. Set Ethernet 2 and 3 to passive mode C. Set DistributeConnected=yes D. Set OSPF Networks to 10.40.1.0/24, 10.250.1.0/30, 10.251.1.0/30, 10.50.1.0/30, and 10.50.2.0/30 E. set distributedefault=alwaystype1 F. Set OPSF networks to 10.0.0.0/8 only G. Set OSPF networks, to 10.50.1.0/30, 10.50.2.0/30 H. Set OSPF networks to 0.0.0.0/0 I. set distributestate=yes J. Set OSPF Networks to 10.40.1.0/24, 10.250.1.0/30, 10.251.1.0/24, 10.50.1.0/30, and 10.50.2.0/30 2. It is possible to filter ospf routes within a single ospf area true
3. There is no way to establish OSPF adjacency when the link doesn\'t support multicast traffic. false
4. When using routing option 'checkgateway=ping' after how many timeouts is gateway considered unreachable: A. 4 B. 2 C. 1 D. 3 5. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is a router between server and enduser host, it will not be able to create PPPoE tunnel to that PPPoE server. true
6. If route type is 'blackhole', then packets to the destination network are going to be A. dropped on this router B. sent back to the previous router C. sent back to the source D. dropped on this router and ICMP message will be sent back to the source 7. Which are correct ECMP routes (mark all that apply): A. dstaddr=0.0.0.0/0 gateway=10.1.1.1,10.2.2.2 B. dstaddr=0.0.0.0/0 gateway=10.1.1.1,10.1.1.1,10.2.2.2 C. dstaddr=0.0.0.0/0 gateway=10.1.1.1,10.1.1.1 D. dstaddr=0.0.0.0/0 gateway=10.1.1.1 8. When using routing option 'checkgateway=ping' what is the ICMP echo request interval (in seconds)? A. 20s B. 30s C. 10s
file:///media/Data/Training/MTCRE%20Training%20Materials/MTCRE2/MikroTik%20Routers%20and%20Wireless.htm
1/4
7/28/2016
MikroTik Routers and Wireless D. 60s
9. A MikroTik system administrator implemented OSPF Routing protocol in the network. But realized that he has a static route on the routers. What can be done to make the static route work as a failover whenever the dynamic routing protocol fails.
A. He should use "netwatch" to trigger static routes whenever OSPF fails B. He should manually disable the static routes and enable them whenever OSPF fails C. Delete all static routes because there is no way for it to work with OSPF D. He should increase the administrative distance of the static route 10. Consider the following diagram. We want to communicate from a device on LAN1 to a device on LAN2. Assuming that all necessary configurations are already included on R2, which of the following configurations in R1 would enable this communication? A. /ip route add dstaddress=192.168.0.0/24 gateway=192.168.0.1 B. /ip route add dstaddress=0.0.0.0/0 gateway=Ether1 C. /ip route add dstaddress=192.168.1.0/24 gateway=192.168.99.2 D. /ip route add dstaddress=192.168.1.0/24 srcaddress=192.168.0.0/24 gateway=192.168.99.2 E. /ip route add dstaddress=0.0.0.0/0 gateway=192.168.99.2 11. New area OSPF \"area1\" has been created. What could be used as a valid area id? A. 0.0.0.1 B. 0.0.0.0 C. 1.2.3.4 12. In OSPF, router can become the DR (Designated Router) only when the priority on it\\\'s interface is set to a value of zero false
13. OSPF starts working on the router as soon as A. the routing package is enabled on the router B. at least one interface is defined in the ospf interface menu C. at least one IP network is assigned in the ospf network menu D. at least one area is specified in the ospf area menu 14. A network administrator has 2 vlans /interface vlan add name=vlan1 vlanid=101 interface=ether1 add name=vlan2 vlanid=102 interface=vlan1 any packet sent over "vlan2" interface A. will not go through at all because vlan1 will drop it B. will have two vlan tags added to ethernet header "101" and "102" C. Wrong configuration because it is not possible to have a vlan over another vlan D. will have one vlan tag added to ethernet header "102" E. will have one vlan tag added to ethernet header "101" 15. There are two routes in the routing table: 0 dstaddr=10.1.1.0/24 gateway=5.5.5.5 1 dstaddr=10.1.1.4/30 gateway=5.6.6.6 Which gateway will be used to get to the IP address 10.1.1.6? A. 5.6.6.6 B. 5.5.5.5 C. the required route is not in the routing table D. both half of the traffic will be routed through one gateway, half through the other 16. There can be more than one PPPoE server in a single broadcast domain: true
17. A routing table has following entries: 0 dstaddress=10.0.0.0/24 gateway=10.1.5.126 1 dstaddress=10.1.5.0/24 gateway=10.1.1.1 2 dstaddress=10.1.0.0/24 gateway=25.1.1.1 3 dstaddress=10.1.5.0/25 gateway=10.1.1.2 Which gateway will be used for a packet with destination address 10.1.5.126?
file:///media/Data/Training/MTCRE%20Training%20Materials/MTCRE2/MikroTik%20Routers%20and%20Wireless.htm
2/4
7/28/2016
MikroTik Routers and Wireless
A. 25.1.1.1 B. 10.1.1.1 C. 10.1.1.2 D. 10.1.5.126 18. /ip route configuration on router, /ip route add gateway=192.168.0.1 /ip route add dstaddress=192.168.1.0/24 gateway=192.168.0.2 /ip route add dstaddress=192.168.2.0/24 gateway=192.168.0.3 /ip route add dstaddress=192.168.3.0/26 gateway=192.168.0.4 Router needs to send packets to 192.168.3.240. Which gateway will be used? A. 192.168.0.4 B. 192.168.0.2 C. 192.168.0.1 D. 192.168.0.3 19. The OSPF network is configured as on the attached figure. Each of the links has cost sets as on the figure. If we configure redistribution of default route on router A with command: /routing ospf instance set 0 distributedefault=alwaysastype2 metricdefault=5 What will be the cost of the default route on router B? A. 25 B. 35 C. 26 D. 5 20. If we change TTL to 2 in mangle chain prerouting A. packet will be forwarded to the next 2 L3 devices B. packet will be forwarded only to next L3 device C. packet will not be forwarded D. packet will always reach its destination 21. Which routing table is used to apply recursive routing at MikroTik RouterOS A. It is not possible B. It is only possible in the main routing table C. It is possible in all the routing tables installed in a router D. It is only possible on the x86 platform 22. The correct order for PPPOE discovery stage is A. Initialization, Offer, Request and Session confirmation B. Request, Offer, Initialization and Session confirmation C. Initialization, Session confirmation, Request and Offer D. Request, Initialization, Session confirmation and Offer 23. VLAN is an implementation of the 802.1Q VLAN protocol by the MikroTik RouterOS. It allows you to have multiple Virtual LANs on a single ethernet or wireless interface, giving the ability to segregate LANs efficiently. How many different vlans are possible on a single ethernet port? A. 4095 B. 63 C. 4096 D. only one 24. /ip route can have DS flags simultaneously. true
25. RouterOS device has acquired an IP address from an ISP using DHCP client. The same router is used for assigning IP addresses to local users using DHCP server, masquerade rule is configured properly. Packets that are coming from the ISP have TTL=1. Select correct statement: A. Router has access to the Internet, but clients do not B. All clients and router have access to the Internet
file:///media/Data/Training/MTCRE%20Training%20Materials/MTCRE2/MikroTik%20Routers%20and%20Wireless.htm
3/4
7/28/2016
MikroTik Routers and Wireless C. Router does not have access to the Internet, but clients have D. Neither router nor clients have access to the Internet
Finish
©
Mikrotik : RouterBOARD : Forum : MUM : Training : Wiki : Newsletters : Twitter
file:///media/Data/Training/MTCRE%20Training%20Materials/MTCRE2/MikroTik%20Routers%20and%20Wireless.htm
4/4
7/28/2016
MikroTik Routers and Wireless Search...
home
software
hardware
support
downloads
purchase
training
Overview Support
account Logout
[Back To Main Menu] 1. /ip route can have DS flags simultaneously. true
2. It is possible to create a configuration where VLAN and PPTP interfaces are bridged together. false
3. All OSPF areas should be connected to a backbone area. A. True B. False 4. Which route will be used to reach host 192.168.1.55? /ip route add disabled=no distance=1 dstaddress=192.168.1.0/24 gateway=1.1.1.1 add disabled=no distance=1 dstaddress=192.168.1.0/25 gateway=2.2.2.2 add disabled=no distance=1 dstaddress=192.168.0.0/16 gateway=3.3.3.3 A. Route via gateway 2.2.2.2 B. Route via gateway 3.3.3.3 C. Route via gateway 1.1.1.1 5. When using routing option 'checkgateway=ping' what is the ICMP echo request interval (in seconds)? A. 30s B. 10s C. 20s D. 60s 6. What are the advantages in creating multiple areas in OSPF ? Select all that apply. A. Smaller routing tables. B. Less frequent SPF calculations. C. Fewer adjacencies needed D. Fewer hello packets. 7. When adding a static route, you must always ensure that you add both the gateway and the interface.
false
8. There are two routes in the routing table: 0 dstaddr=10.1.1.0/24 gateway=5.5.5.5 1 dstaddr=10.1.1.4/30 gateway=5.6.6.6 Which gateway will be used to get to the IP address 10.1.1.6? A. the required route is not in the routing table B. 5.5.5.5 C. 5.6.6.6 D. both half of the traffic will be routed through one gateway, half through the other 9. OSPF has been configured on all routers in the network. Picture shows configuration for routers R1 and R2. However, router R1 does not receive a default route from router R2 as intended. Which configuration change would ensure that R1 would receive a default route from R2 (Select all that apply)?
A. Configure router R2: /routing ospf instance set 0 distributedefault=alwaysastype1 B. Remove the following configuration command from router R2 and place it on router R1: /routing ospf instance set 0 distributedefault=yes C. Configure router R2: /routing ospf instance set 0 distributedefault=alwaysastype2 D. Configure router R1: /routing ospf area set type=stub E. Configure router R2: /ip route add dstaddress=5.0.0.0/255.255.255.0 gateway=0.0.0.0
file:///media/Data/Training/MTCRE%20Training%20Materials/MTCRE-KU/MTCRE_RAHMAT/Rochmat%20MTCRE%20MikroTik%20Rou… 1/4
7/28/2016
MikroTik Routers and Wireless
10. Which routing table is used to apply recursive routing at MikroTik RouterOS A. It is possible in all the routing tables installed in a router B. It is only possible in the main routing table C. It is not possible D. It is only possible on the x86 platform 11. A routing table has following entries: 0 dstaddress=10.0.0.0/24 gateway=10.1.5.126 1 dstaddress=10.1.5.0/24 gateway=10.1.1.1 2 dstaddress=10.1.0.0/24 gateway=25.1.1.1 3 dstaddress=10.1.5.0/25 gateway=10.1.1.2 Which gateway will be used for a packet with destination address 10.1.5.126?
A. 25.1.1.1 B. 10.1.1.1 C. 10.1.5.126 D. 10.1.1.2 12. In OSPF to ensure that remote routing decision will be made based on both external and internal metrics, you should set redistribution as: A. astype0 B. astype2 C. astype1 D. astype3 13. The correct order for PPPOE discovery stage is A. Request, Offer, Initialization and Session confirmation B. Initialization, Offer, Request and Session confirmation C. Request, Initialization, Session confirmation and Offer D. Initialization, Session confirmation, Request and Offer 14. Which staticroute rule will have priority for destination 192.168.0.18? A. dstaddress=192.168.0.0/24 gateway=192.168.3.1 distance=1 B. dstaddress=192.168.0.0/26 gateway=192.168.1.1 distance=3 C. dstaddress=192.168.0.0/28 gateway=192.168.4.1 distance=5 D. dstaddress=192.168.0.0/26 gateway=192.168.2.1 distance=2 E. dstaddress=192.168.0.0/28 gateway=192.168.3.1 distance=1 15. Consider the following diagram. We want to communicate from a device on LAN1 to a device on LAN2. Assuming that all necessary configurations are already included on R2, which of the following configurations in R1 would enable this communication? A. /ip route add dstaddress=192.168.1.0/24 gateway=192.168.99.2 B. /ip route add dstaddress=0.0.0.0/0 gateway=Ether1 C. /ip route add dstaddress=192.168.0.0/24 gateway=192.168.0.1 D. /ip route add dstaddress=192.168.1.0/24 srcaddress=192.168.0.0/24 gateway=192.168.99.2 E. /ip route add dstaddress=0.0.0.0/0 gateway=192.168.99.2 16. An OSPF area consists of 15 routers connected in 6 different broadcast networks. How many Designated routers there will be in the area? A. 15 B. 0 C. 1 D. 6 17. There are two routes in the routing table: 0 dstaddr=10.1.1.0/24 distance=10 gateway=10.10.10.10 1 dstaddr=10.1.1.4/30 distance=20 gateway=10.20.20.20 Which gateway will be used to send packet with destination IP address 10.1.1.6 A. 10.20.20.20 B. 10.10.10.10
file:///media/Data/Training/MTCRE%20Training%20Materials/MTCRE-KU/MTCRE_RAHMAT/Rochmat%20MTCRE%20MikroTik%20Rou… 2/4
7/28/2016
MikroTik Routers and Wireless C. both D. none, because distance is >= 10
18. Which of the following can connect a remote area in OSPF to the backbone area through a nonbackbone area? A. Area Border Router B. Internal Router C. Virtual Links D. Backbone Area 19. What addressing scheme is typically used on a PPP link? A. /30 subnet B. /31 subnet C. /24 private subnet D. /32 address on each side of the link 20. You have a router with the following IP addresses: ether1: 10.40.1.1/24 ether2: 10.250.1.1/30 ether3: 10.251.1.1/30 wlan1: 10.50.1.1/30 wlan2: 10.50.2.1/30 You have a customer directly connected to ether2, and another customer directly connected to ether3. Your wireless radios are used for wireless connectivity to two different towers, and ether1 goes to another wireless access point for other subscribers. You need all of the subnets distributed across your OSPF Network You need to configure OSPF to talk on this router, what would be the best configuration. A. Set OSPF networks to 0.0.0.0/0 B. Set OSPF networks, to 10.50.1.0/30, 10.50.2.0/30 C. set distributedefault=alwaystype1 D. Set OSPF Networks to 10.40.1.0/24, 10.250.1.0/30, 10.251.1.0/24, 10.50.1.0/30, and 10.50.2.0/30 E. Set OPSF networks to 10.0.0.0/8 only F. Set DistributeConnected=yes G. Set Ethernet 1, 2, and 3 to passive mode H. set distributestate=yes I. Set OSPF Networks to 10.40.1.0/24, 10.250.1.0/30, 10.251.1.0/30, 10.50.1.0/30, and 10.50.2.0/30 J. Set Ethernet 2 and 3 to passive mode 21. To securely bridge together 2 remote networks you can use A. PPPoE over EoIP
00:36:37 Save progress
B. PPTP over EoIP C. PPTP BCP D. EoIP over PPTP 22. When using routing option 'checkgateway=ping' after how many timeouts is gateway considered unreachable: A. 2 B. 3 C. 4 D. 1 23. RouterOS device has acquired an IP address from an ISP using DHCP client. The same router is used for assigning IP addresses to local users using DHCP server, masquerade rule is configured properly. Packets that are coming from the ISP have TTL=1. Select correct statement: A. Router does not have access to the Internet, but clients have B. All clients and router have access to the Internet C. Neither router nor clients have access to the Internet D. Router has access to the Internet, but clients do not 24. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is a router between server and enduser host, it will not be able to create PPPoE tunnel to that PPPoE server. false
25. A MikroTik system administrator implemented OSPF Routing protocol in the network. But realized that he has a static route on the routers.
file:///media/Data/Training/MTCRE%20Training%20Materials/MTCRE-KU/MTCRE_RAHMAT/Rochmat%20MTCRE%20MikroTik%20Rou… 3/4
7/28/2016
MikroTik Routers and Wireless
What can be done to make the static route work as a failover whenever the dynamic routing protocol fails.
A. He should manually disable the static routes and enable them whenever OSPF fails B. He should use "netwatch" to trigger static routes whenever OSPF fails C. Delete all static routes because there is no way for it to work with OSPF D. He should increase the administrative distance of the static route Finish
©
Mikrotik : RouterBOARD : Forum : MUM : Training : Wiki : Newsletters : Twitter
file:///media/Data/Training/MTCRE%20Training%20Materials/MTCRE-KU/MTCRE_RAHMAT/Rochmat%20MTCRE%20MikroTik%20Rou… 4/4
1. A MikroTik system administrator implemented OSPF Routing protocol in the network. But realized that he has a static route on the routers. What can be done to make the static route work as a failover whenever the dynamic routing protoc ol fails. A. He should increase the administrative distance of the static route B. He should manually disable the static routes and enable them whenever OSPF fails C. He should use "netwatch" to trigger static routes whenever OSPF fails D. Delete all static routes because there is no way for it to work with OSPF 2. When sending out an ARP request, an IP host is expecting what kind of address for an an swer? A. MAC Address B. IP address C. 802.11g D. VLAN ID 3. When adding a static route, you must always ensure that you add both the gateway and th e interface. false 4. A routing table has following entries: 0 dstaddress=10.0.0.0/24 gateway=10.1.5.126 1 dstaddress=10.1.5.0/24 gateway=10.1.1.1 2 dstaddress=10.1.0.0/24 gateway=25.1.1.1 3 dstaddress=10.1.5.0/25 gateway=10.1.1.2 Which gateway will be used for a packet with destination address 10.1.5.126? A. 25.1.1.1 B. 10.1.5.126 C. 10.1.1.1 D. 10.1.1.2 5. /ip route configuration on router, /ip route add gateway=192.168.0.1 /ip route add dstaddress=192.168.1.0/24 gateway=192.168.0.2 /ip route add dstaddress=192.168.2.0/24 gateway=192.168.0.3 /ip route add dstaddress=192.168.3.0/26 gateway=192.168.0.4 Router needs to send packets to 192.168.3.240. Which gateway will be used? A. 192.168.0.2 B. 192.168.0.3 C. 192.168.0.4 D. 192.168.0.1 6. PPPoE server only works within one Ethernet broadcast domain that it is connected to. An d if there is a router between server and enduser host, it will not be able to create PPPoE tunnel to said PPPoE server. false 7. Router has two gateways to reach a certain network both with check gateway activated. C hoose the option you can use to control active and
backup gateway. 00:02:46 last save: 20150524 12:36:36 Save progress 5/24/2015 MikroTik Routers and Wireless https://www.mikrotik.com/client/?ecom=training&training=certification&start_test=1&&particip ant_id=55208&training_id=10354 2/4 A. Interface B. Scope C. Distance D. Routing mark 8. There are two PPPoE stages, Discovery and Session. false 9. It is possible to change the Time To Live in Firewall Mangle. true 10. Only OSPF routes distributed as "external" can be filtered with routing filters false 11. OSPF router has priority 0 configured on one of its interfaces. In which condition below w ill it become a designated router for the network configured on that interface? (select all that apply) A. The router can become designated router only if there there are only neigbors with the sa me priority. B. The router cannot become designated router since priority 0 prevents it C. The router can become designated router if the networktype is pointtopoint D. The router will become designated router if there is no other neighbor with priority 0, since 0 mean the highest priority 12. When creating a route, using the type "unreachable" sends a "network is unreachable" T CP message to the sender. true 13. There are two mangle rules: 0 chain=prerouting action=markrouting newroutingmark="aaa" passthrough=yes 1 chain=prerouting action=markrouting newroutingmark="bbb" passthrough=yes What routing mark will the packet have after passing the forward chain? A. "aaabbb" B. "aaa" C. "bbb" D. "aaa" and "bbb" 14. What is the minimum configuration a network administrator needs to do on a MikroTik ro uter to enable OSPF? A. Add an interface to OSPF interface configuration
B. Add a network to OSPF network configuration C. Both interface and network must be added to OSPF configuration D. Nothing; OSPF instance can run with no configuration 15. Look at the picture. Which Gateway will be used to reach 192.168.88.10? A. no one B. 192.168.55.2 C. 192.168.55.1 D. 192.168.55.3 16. It is possible to create a configuration where VLAN and PPTP interfaces are bridged tog ether. false 17. What is the protocol number used by the EoIP tunnel, to encapsulate Ethernet frames an d send them to the remote side of the EoIP tunnel A. 500 B. 47 5/24/2015 MikroTik Routers and Wireless https://www.mikrotik.com/client/?ecom=training&training=certification&start_test=1&&particip ant_id=55208&training_id=10354 3/4 C. 1194 D. 1723 18. OSPF starts working on the router as soon as A. at least one interface is defined in the ospf interface menu B. at least one IP network is assigned in the ospf network menu C. the routing package is enabled on the router D. at least one area is specified in the ospf area menu 19. Consider the following diagram. We want to communicate from a device on LAN1 to a de vice on LAN2. Assuming that all necessary configurations are already included on R2, which of the following configurations in R1 would enable this communication? A. /ip route add dstaddress=192.168.1.0/24 srcaddress=192.168.0.0/24 gateway=192.168.9 9.2 B. /ip route add dstaddress=192.168.0.0/24 gateway=192.168.0.1 C. /ip route add dstaddress=192.168.1.0/24 gateway=192.168.99.2 D. /ip route add dstaddress=0.0.0.0/0 gateway=Ether1 E. /ip route add dstaddress=0.0.0.0/0 gateway=192.168.99.2 20. /ip route can have DS flags simultaneously.
True 21. It is possible to create EoIP tunnels between two locations over the Internet true
22. Consider the attached diagram: In order for Router 1 to see all of the networks the following commands could be used (choo se all answers that could work) A. /ip route add dstaddress=172.16.0.0/24 gateway=10.10.0.2, /ip route add dstaddress=172. 32.0.0/24 gateway=10.50.0.2 B. /ip route add dstaddress=0.0.0.0/0 gateway=10.10.0.2 C. /ip route add dstaddress=172.16.0.0/24 gateway=10.10.0.2, /ip route add dstaddress=172. 32.0.0/24 gateway=10.10.0.2 D. /routing add dstaddress=0.0.0.0/0 gateway=10.10.0.2 23. You have a router with the following IP addresses: ether1: 10.40.1.1/24 ether2: 10.250.1.1/30 ether3: 10.251.1.1/30 wlan1: 10.50.1.1/30 wlan2: 10.50.2.1/30 You have a customer directly connected to ether2, and another customer directly connected to ether3. Your wireless radios are used for wireless connectivity to two different towers, and ether1 goes to another wireless access point for oth er subscribers. You need all of the subnets distributed across your OSPF Network You need to configure OSPF to talk on this router, what would be the best configuration. A. Set DistributeConnected=yes B. Set OSPF networks to 0.0.0.0/0 C. Set OSPF Networks to 10.40.1.0/24, 10.250.1.0/30, 10.251.1.0/24, 10.50.1.0/30, and 10. 50.2.0/30 D. Set Ethernet 2 and 3 to passive mode E. set distributedefault=alwaystype1 F. Set Ethernet 1, 2, and 3 to passive mode G. Set OPSF networks to 10.0.0.0/8 only H. set distributestate=yes I. Set OSPF networks, to 10.50.1.0/30, 10.50.2.0/30 J. Set OSPF Networks to 10.40.1.0/24, 10.250.1.0/30, 10.251.1.0/30, 10.50.1.0/30, and 10. 50.2.0/30 24. Which routing table is used to apply recursive routing at MikroTik RouterOS A. It is only possible on the x86 platform 5/24/2015 MikroTik Routers and Wireless https://www.mikrotik.com/client/?ecom=training&training=certification&start_test=1&&particip ant_id=55208&training_id=10354 4/4 B. It is only possible in the main routing table C. It is not possible D. It is possible in all the routing tables installed in a router 25. New area OSPF \"area1\" has been created. What could be used as a valid area id?
A. 1.2.3.4 B. 0.0.0.1 C. 0.0.0.0
1. Which facility should be used, to ensure that clients with radio signal strength poorer than – 90 dBm can't connect to interface wlan1 on a MikroTik AP? Choose one answer A. /interface wireless access-list B. /interface wireless security-profiles add static-transmit-key C. /interface wireless set wlan1 basic-rates-a/g D. /interface wireless registration-table remove numbers=-91 2. How long is level 1 (free) license valid? A. 1 year B. 24 hours C. 1 month D. Infinite time 3. What does the firewall action "Redirect" do? Select all true statements. A. Redirects a packet to the router B. Redirects a packet to a specified port on the router C. Redirects a packet to a specified IP D. Redirects a packet to a specified port on a host in the network 4. Router A and B are both running as PPPoE servers on different broadcast domains of your network. It is possible to set Router A to use "/ppp secret" accounts from Router B to authenticate PPPoE customers. False 5. Which option in the configuration of a wireless card must be disabled to cause the router to permit ONLY known clients listed in the access list to connect? A. Security Profile B. Default Forward C. Enable Access List D. Default Authenticate 6. Which is a default baud-rate of currently manufactured RouterBOARDs? A. 115200 B. 11520 C. 38400 D. 9600
7. You can control bandwidth of a client connected to AP with the resource / interface wireless access-list ( assume the client uses MikroTik RouterOS). false 8. The RouterOS graphing is used for A. real-time traffic and resource usage display B. average traffic and resource usage display C. bandwidth limitation D. bandwidth testing 9. Which port does PPTP use by default? A. UDP 1723 B. TCP 1721 C. TCP 1723 D. UDP 1721 10. When using routing option 'check-gateway=ping' what is the ICMP echo request interval (in seconds)? A. 10s B. 30s C. 20s D. 60s 11. Which options can be used when you want to prevent access from one specific address to your router web interface? A. Group settings for System users B. Firewall Filter Chain Input C. Firewall Filter Chain Forward D. WWW service from IP Services 12. How many usable IP addresses are there in a 23-bit (255.255.254.0) subnet? A. 512 B. 254 C. 510 D. 508 13. /interface wireless access-list is used for A. Shows a list of Client's MAC Address that are already registered at AP
B. Handles a list of Client's MAC Address to permit/deny connection to AP C. Authenticate Hotspot users D. Contains the security profiles settings 14. To be able to do NAT the connection tracking does not need to be enabled. False 15. You want to use PCQ and allow 256k maximum download and upload for each client. Choose correct argument values for the required queue. A. kind=pcq pcq-rate=256000 pcq-classifier=src-address B. kind=pcq pcq-rate=5000000 pcq-classifier=dst-address C. kind=pcq pcq-rate=5000000 pcq-classifier=src-address D. kind=pcq pcq-rate=256000 pcq-classifier=dst-address E. kind=pcq pcq-rate=1256000 pcq-classifier=dst-address 16. An IP address pool can contain addresses from more than one subnet. false 17. Simple Queue number 0 defines 2M for upload and download for target IP 10.10.0.33. Simple Queue number 1 defines 4M for upload and download for target IP 10.10.0.33. Client 10.10.0.33 is be able to obtain A. 2M upload/download B. 4M upload/download C. 0M upload/download D. 6M upload/download 18. What is the default protocol/port of (secure) winbox? A. TCP/22 B. UDP/5678 C. TCP/8291 D. TCP/8080 19. PPP Secrets are used for A. Router users B. PPP clients C. PPPoE clients D. L2TP clients E. IPSec clients
F. PPtP clients 20. Which of the following Routes statuses are possible? A. C = Connected B. S = Static C. D = Drop D. A = Active 21. RouterOS log messages are stored on disk by default false 22. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. no extra package required B. routing C. advanced-tools D. dhcp 23. Which firewall chain should you use to filter clients HTTP traffic going through the router? A. output B. prerouting C. forward D. input 24. Which default route will be active? /ip route add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.1 add disabled=no distance=5 dst-address=0.0.0.0/0 gateway=2.2.2.2 A. Route via gateway 2.2.2.2 B. Route via gateway 1.1.1.1 25. It is possible to create an encrypted PPPoE tunnel in RouterOS: True
1. A MikroTik system administrator implemented OSPF Routing protocol in the network. But realized that he has a static route on the routers. What can be done to make the static route work as a failover whenever the dynamic routing protocol fails.
A. Delete all static routes because there is no way for it to work with OSPF B. He should use "netwatch" to trigger static routes whenever OSPF fails C. He should manually disable the static routes and enable them whenever OSPF fails D. He should increase the administrative distance of the static route 2. /ip route configuration on router, /ip route add gateway=192.168.0.1 /ip route add dst-address=192.168.1.0/24 gateway=192.168.0.2 /ip route add dst-address=192.168.2.0/24 gateway=192.168.0.3 /ip route add dst-address=192.168.3.0/26 gateway=192.168.0.4 Router needs to send packets to 192.168.3.240. Which gateway will be used? A. 192.168.0.2 B. 192.168.0.3 C. 192.168.0.4 D. 192.168.0.1 3. RouterOS device has acquired an IP address from an ISP using DHCP client. The same router is used for assigning IP addresses to local users using DHCP server, masquerade rule is configured properly. Packets that are coming from the ISP have TTL=1. Select correct statement: A. Router does not have access to the Internet, but clients have B. Neither router nor clients have access to the Internet C. All clients and router have access to the Internet D. Router has access to the Internet, but clients do not 4. You have a router with the following IP addresses: ether1: 10.40.1.1/24 ether2: 10.250.1.1/30 ether3: 10.251.1.1/30 wlan1: 10.50.1.1/30 wlan2: 10.50.2.1/30 You have a customer directly connected to ether2, and another customer directly connected to ether3. Your wireless radios are used for wireless connectivity to two different towers, and ether1 goes to another wireless access point for other subscribers. You need all of the subnets distributed across your OSPF Network
You need to configure OSPF to talk on this router, what would be the best configuration. A. Set Ethernet 1, 2, and 3 to passive mode B. Set Distribute-Connected=yes C. Set OPSF networks to 10.0.0.0/8 only D. Set OSPF networks to 0.0.0.0/0 E. set distribute-default=always-type-1 F. set distribute-state=yes G. Set OSPF Networks to 10.40.1.0/24, 10.250.1.0/30, 10.251.1.0/30, 10.50.1.0/30, and 10.50.2.0/30 H. Set OSPF networks, to 10.50.1.0/30, 10.50.2.0/30 I. Set Ethernet 2 and 3 to passive mode J. Set OSPF Networks to 10.40.1.0/24, 10.250.1.0/30, 10.251.1.0/24, 10.50.1.0/30, and 10.50.2.0/30 5. What is the administrative distance of OSPF routes? A. 120 B. 110 C. 20 D. 10 6. Consider two geographically separate sites. At each site, there is a RouterOS device. Ether1 is connected to the LAN and Ether2 is connected to the Internet. An EoIP tunnel is created between the two routers. And on both routers a Bridge interface with the EoIP tunnel and Ether1 as ports. 10 users are connected at site A and 30 users at site B. All users are configured to use a DHCP server to obtain IP address configuration. What is the minimum number of DHCP servers needed, (select correct configuration): A. 1 DHCP Server: 1 server on site B's router, on the Bridge interface. B. 2 DHCP Servers: 1 server on each router, on the LAN interface. C. 1 DHCP Server: 1 server on site A's router, on Ether2. D. 2 DHCP Servers: 1 server on each router, on the EoIP interface. E. 2 DHCP Servers: 2 servers on site B's router, one on the LAN interface and one on the EoIP interface. 7. When adding a static route, you must always ensure that you add both the gateway and the interface. false
8. When using routing option 'check-gateway=ping' after how many timeouts is gateway considered unreachable: A. 1 B. 3 C. 4 D. 2 9. EOIP tunnels can not be bridged because they are not true layer 2 tunnels. False 10. Consider the following diagram. We want to communicate from a device on LAN1 to a device on LAN2. Assuming that all necessary configurations are already included on R2, which of the following configurations in R1 would enable this communication? A. /ip route add dst-address=0.0.0.0/0 gateway=192.168.99.2 B. /ip route add dst-address=192.168.1.0/24 src-address=192.168.0.0/24 gateway=192.168.99.2 C. /ip route add dst-address=192.168.0.0/24 gateway=192.168.0.1 D. /ip route add dst-address=0.0.0.0/0 gateway=Ether1 E. /ip route add dstaddress=192.168.1.0/24 gateway=192.168.99.2 11. /ip route can have DS flags simultaneously. true 12. When using routing option 'check-gateway=ping' what is the ICMP echo request interval (in seconds)? A. 60s B. 20s C. 30s D.10s 13. In OSPF interface configuration what effect will a “passive=yes” option have on a specific interface ? A. It will prevent all traffic through that interface B. It will prevent all OSPF traffic through that interface C. It will prevent routes learned through the interface from being listed in the routing table.
D. It will action a mirroring of all routing upgrades to that interface 14. If one of two gateways is unreachable in an ECMP route with check gateway set, 50% of packets will be lost . False 15. There is no way to establish OSPF adjacency when the link doesn\'t support multicast traffic False . 16. To assign specific traffic to a route – traffic must be identified by a routing mark. Each packet can only have one routing mark. true 17. In case it is not administratively defined, how is OSPF Router ID determined? A. Random number. B. Random IP addresses from any interface included in OSPF. C. The highest IP address of any interface on the router. D. The lowest IP address of any interface included in OSPF. E. Random IP address from any interface on the router. F. The lowest IP address of any interface on the router. G. The highest IP address of any interface included in OSPF. 18. It is possible to create a configuration where VLAN and PPTP interfaces are bridged together. False 19. Which routing table is used to apply recursive routing at MikroTik RouterOS A. It is not possible B. It is possible in all the routing tables installed in a router C. It is only possible in the main routing table D. It is only possible on the x86 platform 20. Which static-route rule will have priority for destination 192.168.0.18? A. dst-address=192.168.0.0/24 gateway=192.168.3.1 distance=1 B. dst-address=192.168.0.0/26 gateway=192.168.1.1 distance=3 C. dst-address=192.168.0.0/28 gateway=192.168.4.1 distance=5 D. dst-address=192.168.0.0/26 gateway=192.168.2.1 distance=2 E. dst-address=192.168.0.0/28 gateway=192.168.3.1 distance=1 21. Router A and B are both running as PPPoE servers on different broadcast domains of your network. It is possible to set Router A to use "/ppp secret" accounts from Router B to
authenticate PPPoE customers.False 22. OSPF area ID does not need to be unique within the AS. False 23. When sending out an ARP request, an IP host is expecting what kind of address for an answer?
A. 802.11g B. MAC Address C. IP address D. VLAN ID 24. The correct order for PPPOE discovery stage is A. Initialization, Offer, Request and Session confirmation B. Request, Offer, Initialization and Session confirmation C. Request, Initialization, Session confirmation and Offer D. Initialization, Session confirmation, Request and Offer 25. Which route will be used to reach host 192.168.1.55? /ip route add disabled=no distance=1 dst-address=192.168.1.0/24 gateway=1.1.1.1 add disabled=no distance=1 dst-address=192.168.1.0/25 gateway=2.2.2.2 add disabled=no distance=1 dst-address=192.168.0.0/16 gateway=3.3.3.3 A. Route via gateway 3.3.3.3 B. Route via gateway 2.2.2.2 C. Route via gateway 1.1.1.1
MikroTik Routers and Wireless
1 dari 3
file:///D:/Mikrotik Training/BOOTCAMP-Kaliwungu/Soal_MTCNA/Mi...
Search...
home
software
hardware
support
downloads
purchase
training
Overview Support
account Logout
[Back To Main Menu] 1. To securely bridge together 2 remote networks you can use
00:59:14 Save progress
A. PPTP over EoIP B. PPPoE over EoIP C. PPTP BCP D. EoIP over PPTP 2. VLAN is an implementation of the 802.1Q VLAN protocol by the MikroTik RouterOS. It allows you to have multiple Virtual LANs on a single ethernet or wireless interface, giving the ability to segregate LANs efficiently. How many different vlans are possible on a single ethernet port? A. 63 B. only one C. 4095 D. 4096 3. Which route will be used to reach host 192.168.1.55? /ip route add disabled=no distance=1 dst-address=192.168.1.0/24 gateway=1.1.1.1 add disabled=no distance=1 dst-address=192.168.1.0/25 gateway=2.2.2.2 add disabled=no distance=1 dst-address=192.168.0.0/16 gateway=3.3.3.3 A. Route via gateway 1.1.1.1 B. Route via gateway 2.2.2.2 C. Route via gateway 3.3.3.3 4. OSPF area ID does not need to be unique within the AS. FALSE
5. Consider the following output from the command "/ip address print": Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK BROADCAST INTERFACE 0 10.10.10.1/32 10.10.10.2 0.0.0.0 pppoe-1 1 10.10.10.1/32 10.10.10.3 0.0.0.0 pppoe-2 This configuration is invalid because of the duplicate IP's. FALSE
6. You have a router with the following IP addresses: ether1: 10.40.1.1/24 ether2: 10.250.1.1/30 ether3: 10.251.1.1/30 wlan1: 10.50.1.1/30 wlan2: 10.50.2.1/30 You have a customer directly connected to ether2, and another customer directly connected to ether3. Your wireless radios are used for wireless connectivity to two different towers, and ether1 goes to another wireless access point for other subscribers. You need all of the subnets distributed across your OSPF Network You need to configure OSPF to talk on this router, what would be the best configuration. A. Set OSPF networks to 0.0.0.0/0 B. set distribute-default=always-type-1 C. set distribute-state=yes D. Set OPSF networks to 10.0.0.0/8 only E. Set Distribute-Connected=yes F. Set Ethernet 2 and 3 to passive mode G. Set OSPF Networks to 10.40.1.0/24, 10.250.1.0/30, 10.251.1.0/24, 10.50.1.0/30, and 10.50.2.0/30 H. Set OSPF networks, to 10.50.1.0/30, 10.50.2.0/30 I. Set OSPF Networks to 10.40.1.0/24, 10.250.1.0/30, 10.251.1.0/30, 10.50.1.0/30, and 10.50.2.0/30 J. Set Ethernet 1, 2, and 3 to passive mode 7. In OSPF, router can become the DR (Designated Router) only when the priority on it¥¥¥'s interface is set to a value of zero FALSE 8. A MikroTik system administrator implemented OSPF Routing protocol in the network. But realized that he has a static route on the routers. What can be done to make the static route work as a failover whenever the dynamic routing protocol fails.
A. He should manually disable the static routes and enable them whenever OSPF fails B. He should increase the administrative distance of the static route C. Delete all static routes because there is no way for it to work with OSPF D. He should use "netwatch" to trigger static routes whenever OSPF fails 9. When using routing option 'check-gateway=ping' what is the ICMP echo request interval (in seconds)?
4/15/2016 8:53 PM
MikroTik Routers and Wireless
2 dari 3
file:///D:/Mikrotik Training/BOOTCAMP-Kaliwungu/Soal_MTCNA/Mi...
A. 10s B. 20s C. 30s D. 60s 10. /ip route configuration on router, /ip /ip /ip /ip
route route route route
add add add add
gateway=192.168.0.1 dst-address=192.168.1.0/24 gateway=192.168.0.2 dst-address=192.168.2.0/24 gateway=192.168.0.3 dst-address=192.168.3.0/26 gateway=192.168.0.4
00:59:14 Save progress
Router needs to send packets to 192.168.3.240. Which gateway will be used? A. 192.168.0.3 B. 192.168.0.2 C. 192.168.0.4 D. 192.168.0.1 11. Which routing table is used to apply recursive routing at MikroTik RouterOS A. It is only possible in the main routing table B. It is not possible C. It is possible in all the routing tables installed in a router D. It is only possible on the x86 platform 12. Consider the following diagram. We want to communicate from a device on LAN1 to a device on LAN2. Assuming that all necessary configurations are already included on R2, which of the following configurations in R1 would enable this communication? A. /ip route add dst-address=192.168.0.0/24 gateway=192.168.0.1 B. /ip route add dst-address=0.0.0.0/0 gateway=192.168.99.2 C. /ip route add dst-address=192.168.1.0/24 src-address=192.168.0.0/24 gateway=192.168.99.2 D. /ip route add dst-address=192.168.1.0/24 gateway=192.168.99.2 E. /ip route add dst-address=0.0.0.0/0 gateway=Ether1 13. In an ECMP route , we have 3 gateways A,B,C. We have written A and B one time and C two times for gateways. How many percent of packets will route to gateway C ? A. 30% B. 50% C. 25% 14. Router has two gateways to reach a certain network both with check gateway activated. Choose the option you can use to control active and backup gateway. A. Distance B. Scope C. Routing mark D. Interface 15. /ip route can have DS flags simultaneously. TRUE 16. When adding a static route, you must always ensure that you add both the gateway and the interface. FALSE 17. When sending out an ARP request, an IP host is expecting what kind of address for an answer? A. IP address B. MAC Address C. 802.11g D. VLAN ID 18. It is possible to create a configuration where VLAN and PPTP interfaces are bridged together. FALSE 19. There are two routes in the routing table: 0 dst-addr=10.1.1.0/24 gateway=5.5.5.5 1 dst-addr=10.1.1.4/30 gateway=5.6.6.6 Which gateway will be used to get to the IP address 10.1.1.6? A. the required route is not in the routing table B. both - half of the traffic will be routed through one gateway, half through the other C. 5.6.6.6 D. 5.5.5.5 20. You can not use OSPF and RIP routing protocols simultaneously on the RouterOS. FALSE 21. The correct order for PPPOE discovery stage is
4/15/2016 8:53 PM
MikroTik Routers and Wireless
3 dari 3
file:///D:/Mikrotik Training/BOOTCAMP-Kaliwungu/Soal_MTCNA/Mi...
A. Initialization, Session confirmation, Request and Offer B. Initialization, Offer, Request and Session confirmation C. Request, Initialization, Session confirmation and Offer D. Request, Offer, Initialization and Session confirmation 22. If 'check-gateway' is enabled for an ECMP route and one of the gateways is unreachable, then: A. ECMP is going to send packets to all gateways even if one is unreachable.
00:59:14 Save progress
B. The unreachable gateway is not going be used in Round Robin algorithm. C. The ECMP route becomes inactive. 23. Mangle Routing (routing-mark) is possible, by using chains: A. prerouting and output B. forward and output C. prerouting and forward D. input and output E. forward and postrouting 24. Route with lower distance will be preferred over the the route with higher distance even if the gateway is unreachable TRUE 25. Select all tunnels that support authentication of clients with a username and password. A. PPPoE B. OpenVPN C. IPIP D. PPTP/L2TP E. EoIP Finish
©
Mikrotik : RouterBOARD : Forum : MUM : Training : Wiki : Newsletters : Twitter
4/15/2016 8:53 PM
00:59:02 1. Which options should be used when you want to prevent access from one specific address to your router web interface? A. Group settings for System users B. Firewall Filter Chain Input C. Firewall Filter Chain Forward D. WWW service from IP Services 2. Router A and B are both running as PPPoE servers on different broadcast domains of your network. It is possible to set Router A to use "/ppp secret" accounts from Router B to authenticate PPPoE customers.
3. You have a DHCP server on your MikroTik router. The IP addresses 10.1.2.2-10.2.2.20 are distributed in the DHCP network. Additionally, 3 static IP address are defined for your servers: 10.1.2.31-10.1.2.33. After a while 20 more IP addresses need to be distributed in the network. Is it possible to distribute the extra IP address without adding another DHCP Server?
4. Which features are removed when advanced-tools package is uninstalled? A. neighbors B. ping C. ip-scan D. netwatch E. bandwidth-test F. LCD support 5. It is possible to use WPA and WPA2 authentication type at the same time with one security profile.
6. A client uses a RouterBOARD1000. The clock is configured in '/system clock'. The clock resets to default after each reboot. Select the best solution for the problem.
A. Open the router and ensure the CMOS battery is fine. B. Write a script in '/system script' to set the clock C. Configure '/system ntp client' and set a valid and reachable NTP server address. D. Configure '/system ntp server' and set a valid and reachable NTP client address. 7. You want to create an access point for several laptop (non-RouterOS) clients. Select all options you can set on the MikroTik wireless interface: A. Security profile for WPA encryption
B. mode=bridge C. Nstreme to optimize link D. mode=ap-bridge 8. What is necessary for PPPoE client configuration? A. ip firewall nat masquerade rule B. Interface (on which PPPoE client is going to work) C. Static IP address on PPPoE client interface 9. Is it possible for a client to get an IP address but no gateway after a successful DHCP request?
10. If 'check-gateway' option is enabled on one route it will affect all routes with the same gateway:
11. In Ip Firewall NAT, you can Classify Traffic in SRC Nat Chain based on " in-interface".
12. What does this simple queue do (check the image)?
A. Queue guarantees download data rate of one megabit per second for host 192.168.1.10 B. Queue guarantees upload data rate of one megabit per second for host 192.168.1.10 C. Queue limits host 192.168.1.10 upload data rate to one megabit per second. D. Queue limits host 192.168.1.10 download data rate to one megabit per second.
13. What is the minimal possible wireless configuration to create an Access Point? A. DFS mode B. scan-list C. ssid D. band E. frequency F. WDS G. radio name H. mode
14. Which tunneling protocol can be created only between two RouterOS devices?
A. EOIP B. PPTP C. IPIP D. GRE E. L2TP 15. What should you use to restrict access for the wireless clients on an Access Point? A. /interface wireless snooper B. /interface wireless access-list C. /interface wireless connect-list D. /interface wireless registration-table 16. PPP Secrets are used for A. PPP clients B. L2TP clients C. PPPoE clients D. Router users E. IPSec clients F. PPtP clients 17. Same IP address can be included in multiple address-lists, and these lists can be used separate from one another.
18. How many different priorities can be selected for queues in MikroTik RouterOS? A. 8 B. 1 C. 0 D. 16 19. You want to use PCQ and allow 256k maximum download and upload for each client. Choose correct argument values for the required queue. A. kind=pcq pcq-rate=256000 pcq-classifier=dstaddress B. kind=pcq pcq-rate=256000 pcq-classifier=srcaddress C. kind=pcq pcq-rate=1256000 pcqclassifier=dst-address D. kind=pcq pcq-rate=5000000 pcqclassifier=src-address E. kind=pcq pcq-rate=5000000 pcqclassifier=dst-address
20. What kind of users are listed in the "/user" menu? A. pptp users B. wireless users C. hotspot users D. router users 21. Which is the default port of IP-Winbox? A. TCP 8192 B. TCP 80 C. TCP 8291 D. UDP 8291 22. In case when router login password is lost, it is necessary to reinstall RouterOS or use hardware reset funcion.
23. Which route will be used to reach host 192.168.1.55? /ip route add disabled=no distance=1 dst-address=192.168.1.0/24 gateway=1.1.1.1 add disabled=no distance=1 dst-address=192.168.1.0/25 gateway=2.2.2.2 add disabled=no distance=1 dst-address=192.168.0.0/16 gateway=3.3.3.3 A. Route via gateway 3.3.3.3 B. Route via gateway 1.1.1.1 C. Route via gateway 2.2.2.2 24. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These flags mean:
A. Dynamic,Active,Connected B. Dynamic,Available,Created C. Dynamic,Active,Console D. Direct,Available,Connected 25. It is possible to specify src-address and src-address-list fields in the same filter rule?
SOAL TEST MTCNA MIKROTIK 1. Action=redirect is applied in A. chain=srcnat B. chain=dstnat C. chain=forward 2. You have 802.11b/g wireless card. What frequencies are available to you? A. 5800MHz B. 2412MHz C. 5210MHz D. 2422MHz E. 2327MHz 3. Mark all correct statements about /export (rsc file). A. Exports logs from /log print B. Exports full configuration of the router C. Exports only part of the configuration (for example /ip firewall) D. Exports scripts from /system script E. Exports files could not edited 4. What wireless card can we use to achieve 100 Mbps actual wireless throughput? A. 802.11 b/g B. 802.11 a/b/g C. 802.11 a D. 802.11 a/n E. 802.11 a/b/g/n 5. It is possible to add user-defined chains in ip firewall mangle 6. Choose all valid hosts address range for subnet 15.242.55.62/27 A. 15.242.55.31-15.242.55.62 B. 15.242.55.32-15.242.55.63 C. 15.242.55.33-15.242.55.62 D. 15.242.55.33-15.242.55.63 7. Action=redirect allows you to make A. Transparent DNS Cache B. Forward DNS to another device IP address C. Enable Local Service D. Transparent HTTP Proxy 8. Which is correct masquerade rule for 192.168.0.0/24 network on the router with outgoing interface=ether1? A. /ip firewall nat add action=masquerade chain=srcnat B. /ip firewall nat add action=masquerade chain=srcnat src-address=192.168.0.0/24
C. /ip firewall nat add action=masquerade out-interface=ether1 chain=dstnat D. /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1 9. What letters appear next to a route, which is automatically created by RouterOS when user adds a valid address to an active interface? A. I B. D C. A D. S E. C 10. Mark all features that are compatible with Nstreme A. WDS between a device in station-wds mode and a device in station-wds mode B. Encryption C. WDS between a device in ap-bridge mode with a device in station-wds mode D. Bridging a device in station mode with a device in ap-bridge mode 11. Can you manually add drivers to RouterOS in case your PCI Ethernet card is not recognized, and it’s a driver issue? A. Yes B. No 12. For static routing functionality, additionally to the RouterOS system package, you will also need the following software package: A. none B. dhcp C. routing D. advanced-tools 13. Which are necessary sections in /queue simple to set bandwidth limitation? A. target-address, max-limit B. target-address, dst-address, max-limit C. target-address, dst-address D. max-limit 14. What protocol is used for Ping and Trace route? A. DHCP B. IP C. TCP D. ICMP E. UDP 15. From which of the following locations can you obtain Winbox? A. Router’s webpage B. Files menu in your router
C. Via the console cable D. mikrotik.com 16. Two hosts, A and B, are connected to a broadcast LAN. Select all the answers showing pairs of IP address/mask which would allow IP connections to be established between the two hosts. A. A: 10.1.2.66/25 and B: 10.1.2.109/26 B. A: 10.2.2.1/23 and B: 10.2.0.1/22 C. A: 10.1.2.192/24 and B: 10.1.2.129/26 D. A: 10.2.1.0/23 and B: 10.2.0.1/22 17. Why is it useful to set a Radio Name on the radio interface? A. To identify a station in a list of connected clients B. To identify a station in the Access List C. To identify a station in Neighbor discovery 18. What kind of users are listed in the Secrets window of the PPP menu? A. pptp users B. l2tp users C. winbox users D. wireless users E. pppoe users F. hotspot users 19. Router A and B are both running as PPPoE servers on different broadcast domains of your network. Is it possible to set Router A to use “/ppp secret” accounts from Router B to authenticate PPPoE customers ? YES 20. MikroTik RouterOS DHCP client can receive following options A. Byte limit B. IP Gateway C. Rate limit D. Uptime limit E. IP Address and Subnet 21. The HotSpot feature can be used only on ethernet interfaces. You have to use a separate access point if you want to use this feature with wireless. 22. If you need to make sure that one computer in your HotSpot network can access the Internet without HotSpot authentication, which menu allows you to do this? A. Users B. IP bindings C. Walled-garden D. Walled-garden IP 23. How many different priorities can be selected for queues in MikroTik RouterOS? A. 8 B. 16
C. 0 D. 1 24. Which default route will be active? /ip route add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.1 add disabled=no distance=5 dst-address=0.0.0.0/0 gateway=2.2.2.2 A. Route via gateway 1.1.1.1 B. Route via gateway 2.2.2.2 25. How long is level 1 (demo) license valid? A. 24 hours B. Infinite time C. 1 month D. 1 year
1. If you need to make sure that one computer in your HotSpot network can access the Internet without HotSpot authentication, which menu allows you to do this? A. IP bindings B. Walled-garden C. Users D. Walled-garden IP 2. Manakah fakta yang benar mengenai file backup? A. Termasuk file yang tersimpan di /files B. Bisa diedit C. Termasuk username dan password dari /user D. Mencakup seluruh konfigurasi router 3. NStreme works only on 40mhz channel width true false 4. To make all DNS requests coming from your network to resolve on your router (regardless of the clients’ configuration), which action would you specify for the DST-NAT rule? A. masquerade B. dst-nat C. you can’t use DST-NAT to achieve this D. redirect 5. Two hosts, A and B, are connected to a broadcast LAN. Select all the answers showing pairs of IP address/mask which would allow IP connections to be established between the two hosts.
A. A: 10.1.2.66/25 and B: 10.1.2.109/26 B. A: 10.1.2.192/24 and B: 10.1.2.129/26 C. A: 10.2.2.1/23 and B: 10.2.0.1/22 D. A: 10.2.1.0/23 and B: 10.2.0.1/22 6. The first two rules in the forward chain of the filter table are: /ip firewall filter add chain=forward connection-state=established action=accept /ip firewall filter add chain=forward connection-state=invalid action=drop Connection-state=related packets are not filtered by the rules above. true false 7. /interface wireless access-list is used for A. Shows a list of Client’s MAC Address that are already registered at AP B. Authenticate Hotspot users C. Handles a list of Client’s MAC Address to permit/deny connection to AP D. Contains the security profiles settings 8. Possible actions of ip firewall filter are: A. tarpit B. tarp C. bounce D. add-to-address-list E. log F. accept 9. In case when router login password is lost, it is necessary to reinstall RouterOS or use hardware reset funcion. true false 10. Which software version can be installed onto the following RouterBoard types? A. routeros-x86-x.xx.npk on a RB1100 B. routeros-mipsbe-x.xx.npk on a RB133 C. routeros-mipsle-x.xx.npk on RB133 D. routeros-powerpc-x.xx.npk on a RB333 E. routeros-mipsbe-x.xx.npk on a RB433 11. PPP Secrets are used for A. L2TP clients B. Router users C. PPtP clients D. IPSec clients E. PPPoE clients F. PPP clients
12. Choose all valid hosts address range for subnet 15.242.55.62/27 A. 15.242.55.32-15.242.55.63 B. 15.242.55.33-15.242.55.63 C. 15.242.55.33-15.242.55.62 D. 15.242.55.31-15.242.55.62 13. WPA 2 Pre-Shared Key (PSK) is enabled on AP, all your clients have to use the same PSK. Only Virtual AP could be used to allow clients to connect with a different PSK. false true 14. Router A and B are both running as PPPoE servers on different broadcast domains of your network. Is it possible to set Router A to use “/ppp secret” accounts from Router B to authenticate PPPoE customers ? false true 15. Which of the following actions are available for ‘/ip firewall mangle’ (select all valid actions) A. change MSS B. mark connection C. accept D. jump E. drop F. mark packet 16. OSFP area ID does not need to be unique within the AS. true false 17. What configuration is added by /ip hotspot setup command? (select all that apply) A. /ip dhcp-server B. /ip service C. /queue tree D. /ip hotspot user E. /ip hotspot walled-garden 18. Mode wireless apakah yang bisa digunakan untuk mengkonfigurasikan WDS? A. ap-bridge B. nstreme-dual-slave C. bridge D. station-wds E. station 19. Check all of the DHCP Server Options that are implemented for DHCP-Client and not Custom. A. WINS Server B. ntp server
C. DNS Server D. subnet mask E. tftp F. gateway 20. Anda akan menyimpan website yang telah dikunjungi ke dalam sebuah log dari web proxy. Manakah konfigurasi yang benar ? A. /system logging add topics=web-proxy,debug action=memory B. /system logging add topics=web-proxy,!debug action=memory C. /system logging add topics=web-proxy,!debug action=remote D. /system logging add topics=web-proxy,!debug action=disk 21. You need to set up an E1(T1) connection with PPP configured. Which License level is needed? A. Level 4 B. It cannot be done in RouterOS C. Level 5 22. You have a router with configuration - Public IP :202.168.125.45/24 - Default gateway:202.168.125.1 - DNS server: 248.115.148.136, 248.115.148.137 - Local IP: 192.168.2.1/24 Mark the correct configuration on client PC to access to the Internet A. IP:192.168.2.115/24 gateway: 192.168.2.1 B. IP:192.168.0.1/24 gateway:192.168.2.1 C. IP:192.168.2.2/24 gateway:202.168.125.45 D. IP:192.168.1.223/24 gateway:248.115.148.136 E. IP:192.168.2.253/24 gateway:202.168.0.1 23. Mark queue type that uses fairness principle between sub-queues, allows users to choose classifier for sub-queues, and apply a limit to each sub-queue A. SFQ B. RED C. PCQ D. BFIFO 24. How many different priorities can be selected for queues in MikroTik RouterOS? A. 1 B. 8 C. 0 D. 16
25. An IP address pool can contain addresses from more than one subnet. true fasle
1. Two hosts, A and B, are connected to a broadcast LAN. Select all the answers showing pairs of IP address/mask which would allow IP connections to be established between the two hosts. A. A: 10.1.2.192/24 and B: 10.1.2.129/26 B. A: 10.1.2.66/25 and B: 10.1.2.109/26 C. A: 10.2.1.0/23 and B: 10.2.0.1/22 D. A: 10.2.2.1/23 and B: 10.2.0.1/22 2. Which features are removed when advanced-tools package is uninstalled? A. neighbors B. ip-scan C. netwatch D. LCD support E. ping F. bandwidth-test 3. Rate Flapping can be avoided by A. Choose larger channels (40 MHz instead of 20 MHz) B. Reduce supported rates C. Change ap-bridge to bridge D. Set basic rates to only one data rate like 24 Mbps 4. Mark possible connection states in the connection tracking table A. Related B. Invalid C. Closed D. Established E. Syn F. New 5. Can you manually add drivers to RouterOS in case your PCI Ethernet card is not recognized, and you suspect it is a driver issue? A. Yes B. No 6. You have a queue structure as follows: queue “GP” max-limit=10M - queue “M” parent=”GP” limit-at=4M max-limit=6M - – queue “C1″ parent=”M” limit-at=1M max-limit=7M priority=4 - – queue “C2″ parent=”M” limit-at=1M max-limit=4M priority=1
- – queue “C3″ parent=”M” limit-at=3M max-limit=7M priority=8 - queue “F” parent=”GP” limit-at=5M max-limit=8M - – queue “D1″ parent=”F” limit-at=3M max-limit=4M priority=5 - – queue “D2″ parent=”F” limit-at=2M max-limit=5M priority=2 If queues “C1″ and “D2″ will not require any traffic, how the total available traffic is going to be distributed in the worst case scenario? A. queue “C2″ will get 3M, “C3″ 2M, “D1″ 4M B. queue “C2″ will get 2M, “C3″ 5M, “D1″ 3M C. queue “C2″ will get 4M, “C3″ 2M, “D1″ 4M D. queue “C2″ will get 2M, “C3″ 3M, “D1″ 5M E. queue “C2″ will get 3M, “C3″ 3M, “D1″ 4M 7. A MikroTik Router has the following configuration /ip address add address=1.1.1.2/30 interface=ether1 add address=2.2.2.2/30 interface=ether2 add address=192.168.10.1/24 interface=ether3 /ip firewall mangle add action=mark-connection chain=prerouting dst-port=80 new-connection-mark=web_c passthrough=yes protocol=tcp add action=mark-routing chain=prerouting connection-mark=web_c new-routing-mark=web passthrough=no /ip firewall nat add action=masquerade chain=srcnat out-interface=ether3 /ip route add gateway=1.1.1.1 add gateway=2.2.2.2 routing-mark=web What can be said about the Web Access (port 80) by a customer connected at ether3 interface with IP 192.168.10.2/24, gateway 192.168.10.1 ? A. The customer will access the Web using the gateway 2.2.2.2 B. The Customer is unable to access the Web. C. The Customer will access the Web by ECMP, by using both gateways 1.1.1.1 and 2.2.2.2 D. The customer will access the Web using the gateway 1.1.1.1 8. For static routing functionality, additionally to the RouterOS system package, you will also need the following software package: A. dhcp B. advanced-tools C. none D. routing
9. Which options should be used when you want to prevent access from one specific address to your router web interface? A. Group settings for System users B. Firewall Filter Chain Input C. Firewall Filter Chain Forward D. WWW service from IP Services 10. Which MikroTik RouterOS version should you use for IEEE 802.11n standard support? A. Versions 3.x B. Versions 4.x C. Versions 5.x 11. A station can connect to AP if they both use different country regulation settings, but the frequency chosen is allowed in both countries 12. How long is level 1 (demo) license valid? A. 1 year B. Infinite time C. 24 hours D. 1 month 13. Router A and B are both running as PPPoE servers on different broadcast domains of your network. Is it possible to set Router A to use “/ppp secret” accounts from Router B to authenticate PPPoE customers ? True or False ? 14. You need to save visited web-pages to memory logs from web-proxy. Which is the correct configuration? A. /system logging add topics=web-proxy,debug action=memory B. /system logging add topics=web-proxy,!debug action=disk C. /system logging add topics=web-proxy,!debug action=remote D. /system logging add topics=web-proxy,!debug action=memory 15. By default info, error and warning messages are logged into memory of your RouterOS device. You can add logging of visited web-pages and other message topics 16. Netinstall can be used to A. Keep configuration, but reset a lost admin password B. Install different software version (upgrade or downgrade) C. Reinstall software without losing licence D. Install package for different hardware architecture 17. Which options are necessary to use the HotSpot Universal Client feature? A. arp=enabled on the HotSpot interface B. /ip dhcp-server configuration
C. address-pool configuration in /ip hotspot and /ip hotspot user profile D. /ip firewall mangle rules 18. What is the correct action to be specified in the NAT rule to hide a private network when communicating to the outside world? A. tarpit B. masquerade C. passthrough D. allow 19. Mark all features that are compatible with Nstreme A. WDS between a device in ap-bridge mode with a device in station-wds mode B. Bridging a device in station mode with a device in ap-bridge mode C. Encryption D. WDS between a device in station-wds mode and a device in station-wds mode 20. PPP Secrets are used for A. L2TP clients B. IPSec clients C. PPPoE clients D. PPtP clients E. Router users F. PPP clients 21. What is term for the hardware coded address found on an interface? A. MAC Address B. Interface Address C. FQDN Address D. IP Address 22. Which default route will be active? /ip route add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.1 add disabled=no distance=5 dst-address=0.0.0.0/0 gateway=2.2.2.2 A. Route via gateway 2.2.2.2 B. Route via gateway 1.1.1.1 23. You would like to allow multiple logins with one user name on a HotSpot server. How should this be configured? A. Set “Shared Users” option at /ip hotspot user profile B. Set “only-one=no’ at /ip hotspot C. It’s not possible D. Set “Shared Users” option at /ip hotspot 24. To assign specific traffic to the route – traffic must be identified by routing mark.Each packet can have only one routing mark.
true or false ? 25. What can be used as ’target-address’ in the simple queue? A. client’s MAC address B. address list name C. client’s address D. server’s address
ini jawaban saya : 1. Action=redirect is applied in A. chain=srcnat B. chain=dstnat C. chain=forward JAWAB : B 2. You have 802.11b/g wireless card. What frequencies are available to you? A. 5800MHz B. 2412MHz C. 5210MHz D. 2422MHz E. 2327MHz JAWAB : B 3. Mark all correct statements about /export (rsc file). A. Exports logs from /log print B. Exports full configuration of the router C. Exports only part of the configuration (for example /ip firewall) D. Exports scripts from /system script E. Exports files could not edited JAWAB : B 4. What wireless card can we use to achieve 100 Mbps actual wireless throughput? A. 802.11 b/g B. 802.11 a/b/g C. 802.11 a D. 802.11 a/n E. 802.11 a/b/g/n
JAWAB : E 5. It is possible to add user-defined chains in ip firewall mangle JAWAB : NO
6. Choose all valid hosts address range for subnet 15.242.55.62/27 A. 15.242.55.31-15.242.55.62 B. 15.242.55.32-15.242.55.63 C. 15.242.55.33-15.242.55.62 D. 15.242.55.33-15.242.55.63 JAWAB : C 7. Action=redirect allows you to make
A. Transparent DNS Cache B. Forward DNS to another device IP address C. Enable Local Service D. Transparent HTTP Proxy JAWAB : D 8. Which is correct masquerade rule for 192.168.0.0/24 network on the router with outgoing interface=ether1? A. /ip firewall nat add action=masquerade chain=srcnat B. /ip firewall nat add action=masquerade chain=srcnat src-address=192.168.0.0/24 C. /ip firewall nat add action=masquerade out-interface=ether1 chain=dstnat D. /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1 JAWAB : D 9. What letters appear next to a route, which is automatically created by RouterOS when user adds a valid address to an active interface? A. I B. D C. A D. S E. C JAWAB : B
10. Mark all features that are compatible with Nstreme A. WDS between a device in station-wds mode and a device in station-wds mode -> GA BISA B. Encryption -> GA BISA C. WDS between a device in ap-bridge mode with a device in station-wds mode -> BISA D. Bridging a device in station mode with a device in ap-bridge mode -> BISA (????) JAWAB : C untuk yg D saya ragu..... soalnya.... kalo bridge ga perlu pake fitur nstreme udah bisa 11. Can you manually add drivers to RouterOS in case your PCI Ethernet card is not recognized, and it's a driver issue? A. Yes B. No JAWAB : A 12. For static routing functionality, additionally to the RouterOS system package, you will also need the following software package: A. none B. dhcp C. routing D. advanced-tools JAWAB : A 13. Which are necessary sections in /queue simple to set bandwidth limitation? A. target-address, max-limit B. target-address, dst-address, max-limit C. target-address, dst-address D. max-limit JAWAB : A 14. What protocol is used for Ping and Trace route? A. DHCP B. IP C. TCP D. ICMP E. UDP JAWAB : D
15. From which of the following locations can you obtain Winbox? A. Router's webpage B. Files menu in your router C. Via the console cable D. mikrotik.com JAWAB : A 16. Two hosts, A and B, are connected to a broadcast LAN. Select all the answers showing pairs of IP address/mask which would allow IP connections to be established between the two hosts.
A. A: 10.1.2.66/25 and B: 10.1.2.109/26 B. A: 10.2.2.1/23 and B: 10.2.0.1/22 C. A: 10.1.2.192/24 and B: 10.1.2.129/26 --> 10.1.2.1-10.1.2.254 D. A: 10.2.1.0/23 and B: 10.2.0.1/22 JAWAB : C 17. Why is it useful to set a Radio Name on the radio interface? A. To identify a station in a list of connected clients B. To identify a station in the Access List C. To identify a station in Neighbor discovery JAWAB : C 18. What kind of users are listed in the Secrets window of the PPP menu? A. pptp users B. l2tp users C. winbox users D. wireless users E. pppoe users F. hotspot users JAWAB : A 19. Router A and B are both running as PPPoE servers on different broadcast domains of your network. Is it possible to set Router A to use "/ppp secret" accounts from Router B to authenticate PPPoE customers ? JAWAB : YES
20. MikroTik RouterOS DHCP client can receive following options A. Byte limit B. IP Gateway C. Rate limit D. Uptime limit E. IP Address and Subnet JAWAB : B 21. The HotSpot feature can be used only on ethernet interfaces. You have to use a separate access point if you want to use this feature with wireless. JAWAB : N0 / FALSE 22. If you need to make sure that one computer in your HotSpot network can access the Internet without HotSpot authentication, which menu allows you to do this? A. Users B. IP bindings C. Walled-garden D. Walled-garden IP JAWAB : B 23. How many different priorities can be selected for queues in MikroTik RouterOS? A. 8 B. 16 C. 0 D. 1 JAWAB : A 24. Which default route will be active? /ip route add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.1 add disabled=no distance=5 dst-address=0.0.0.0/0 gateway=2.2.2.2 A. Route via gateway 1.1.1.1 B. Route via gateway 2.2.2.2 JAWAB : B 25. How long is level 1 (demo) license valid?
A. 24 hours B. Infinite time C. 1 month D. 1 year JAWAB : A
1. A client uses a RouterBOARD1000. The clock is configured in '/system clock'. The clock resets to default after each reboot. Select the best solution for the problem.
A. Write a script in '/system script' to set the clock B. Configure '/system ntp server' and set a valid and reachable NTP client address. C. Configure '/system ntp client' and set a valid and reachable NTP server address. D. Open the router and ensure the CMOS battery is fine. Jawab: C Penjelasan : dengan memasang ntp client, maka ia akan mensingkronisasikan waktu sesuai dengan yang ada di internet, A, salah karna ketika reboot ia akan tetap kembali ke waktu sebelumnya B salah karena dhcp server digunakan untuk memberikan waktu (dan bertindak sebagai server) an ia tidak tersambung ke klien manapun D. rb 1000 tidak memiliki battry cmos 2. Which of the protocols below is used by Netinstall? A. arp B. bootp C. dhcp D. rarp Jawab : b Penjelasan : protocol yang digunakan adalah bootp untuk menginstalasi gn netinstall Jawaban a salah karena dungsi ARP adalah memetakan layer2 dan 3 Jawaban c salah karena dhcp berfungsi untuk membagikan ip Jawaban d salah karena adlh kebalikan dari ARP 3. /ip route configuration on router, /ip /ip /ip /ip
route route route route
add add add add
gateway=192.168.0.1 dst-address=192.168.1.0/24 gateway=192.168.0.2 dst-address=192.168.2.0/24 gateway=192.168.0.3 dst-address=192.168.3.0/26 gateway=192.168.0.4
Router needs to send packets to 192.168.3.240. Which gateway will be used? A. 192.168.0.2 B. 192.168.0.4 C. 192.168.0.1 D. 192.168.0.3 Jawab : c Penjelasan : jawaban A dan B salah karena dst addressnya tidak sesuai dengan yang diminta Sedangkan yang D karena rangenya berbeda dengan 240 4. For a Simple Queue to apply a bandwidth restrictions on a bridged interface, following must be done:
A. Configure an IP address on the bridge interface
B. Use mangle to mark the connections C. Enable 'Use IP Firewall' in bridge settings D. Associate the Simple Queue to the bridge interface 5. Mark all correct answers
A. Wireless access-list could allow and deny connect to your AP B. The only way to prevent wireless clients connections - disable wireless interface C. Default-Forwarding could be enabled for a specific clients by wireless access-list D. /ip firewall filter allows to deny authentication to AP Jawab : a saja Penjelasan : wirelesss access-list dapat menentukan mana yang boleh terhubung ke ap, caranya dengan mendisable default authentication Selainnya salah karena tidak sesuai 6. NAT rule is going to catch SMTP traffic and send it to a specific mail server. What is the correct action for a NAT rule? A. passthrough B. dst-nat C. redirect D. tarpit Jawab : b Penjelasan : karena untuk membelokan smtp traffic kesuatu network ialah tugas dst nat Untuk mengkonfigurasikannya ikuti command dibawah ini ip firewall nat add chain=dstnat protocol=tcp dst-port=25 action=dst-nat toaddresses=10.0.0.1 to-ports=25
7. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These flags mean:
A. Direct, Available, Connected B. Dynamic, Active, Connected C. Dynamic, Available, Created D. Dynamic, Active, Console Jawab : b Penjelasan : bisa dilihat di bawah ini
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 8. It is possible to create an encrypted PPPoE tunnel in RouterOS:
Penjelasan : karena semua protocol ppp bisa di enkripsi 9. Action=redirect is applied in A. chain=srcnat B. chain=forward C. chain=dstnat Jawab : c Penjelasan: karena redirect membutuhkan destination bukan source atau pun forward 10. MikroTik RouterOS commands can be run once a day by: A. /system watchdog B. /system cron C. /system scheduler Jawab: c Pejelasan : karena scheduler mengatur jadwal kapan fitur tersebut dijalankan 11. Router has wireless and ethernet client interfaces, all client interfaces are bridged. To create a DHCP service for all clients, DHCP server must be configured on: A. Ethernet and wireless interfaces B. DHCP service is not possible in this setup C. Every bridge port D. Only on the bridge interface Jawab: D Penjelasan : karena interface wireless dan ethernetnya sudah di bridge sehingga harus dimasukan kedalam interface bridge 12. You want to use PCQ and allow 256k maximum download and upload for each client. Choose correct argument values for the required queue. A. kind=pcq pcq-rate=1256000 pcq-classifier=dst-address B. kind=pcq pcq-rate=5000000 pcq-classifier=src-address C. kind=pcq pcq-rate=256000 pcq-classifier=dst-address D. kind=pcq pcq-rate=5000000 pcq-classifier=dst-address E. kind=pcq pcq-rate=256000 pcq-classifier=src-address Jawab : C dan E Penjelasan :dalam PCQ untuk melimit Upload classifier yang diisi adalah Src-Address dan untuk Download classfier yang diisi aalah dst-address 13. Which is a default baud-rate of currently manufactured RouterBOARDs?
A. 115200 B. 9600 C. 38400 D. 11520 Jawaban :a Penjelasan : karena default yang dipasang ke netinstall adalah 11520 14. DHCP server is configured on a router’s ether1 interface. IP address 192.168.0.100/24 is assigned to the interface. Possible IP pools, that can be used by this DHCP server, are:
A. 192.169.0.1-192.169.0.254 B. 192.168.0.1-192.168.0.255 C. 192.168.0.1-192.168.0.99,192.168.0.101-192.168.0.254 D. 192.168.0.1-192.168.0.14 Jawab : c an d Penjelasan : karena untuk jawaban A dan B akan terjai overlap ip (ip gateway tidak dipisah) 15. There can be more than one PPPoE server in a single broadcast domain:
Jawab : true Penjelasa: karena dalam satu broadcast domain bisa menjalankan lebih dari satu point to point dalam satu network 16. Which wireless mode allows you to connect to any standard AP (not only MikroTik) and to be able to bridge this wireless interface to an Ethernet? A. station B. station-wds C. bridge D. station-pseudobridge Jawab : a Penjelasan : karena untuk jawaban B dan D khusus mikrotik untuk melakukan wds 17. To block communications between wireless clients connected to the same access point interface, you should set A. 'default-forwarding=no' B. 'max-station-count=1' C. 'default-authentication=no' D. 'default-authentication=no' and 'default-forwarding=no' Jawab : a Penjelasan : karena no default-forwarding akan men disable layer 2 dari client
18. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is a router between server and end-user host, it will not be able to create PPPoE tunnel to that PPPoE server.
Jawaban : false Penjelasan : karena PPPOE bisa berjalan meskipun beda IP network 19. Which default route will be active? /ip route add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.1 add disabled=no distance=5 dst-address=0.0.0.0/0 gateway=2.2.2.2 A. Route via gateway 2.2.2.2 B. Route via gateway 1.1.1.1 Jawab : a Penjelasan :semakin kecil distance nya semakin di prioritaskan 20. Which are necessary sections in /queue simple to set bandwidth limitation? A. max-limit B. target-address, max-limit C. target-address, dst-address D. target-address, dst-address, max-limit Jawab : b Penjelasan : karena untuk simple queue hanya membutuhkan target dan juga max limit nya 21. Which option in the configuration of a wireless card must be disabled to cause the router to permit ONLY known clients listed in the access list to connect?
A. Enable Access List B. Security Profile C. Default Authenticate D. Default Forward Jawab : c Penjelasan : karena dengan default authenticate semua bisa onnect ke ap tersebut 22. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. advanced-tools B. routing C. dhcp D. no extra package required
Jawab : d Penjelasan :jika hanya static routing tidak memerlukan paket tambahan/extra package 23. Which firewall chain should you use to filter clients HTTP traffic going through the router? A. prerouting B. forward C. output D. input Jawab :b Penjelasan : kata kuncinya adalah “through” atau melewati sehingga yang dibutuhkan untuk “melewati” ialah chain=forward 24. What is necessary for PPPoE client configuration? A. ip firewall nat masquerade rule B. Interface (on which PPPoE client is going to work) C. Static IP address on PPPoE client interface Jawaban : b Penjelasan : karena yang dibutuhkan untuk pppoe client interface akan dipakai
25. Action=redirect can be used in NAT chain src-nat A. true B. false
Jawab b Penjelasan: karena redirect membutuhkan destination bukan source atau pun forward
Contoh Soal Mikrotik – Score 88% www.infomugi.blogspot.com
1. When sending out an ARP request, an IP host is expecting what kind of address for an answer?
A. VLAN ID B. IP address C. MAC Address D. 802.11g 2. Which of the following Routes statuses are possible? A. S = Static B. D = Drop C. C = Connected D. A = Active 3. DHCP server is configured on a router’s ether1 interface. IP address 192.168.0.100/24 is assigned to the interface. Possible IP pools, that can be used by this DHCP server, are:
A. 192.168.0.1-192.168.0.14 B. 192.169.0.1-192.169.0.254 C. 192.168.0.1-192.168.0.255 D. 192.168.0.1-192.168.0.99,192.168.0.101192.168.0.254 4. It is possible to have PPTP Client and PPTP server on one MikroTik router at the same time. True 5. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. no extra package required B. advanced-tools C. dhcp D. routing 6. What is possible with Netinstall? A. MikroTikRouterOS reinstall B. MikroTikRouterOS password reset with saving
router's configuration C. MikroTikRouterOS configuration reset 7. Evaluate the following information: Access Point configuration: -- wlan1 is in 'AP-Bridge' mode -- Bridge1 has wlan1 and ether1 as ports CPE configuration: -- wlan1 is in 'Station-Bridge' mode -- Bridge1 has wlan1 and ether1 as ports Select protocols that will pass from ether1 on the CPE to ether1 on the Access Point. A. DHCP B. ARP C. BGP D. Firewire E. USB F. PPPoE G. IPv6 H. IPv4 8. Router A and B are both running as PPPoE servers on different broadcast domains of your network. It is possible to set Router A to use "/ppp secret" accounts from Router B to authenticate PPPoE customers. True 9. To connect your MikroTik router to a wireless access point, you have to: A. Use the same SSID as on accesspoint B. Use the same Radio Name C. Use the same Band (5 GHz, 2.4 GHz, ...) 10. The total-max-limit under Simple Queues will limit the combined upload and download of the target-address of your simple queue. True 11. Consider a wireless access point with mode=ap-bridge. What is the maximum number of concurrent clients that can connect to it? A. 2048 B. 2012
C. 2007 D. 1024 12. Which is a default baud-rate of currently manufactured RouterBOARDs? A. 9600 B. 38400 C. 11520 D. 115200 13. Is it possible to limit how many clients are able to connect to an access point? A. No it's not possible at all B. Yes C. Yes, but only with access-lists 14. What can be used as ’target-address’ in the simple queue? A. server’s address B. client’s MAC address C. client’s address D. address list name 15. Consider the following network diagram. In R1, you have the following configuration: /ip route add dst-address=192.168.1.0/24 gateway=192.168.99.2 /ip firewall nat add chain=srcnat out-interface=Ether1 action=masquerade On R2, if you wish to prevent all access to a server located at 192.168.1.10 from LAN1 devices, which of the following rules would be needed?
A. /ip firewall filter add chain=input srcaddress=192.168.99.1 dst-address=192.168.1.10 action=drop B. /ip firewall filter add chain=forward srcaddress=192.168.99.1 dst-address=192.168.1.10 action=drop C. /ip firewall nat add chain=dstnatsrcaddress=192.168.99.1 dst-address=192.168.1.10 action=drop D. /ip firewall filter add chain=forward srcaddress=192.168.0.0/24 dst-address=192.168.1.10 action=drop 16. Where should you upload new MikroTikRouterOS version packages for upgrading router? A. System Backup menu B. System Package menu C. Any directory in /files D. FTP root directory or /files directory of the router 17. Simple Queue number 0 defines 2M for upload and download for target IP 10.10.0.33. Simple Queue number 1 defines 4M for upload and download for target IP 10.10.0.33. Client 10.10.0.33 is be able to obtain A. 2M upload/download B. 0M upload/download C. 4M upload/download D. 6M upload/download 18. Which default route will be active? /ip route add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.1 add disabled=no distance=5 dst-address=0.0.0.0/0 gateway=2.2.2.2 A. Route via gateway 1.1.1.1 B. Route via gateway 2.2.2.2 19. Is action=masquerade allowed in chain=dstnat? A. no B. yes, but it works only for incoming connections C. yes
D. yes, but only if dst-addr is specified 20.What is the correct action for a NAT rule on a router that should intercept SMTP traffic and send it over to a specified mail server? A. tarpit B. dst-nat C. passthrough D. redirect 21. One host on an internal network is accessing an external web page through a MikroTik router that is doing source NAT. Select correct statement about the packets that flow from that web page to the host ? A. Packets go through the output chain B. Packets go through the forward chain C. Packets go through the input chain before the routing decision and after that through output chain D. Packets go through the input chain 22.MikroTikRouterOS commands can be run once a day by: A. /system scheduler B. /system watchdog C. /system cron 23. Which port does PPTP use by default? A. TCP 1723 B. TCP 1721 C. UDP 1721 D. UDP 1723 24. There can be more than one PPPoE server in a single broadcast domain: True 25. Which of the following is used in standard 802.11 wireless networks? A. FDD B. CDMA C. CSMA/CA D. CSMA/CD
1. Which firewall chain should you use to filter clients HTTP traffic going through the router? A. output B. forward C. input D. prerouting 2. What letters appear next to a route, which is automatically created by RouterOS when user adds a valid address to an active interface? A. D B. I C. A D. C E. S 3. It is possible to have PPTP Client and PPTP server on one MikroTik router at the same time. true 4. What is marked by connection-state=established matcher? A. Packet belongs to an existing connection,for example a reply packet or a packet which belongs to already replied connection B. Packet does not correspond to any known connection
C. Packet begins a new TCP connection D. Packet is related to, but not part of an existing connection 5. Which facility should be used, to ensure that clients with radio signal strength poorer than – 90 dBm can't connect to interface wlan1 on a MikroTik AP? Choose one answer A. /interface wireless access-list B. /interface wireless registration-table remove numbers=-91 C. /interface wireless set wlan1 basic-rates-a/g D. /interface wireless security-profiles add statictransmit-key 6. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is a router between server and end-user host, it will not be able to create PPPoE tunnel to that PPPoE server. true 7. You have to connect to a RouterBOARD without any previous configuration. Select all possibilities to connect and do some basic configuration A. Telnet B. Serial Connection C. MAC-Winbox D. Attach monitor/keyboard 8. When using routing option 'check-gateway=ping' after how many timeouts is gateway considered unreachable: A. 4
B. 2 C. 3 D. 1 9. Which of the following Routes statuses are possible? A. C = Connected B. D = Drop C. S = Static D. A = Active 10. To be able to do NAT the connection tracking does not need to be enabled. false 11. When setting "Frequency Mode" value to Regulatory Domain, and setting "country", this changes the available frequencies and power output levels available for selection to only those allowed for the selected country? true 12. You want to create an access point for several laptop (non-RouterOS) clients. Select all options you can set on the MikroTik wireless interface: A. mode=apbridge B. Security profile for WPA encryption C. mode=bridge D. Nstreme to optimize link 13. Which of the following would prevent unknown clients
from connecting to your AP? Choose the BEST answer. A. Uncheck "Default Authenticate" in the wireless card configuration, and add each known client's MAC address to your connect-list configuration B. Check the "Do not permit unknown client" box in the wireless configuration C. Uncheck "Default Authenticate" in the wireless card configuration, and add each known client's MAC address to your access-list configuration ensuring that you enable "authenticate" in the entry D. Configure the radius server under "/radius" E. Add each known client's MAC address to your access-list configuration is the only step needed 14. Consider the following network diagram. In R1, you have the following configuration:
/ip route add dst-address=192.168.1.0/24 gateway=192.168.99.2 /ip firewall nat add chain=srcnat out-interface=Ether1 action=masquerade On R2, if you wish to prevent all access to a server located at 192.168.1.10 from LAN1 devices, which of the following rules would be needed? A. /ip firewall filter add chain=forward srcaddress=192.168.0.0/ 24 dstaddress=192.168.1.10 action=drop B. /ip firewall nat add chain=dstnat srcaddress=192.168.99.1 dstaddress=192.168.1.10 action=drop C. /ip firewall filter add chain=forward srcaddress=192.168.99.1 dstaddress=192.168.1.10 action=drop D. /ip firewall filter add chain=input srcaddress=192.168.99.1 dstaddress=192.168.1.10 action=drop 15. Which port does PPTP use by default? A. UDP 1721
B. TCP 1721 C. UDP 1723 D. TCP 1723 16. Simple Queue number 0 defines 2M for upload and download for target IP 10.10.0.33. Simple Queue number 1 defines 4M for upload and download for target IP 10.10.0.33. Client 10.10.0.33 is be able to obtain A. 6M upload/download B. 2M upload/download C. 0M upload/download D. 4M upload/download 17. In RouterOS queue configurations the word "total" usually represents A. download B. upload + download C. upload D. download upload 18. Your Company has been assigned a 172.16.25.0/25 network from your ISP. What are the possible options to divide the network into subnets?
A. two times /26 B. one /23 and one /27 C. two times /24 D. four times /27 19. You want to use PCQ and allow 256k maximum download and upload for each client. Choose correct argument values for the required queue. A. kind=pcq pcqrate=256000 pcqclassifier=src-address B. kind=pcq pcqrate=5000000 pcqclassifier=dst-address C. kind=pcq pcqrate=1256000 pcqclassifier=dst-address D. kind=pcq pcqrate=256000 pcqclassifier=dst-address E. kind=pcq pcqrate=5000000 pcqclassifier=src-address 20. Which is a default baud-rate of currently manufactured RouterBOARDs? A. 9600 B. 11520 C. 38400
D. 115200 21. A DHCP server is configured on a LAN interface which is a port on a bridge. The DHCP server does not start. What could be the reason(s)?
A. There may be multiple IP addresses set on the LAN interface B. The IP address pool could be incorrectly defined C. The DHCP server can not run on an interface which is also a bridge port D. There might not be an IP address assigned to the LAN Interface 22. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. routing B. advancedtools C. dhcp D. no extra package required 23. It is possible to create an encrypted PPPoE tunnel in RouterOS: true
24. Netinstall can be used to A. Keep configuration, but reset a lost admin password B. Install package for different hardware architecture C. Install different software version (upgrade or downgrade) D. Reinstall software without losing licence
1.
2.
3.
4.
5.
6.
7.
8.
Action=redirect is applied in Action = redirect diterapkan di A. chain=srcnat B. chain=dstnat C. chain=forward You have 802.11b/g wireless card. What frequencies are available to you? Anda memiliki 802.11b kartu wireless / g. frekuensi apa yang tersedia untuk Anda? A. 5800MHz B. 2412MHz ++ C. 5210MHz D. 2422MHz E. 2327MHz Mark all correct statements about /export file=(name of an rsc file). Mark semua pernyataan yang benar tentang / ekspor (file RSC). A. Exports logs from /log print B. Exports full configuration of the router (without RouterOS user password) + C. Exports only part of the configuration (for example /ip firewall) + D. Exports scripts from /system script E. Exports files could not edited What wireless card can we use to achieve 100 Mbps actual wireless throughput? Apa kartu nirkabel dapat kita gunakan untuk mencapai 100 Mbps throughput yang nirkabel yang sebenarnya? A. 802.11 b/g B. 802.11 a/b/g C. 802.11 a D. 802.11 a/n E. 802.11 a/b/g/n It is possible to add user-defined chains in ip firewall mangle Hal ini dimungkinkan untuk menambahkan user-defined rantai di ip mangle firewall Yes Choose all valid hosts address range for subnet 15.242.55.62/27 Pilih semua rentang alamat host yang valid untuk subnet 15.242.55.62/27 A. 15.242.55.31-15.242.55.62 B. 15.242.55.32-15.242.55.63 C. 15.242.55.33-15.242.55.62 D. 15.242.55.33-15.242.55.63 Action=redirect allows you to make Action = redirect memungkinkan Anda untuk membuat A. Transparent DNS Cache B. Forward DNS to another device IP address C. Enable Local Service D. Transparent HTTP Proxy Which is correct masquerade rule for 192.168.0.0/24 network on the router with outgoing interface=ether1? Yang aturan masquerade benar untuk 192.168.0.0/24 jaringan pada router dengan outgoing interface = ether1? A. /ip firewall nat add action=masquerade chain=srcnat + B. /ip firewall nat add action=masquerade chain=srcnat src-address=192.168.0.0/24 + C. /ip firewall nat add action=masquerade out-interface=ether1 chain=dstnat D. /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1
9.
10.
11.
12.
13.
14.
15.
16.
Mark all features that are compatible with Nstreme Mark semua fitur yang kompatibel dengan Nstreme A. WDS between a device in station-wds mode and a device in station-wds mode B. Encryption C. WDS between a device in ap-bridge mode with a device in station-wds mode == D. Bridging a device in station mode with a device in ap-bridge mode = Which are necessary sections in /queue simple to set bandwidth limitation? Yang merupakan bagian penting dalam / antrian sederhana untuk mengatur keterbatasan bandwidth? A. target-address, max-limit ++ B. target-address, dst-address, max-limit C. target-address, dst-address D. max-limit What protocol is used for Ping and Trace route? Apa protokol yang digunakan untuk Ping dan Trace Route? A. DHCP B. IP C. TCP D. ICMP + E. UDP From which of the following locations can you obtain Winbox? Dari mana dari lokasi berikut dapat Anda peroleh Winbox? A. Router’s webpage B. Files menu in your router C. Via the console cable D. mikrotik.com Two hosts, A and B, are connected to a broadcast LAN. Select all the answers showing pairs of IP address/mask which would allow IP connections to be established between the two hosts. Dua host, A dan B, terhubung ke siaran LAN. Pilih semua jawaban yang menunjukkan pasangan alamat IP / mask yang akan memungkinkan koneksi IP yang akan didirikan antara dua host. A. A: 10.1.2.66/25 and B: 10.1.2.109/26 B. A: 10.2.2.1/23 and B: 10.2.0.1/22 C. A: 10.1.2.192/24 and B: 10.1.2.129/26 D. A: 10.2.1.0/23 and B: 10.2.0.1/22 Why is it useful to set a Radio Name on the radio interface? Mengapa berguna untuk menetapkan Nama Radio pada interface radio? A. To identify a station in a list of connected clients B. To identify a station in the Access List C. To identify a station in Neighbor discover MikroTik RouterOS DHCP client can receive following options klien MikroTik RouterOS DHCP dapat menerima pilihan berikut A. Byte limit B. IP Gateway C. Rate limit D. Uptime limit + E. IP Address and Subnet The HotSpot feature can be used only on ethernet interfaces. You have to use a separate access point if you want to use this feature with wireless. Fitur HotSpot dapat digunakan hanya pada antarmuka ethernet. Anda harus menggunakan jalur akses terpisah jika Anda ingin menggunakan fitur ini dengan nirkabel. NO/FALSE
17. If you need to make sure that one computer in your HotSpot network can access the Internet without HotSpot authentication, which menu allows you to do this? Jika Anda perlu memastikan bahwa satu komputer dalam jaringan HotSpot Anda dapat mengakses internet tanpa otentikasi HotSpot, menu yang memungkinkan Anda untuk melakukan hal ini? A. Users B. IP bindings ---C. Walled-garden + D. Walled-garden IP 18. Which default route will be active? Yang rute default akan aktif? /ip route add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.1 add disabled=no distance=5 dst-address=0.0.0.0/0 gateway=2.2.2.2 A. Route via gateway 1.1.1.1 B. Route via gateway 2.2.2.2 19. How long is level 1 (demo) license valid? Berapa lama level 1 (demo) lisensi yang valid? A. 24 hours B. Infinite time C. 1 month D. 1 year
1. which firewall chain should be used for filters that protect your router interface ? INPUT, yang firewall chain harus digunakan untuk filter yang melindungi antarmuka router Anda? 2. Netinstall can be used to ? (Reinstall software without losing lisence) dan (install different software version/upgrade and downgrade) Netinstall dapat digunakan untuk? (Instal ulang perangkat lunak tanpa kehilangan lisensi) Dan (menginstal versi perangkat lunak yang berbeda / meng-upgrade dan downgrade) 3. Wireless acces point is reqquired for customer. Which RaouterBoard can be used for it ? (RB493 with level 4 lisence) dan (RB433 with level 4 lisence) Wireless acces point reqquired bagi pelanggan. RaouterBoard yang dapat digunakan untuk itu? 4. You start a scan for wireless networks on you access point. What will happen ? All connected clients will disconnect Anda mulai memindai jaringan nirkabel pada titik akses Anda. Apa yang akan terjadi ? 5. You want to use PCQ and allow 256k maximum download and upload for each client. Chose correct argument values for the required queue. Anda ingin menggunakan PCQ dan memungkinkan 256k download maksimum dan upload untuk setiap klien. Memilih nilai-nilai argumen yang benar untuk antrian yang diperlukan.
6. It possible to acces Mikrotik graphs on a different port than HTTP port 80. FALSE ++ TRUE -mungkin untuk acces Mikrotik grafik pada port yang berbeda selain port HTTP 80. 7. A mikrotik PPPoe server can be used only within a broadcast domain, that is, users can not run PPPoe protocol if there is router that splits broadcast domain between the customer and that PPPoE server. Server mikrotik pppoe dapat digunakan hanya dalam domain broadcast, yaitu, pengguna tidak dapat menjalankan protokol pppoe jika ada router yang membagi broadcast domain antara pelanggan dan server pppoe. TRUE ++++++ 8. A mikrotik PPPoe server can be used only within a broadcast domain, that is, users can not run PPPoe protocol with a server if there is a router between the customer and that PPPoE server. FALSE 9. What can be used as target-address in the simple queue ? CLIENT’S Address Apa yang dapat digunakan sebagai target-address dalam antrian sederhana? 10. What is necessary for PPPoE client Configuration? Interface (on which PPPoE client is going work) Apa nacessary untuk konfigurasi klien PPPoE? 11. Using wirelless connect-list it’s possible to prioritize connection to one access point over another Access Point by changing the order of the entries. TRUE ++ Menggunakan wirelless terhubung-daftar itu mungkin untuk memprioritaskan sambungan ke satu titik akses lebih jalur akses lain dengan mengubah urutan entri. 12. Where should you upload new Mikrotik RouterOS version packages for upgrading router ? FTP root directory or/files directory other router Di mana Anda harus meng-upload Mikrotik RouterOS paket versi baru untuk upgrade router? 13. Log messages are stored on disk by default. FALSE +++ Pesan Log disimpan pada disk secara default. 14. What does the firewall action “log” do ? it logs the packet Apa yang firewall tindakan "log" lakukan?
1.
2.
3.
4.
5.
6.
7.
8.
Manakah fakta yang benar mengenai file backup? Manakah fakta yang benar mengenai file backup? A. Termasuk file yang tersimpan di /files <<< B. Bisa diedit C. Termasuk username dan password dari /user <<< D. Mencakup seluruh konfigurasi router <<< NStreme works only on 40mhz channel width Nstreme bekerja hanya pada lebar saluran 40MHz true false <<<++ To make all DNS requests coming from your network to resolve on your router (regardless of the clients' configuration), which action would you specify for the DST-NAT rule? Untuk membuat semua permintaan DNS yang berasal dari jaringan Anda untuk menyelesaikan pada router Anda (terlepas dari konfigurasi klien '), yang tindakan yang akan Anda tentukan untuk DST-NAT memerintah? A. masquerade B. dst-nat C. you can't use DST-NAT to achieve this D. redirect <<< Two hosts, A and B, are connected to a broadcast LAN. Select all the answers showing pairs of IP address/mask which would allow IP connections to be established between the two hosts. Dua host, A dan B, terhubung ke siaran LAN. Pilih semua jawaban yang menunjukkan pasangan alamat IP / mask yang akan memungkinkan koneksi IP yang akan didirikan antara dua host. A. A: 10.1.2.66/25 and B: 10.1.2.109/26 <<< B. A: 10.1.2.192/24 and B: 10.1.2.129/26 C. A: 10.2.2.1/23 and B: 10.2.0.1/22 D. A: 10.2.1.0/23 and B: 10.2.0.1/22 The first two rules in the forward chain of the filter table are: Dua aturan pertama dalam rantai maju dari tabel filter adalah: /ip firewall filter add chain=forward connection-state=established action=accept /ip firewall filter add chain=forward connection-state=invalid action=drop Connection-state=related packets are not filtered by the rules above. paket koneksi-negara = terkait tidak disaring oleh peraturan di atas. True false <<< /interface wireless access-list is used for / interface wireless access-list digunakan untuk A. Shows a list of Client's MAC Address that are already registered at AP <<<++ B. Authenticate Hotspot users C. Handles a list of Client's MAC Address to permit/deny connection to AP D. Contains the security profiles settings Possible actions of ip firewall filter are: Kemungkinan tindakan filter ip firewall adalah A. tarpit <<< B. tarp C. bounce D. add-to-address-list/ADD-TO-LIST E. log <<< F. accept <<< In case when router login password is lost, it is necessary to reinstall RouterOS or use hardware reset funcion. Dalam hal ketika password router login hilang, perlu untuk menginstal ulang RouterOS atau menggunakan hardware ulang funcion.
9.
10.
11.
12.
13.
14.
15.
16.
true <<< false PPP Secrets are used for Rahasia PPP digunakan untuk A. L2TP clients <<<+++++ B. Router users C. PPtP clients <<<+++++ D. IPSec clients E. PPPoE clients <<<+++++ F. PPP clients <+ Choose all valid hosts address range for subnet 15.242.55.62/27 Pilih semua host valid mengatasi berbagai untuk subnet 15.242.55.62/27 A. 15.242.55.32-15.242.55.63 B. 15.242.55.33-15.242.55.63 C. 15.242.55.33-15.242.55.62 <<< D. 15.242.55.31-15.242.55.62 WPA 2 Pre-Shared Key (PSK) is enabled on AP, all your clients have to use the same PSK. Only Virtual AP could be used to allow clients to connect with a different PSK. WPA 2 Pre-Shared Key (PSK) diaktifkan pada AP, semua klien Anda harus menggunakan PSK yang sama. Hanya Virtual AP bisa digunakan untuk mengizinkan klien untuk menghubungkan dengan PSK yang berbeda. false true <<< Which of the following actions are available for '/ip firewall mangle' (select all valid actions) Manakah dari tindakan berikut ini tersedia untuk '/ ip firewall mangle' (pilih semua tindakan yang valid) A. change MSS B. mark connection <<< C. Accept <<< D. Jump <<< E. Drop <<< F. mark packet <<< OSFP area ID does not need to be unique within the AS. OSFP ID daerah tidak perlu menjadi unik dalam AS. true false <<< What configuration is added by /ip hotspot setup command? (select all that apply) Apa konfigurasi ditambahkan oleh / ip perintah konfigurasi hotspot? (Pilih semua yang berlaku) A. /ip dhcp-server <<< B. /ip service C. /queue tree D. /ip hotspot user <<< E. /ip hotspot walled-garden Mode wireless apakah yang bisa digunakan untuk mengkonfigurasikan WDS? Modus apakah wireless Yang can digunakan untuk review mengkonfigurasikan WDS? A. ap-bridge <<< B. nstreme-dual-slave C. bridge D. station-wds <<< E. Station Check all of the DHCP Server Options that are implemented for DHCP-Client and not Custom. Periksa semua DHCP Server Pilihan yang diimplementasikan untuk DHCP-Client dan tidak Kustom. A. WINS Server <<<
17.
18.
19.
20.
21.
B. ntp server <<< C. DNS Server <<< D. subnet mask <<< E. tftp F. Gateway <<< Anda akan menyimpan website yang telah dikunjungi ke dalam sebuah log dari web proxy. Manakah konfigurasi yang benar ? Andari akan menyimpan situs Yang has dikunjungi Ke hearts SEBUAH log Dari web proxy. Manakah Konfigurasi yang Benar? A. /system logging add topics=web-proxy,debug action=memory <<< B. /system logging add topics=web-proxy,!debug action=memory C. /system logging add topics=web-proxy,!debug action=remote D. /system logging add topics=web-proxy,!debug action=disk <<< You need to set up an E1(T1) connection with PPP configured. Which License level is needed? Anda perlu menyiapkan koneksi E1 (T1) dengan PPP dikonfigurasi. Tingkat Lisensi yang diperlukan? A. Level 4 B. It cannot be done in RouterOS C. Level 5 <<< Mark queue type that uses fairness principle between sub-queues, allows users to choose classifier for sub-queues, and apply a limit to each sub-queue Mark Jenis antrian yang menggunakan prinsip keadilan antara sub-antrian, memungkinkan pengguna untuk memilih classifier untuk sub-antrian, dan menerapkan batas untuk masingmasing sub-antrian A. SFQ B. RED C. PCQ <<< D. BFIFO How many different priorities can be selected for queues in MikroTik RouterOS? Berapa banyak prioritas yang berbeda dapat dipilih untuk antrian di MikroTik RouterOS? A. 1 B. 8 <<< + C. 0 D. 16 An IP address pool can contain addresses from more than one subnet. Sebuah kolam alamat IP dapat berisi alamat dari lebih dari satu subnet. True <<< false +
1.
2.
3.
4.
5.
Is ARP used in the IPv6 protocol ? Apakah ARP digunakan dalam protokol IPv6? [True / False] JAWAB : False --> menggunakan ndp sebagai pengganti arp Select which of the following are 'Public IP addresses': [multiple answers] Pilih mana dari berikut ini adalah 'IP Public alamat': [Beberapa jawaban] a. 192.168.0.1 b. 11.63.72.21 + c. 172.28.73.21 d. 10.110.50.37’ e. 172.168.254.2 + JAWAB: B,E 172.16.0.0/12 -> 172.16.0.1 - 172.31.255.254 In MikroTik RouterOS, Layer-3 communication between 2 hosts can be achieved by using an address subnet of: [multiple answers] Pada MikroTik RouterOS, Layer-3 komunikasi antara 2 host dapat dicapai dengan menggunakan subnet alamat: [Beberapa jawaban] a. /30 ++ b. /29 +++ c. /32 d. /31 JAWAB : B A PC with IP 192.168.1.2 can access internet, and static ARP has been set for that IP address on gateway. When the PC Ethernet card failed, the user change it with a new card and set the same IP for it. What else should be done? [multiple answers] Sebuah PC dengan IP 192.168.1.2 dapat mengakses internet, dan statis ARP telah ditetapkan untuk alamat IP pada gateway. Bila kartu PC Ethernet gagal, pengguna mengubahnya dengan kartu baru dan mengatur IP yang sama untuk itu. Apa lagi yang harus dilakukan? [Beberapa jawaban] a. Old static ARP entry on gateway has to be updated for the new card * b. Nothing - it will work as before == c. MAC-address of the new card has to be changed to MAC address of old card * d. Another IP has to be added for Internet access JAWAB : A,C,D How many usable IP addresses are there in a 20-bit subnet? [single answer] Berapa banyak alamat IP dapat digunakan yang ada di subnet 20-bit? [Tunggal jawaban] a. 2047 b. 4096 c. 2048 d. 2046 e. 4094 +++ JAWAB : E
6.
What is the default TTL (time to live) on a router that an IP packet can experience before it will be discarded ? [multiple answers] Apa yang default TTL (time to live) pada router yang paket IP dapat mengalami sebelum akan dibuang? [Beberapa jawaban] a. 60 b. 30 c. 1 d. 64 JAWAB : A,B,D (ga yakin) 7. The network address is [multiple answers] Alamat jaringan adalah [Beberapa jawaban] a. The first usable address of the subnet ++ b. The last address of the subnet + c. The first address of the subnet JAWAB : A,B 8. Choose all valid hosts address range for subnet 15.242.55.62/27 [single answer] Pilih semua rentang alamat host yang valid untuk subnet 15.242.55.62/27 [Tunggal jawaban] a. 15.242.55.32-15.242.55.63 b. 15.242.55.33-15.242.55.63 c. 15.242.55.33-15.242.55.62 + d. 15.242.55.31-15.242.55.62 JAWAB : C 9. Which ones of the following are valid IP addresses? [multiple answers] Manakah dari berikut ini adalah alamat IP yang valid? [Beberapa jawaban] a. 192.168.13.255 + b. 1.27.14.254 ++ c. 10.10.14.0 ++ d. 192.168.256.1 JAWAB : B,C 10. Which of the following is NOT a valid MAC Address? [multiple answers] Manakah dari berikut ini tidak MAC valid Alamat? [Beberapa jawaban] a. 95:B5D:EE:78:8A b. 13:16:86:53:89:43 c. 80:GF:AA:67:13:5D ++ d. 88:0C:00:99:5F:EF e. EA:BA:AA:EE:FF:CB JAWAB : A,C
11. If ARP=reply-only is configured on an interface, what will this interface do [multiple answers] Jika ARP = balasan-satunya dikonfigurasi pada interface, apa yang akan antarmuka ini dilakukan [Beberapa jawaban] a. Add new IP addresses in /ip arp list b. Accept all IP/MAC combinations listed in /ip arp as static entries ++ c. Accept all MAC-addresses listed in /ip arp as static entries d. Add new MAC addresses in /ip arp list e. Accept all IP addresses listed in /ip arp as static entries JAWAB : B,E 12. What is term for the hardware coded address found on an interface? [single answer] Apa istilah untuk alamat hardware kode ditemukan di sebuah antarmuka? [Tunggal jawaban a. IP Address b. Interface Address c. MAC Address ++ d. FQDN Address JAWAB : C 13. Which of the following IP addresses are publicly routable? Manakah dari alamat IP berikut routable publik? [Beberapa jawaban] [multiple answers] a. 127.34.155.3 b. 192.168.1.4 c. 172.16.13.23 d. 11.3.10.4 JAWAB : A,D 14. What protocol does ping use? [single answer] Apa protokol tidak ping digunakan? [Tunggal jawaban] a. UDP b. TCP c. ARP d. ICMP ++++ JAWAB : D 15. MAC layer by OSI model is also known as [single answer] MAC lapisan model OSI juga dikenal sebagai a. Layer 3 b. Layer 7 c. Layer 2 +++ d. Layer 6 e. Layer 1 JAWAB : C 16. How many layers does Open Systems Interconnection model have? [single answer] Berapa banyak lapisan yang model Open System Interconnection miliki? a. 12 b. 6 c. 9 d. 5 e. 7
17. How many IP addresses can one find in the header of an IP packet? [single answer] Berapa banyak alamat IP dapat satu menemukan dalam header dari sebuah paket IP? [Tunggal jawaban] a. 3 b. 4 c. 1 = d. 2 JAWAB : C (ga yakin) 18. Select valid MAC-address [single answer] Pilih valid MAC-address [Tunggal jawaban] a. G2:60:CF:21:99:H0 b. 00:00:5E:80:EE:B0 + c. 192.168.0.0/16 d. AEC8:21F1:AA44:54FF:1111DAE:0212:1201 JAWAB : B 19. The basic unit of a physical network (OSI Layer 1) is the: [single answer] Unit dasar dari jaringan fisik (OSI Layer 1) adalah: [Tunggal jawaban] a. Byte b. Frame c. Bit ++++ d. Header JAWAB : C 20. You have a router with configuration Anda memiliki router dengan konfigurasi - Public IP :202.168.125.45/24 - Default gateway:202.168.125.1 - DNS server: 248.115.148.136, 248.115.148.137 - Local IP: 192.168.2.1/24 Mark the correct configuration on client PC to access to the Internet [single answer] Menandai konfigurasi yang benar pada PC client untuk akses ke Internet [Tunggal jawaban] a. IP:192.168.0.1/24 gateway:192.168.2.1 b. IP:192.168.2.253/24 gateway:202.168.0.1 c. IP:192.168.1.223/24 gateway:248.115.148.136 d. IP:192.168.2.115/24 gateway: 192.168.2.1 +++ e. IP:192.168.2.2/24 gateway:202.168.125.45 JAWAB : D
1.
2.
3.
4.
5.
6.
7.
8.
In Ip Firewall NAT, you can Classify Traffic in SRC Nat Chain based on " in-interface". Dalam Ip Firewall NAT, Anda dapat Klasifikasikan Lalu Lintas di SRC Nat Rantai berdasarkan "diinterface". False +++ Which option in the configuration of a wireless card must be disabled to cause the router to permit ONLY known clients listed in the access list to connect? Pilihan mana dalam konfigurasi kartu nirkabel harus dinonaktifkan untuk menyebabkan router untuk mengizinkan klien HANYA dikenal tercantum dalam daftar akses untuk menyambung? A. Default Forward B. Enable Access List C. Default Authenticate D. Security Profile’ Is it possible to limit how many clients are able to connect to an access point? Apakah mungkin untuk membatasi berapa banyak klien dapat terhubung ke jalur akses? A. Yes, but only with access-lists ++ B. No it's not possible at all C. Yes It is necessary to configure a local DNS server to be able to give out a DNS setting to clients via DHCP server. Hal ini diperlukan untuk mengkonfigurasi server DNS lokal untuk dapat memberikan suatu DNS pengaturan untuk klien melalui server DHCP. True What kind of users are listed in the "/user" menu? Apa jenis pengguna tercantum dalam menu "/ user"? A. pptp users B. hotspot users C. router users D. wireless users How many DHCP servers could you run on one interface? Berapa banyak server DHCP Anda bisa berjalan di satu antarmuka? A. 255 B. 1024 C. 4 D. 1 What configuration is added by /ip hotspot setup command? (select all that apply) Apa konfigurasi ditambahkan oleh / ip perintah konfigurasi hotspot? (Pilih semua yang berlaku) A. /ip hotspot user B. /queue tree C. /ip service D. /ip dhcp-server E. /ip hotspot walled-garden Router has Wireless and Ethernet client interfaces, all client interfaces are bridged. To create a DHCP service for all clients you must configure DHCP server on Router memiliki Wireless dan Ethernet interface klien, semua antarmuka klien yang dijembatani. Untuk membuat layanan DHCP untuk semua klien Anda harus mengkonfigurasi DHCP server di A. only on bridge interface B. every bridge port C. DHCP service is not possible in this setup D. Ethernet and wireless interfaces
9.
10.
11.
12.
13.
14.
15.
A routing table has following entries: Sebuah tabel routing memiliki entri berikut: 0 dst-address=10.0.0.0/24 gateway=10.1.5.126 1 dst-address=10.1.5.0/24 gateway=10.1.1.1 2 dst-address=10.1.0.0/24 gateway=25.1.1.1 3 dst-address=10.1.5.0/25 gateway=10.1.1.2 Which gateway will be used for a packet with destination address 10.1.5.126? Gerbang yang akan digunakan untuk paket dengan alamat tujuan 10.1.5.126? A. 10.1.1.1 B. 10.1.1.2 ++ 82+++ C. 10.1.5.126 D. 25.1.1.1 You want to skip HotSpot (authorization, accounting, etc.) for a specific host. What should you use? Anda ingin melewatkan HotSpot (otorisasi, akuntansi, dll) untuk host tertentu. Apa yang harus Anda gunakan? A. /ip hotspot ip-binding B. /ip hotspot walled-garden ip C. /ip hotspot walled-garden D. /ip address What does the firewall action "Redirect" do?true statements Apa tindakan firewall "Redirect" lakukan? ++ A. Redirects a packet to a specified port on a host in the network B. Redirects a packet to a specified IP C. Redirects a packet to the router D. Redirects a packet to a specified port on the router A. Pengalihan paket ke port tertentu di host dalam jaringan B. Pengalihan paket ke IP tertentu C. Pengalihan sebuah paket ke router D. Pengalihan paket ke port tertentu pada router Which wireless mode allows you to connect to any standard AP (not only MikroTik) and to be able to bridge this wireless interface to an Ethernet? Modus yang nirkabel memungkinkan Anda untuk terhubung ke AP standar (tidak hanya MikroTik) dan untuk dapat menjembatani antarmuka nirkabel ini ke Ethernet? A. station B. bridge C. station-pseudobridge + D. station-wds How many layers does Open Systems Interconnection model have? Berapa banyak lapisan yang model Open System Interconnection miliki? A. 9 B. 6 C. 5 D. 7 E. 12 You can control bandwidth of a client connected to AP with the resource / interface wireless access-list ( assume the client uses MikroTik RouterOS). Anda dapat mengontrol bandwidth klien yang terhubung ke AP dengan sumber daya / antarmuka akses-daftar nirkabel (menganggap klien menggunakan MikroTik RouterOS). True + Choose all valid hosts address range for subnet 15.242.55.62/27 Pilih semua host valid mengatasi berbagai untuk subnet 15.242.55.62/27 A. 15.242.55.33-15.242.55.63 B. 15.242.55.33-15.242.55.62
C. 15.242.55.31-15.242.55.62 D. 15.242.55.32-15.242.55.63 16. Which configuration menu should you use to change router's Winbox default port? hich menu konfigurasi yang harus Anda gunakan untuk mengubah port default Winbox router? A. /ip service B. /ip firewall service-ports C. /ip firewall filter D. /system resource 17. A backup file from a MikroTik router is stored in plain text format Sebuah file backup dari router MikroTik disimpan dalam format teks biasa False 18. In RouterOS queue configurations the word "total" usually represents Dalam antrian RouterOS konfigurasi dengan kata "total" biasanya merupakan A. download B. upload + download --++ C. download - upload D. upload
1.
2.
3.
4.
5.
6.
7.
On the advanced menu of the wireless setup there is a parameter called “Area”, it works directly with: Pada menu canggih dari setup wireless ada parameter yang disebut "daerah", bekerja secara langsung dengan: A. Connect List ++ B. Access List C. None of these D. Security Profile What menus should be used to allow certain websites to be accessed from behind a hotspot interface, without client authentication Apa menu harus digunakan untuk mengizinkan situs web tertentu untuk diakses dari belakang antarmuka hotspot, tanpa otentikasi klien A. ip hotspot ip-binding B. ip hotspot profile C. ip hotspot walled-garden ++ D. ip hotspot walled-garden ip You want to use PCQ and allow 256k maximum download and upload for each client. Choose correct argument values for the required queue. Anda ingin menggunakan PCQ dan memungkinkan 256k download maksimum dan upload untuk setiap klien. Pilih nilai argumen yang benar untuk antrian yang diperlukan. A. kind=pcq pcq-limit=1256000 pcq-classifier=dst-address B. kind=pcq pcq-limit=256000 pcq-classifier=dst-address C. kind=pcq pcq-limit=5000000 pcq-classifier=src-address D. kind=pcq pcq-limit=256000 pcq-classifier=src-address E. kind=pcq pcq-limit=5000000 pcq-classifier=dst-address Which of the following is true for connection tracking A. Enabling connection tracking reduces CPU usage in RouterOS == B. Connection tracking must be enabled for firewall to be effective C. Connection tracking must be enable for NAT’ed network D. Disable connection tracking for mangle to work Manakah dari berikut ini berlaku untuk pelacakan koneksi A. Mengaktifkan pelacakan koneksi mengurangi penggunaan CPU di RouterOS B. pelacakan Connection harus diaktifkan untuk firewall menjadi efektif C. Koneksi pelacakan harus mengaktifkan untuk jaringan NAT'ed pelacakan koneksi D. Nonaktifkan untuk mangle untuk bekerja Which of these are possible solutions to bridge two networks over a wireless link: A. Both devices in AP mode and enable WDS mode B. One device in AP mode, another one in station-pseudobridge-clone C. One device in AP mode, another one in station-pseudobridge D. One device in AP mode, another one in station Yang ini adalah solusi yang mungkin untuk menjembatani dua jaringan melalui link nirkabel: Modus A. Kedua perangkat dalam mode AP dan mengaktifkan WDS B. Satu perangkat dalam mode AP, satu lagi di stasiun-pseudobridge-clone C. Salah satu perangkat dalam modus AP, satu lagi di stasiun-pseudobridge D. Satu perangkat dalam mode AP, satu lagi di stasiun You have a 802.11b/g wireless card. Which frequencies can be set? Anda memiliki kartu nirkabel 802.11b / g. Yang frekuensi dapat diatur? A. 5210MHz B. 2327MHz C. 2422MHz D. 2412MHz E. 5800MHz Action=redirect applies to
Action = redirect berlaku untuk aturan A. Route rules B. DST-NAT rules C. Firewall Filter rules D. SRC-NAT rules 8. When backing up your router by using the ‘Export’ command, the following happens: Ketika back up router Anda dengan menggunakan perintah 'Ekspor', berikut ini terjadi: A. Winbox usernames and passwords are backed up B. The Export file can be edited with a standard text editor after its creation C. You are requested to give the export file a name 9. You need to reboot a RouterBoard after importing a previously exported rsc file to activate the new configuration. FALSE/NO Anda perlu reboot RouterBoard setelah mengimpor file RSC sebelumnya diekspor untuk mengaktifkan konfigurasi baru. 10. If a packet comes to a router and starts a new, previously unseen connection, which connection state would be applied to it? Jika sebuah paket datang ke router dan memulai, koneksi yang sebelumnya tak terlihat baru, yang negara koneksi akan diterapkan untuk itu? A. no connection state would be applied to such packet B. new + C. unknown D. invalid E. established 11. We have two radio cards in a point-to-point link with settings: Kami memiliki dua kartu radio di link point-to-point dengan pengaturan: Card Nr 1.: mode=ap-bridge ssid=”office” frequency=2447 band=2.4ghz-b/g default-authentication=yes default-forwarding=yes securityprofile=wpa Card Nr 2.: mode=station ssid=”office” frequency=2412 band=2.4ghz-b/g default-authentication=yes default-forwarding=yes securityprofile=wpa2 Is Card Nr2. able to connect to Card Nr 1.? A. Yes, if Nstreme is enabled or disabled on both B. Yes, when security profile settings are compatible with each other and Nstreme is enabled or disabled on both C. No, because of the different frequencies D. No, because of the different security profiles A. Ya, jika Nstreme diaktifkan atau dinonaktifkan pada kedua B. Ya, ketika pengaturan profil keamanan yang kompatibel dengan satu sama lain dan Nstreme diaktifkan atau dinonaktifkan pada kedua C. Tidak, karena frekuensi yang berbeda D. Tidak ada, karena profil keamanan yang berbeda 12. Consider the following network diagram. In R1, you have the following configuration: Perhatikan diagram jaringan berikut. Pada R1, Anda memiliki konfigurasi berikut: /ip route add dst-address=192.168.1.0/24 gateway=192.168.99.2 /ip firewall nat add chain=srcnat out-interface=Ether1 action=masquerade On R2, if you wish to prevent all access to a server located at 192.168.1.10 from LAN1 devices, which of the following rules would be needed? Pada R2, jika Anda ingin mencegah semua akses ke server yang terletak di 192.168.1.10 dari perangkat LAN1, yang dari aturan berikut akan diperlukan?
A. /ip firewall filter add chain=forward src-address=192.168.99.1 dst-address=192.168.1.10 action=drop B. /ip firewall filter add chain=input src-address=192.168.99.1 dst-address=192.168.1.10 action=drop C. /ip firewall nat add chain=dstnat src-address=192.168.99.1 dst-address=192.168.1.10 action=drop D. /ip firewall filter add chain=forward src-address=192.168.0.0/24 dst-address=192.168.1.10 action=drop 13. What is the default protocol/port of (secure) winbox? Apa default protokol / pelabuhan winbox (aman)? A. UDP/5678 B. TCP/8291 +++ C. TCP/22 D. TCP/8080 14. Mark the queue types that are available in RouterOS Mark jenis antrian yang tersedia di RouterOS A. SFQ – Stochastic Fairness Queuing ++++++ B. DRR – Deficit Round Robin C. FIFO – First In First Out (for Bytes or for Packets) ++++ D. LIFO – Last In First Out E. PCQ – Per Connection Queuing ++++++ F. RED – Random Early Detect (or Drop) ++++++ 15. Which is the default port of IP-Winbox? Yang merupakan port default dari IP-Winbox? A. TCP 80 B. TCP 8291 ++ C. TCP 8192 D. UDP 8291
1.
Can you manually add drivers to RouterOS in case your PCI Ethernet card is not recognized, and you suspect it is a driver issue? A. Yes B. No +++ 2. While troubleshooting a network from inside the network, you discover that you can ping the gateway reliably, but you cannot browse the Internet. Skype, however, works flawlessly. What is the most likely issue? A. DNS is not available B. Network card and/or cable is not working C. Masquerading rule is not applied D. The computer did not get an IP address 3. For user in local ppp secrets/ppp profiles database, it is possible to A. Allow only pppoe login ----=-=B. Allow login by pppoe and pptp, but deny login by l2tp -C. Deny services (like telnet) only for this user or for one group of users D. Allow/deny use of more than one login by this user --E. Set max values for total transferred bytes (up- and download) ------== 4. The RouterOS graphing is used for A. real-time traffic and resource usage display + B. average traffic and resource usage display +++ C. bandwidth testing D. bandwidth limitation 5. In the Route List, the identification DAb for a route stands for A. direct - acknowledge - backup B. direct - active - bgp C. dynamic - active - backup D. dynamic - active - bgp ++++ 6. You want to transfer existing '/ip firewall filter' configuration from one router to a new system. Choose the best possible way to do: A. Export global configuration and remove everything apart from '/ip firewall filter' B. Export only '/ip firewall filter' C. Create backup only of '/ip firewall filter' rules D. Create backup, edit backup file and restore on target router 7. Which firewall chain you should use to filter SSH access to the router itself? A. output B. prerouting C. forward D. input 8. You want to create an access point for several laptop (non-RouterOS) clients. Select all options you can set on the MikroTik wireless interface: A. Nstreme to optimize link B. mode=ap-bridge C. mode=bridge D. Security profile for WPA encryption 9. If you wish to block user access to MSN messenger, which chain should the firewall rule be placed in? A. process B. input C. forward D. output 10. What is the maximum number of ARP entries on a Mikrotik RouterOS device ? A. 2048 B. 8192 C. 10240
D. Unlimited 11. To connect your MikroTik router to a wireless access point, you have to: A. Use the same Band (5 GHz, 2.4 GHz, ...) +++++ B. Use the same Radio Name C. Use the same SSID as on accesspoint = 12. DHCP server is configured on a router’s ether1 interface. IP address 192.168.0.100/24 is assigned to the interface. Possible IP pools, that can be used by this DHCP server, are: A. 192.168.0.1-192.168.0.255 B. 192.169.0.1-192.169.0.254 C. 192.168.0.1-192.168.0.14 +++ 85++ D. 192.168.0.1-192.168.0.99,192.168.0.101-192.168.0.254 +++ 85++ 13. Which firewall chain should you use to filter clients HTTP traffic going through the router? A. prerouting B. input C. output D. forward 14. Consider the following diagram. We want to communicate from a device on LAN1 to a device on LAN2. Assuming that all necessary configurations are already included on R2, which of the following configurations in R1 would enable this communication? A. /ip route add dst-address=0.0.0.0/0 gateway=Ether1 B. /ip route add dst-address=0.0.0.0/0 gateway=192.168.99.2 82++ C. /ip route add dst-address=192.168.1.0/24 gateway=192.168.99.2 82++ D. /ip route add dst-address=192.168.0.0/24 gateway=192.168.0.1 E. /ip route add dst-address=192.168.1.0/24 src-address=192.168.0.0/24 gateway=192.168.99.2 15. What is the meaning of letter "R" on an active session in the menu PPP Active Connections? A. Running B. Radius +++++ C. Remote
1. /ip route configuration on router, /ip route add gateway=192.168.0.1 /ip route add dst-address=192.168.1.0/24 gateway=192.168.0.2 /ip route add dst-address=192.168.2.0/24 gateway=192.168.0.3 /ip route add dst-address=192.168.3.0/26 gateway=192.168.0.4 Router needs to send packets to 192.168.3.240. Which gateway will be used? A. 192.168.0.3 B. 192.168.0.4 80+ C. 192.168.0.2 D. 192.168.0.1 ++ 82++ 2. Which route will be used to reach host 192.168.1.55? /ip route add disabled=no distance=1 dst-address=192.168.1.0/24 gateway=1.1.1.1 add disabled=no distance=1 dst-address=192.168.1.0/25 gateway=2.2.2.2 add disabled=no distance=1 dst-address=192.168.0.0/16 gateway=3.3.3.3 A. Route via gateway 1.1.1.1 B. Route via gateway 3.3.3.3 C. Route via gateway 2.2.2.2 -3. To securely bridge together 2 remote networks you can use A. PPPoE over EoIP B. PPTP over EoIP 82+ C. EoIP over PPTP D. PPTP BCP 4. Which routing table is used to apply recursive routing at MikroTik RouterOS A. It is only possible in the main routing table 82+ B. It is only possible on the x86 platform C. It is possible in all the routing tables installed in a router D. It is not possible 5. Select correct statements about EoIP: A. does not provide encryption. B. uses GRE. C. does not provide authentication. D. uses ESP.
6. On the following network diagram , when ROUTER wants to reach "HOST A" by itself, it should use ISP1 as gateway and when CLIENT wants to reach "HOST A", router should use ISP2 as a gateway. How would you configure routing marks to achieve this?
A. Chain Input for a Routing Mark to route to ISP 2 & Chain Output for a Routing Mark to route to ISP 1 B. Chain Output for a Routing Mark to route to ISP 2 & Chain Forward for a Routing Mark to route to ISP 1 C. Chain Forward for a Routing Mark to route to ISP 2 & Chain Forward for a Routing Mark to route to ISP 1 +82 D. Chain Prerouting for a Routing Mark to route to ISP 2 & Chain Output for a Routing Mark to route to ISP 1 7. Which ones of these are Point-to-Point addresses? A. address=1.1.1.1/32 network=10.0.0.0 B. address=10.0.0.1/32 network=10.0.0.254 C. address=10.0.0.1/32 network=10.0.0.0 D. address=10.0.0.1/24 network=10.0.0.0 8. A MikroTik system administrator implemented OSPF Routing protocol in the network. But realized that he has a static route on the routers. What can be done to make the static route work as a failover whenever the dynamic routing protocol fails. A. He should manually disable the static routes and enable them whenever OSPF fails -B. He should use "netwatch" to trigger static routes whenever OSPF fails C. He should increase the administrative distance of the static route 82+ D. Delete all static routes because there is no way for it to work with OSPF 9. When sending out an ARP request, an IP host is expecting what kind of address for an answer? A. IP address == 82++ B. VLAN ID C. MAC Address == 82++ D. 802.11g 10.It is possible to create a configuration where VLAN and PPTP interfaces are bridged together. FALSE TRUE 11.If router receives packet with TTL=1 then: A. packet will always reach its destination B. packet will be forwarded only to next L3 device C. packet will not be forwarded
12.What addressing scheme is typically used on a PPP link? A. /32 address on each side of the link B. /30 subnet C. /31 subnet D. /24 private subnet 13.Consider the image above. In this OSPF network, using Type II metrics would ensure that traffic from the source network to the destination network followed the path outlined by the dotted line.
False/true 14.When adding a static route, you must always ensure that you add both the gateway and the interface. TRUE ++ FALSE 82++ 15.The address 192.168.0.0/32 can be used for PPPoE servers local address. True/false 16.When creating a route, it is possible to specify the gateway to a network even if the gateway is not directly connected by using recursive next-hop resolving from an existing route. True/false 17.There are two routes in the routing table: 0 dst-addr=10.1.1.0/24 gateway=5.5.5.5 1 dst-addr=10.1.1.4/30 gateway=5.6.6.6 Which gateway will be used to get to the IP address 10.1.1.6? A. the required route is not in the routing table B. 5.6.6.6 +++++++ C. 5.5.5.5 D. both - half of the traffic will be routed through one gateway, half through the other 18.You can not use OSPF and RIP routing protocols simultaneously on the RouterOS. True false + 19.Look at the picture.
Which Gateway will be used to reach 192.168.88.10? A. 192.168.55.2 B. no one C. 192.168.55.1 82+ D. 192.168.55.3
20.You have a router with the following IP addresses: ether1: 10.40.1.1/24 ether2: 10.250.1.1/30 ether3: 10.251.1.1/30 wlan1: 10.50.1.1/30 wlan2: 10.50.2.1/30 You have a customer directly connected to ether2, and another customer directly connected to ether3. Your wireless radios are used for wireless connectivity to two different towers, and ether1 goes to another wireless access point for other subscribers. You need all of the subnets distributed across your OSPF Network You need to configure OSPF to talk on this router, what would be the best configuration. A. set distribute-state=yes B. Set Distribute-Connected=yes C. set distribute-default=always-type-1 D. Set Ethernet 2 and 3 to passive mode E. Set OSPF networks, to 10.50.1.0/30, 10.50.2.0/30 F. Set OSPF networks to 0.0.0.0/0 G. Set Ethernet 1, 2, and 3 to passive mode H. Set OSPF Networks to 10.40.1.0/24, 10.250.1.0/30, 10.251.1.0/30, 10.50.1.0/30, and 10.50.2.0/30 82++ I. Set OSPF Networks to 10.40.1.0/24, 10.250.1.0/30, 10.251.1.0/24, 10.50.1.0/30, and 10.50.2.0/30 J. Set OPSF networks to 10.0.0.0/8 only 21.There are 6 routers running OSPF and connected with each other using point-to-point network types. How many Designated Routers are there among them? A. 15 B. 6 C. 0 D. 1 22./ip route can have DS flags simultaneously. False True 82++
1. The highest queue priority is A. 8 B. 1 ++ C. 256 D. 16 2. It is impossible to disable user "admin" at the menu "/user" FALSE 11 TRUE 3. In Winbox, Hide Passwords unchecked shows passwords for the following A. RouterOS user = B. RADIUS shared secret C. Hotspot User D. PPP secrets 4. Which software version can be installed onto the following RouterBoard types? A. routeros-mipsbe-x.xx.npk on a RB133 B. routeros-x86-x.xx.npk on a RB1100 C. routeros-powerpc-x.xx.npk on a RB333 D. routeros-mipsle-x.xx.npk on RB133 E. routeros-mipsbe-x.xx.npk on a RB433 5. Which is a default baud-rate of currently manufactured RouterBOARDs? A. 9600 B. 11520 C. 38400 D. 115200 + 6. Is it possible to have PPTP Client and PPTP server on one MikroTik router at the same time? TRUE ++++++ false 7. Firewall configuration is the following: 1) /ip firewall filter add chain=input protocol=icmp action=jump jump-target=ICMP 2) /ip firewall filter add chain=input protocol=icmp action=log log-prefix=ICMP-DENY 3) /ip firewall filter add chain=input protocol=icmp action=drop 4) /ip firewall filter add chain=ICMP protocol=icmp action=log log-prefix=JUMP-ICMP-DENY 5) /ip firewall filter add chain=ICMP protocol=icmp action=drop Client sends “ping” to router. What will the router do? A. Router will drop the packet at the Input drop rule (3rd rule) B. Router will log it with prefix: ICMP-DENY C. Router will drop the packet at ICMP (jump) chain drop rule (5th rule) D. Router will log it with prefix: JUMP-ICMP-DENY 8. The following image shows a RouterOS Wireless Access List configuration. Wireless interface “Default Authenticate” is unchecked. What will happen with clients connecting to this AP?
A. 00:0C:42:61:6C:90 client will connect to wlan1 B. No client is able to connect to the Wireless Access Point. C. Client with mac-address 00:0C:42:31:38:A2 will connect to wlan1 D. 00:0C:42:31:38:A2 will connect to wlan1 when the signal strength is greater than -60 9. PPPoE server only works within one Ethernet broadcast domain that it is connected to. And if there is a router between server and end-user host, it will not be able to create PPPoE tunnel to said PPPoE server. TRUE +++
false 10. Which facility should be used, to ensure that clients with radio signal strength poorer than – 90 dBm can’t connect to interface wlan1 on a MikroTik AP? Choose one answer A. /interface wireless security-profiles add static-transmit-key B. /interface wireless access-list C. /interface wireless registration-table remove numbers=-91 D. /interface wireless set wlan1 basic-rates-a/g 11. What letters appear next to a route, which is automatically created by RouterOS when user adds a valid address to an active interface? A. D + B. A + C. S D. I E. C + 12. Router A and B are both running as PPPoE servers on different broadcast domains of your network. It is possible to set Router A to use “/ppp secret” accounts from Router B to authenticate PPPoE customers. FALSE ++++++++ TRUE – 13. Which of the following Routes statuses are possible? A. S = Static --+ B. C = Connected + C. D = Drop D. A = Active --+ 14. What kind of users are listed in the Secrets window of the PPP menu? A. l2tp users ++ B. pptp users +++ C. hotspot users D. winbox users E. wireless users F. pppoe users ++ 15. By default info, error and warning messages are logged into memory of your RouterOS device. You can add logging of visited web-pages and other message topics TRUE 16. What does this simple queue do (check the image)?
A. Queue limits host 192.168.1.10 upload data rate to one megabit per second. B. Queue guarantees download data rate of one megabit per second for host 192.168.1.10 C. Queue guarantees upload data rate of one megabit per second for host 192.168.1.10 D. Queue limits host 192.168.1.10 download data rate to one megabit per second. 17. Simple Queue number 0 defines 2M for upload and download for target IP 10.10.0.33. Simple Queue number 1 defines 4M for upload and download for target IP 10.10.0.33. Client 10.10.0.33 is be able to obtain A. 0M upload/download B. 4M upload/download C. 6M upload/download D. 2M upload/download +
18. For static routing functionality, additionally to the RouterOS ‘system’ package, you will also need the following software package: A. advanced-tools B. routing C. no extra package required/NONE ++++++++ D. dhcp 19. Router firewall rules are: /ip firewall filter add chain=forward action=jump jump-target=custom /ip firewall filter add chain=custom action=passthrough /ip firewall filter add chain=forward action=log When traffic reaches the end of ‘chain=custom’. What will happen next? A. Traffic will be accepted in chain=custom B. Traffic will be logged in chain=forward C. Traffic will be dropped in chain=custom ++ 20. How many wireless clients can connect, when wireless card is configured to mode=bridge ? A. 2007 B. 1 ++ C. 100 D. 2 21. To use masquerade, you need to specify A. action=masquerade, in-interface, chain=src-nat B. action=masquerade, out-interface, chain=dst-nat C. action=masquerade, out-interface, chain=src-nat D. action=accept, out-interface, chain=src-nat 22. Which features are removed when advanced-tools package is uninstalled? A. bandwidth-test B. neighbors C. LCD support D. ip-scan 80+ E. netwatch 80+ F. ping 80+ 23. Consider the attached diagram: In order for Router 1 to see all of the networks the following commands could be used (choose all answers that could work)
A. /routing add dst-address=0.0.0.0/0 gateway=10.10.0.2 B. /ip route add dst-address=172.16.0.0/24 gateway=10.10.0.2, /ip route add dstaddress=172.32.0.0/24 gateway=10.50.0.2 C. /ip route add dst-address=172.16.0.0/24 gateway=10.10.0.2, /ip route add dstaddress=172.32.0.0/24 gateway=10.10.0.2 82++ D. /ip route add dst-address=0.0.0.0/0 gateway=10.10.0.2 82++ 24. Where can we use NAT rules with action=masquerade? A. chain=forward B. chain=src-nat C. chain=dst-nat D. chain=input
1. You want to transfer existing '/ip firewall filter' configuration from one router to a new system. Choose the best possible way to do: A. Export only '/ip firewall filter' B. Create backup only of '/ip firewall filter' rules C. Create backup, edit backup file and restore on target router D. Export global configuration and remove everything apart from '/ip firewall filter' Jawab :a Penjelasan : karena untuk menambahkan nama fitur tersebut untuk export yang lebh spesifik ssss 2. A. Five B. One C. Two D. Unlimited Jawab : b Penjelasan ; setiap interface hanya mendappat jatah 1 untuk setiap interface 3. There are two routes in the routing table: 0 dst-addr=10.1.1.0/24 gateway=5.5.5.5 1 dst-addr=10.1.1.4/30 gateway=5.6.6.6 Which gateway will be used to get to the IP address 10.1.1.6? A. both - half of the traffic will be routed through one gateway, half through the other B. 5.6.6.6 C. 5.5.5.5 D. the required route is not in the routing table Jawab : b Penjelasan : karena dia termasuk dalam range yang sama dan juga paling spesifik Jawaban yang A dan c tidak termasuk karena mereka kurang spesifik, 4. A routing table has following entries: 0 dst-address=10.0.0.0/24 gateway=10.1.5.126
1 dst-address=10.1.5.0/24 gateway=10.1.1.1 2 dst-address=10.1.0.0/24 gateway=25.1.1.1 3 dst-address=10.1.5.0/25 gateway=10.1.1.2 Which gateway will be used for a packet with destination address 10.1.5.126?
A. 10.1.5.126 B. 10.1.1.1 C. 10.1.1.2 D. 25.1.1.1 Jawab : c Penjelasan : karena dia termasuk dalam range yang sama dan juga paling spesifik Jawaban yang A,B dan D tidak termasuk karena mereka kurang spesifik 5. Which port does PPTP use by default? A. TCP 1721 B. UDP 1721 C. UDP 1723 D. TCP 1723 JAWAB :d Penjelasan : karena port pptp berjalan pada tcp 1723 bukan udp 6. There are two wireless cards (wlan1 and wlan2) which are bridged together. On wlan1 card there is a setting "Forwarding=no". Choose the correct answer(s): A. Stations on wlan2 will be able to communicate with stations on wlan2 B. Stations on wlan2 will be able to communicate with stations on wlan1 C. Stations on wlan1 will be able to communicate with stations on wlan1 D. To prevent communication between wlan1 and wlan2 one cannot use Bridge Filters E. Stations on wlan1 will be able to communicate with stations on wlan2
7. Consider a wireless access point with mode=ap-bridge. What is the maximum number of concurrent clients that can connect to it? A. 2007 B. 2012 C. 2048 D. 1024 8. Consider the following diagram. We want to communicate from a device on LAN1 to a device on LAN2. Assuming that all necessary configurations are already included on R2, which of the following configurations in R1 would enable this communication? A. /ip route add dst-address=192.168.1.0/24 srcaddress=192.168.0.0/24 gateway=192.168.99.2 B. /ip route add dst-address=0.0.0.0/0 gateway=Ether1 C. /ip route add dst-address=192.168.0.0/24 gateway=192.168.0.1 D. /ip route add dst-address=192.168.1.0/24 gateway=192.168.99.2 E. /ip route add dst-address=0.0.0.0/0 gateway=192.168.99.2
Jawab : B,D.E Penjelasan: semuanya benar karena , B. bisa memakai interface, D. konfigurasi static routing yang lengkap E. bisa memakai efault route 9. PPP Secrets are used for A. PPtP clients B. L2TP clients C. Router users D. PPPoE clients E. IPSec clients F. PPP clients Jawab : A,B,D Penjelasan : ppp secret berfungsi untuk membuat user an password untuk proses tunneling 10. For a Simple Queue to apply a bandwidth restrictions on a bridged interface, following must be done:
A. Configure an IP address on the bridge interface B. Use mangle to mark the connections C. Associate the Simple Queue to the bridge interface D. Enable 'Use IP Firewall' in bridge settings Jawab : c Penjelasan : karena untuk menjalankan fungsi diatas mesti dipasang dibridge tersebut
11. In RouterOS queue configurations the word "total" usually represents A. download - upload B. upload C. upload + download D. Download Jawab : c Penjelasan : karena total itu merupakan upload + download 12. What does the firewall action "log" do? A. It logs and blocks the packet B. It blocks and logs the packet C. It adds a prefix to the packet and passes it through D. It logs the packet Jawab : D Penjelasan : log itu fungsi mencatat, bukan memblok ataupun mengijinkan data untuk leat 13. Which of the following is true for connection tracking A. Connection tracking must be enabled for NAT'ed network B. Enabling connection tracking reduces CPU usage in RouterOS C. Disable connection tracking for mangle to work D. Connection tracking must be enabled to be able to use all firewall features 14. How many different priorities can be selected for queues in MikroTik RouterOS?
A. 1 B. 16 C. 0 D. 8 Jawab : d Penjelasan : priority terbesar yang dapat diberikan pada client adlah 8 semakin kecil angkanya semaikn I prioritaskan 15. Which of the following keystrokes enables safe mode in console: A. Ctrl+x B. Ctrl+c C. Ctrl+d D. Ctrl+s Jawab : A Penjelasan ; 16. Select minimal set of software packages in RouteOS required to configuring a wireless AP A. wireless B. advanced-tools C. dhcp D. routing E. System Jawab : A dan E Penjelasan : karena untuk sekedar menghubungkan apstasion tidak dibutuhkan dhcp (untuk membagikan ip) dan juga routing (karena bisa memakai satu network yang sama) 17. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. no extra package required B. advanced-tools C. dhcp D. Routing Jawab : A Penjelasan :jika hanya static routing tidak memerlukan paket tambahan/extra package 18. What is possible with Netinstall?
A. MikroTik RouterOS reinstall B. MikroTik RouterOS password reset with saving router's configuration C. MikroTik RouterOS configuration reset Jawaban : semua benar Penjelasan : netiinstall dapat melakukan ketiganya 19. Possible actions of ip firewall filter are: A. bounce B. log C. accept D. tarp E. add-to-list F. Tarpit Jawab : B,C,D,F Penjelasan : 20. What is the minimal possible wireless configuration to create an Access Point? A. DFS mode B. WDS C. scan-list D. radio name E. mode F. frequency G. Band H. Ssid Jawab : g Penjelasan : jika hanya sekedar terhubung kita hanya mememrlukan band yang sama 21. What is the correct action for a NAT rule on a router that should intercept SMTP traffic and send it over to a specified mail server? A. redirect B. passthrough C. dst-nat
D. Tarpit Jawab : c Karena : paket ingin DIOPER ke mail server 22. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is a router between server and end-user host, it will not be able to create PPPoE tunnel to that PPPoE server.
Penjelasan : karena PPPOE bisa berjalan meskipun beda IP network 23. It is possible to create an encrypted PPPoE tunnel in RouterOS:
24. Where should you upload new MikroTik RouterOS version packages for upgrading router? A. FTP root directory or /files directory of the router B. System Package menu C. Any directory in /files D. System Backup menu Jawab : c Penjelasan : karena setiap upgrade akan diletakan I directory file 25. During a scan, in order to see all the available wireless frequencies that are supported by the card, the following option must be selected in the wireless card's "Frequency Mode": A. regulatory domain B. superchannel C. manual txpower Jawab A Penjelasan : karena memberi limit terhadap channel yang tersedia dan maximum transit sesuai dengan Negara masing2 1. What can be used as ’target-address’ in the simple queue? A. address list name B. client’s MAC address C. client’s address
D. server’s address Jawab : c Penjelasan : karena untuk simple queue menggunakan ip address si client 2. When using routing option 'check-gateway=ping' after how many timeouts is gateway considered unreachable: A. 1 B. 3 C. 2 D. 4 Jawab : c Penjelasan : 3. The highest queue priority is A. 1 B. 8 C. 256 D. 16 Jawab :b Penjelasan : priority terbesar yang dapat diberikan pada client adlah 8 semakin kecil angkanya semaikn I prioritaskan 4. The 'connect-list' of wireless interfaces is used A. for specifying APs not to connect to B. for preventing communications between the clients C. for specifying APs to connect to D. for configuring SSID on the interface Jawab : a dan c Penjelasan : fungsi dari access-list ialah membatasi mana saja yang bisa connect ke ap tersebut 5. Which option in the configuration of a wireless s card must be disabled to cause the router to permit ONLY known clients listed in the access list to connect? A. Default Forward B. Default Authenticate C. Security Profile D. Enable Access List
Jawab : b Penjelasan : karena dengan default authenticate semua bisa connect ke ap tersebut 6. DHCP server is configured on a router’s ether1 interface. IP address 192.168.0.100/24 is assigned to the interface. Possible IP pools, that can be used by this DHCP server, are:
A. 192.168.0.1-192.168.0.255 B. 192.168.0.1-192.168.0.99,192.168.0.101-192.168.0.254 C. 192.168.0.1-192.168.0.14 D. 192.169.0.1-192.169.0.254 Jawab : b dan c Penjelasan : karena untuk jawaban A dan B akan terjai overlap ip (ip gateway tidak dipisah) 7. There can be more than one PPPoE server in a single broadcast domain:
Jawab : true Penjelasa: karena dalam satu broadcast domain bisa menjalankan lebih dari satu point to point dalam satu network
8. There are two wireless cards (wlan1 and wlan2) which are bridged together. On wlan1 card there is a setting "Forwarding=no". Choose the correct answer(s): A. To prevent communication between wlan1 and wlan2 one cannot use Bridge Filters B. Stations on wlan2 will be able to communicate with stations on wlan1 C. Stations on wlan1 will be able to communicate with stations on wlan2 D. Stations on wlan1 will be able to communicate with stations on wlan1 E. Stations on wlan2 will be able to communicate with stations on wlan2 9. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These flags mean:
A. Dynamic, Active, Console B. Dynamic, Available, Created C. Dynamic, Active, Connected D. Direct, Available, Connected Penjelasan : bisa dilihat di bawah ini
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 10. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. no extra package required B. routing C. advanced-tools D. dhcp Jawaban : a Penjelasan :jika hanya static routing tidak memerlukan paket tambahan/extra package 11. Which of the following Routes statuses are possible? A. C = Connected B. A = Active C. S = Static D. D = Drop Jawab : abc Penjelsan : d tidak termasuk karena dia termasuk action dari firewall bukan status dari table routing 12. It is possible to create an encrypted PPPoE tunnel in RouterOS:
Jawab true penjelasan: karena dalam satu broadcast domain bisa menjalankan lebih dari satu point to point dalam satu network 13. Action=redirect allows you to make
A. Transparent HTTP Proxy B. Enable Local Service C. Transparent DNS Cache D. Forward DNS to another device IP address Jawab : a dan c Penjelasan : karena redirect yang terpasang di dm chain=dstnat ini berfungsi untuk transparent http proxy dan juga transparent dns cache
14. What is possible with Netinstall? A. MikroTik RouterOS password reset with saving router's configuration B. MikroTik RouterOS configuration reset C. MikroTik RouterOS reinstall Jawaban : semua benar Penjelasan : netiinstall dapat melakukan ketiganya 15. A client uses a RouterBOARD1000. The clock is configured in '/system clock'. The clock resets to default after each reboot. Select the best solution for the problem. A. Write a script in '/system script' to set the clock B. Configure '/system ntp client' and set a valid and reachable NTP server address. C. Open the router and ensure the CMOS battery is fine. D. Configure '/system ntp server' and set a valid and reachable NTP client address. Jawab : b Penjelasan : dengan memasang ntp client, maka ia akan mensingkronisasikan waktu sesuai dengan yang ada di internet, A, salah karna ketika reboot ia akan tetap kembali ke waktu sebelumnya B salah karena dhcp server digunakan untuk memberikan waktu (dan bertindak sebagai server) an ia tidak tersambung ke klien manapun D. rb 1000 tidak memiliki battry cmos 16. A. One B. Unlimited C. Five D. Two Jawaban : a Penjelasan ; setiap interface hanya mendappat jatah 1 untuk setiap interface 17. A wireless interface 'wlan1' is added to a bridge interface 'br-lan'. To enable dhcp-server for wireless interface 'wlan1', on which interface should dhcp-server be configured? A. On both 'br-lan' and 'wlan1' B. The dhcp-server cannot be enabled neither on 'wlan1', nor on 'br-lan' C. On 'wlan1' D. On 'br-lan' Jawaban :D
Penjelasan tidak perlu lagi membuat ip address di wlan apabila sudah dimasukan kedalam bridge 18. It is possible to have PPTP Client and PPTP server on one MikroTik router at the same time.
Jawab : true Penjelasa: karena d 19. Which firewall chain should be used for filters that protect your router interface? A. post-routing B. forward C. pre-routing D. input 20. What does the firewall action "Redirect" do? Select all true statements. A. Redirects a packet to a specified port on a host in the network B. Redirects a packet to a specified IP C. Redirects a packet to a specified port on the router D. Redirects a packet to the router 21. Which of the following would prevent unknown clients from connecting to your AP? Choose the BEST answer. A. Uncheck "Default Authenticate" in the wireless card configuration, and add each known client's MAC address to your connect-list configuration B. Configure the radius server under "/radius" C. Add each known client's MAC address to your access-list configuration is the only step needed D. Uncheck "Default Authenticate" in the wireless card configuration, and add each known client's MAC address to your access-list configuration ensuring that you enable "authenticate" in the entry E. Check the "Do not permit unknown client" box in the wireless configuration Jawb Penjelasan : karena dengan default authenticate semua bisa connect ke ap tersebut 22. Which port does PPTP use by default? A. UDP 1723 B. UDP 1721 C. TCP 1723 D. TCP 1721
Jawab : c Penjelasan : Port yang dipakai pptp ialah 1723secara default 23. Which are necessary sections in /queue simple to set bandwidth limitation? A. target-address, max-limit B. max-limit C. target-address, dst-address D. target-address, dst-address, max-limit Jawab : a Penjelasan : karena untuk simple queue hanya membutuhkan target dan juga max limit nya 24. It is required to make a web server on a private LAN visible on the Public Internet. Only the web server port should be visible to the public. Which of the following configuration steps must be met. (select all that apply) A. A route between the NAT Router and the webserver must exist B. in ip firewall NAT there should be a dst-nat between the public ip of the router and the private ip of the webserver C. LAN address of the webserver should be routable on the internet D. Public IP address of the webserver must be installed on the NAT Router E. Connection Tracking must be enabled on NAT router 25. What is the default protocol/port of (secure) winbox? A. UDP/5678 B. TCP/22 C. TCP/8291 D. TCP/8080 Jawab : c Penjelasan ; port default dari winbox aalah 8291 1. A client uses a RouterBOARD1000. The clock is configured in '/system clock'. The clock resets to default after each reboot. Select the best solution for the problem. A. Write a script in '/system script' to set the clock B. Configure '/system ntp server' and set a valid and reachable NTP client address. C. Configure '/system ntp client' and set a valid and reachable NTP server address. D. Open the router and ensure the CMOS battery is fine. Jawab: C
Penjelasan : dengan memasang ntp client, maka ia akan mensingkronisasikan waktu sesuai dengan yang ada di internet, A, salah karna ketika reboot ia akan tetap kembali ke waktu sebelumnya B salah karena dhcp server digunakan untuk memberikan waktu (dan bertindak sebagai server) an ia tidak tersambung ke klien manapun D. rb 1000 tidak memiliki battry cmos 2. Which of the protocols below is used by Netinstall? A. arp B. bootp C. dhcp D. rarp Jawab : b Penjelasan : protocol yang digunakan adalah bootp untuk menginstalasi gn netinstall Jawaban a salah karena dungsi ARP adalah memetakan layer2 dan 3 Jawaban c salah karena dhcp berfungsi untuk membagikan ip Jawaban d salah karena adlh kebalikan dari ARP 3. /ip route configuration on router, /ip route add gateway=192.168.0.1 /ip route add dst-address=192.168.1.0/24 gateway=192.168.0.2 /ip route add dst-address=192.168.2.0/24 gateway=192.168.0.3 /ip route add dst-address=192.168.3.0/26 gateway=192.168.0.4 Router needs to send packets to 192.168.3.240. Which gateway will be used? A. 192.168.0.2 B. 192.168.0.4 C. 192.168.0.1 D. 192.168.0.3 Jawab : c Penjelasan : jawaban A dan B salah karena dst addressnya tidak sesuai dengan yang diminta Sedangkan yang D karena rangenya berbeda dengan 240 4. For a Simple Queue to apply a bandwidth restrictions on a bridged interface, following must be done: A. Configure an IP address on the bridge interface B. Use mangle to mark the connections C. Enable 'Use IP Firewall' in bridge settings D. Associate the Simple Queue to the bridge interface
5. Mark all correct answers A. Wireless access-list could allow and deny connect to your AP B. The only way to prevent wireless clients connections - disable wireless interface C. Default-Forwarding could be enabled for a specific clients by wireless access-list D. /ip firewall filter allows to deny authentication to AP (Fi Fi berhubungan dgn Packet) Jawab : a saja Penjelasan : wirelesss access-list dapat menentukan mana yang boleh terhubung ke ap, caranya dengan mendisable default authentication Selainnya salah karena tidak sesuai 6. NAT rule is going to catch SMTP traffic and send it to a specific mail server. What is the correct action for a NAT rule? A. passthrough B. dst-nat C. redirect D. tarpit Jawab : b Penjelasan : karena untuk membelokan smtp traffic kesuatu network ialah tugas dst nat Untuk mengkonfigurasikannya ikuti command dibawah ini ip firewall nat add chain=dstnat protocol=tcp dst-port=25 action=dst-nat toaddresses=10.0.0.1 to-ports=25
7. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These flags mean:
A. Direct, Available, Connected B. Dynamic, Active, Connected C. Dynamic, Available, Created D. Dynamic, Active, Console Jawab : b Penjelasan : bisa dilihat di bawah ini Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
8. It is possible to create an encrypted PPPoE tunnel in RouterOS: Penjelasan : karena semua protocol ppp bisa di enkripsi 9. Action=redirect is applied in A. chain=srcnat B. chain=forward C. chain=dstnat Jawab : c Penjelasan: karena redirect membutuhkan destination bukan source atau pun forward 10. MikroTik RouterOS commands can be run once a day by: A. /system watchdog B. /system cron C. /system scheduler Jawab: c Pejelasan : karena scheduler mengatur jadwal kapan fitur tersebut dijalankan 11. Router has wireless and ethernet client interfaces, all client interfaces are bridged. To create a DHCP service for all clients, DHCP server must be configured on: A. Ethernet and wireless interfaces B. DHCP service is not possible in this setup C. Every bridge port D. Only on the bridge interface Jawab: D Penjelasan : karena interface wireless dan ethernetnya sudah di bridge sehingga harus dimasukan kedalam interface bridge 12. You want to use PCQ and allow 256k maximum download and upload for each client. Choose correct argument values for the required queue. A. kind=pcq pcq-rate=1256000 pcq-classifier=dst-address B. kind=pcq pcq-rate=5000000 pcq-classifier=src-address C. kind=pcq pcq-rate=256000 pcq-classifier=dst-address D. kind=pcq pcq-rate=5000000 pcq-classifier=dst-address E. kind=pcq pcq-rate=256000 pcq-classifier=src-address Jawab : C dan E Penjelasan :dalam PCQ untuk melimit Upload classifier yang diisi adalah Src-Address dan untuk Download classfier yang diisi aalah dst-address 13. Which is a default baud-rate of currently manufactured RouterBOARDs?
A. 115200 B. 9600 C. 38400 D. 11520 Jawaban :a Penjelasan : karena default yang dipasang ke netinstall adalah 11520 14. DHCP server is configured on a router’s ether1 interface. IP address 192.168.0.100/24 is assigned to the interface. Possible IP pools, that can be used by this DHCP server, are:
A. 192.169.0.1-192.169.0.254 B. 192.168.0.1-192.168.0.255 C. 192.168.0.1-192.168.0.99,192.168.0.101-192.168.0.254 D. 192.168.0.1-192.168.0.14 Jawab : c an d Penjelasan : karena untuk jawaban A dan B akan terjai overlap ip (ip gateway tidak dipisah) 15. There can be more than one PPPoE server in a single broadcast domain:
Jawab : true Penjelasa: karena dalam satu broadcast domain bisa menjalankan lebih dari satu point to point dalam satu network 16. Which wireless mode allows you to connect to any standard AP (not only MikroTik) and to be able to bridge this wireless interface to an Ethernet? A. station B. station-wds C. bridge D. station-pseudobridge Jawab : a Penjelasan : karena untuk jawaban B dan D khusus mikrotik untuk melakukan wds 17. To block communications between wireless clients connected to the same access point interface, you should set A. 'default-forwarding=no' B. 'max-station-count=1' C. 'default-authentication=no' D. 'default-authentication=no' and 'default-forwarding=no'
Jawab : a Penjelasan : karena no default-forwarding akan men disable layer 2 dari client 18. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is a router between server and end-user host, it will not be able to create PPPoE tunnel to that PPPoE server.
Jawaban : false Penjelasan : karena PPPOE bisa berjalan meskipun beda IP network 19. Which default route will be active? /ip route add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.1 add disabled=no distance=5 dst-address=0.0.0.0/0 gateway=2.2.2.2 A. Route via gateway 2.2.2.2 B. Route via gateway 1.1.1.1 Jawab : a Penjelasan :semakin kecil distance nya semakin di prioritaskan 20. Which are necessary sections in /queue simple to set bandwidth limitation? A. max-limit B. target-address, max-limit C. target-address, dst-address D. target-address, dst-address, max-limit Jawab : b Penjelasan : karena untuk simple queue hanya membutuhkan target dan juga max limit nya 21. Which option in the configuration of a wireless card must be disabled to cause the router to permit ONLY known clients listed in the access list to connect? A. Enable Access List B. Security Profile C. Default Authenticate D. Default Forward Jawab : c Penjelasan : karena dengan default authenticate semua bisa onnect ke ap tersebut 22. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package:
A. advanced-tools B. routing C. dhcp D. no extra package required Jawab : d Penjelasan :jika hanya static routing tidak memerlukan paket tambahan/extra package 23. Which firewall chain should you use to filter clients HTTP traffic going through the router? A. prerouting B. forward C. output D. input Jawab :b Penjelasan : kata kuncinya adalah “through” atau melewati sehingga yang dibutuhkan untuk “melewati” ialah chain=forward 24. What is necessary for PPPoE client configuration? A. ip firewall nat masquerade rule B. Interface (on which PPPoE client is going to work) C. Static IP address on PPPoE client interface Jawaban : b Penjelasan : karena yang dibutuhkan untuk pppoe client interface akan dipakai
25. Action=redirect can be used in NAT chain src-nat A. true B. false Jawab b Penjelasan: karena redirect membutuhkan destination bukan source atau pun forward
1. Is action=masquerade allowed in chain=dstnat? A. yes, but only if dst-addr is specified B. yes C. yes, but it works only for incoming connections D. no Jawaban : D Penjelasan : karena masquerade dipasang pada srcnat
2. What is the default protocol/port of (secure) winbox? A. UDP/5678 B. TCP/22 C. TCP/8291 D. TCP/8080 Jawaban : c Penjelasan : karena port default dari winbox adalah tcp 8291 3. Which is the default port of IP-Winbox? A. UDP 8291 B. TCP 80 C. TCP 8291 D. TCP 8192 Jawab : c Penjelasan : karena port default dari winbox adalah tcp 8291 4. During a scan, in order to see all the available wireless frequencies that are supported by the card, the following option must be selected in the wireless card's "Frequency Mode": A. manual txpower B. superchannel C. regulatory domain Jawab : c Penjelasan : karena memberi limit terhadap channel yang tersedia dan maximum transit sesuai dengan Negara masing2 5. Which are necessary sections in /queue simple to set bandwidth limitation? A. target-address, dst-address B. target-address, max-limit C. target-address, dst-address, max-limit D. max-limit Jawab :b Penjelasan : karena untuk simple queue hanya membutuhkan target dan juga max limit nya
6. RouterOS log messages are stored on disk by default False Penjelasan : karena log message nya disimpan di memory bukan di disk 7. In order to use dynamic keys in your wireless security profile for an AP, you MUST set up the dhcp server to provide the dynamic keys. False Penjelasan karena dhcp tidak mengirimkan dynamic key 8. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These flags mean: A. Dynamic, Active, Connected B. Dynamic, Active, Console C. Dynamic, Available, Created D. Direct, Available, Connected Jawab :a Penjelasan : bisa dilihat di bawah ini Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 9. Which wireless mode allows you to connect to any standard AP (not only MikroTik) and to be able to bridge this wireless interface to an Ethernet? A. station-pseudobridge B. station C. station-wds D. bridge Jawab : b Penjelasan : karena untuk jawaban B dan D khusus mikrotik untuk melakukan wds 10. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. no extra package required B. advanced-tools C. dhcp D. routing Jawab A Penjelasan : Penjelasan :jika hanya static routing tidak memerlukan paket tambahan/extra package 11. In RouterOS queue configurations the word "total" usually represents A. download B. upload + download C. upload D. download – upload
Jawab b Penjelasan : karena total itu merupakan upload + download 12. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is a router between server and end-user host, it will not be able to create PPPoE tunnel to that PPPoE server. False Penjelasan : Penjelasan : karena PPPOE bisa berjalan meskipun beda IP network
13. PPP Secrets are used for A. PPtP clients B. IPSec clients C. PPP clients D. Router users E. L2TP clients F. PPPoE clients Jawab : A,E,F Penjelasan : ppp secret berfungsi untuk membuat user an password untuk proses tunneling
14. When using routing option 'check-gateway=ping' after how many timeouts is gateway considered unreachable: A. 4 B. 3 C. 1 D. 2 15. Consider the following diagram. We want to communicate from a device on LAN1 to a device on LAN2. Assuming that all necessary configurations are already included on R2, which of the following configurations in R1 would enable this communication? A. /ip route add dst-address=192.168.1.0/24 src-address=192.168.0.0/24 gateway=192.168.99.2 B. /ip route add dst-address=0.0.0.0/0 gateway=192.168.99.2 C. /ip route add dst-address=192.168.0.0/24 gateway=192.168.0.1 D. /ip route add dst-address=0.0.0.0/0 gateway=Ether1 E. /ip route add dst-address=192.168.1.0/24 gateway=192.168.99.2 Jawab : Penjelasan: semuanya benar karena , D. bisa memakai interface, E. konfigurasi static routing yang lengkap B. bisa memakai Default route 16. What is possible with Netinstall?
A. MikroTik RouterOS reinstall B. MikroTik RouterOS password reset with saving router's configuration C. MikroTik RouterOS configuration reset Jawaban : semua benar Penjelasan : netiinstall dapat melakukan ketiganya 17. If you wish to block user access to MSN messenger, which chain should the firewall rule be placed in? A. input B. process C. forward D. output Jawaban : C Penjelasan : karena chain yang digunakan untuk data / paket dari luar router menuju luar lainnya menggunakan Chain=Forward 18. If ARP=reply-only is configured on an interface, this interface will A. accept all MAC-addresses listed in '/ip arp' as static entries B. accept IP and MAC address combinations listed in '/ip arp' list C. add new MAC addresses in '/ip arp' list D. add new IP addresses in '/ip arp' list E. accept all IP addresses listed in '/ip arp' as static entries Jawaban : A Penjelasan : ARP=reply-only hanya membalas bagi yang IP dan MAC Addressnya sudah tercantum 19. In WinBox when clicking the 'Backup' button in the Files window, the following happens (select all that apply): A. Backup file is created. Name contains the router identity, the date and time of its creation B. Backup file is saved to the computer desktop C. Backup file will contain usernames and passwords of the router D. Optionally backup name and password can be specified Jawaban : A Penjelasan : Backup File berguna untuk membackup seluruh Konfigurasi termasuk Router Ientity, tanggal dan waktu 20. What is marked by connection-state=established matcher? A. Packet begins a new TCP connection B. Packet does not correspond to any known connection C. Packet belongs to an existing connection,for example a reply packet or a packet which belongs to already replied connection D. Packet is related to, but not part of an existing connection Jawaban c
Penjelasan : karena estabilished merupakan hasil dari koneksi yang pernah ada Sedangkan 21. /ip firewall nat add chain=dstnat in-interface=ether1 protocol=tcp dst-port=3389 action=dst-nat toaddress=192.168.1.2 to-ports=81 The command shown above: A. Forwards any TCP traffic incoming through ether1 port 81 to the port 3389 of the internal host 192.168.1.2 B. Adds IP address 192.168.1.2 to the interface ether1 C. Forwards any TCP traffic incoming through ether1 port 3389 to the port 81 of the internal host 192.168.1.2 D. Forwards all TCP traffic from 192.168.1.2 to port 81 of the interface ether1 Jawaban : C Penjelasan : firewall nat akan membelokan traffic ari ether satu engan dst-port 3389 ke port 81.Jawaban A salah karena port yang dibelokkan salah, Jawaban A menjelaskan bahwa port 81 akan dibelokkan ke port 3389. 22. What is necessary for PPPoE client configuration? A. Interface (on which PPPoE client is going to work) B. ip firewall nat masquerade rule C. Static IP address on PPPoE client interface Jawaban : a Penjelasan : karena yang dibutuhkan untuk pppoe client interface akan dipakai 23. Mark all the features that can be used for limiting client registrations to your access point: A. access-list B. wpa C. WDS D. registration-table Jawaban : A Penjelasan : untuk melimit client yang connect kita bisa menggunakan Access-List. 24. You want to use PCQ and allow 256k maximum download and upload for each client. Choose correct argument values for the required queue. A. kind=pcq pcq-rate=256000 pcq-classifier=dst-address B. kind=pcq pcq-rate=1256000 pcq-classifier=dst-address C. kind=pcq pcq-rate=5000000 pcq-classifier=src-address D. kind=pcq pcq-rate=256000 pcq-classifier=src-address E. kind=pcq pcq-rate=5000000 pcq-classifier=dst-address Jawab : A dan D
Penjelasan :dalam PCQ untuk melimit Upload classifier yang diisi adalah Src-Address dan untuk Download classfier yang diisi aalah dst-address 25. There can be more than one PPPoE server in a single broadcast domain: True Jawab : true Penjelasa: karena dalam satu broadcast domain bisa menjalankan lebih dari satu point to point dalam satu network 1. You want to transfer existing '/ip firewall filter' configuration from one router to a new system. Choose the best possible way to do: A. Export only '/ip firewall filter' B. Create backup only of '/ip firewall filter' rules C. Create backup, edit backup file and restore on target router D. Export global configuration and remove everything apart from '/ip firewall filter' Jawab :a Penjelasan : karena untuk menambahkan nama fitur tersebut untuk export yang lebh spesifik 2. A. Five B. One C. Two D. Unlimited Jawab : b Penjelasan ; setiap interface hanya mendappat jatah 1 untuk setiap interface 3. There are two routes in the routing table: 0 dst-addr=10.1.1.0/24 gateway=5.5.5.5 1 dst-addr=10.1.1.4/30 gateway=5.6.6.6 Which gateway will be used to get to the IP address 10.1.1.6? A. both - half of the traffic will be routed through one gateway, half through the other B. 5.6.6.6 C. 5.5.5.5 D. the required route is not in the routing table
Jawab : b Penjelasan : karena dia termasuk dalam range yang sama dan juga paling spesifik Jawaban yang A dan c tidak termasuk karena mereka kurang spesifik, 4. A routing table has following entries: 0 dst-address=10.0.0.0/24 gateway=10.1.5.126 1 dst-address=10.1.5.0/24 gateway=10.1.1.1 2 dst-address=10.1.0.0/24 gateway=25.1.1.1 3 dst-address=10.1.5.0/25 gateway=10.1.1.2 Which gateway will be used for a packet with destination address 10.1.5.126?
A. 10.1.5.126 B. 10.1.1.1 C. 10.1.1.2 D. 25.1.1.1 Jawab : c Penjelasan : karena dia termasuk dalam range yang sama dan juga paling spesifik Jawaban yang A,B dan D tidak termasuk karena mereka kurang spesifik 5. Which port does PPTP use by default? A. TCP 1721 B. UDP 1721 C. UDP 1723 D. TCP 1723 JAWAB :d Penjelasan : karena port pptp berjalan pada tcp 1723 bukan udp 6. There are two wireless cards (wlan1 and wlan2) which are bridged together. On wlan1 card there is a setting "Forwarding=no". Choose the correct answer(s): A. Stations on wlan2 will be able to communicate with stations on wlan2
B. Stations on wlan2 will be able to communicate with stations on wlan1 C. Stations on wlan1 will be able to communicate with stations on wlan1 D. To prevent communication between wlan1 and wlan2 one cannot use Bridge Filters E. Stations on wlan1 will be able to communicate with stations on wlan2 7. Consider a wireless access point with mode=ap-bridge. What is the maximum number of concurrent clients that can connect to it? A. 2007 B. 2012 C. 2048 D. 1024 8. Consider the following diagram. We want to communicate from a device on LAN1 to a device on LAN2. Assuming that all necessary configurations are already included on R2, which of the following configurations in R1 would enable this communication? A. /ip route add dst-address=192.168.1.0/24 srcaddress=192.168.0.0/24 gateway=192.168.99.2 B. /ip route add dst-address=0.0.0.0/0 gateway=Ether1 C. /ip route add dst-address=192.168.0.0/24 gateway=192.168.0.1 D. /ip route add dst-address=192.168.1.0/24 gateway=192.168.99.2 E. /ip route add dst-address=0.0.0.0/0 gateway=192.168.99.2
Jawab : B,D.E Penjelasan: semuanya benar karena , B. bisa memakai interface, D. konfigurasi static routing yang lengkap E. bisa memakai efault route 9. PPP Secrets are used for A. PPtP clients B. L2TP clients C. Router users D. PPPoE clients E. IPSec clients
F. PPP clients Jawab : A,B,D Penjelasan : ppp secret berfungsi untuk membuat user an password untuk proses tunneling 10. For a Simple Queue to apply a bandwidth restrictions on a bridged interface, following must be done: A. Configure an IP address on the bridge interface B. Use mangle to mark the connections C. Associate the Simple Queue to the bridge interface D. Enable 'Use IP Firewall' in bridge settings Jawab : c Penjelasan : karena untuk menjalankan fungsi diatas mesti dipasang dibridge tersebut
11. In RouterOS queue configurations the word "total" usually represents A. download - upload B. upload C. upload + download D. Download Jawab : c Penjelasan : karena total itu merupakan upload + download 12. What does the firewall action "log" do? A. It logs and blocks the packet B. It blocks and logs the packet C. It adds a prefix to the packet and passes it through D. It logs the packet Jawab : D Penjelasan : log itu fungsi mencatat, bukan memblok ataupun mengijinkan data untuk leat 13. Which of the following is true for connection tracking A. Connection tracking must be enabled for NAT'ed network
B. Enabling connection tracking reduces CPU usage in RouterOS C. Disable connection tracking for mangle to work D. Connection tracking must be enabled to be able to use all firewall features 14. How many different priorities can be selected for queues in MikroTik RouterOS? A. 1 B. 16 C. 0 D. 8 Jawab : d Penjelasan : priority terbesar yang dapat diberikan pada client adlah 8 semakin kecil angkanya semaikn I prioritaskan 15. Which of the following keystrokes enables safe mode in console: A. Ctrl+x B. Ctrl+c C. Ctrl+d D. Ctrl+s Jawab : A Penjelasan ; 16. Select minimal set of software packages in RouteOS required to configuring a wireless AP A. wireless B. advanced-tools C. dhcp D. routing E. System Jawab : A dan E Penjelasan : karena untuk sekedar menghubungkan apstasion tidak dibutuhkan dhcp (untuk membagikan ip) dan juga routing (karena bisa memakai satu network yang sama) 17. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. no extra package required
B. advanced-tools C. dhcp D. Routing Jawab : A Penjelasan :jika hanya static routing tidak memerlukan paket tambahan/extra package 18. What is possible with Netinstall? A. MikroTik RouterOS reinstall B. MikroTik RouterOS password reset with saving router's configuration C. MikroTik RouterOS configuration reset Jawaban : semua benar Penjelasan : netiinstall dapat melakukan ketiganya 19. Possible actions of ip firewall filter are: A. bounce B. log C. accept D. tarp E. add-to-list F. Tarpit Jawab : B,C,D,F Penjelasan : 20. What is the minimal possible wireless configuration to create an Access Point? A. DFS mode B. WDS C. scan-list D. radio name E. mode F. frequency G. Band H. Ssid Jawab : g Penjelasan : jika hanya sekedar terhubung kita hanya mememrlukan band yang sama
21. What is the correct action for a NAT rule on a router that should intercept SMTP traffic and send it over to a specified mail server? A. redirect B. passthrough C. dst-nat D. Tarpit Jawab : c Karena : paket ingin DIOPER ke mail server 22. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is a router between server and end-user host, it will not be able to create PPPoE tunnel to that PPPoE server.
Penjelasan : karena PPPOE bisa berjalan meskipun beda IP network 23. It is possible to create an encrypted PPPoE tunnel in RouterOS:
24. Where should you upload new MikroTik RouterOS version packages for upgrading router? A. FTP root directory or /files directory of the router B. System Package menu C. Any directory in /files D. System Backup menu Jawab : c Penjelasan : karena setiap upgrade akan diletakan I directory file 25. During a scan, in order to see all the available wireless frequencies that are supported by the card, the following option must be selected in the wireless card's "Frequency Mode": A. regulatory domain B. superchannel C. manual txpower Jawab A
Penjelasan : karena memberi limit terhadap channel yang tersedia dan maximum transit sesuai dengan Negara masing2 1. What can be used as ’target-address’ in the simple queue? A. address list name B. client’s MAC address C. client’s address D. server’s address Jawab : c Penjelasan : karena untuk simple queue menggunakan ip address si client 2. When using routing option 'check-gateway=ping' after how many timeouts is gateway considered unreachable: A. 1 B. 3 C. 2 D. 4 Jawab : c Penjelasan : 3. The highest queue priority is A. 1 B. 8 C. 256 D. 16 Jawab :b Penjelasan : priority terbesar yang dapat diberikan pada client adlah 8 semakin kecil angkanya semaikn I prioritaskan 4. The 'connect-list' of wireless interfaces is used A. for specifying APs not to connect to B. for preventing communications between the clients C. for specifying APs to connect to D. for configuring SSID on the interface Jawab : a dan c Penjelasan : fungsi dari access-list ialah membatasi mana saja yang bisa connect ke ap tersebut
5. Which option in the configuration of a wireless s card must be disabled to cause the router to permit ONLY known clients listed in the access list to connect? A. Default Forward B. Default Authenticate C. Security Profile D. Enable Access List Jawab : b Penjelasan : karena dengan default authenticate semua bisa connect ke ap tersebut 6. DHCP server is configured on a router’s ether1 interface. IP address 192.168.0.100/24 is assigned to the interface. Possible IP pools, that can be used by this DHCP server, are:
A. 192.168.0.1-192.168.0.255 B. 192.168.0.1-192.168.0.99,192.168.0.101-192.168.0.254 C. 192.168.0.1-192.168.0.14 D. 192.169.0.1-192.169.0.254 Jawab : b dan c Penjelasan : karena untuk jawaban A dan B akan terjai overlap ip (ip gateway tidak dipisah) 7. There can be more than one PPPoE server in a single broadcast domain:
Jawab : true Penjelasa: karena dalam satu broadcast domain bisa menjalankan lebih dari satu point to point dalam satu network
8. There are two wireless cards (wlan1 and wlan2) which are bridged together. On wlan1 card there is a setting "Forwarding=no". Choose the correct answer(s): A. To prevent communication between wlan1 and wlan2 one cannot use Bridge Filters B. Stations on wlan2 will be able to communicate with stations on wlan1 C. Stations on wlan1 will be able to communicate with stations on wlan2 D. Stations on wlan1 will be able to communicate with stations on wlan1 E. Stations on wlan2 will be able to communicate with stations on wlan2 9. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These flags mean:
A. Dynamic, Active, Console B. Dynamic, Available, Created C. Dynamic, Active, Connected D. Direct, Available, Connected Penjelasan : bisa dilihat di bawah ini Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 10. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. no extra package required B. routing C. advanced-tools D. dhcp Jawaban : a Penjelasan :jika hanya static routing tidak memerlukan paket tambahan/extra package 11. Which of the following Routes statuses are possible? A. C = Connected B. A = Active C. S = Static D. D = Drop Jawab : abc Penjelsan : d tidak termasuk karena dia termasuk action dari firewall bukan status dari table routing 12. It is possible to create an encrypted PPPoE tunnel in RouterOS:
Jawab true penjelasan: karena dalam satu broadcast domain bisa menjalankan lebih dari satu point to point dalam satu network 13. Action=redirect allows you to make
A. Transparent HTTP Proxy B. Enable Local Service
C. Transparent DNS Cache D. Forward DNS to another device IP address Jawab : a dan c Penjelasan : karena redirect yang terpasang di dm chain=dstnat ini berfungsi untuk transparent http proxy dan juga transparent dns cache
14. What is possible with Netinstall? A. MikroTik RouterOS password reset with saving router's configuration B. MikroTik RouterOS configuration reset C. MikroTik RouterOS reinstall Jawaban : semua benar Penjelasan : netiinstall dapat melakukan ketiganya 15. A client uses a RouterBOARD1000. The clock is configured in '/system clock'. The clock resets to default after each reboot. Select the best solution for the problem. A. Write a script in '/system script' to set the clock B. Configure '/system ntp client' and set a valid and reachable NTP server address. C. Open the router and ensure the CMOS battery is fine. D. Configure '/system ntp server' and set a valid and reachable NTP client address. Jawab : b Penjelasan : dengan memasang ntp client, maka ia akan mensingkronisasikan waktu sesuai dengan yang ada di internet, A, salah karna ketika reboot ia akan tetap kembali ke waktu sebelumnya B salah karena dhcp server digunakan untuk memberikan waktu (dan bertindak sebagai server) an ia tidak tersambung ke klien manapun D. rb 1000 tidak memiliki battry cmos 16. A. One B. Unlimited C. Five D. Two Jawaban : a Penjelasan ; setiap interface hanya mendappat jatah 1 untuk setiap interface
17. A wireless interface 'wlan1' is added to a bridge interface 'br-lan'. To enable dhcp-server for wireless interface 'wlan1', on which interface should dhcp-server be configured? A. On both 'br-lan' and 'wlan1' B. The dhcp-server cannot be enabled neither on 'wlan1', nor on 'br-lan' C. On 'wlan1' D. On 'br-lan' Jawaban :D Penjelasan tidak perlu lagi membuat ip address di wlan apabila sudah dimasukan kedalam bridge 18. It is possible to have PPTP Client and PPTP server on one MikroTik router at the same time.
Jawab : true Penjelasa: karena d 19. Which firewall chain should be used for filters that protect your router interface? A. post-routing B. forward C. pre-routing D. input 20. What does the firewall action "Redirect" do? Select all true statements. A. Redirects a packet to a specified port on a host in the network B. Redirects a packet to a specified IP C. Redirects a packet to a specified port on the router D. Redirects a packet to the router 21. Which of the following would prevent unknown clients from connecting to your AP? Choose the BEST answer. A. Uncheck "Default Authenticate" in the wireless card configuration, and add each known client's MAC address to your connect-list configuration B. Configure the radius server under "/radius" C. Add each known client's MAC address to your access-list configuration is the only step needed D. Uncheck "Default Authenticate" in the wireless card configuration, and add each known client's MAC address to your access-list configuration ensuring that you enable "authenticate" in the entry E. Check the "Do not permit unknown client" box in the wireless configuration
Jawb Penjelasan : karena dengan default authenticate semua bisa connect ke ap tersebut 22. Which port does PPTP use by default? A. UDP 1723 B. UDP 1721 C. TCP 1723 D. TCP 1721 Jawab : c Penjelasan : Port yang dipakai pptp ialah 1723secara default 23. Which are necessary sections in /queue simple to set bandwidth limitation? A. target-address, max-limit B. max-limit C. target-address, dst-address D. target-address, dst-address, max-limit Jawab : a Penjelasan : karena untuk simple queue hanya membutuhkan target dan juga max limit nya 24. It is required to make a web server on a private LAN visible on the Public Internet. Only the web server port should be visible to the public. Which of the following configuration steps must be met. (select all that apply) A. A route between the NAT Router and the webserver must exist B. in ip firewall NAT there should be a dst-nat between the public ip of the router and the private ip of the webserver C. LAN address of the webserver should be routable on the internet D. Public IP address of the webserver must be installed on the NAT Router E. Connection Tracking must be enabled on NAT router 25. What is the default protocol/port of (secure) winbox? A. UDP/5678 B. TCP/22 C. TCP/8291 D. TCP/8080 Jawab : c Penjelasan ; port default dari winbox aalah 8291
1. A client uses a RouterBOARD1000. The clock is configured in '/system clock'. The clock resets to default after each reboot. Select the best solution for the problem. A. Write a script in '/system script' to set the clock B. Configure '/system ntp server' and set a valid and reachable NTP client address. C. Configure '/system ntp client' and set a valid and reachable NTP server address. D. Open the router and ensure the CMOS battery is fine. Jawab: C Penjelasan : dengan memasang ntp client, maka ia akan mensingkronisasikan waktu sesuai dengan yang ada di internet, A, salah karna ketika reboot ia akan tetap kembali ke waktu sebelumnya B salah karena dhcp server digunakan untuk memberikan waktu (dan bertindak sebagai server) an ia tidak tersambung ke klien manapun D. rb 1000 tidak memiliki battry cmos 2. Which of the protocols below is used by Netinstall? A. arp B. bootp C. dhcp D. rarp Jawab : b Penjelasan : protocol yang digunakan adalah bootp untuk menginstalasi gn netinstall Jawaban a salah karena dungsi ARP adalah memetakan layer2 dan 3 Jawaban c salah karena dhcp berfungsi untuk membagikan ip Jawaban d salah karena adlh kebalikan dari ARP 3. /ip route configuration on router, /ip route add gateway=192.168.0.1 /ip route add dst-address=192.168.1.0/24 gateway=192.168.0.2 /ip route add dst-address=192.168.2.0/24 gateway=192.168.0.3 /ip route add dst-address=192.168.3.0/26 gateway=192.168.0.4 Router needs to send packets to 192.168.3.240. Which gateway will be used? A. 192.168.0.2 B. 192.168.0.4 C. 192.168.0.1 D. 192.168.0.3 Jawab : c Penjelasan : jawaban A dan B salah karena dst addressnya tidak sesuai dengan yang diminta Sedangkan yang D karena rangenya berbeda dengan 240
4. For a Simple Queue to apply a bandwidth restrictions on a bridged interface, following must be done: A. Configure an IP address on the bridge interface B. Use mangle to mark the connections C. Enable 'Use IP Firewall' in bridge settings D. Associate the Simple Queue to the bridge interface 5. Mark all correct answers A. Wireless access-list could allow and deny connect to your AP B. The only way to prevent wireless clients connections - disable wireless interface C. Default-Forwarding could be enabled for a specific clients by wireless access-list D. /ip firewall filter allows to deny authentication to AP Jawab : a saja Penjelasan : wirelesss access-list dapat menentukan mana yang boleh terhubung ke ap, caranya dengan mendisable default authentication Selainnya salah karena tidak sesuai 6. NAT rule is going to catch SMTP traffic and send it to a specific mail server. What is the correct action for a NAT rule? A. passthrough B. dst-nat C. redirect D. tarpit Jawab : b Penjelasan : karena untuk membelokan smtp traffic kesuatu network ialah tugas dst nat Untuk mengkonfigurasikannya ikuti command dibawah ini ip firewall nat add chain=dstnat protocol=tcp dst-port=25 action=dst-nat toaddresses=10.0.0.1 to-ports=25
7. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These flags mean:
A. Direct, Available, Connected
B. Dynamic, Active, Connected C. Dynamic, Available, Created D. Dynamic, Active, Console Jawab : b Penjelasan : bisa dilihat di bawah ini Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 8. It is possible to create an encrypted PPPoE tunnel in RouterOS: Penjelasan : karena semua protocol ppp bisa di enkripsi 9. Action=redirect is applied in A. chain=srcnat B. chain=forward C. chain=dstnat Jawab : c Penjelasan: karena redirect membutuhkan destination bukan source atau pun forward 10. MikroTik RouterOS commands can be run once a day by: A. /system watchdog B. /system cron C. /system scheduler Jawab: c Pejelasan : karena scheduler mengatur jadwal kapan fitur tersebut dijalankan 11. Router has wireless and ethernet client interfaces, all client interfaces are bridged. To create a DHCP service for all clients, DHCP server must be configured on: A. Ethernet and wireless interfaces B. DHCP service is not possible in this setup C. Every bridge port D. Only on the bridge interface Jawab: D Penjelasan : karena interface wireless dan ethernetnya sudah di bridge sehingga harus dimasukan kedalam interface bridge 12. You want to use PCQ and allow 256k maximum download and upload for each client. Choose correct argument values for the required queue.
A. kind=pcq pcq-rate=1256000 pcq-classifier=dst-address B. kind=pcq pcq-rate=5000000 pcq-classifier=src-address C. kind=pcq pcq-rate=256000 pcq-classifier=dst-address D. kind=pcq pcq-rate=5000000 pcq-classifier=dst-address E. kind=pcq pcq-rate=256000 pcq-classifier=src-address Jawab : C dan E Penjelasan :dalam PCQ untuk melimit Upload classifier yang diisi adalah Src-Address dan untuk Download classfier yang diisi aalah dst-address 13. Which is a default baud-rate of currently manufactured RouterBOARDs? A. 115200 B. 9600 C. 38400 D. 11520 Jawaban :a Penjelasan : karena default yang dipasang ke netinstall adalah 11520 14. DHCP server is configured on a router’s ether1 interface. IP address 192.168.0.100/24 is assigned to the interface. Possible IP pools, that can be used by this DHCP server, are:
A. 192.169.0.1-192.169.0.254 B. 192.168.0.1-192.168.0.255 C. 192.168.0.1-192.168.0.99,192.168.0.101-192.168.0.254 D. 192.168.0.1-192.168.0.14 Jawab : c an d Penjelasan : karena untuk jawaban A dan B akan terjai overlap ip (ip gateway tidak dipisah) 15. There can be more than one PPPoE server in a single broadcast domain:
Jawab : true Penjelasa: karena dalam satu broadcast domain bisa menjalankan lebih dari satu point to point dalam satu network 16. Which wireless mode allows you to connect to any standard AP (not only MikroTik) and to be able to bridge this wireless interface to an Ethernet? A. station B. station-wds C. bridge
D. station-pseudobridge Jawab : a Penjelasan : karena untuk jawaban B dan D khusus mikrotik untuk melakukan wds 17. To block communications between wireless clients connected to the same access point interface, you should set A. 'default-forwarding=no' B. 'max-station-count=1' C. 'default-authentication=no' D. 'default-authentication=no' and 'default-forwarding=no' Jawab : a Penjelasan : karena no default-forwarding akan men disable layer 2 dari client 18. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is a router between server and end-user host, it will not be able to create PPPoE tunnel to that PPPoE server.
Jawaban : false Penjelasan : karena PPPOE bisa berjalan meskipun beda IP network 19. Which default route will be active? /ip route add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.1 add disabled=no distance=5 dst-address=0.0.0.0/0 gateway=2.2.2.2 A. Route via gateway 2.2.2.2 B. Route via gateway 1.1.1.1 Jawab : a Penjelasan :semakin kecil distance nya semakin di prioritaskan 20. Which are necessary sections in /queue simple to set bandwidth limitation? A. max-limit B. target-address, max-limit C. target-address, dst-address D. target-address, dst-address, max-limit Jawab : b Penjelasan : karena untuk simple queue hanya membutuhkan target dan juga max limit nya
21. Which option in the configuration of a wireless card must be disabled to cause the router to permit ONLY known clients listed in the access list to connect? A. Enable Access List B. Security Profile C. Default Authenticate D. Default Forward Jawab : c Penjelasan : karena dengan default authenticate semua bisa onnect ke ap tersebut 22. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. advanced-tools B. routing C. dhcp D. no extra package required Jawab : d Penjelasan :jika hanya static routing tidak memerlukan paket tambahan/extra package 23. Which firewall chain should you use to filter clients HTTP traffic going through the router? A. prerouting B. forward C. output D. input Jawab :b Penjelasan : kata kuncinya adalah “through” atau melewati sehingga yang dibutuhkan untuk “melewati” ialah chain=forward 24. What is necessary for PPPoE client configuration? A. ip firewall nat masquerade rule B. Interface (on which PPPoE client is going to work) C. Static IP address on PPPoE client interface Jawaban : b Penjelasan : karena yang dibutuhkan untuk pppoe client interface akan dipakai
25. Action=redirect can be used in NAT chain src-nat A. true B. false Jawab b Penjelasan: karena redirect membutuhkan destination bukan source atau pun forward
1. Is action=masquerade allowed in chain=dstnat? A. yes, but only if dst-addr is specified B. yes C. yes, but it works only for incoming connections D. no Jawaban : D Penjelasan : karena masquerade dipasang pada srcnat
2. What is the default protocol/port of (secure) winbox? A. UDP/5678 B. TCP/22 C. TCP/8291 D. TCP/8080 Jawaban : c Penjelasan : karena port default dari winbox adalah tcp 8291 3. Which is the default port of IP-Winbox? A. UDP 8291 B. TCP 80 C. TCP 8291 D. TCP 8192 Jawab : c Penjelasan : karena port default dari winbox adalah tcp 8291 4. During a scan, in order to see all the available wireless frequencies that are supported by the card, the following option must be selected in the wireless card's "Frequency Mode": A. manual txpower B. superchannel C. regulatory domain
Jawab : c Penjelasan : karena memberi limit terhadap channel yang tersedia dan maximum transit sesuai dengan Negara masing2 5. Which are necessary sections in /queue simple to set bandwidth limitation? A. target-address, dst-address B. target-address, max-limit C. target-address, dst-address, max-limit D. max-limit Jawab :b Penjelasan : karena untuk simple queue hanya membutuhkan target dan juga max limit nya 6. RouterOS log messages are stored on disk by default False Penjelasan : karena log message nya disimpan di memory bukan di disk 7. In order to use dynamic keys in your wireless security profile for an AP, you MUST set up the dhcp server to provide the dynamic keys. False Penjelasan karena dhcp tidak mengirimkan dynamic key 8. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These flags mean: A. Dynamic, Active, Connected B. Dynamic, Active, Console C. Dynamic, Available, Created D. Direct, Available, Connected Jawab :a Penjelasan : bisa dilihat di bawah ini Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 9. Which wireless mode allows you to connect to any standard AP (not only MikroTik) and to be able to bridge this wireless interface to an Ethernet? A. station-pseudobridge B. station C. station-wds D. bridge Jawab : b Penjelasan : karena untuk jawaban B dan D khusus mikrotik untuk melakukan wds
10. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. no extra package required B. advanced-tools C. dhcp D. routing Jawab A Penjelasan : Penjelasan :jika hanya static routing tidak memerlukan paket tambahan/extra package 11. In RouterOS queue configurations the word "total" usually represents A. download B. upload + download C. upload D. download – upload Jawab b Penjelasan : karena total itu merupakan upload + download 12. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is a router between server and end-user host, it will not be able to create PPPoE tunnel to that PPPoE server. False Penjelasan : Penjelasan : karena PPPOE bisa berjalan meskipun beda IP network
13. PPP Secrets are used for A. PPtP clients B. IPSec clients C. PPP clients D. Router users E. L2TP clients F. PPPoE clients Jawab : A,E,F Penjelasan : ppp secret berfungsi untuk membuat user an password untuk proses tunneling
14. When using routing option 'check-gateway=ping' after how many timeouts is gateway considered unreachable: A. 4 B. 3 C. 1 D. 2
15. Consider the following diagram. We want to communicate from a device on LAN1 to a device on LAN2. Assuming that all necessary configurations are already included on R2, which of the following configurations in R1 would enable this communication? A. /ip route add dst-address=192.168.1.0/24 src-address=192.168.0.0/24 gateway=192.168.99.2 B. /ip route add dst-address=0.0.0.0/0 gateway=192.168.99.2 C. /ip route add dst-address=192.168.0.0/24 gateway=192.168.0.1 D. /ip route add dst-address=0.0.0.0/0 gateway=Ether1 E. /ip route add dst-address=192.168.1.0/24 gateway=192.168.99.2 Jawab : Penjelasan: semuanya benar karena , D. bisa memakai interface, E. konfigurasi static routing yang lengkap B. bisa memakai Default route 16. What is possible with Netinstall? A. MikroTik RouterOS reinstall B. MikroTik RouterOS password reset with saving router's configuration C. MikroTik RouterOS configuration reset Jawaban : semua benar Penjelasan : netiinstall dapat melakukan ketiganya 17. If you wish to block user access to MSN messenger, which chain should the firewall rule be placed in? A. input B. process C. forward D. output Jawaban : C Penjelasan : karena chain yang digunakan untuk data / paket dari luar router menuju luar lainnya menggunakan Chain=Forward 18. If ARP=reply-only is configured on an interface, this interface will A. accept all MAC-addresses listed in '/ip arp' as static entries B. accept IP and MAC address combinations listed in '/ip arp' list C. add new MAC addresses in '/ip arp' list D. add new IP addresses in '/ip arp' list E. accept all IP addresses listed in '/ip arp' as static entries Jawaban : A Penjelasan : ARP=reply-only hanya membalas bagi yang IP dan MAC Addressnya sudah tercantum
19. In WinBox when clicking the 'Backup' button in the Files window, the following happens (select all that apply): A. Backup file is created. Name contains the router identity, the date and time of its creation B. Backup file is saved to the computer desktop C. Backup file will contain usernames and passwords of the router D. Optionally backup name and password can be specified Jawaban : A Penjelasan : Backup File berguna untuk membackup seluruh Konfigurasi termasuk Router Ientity, tanggal dan waktu 20. What is marked by connection-state=established matcher? A. Packet begins a new TCP connection B. Packet does not correspond to any known connection C. Packet belongs to an existing connection,for example a reply packet or a packet which belongs to already replied connection D. Packet is related to, but not part of an existing connection Jawaban c Penjelasan : karena estabilished merupakan hasil dari koneksi yang pernah ada Sedangkan 21. /ip firewall nat add chain=dstnat in-interface=ether1 protocol=tcp dst-port=3389 action=dst-nat toaddress=192.168.1.2 to-ports=81 The command shown above: A. Forwards any TCP traffic incoming through ether1 port 81 to the port 3389 of the internal host 192.168.1.2 B. Adds IP address 192.168.1.2 to the interface ether1 C. Forwards any TCP traffic incoming through ether1 port 3389 to the port 81 of the internal host 192.168.1.2 D. Forwards all TCP traffic from 192.168.1.2 to port 81 of the interface ether1 Jawaban : C Penjelasan : firewall nat akan membelokan traffic ari ether satu engan dst-port 3389 ke port 81.Jawaban A salah karena port yang dibelokkan salah, Jawaban A menjelaskan bahwa port 81 akan dibelokkan ke port 3389. 22. What is necessary for PPPoE client configuration? A. Interface (on which PPPoE client is going to work) B. ip firewall nat masquerade rule C. Static IP address on PPPoE client interface Jawaban : a Penjelasan : karena yang dibutuhkan untuk pppoe client interface akan dipakai 23. Mark all the features that can be used for limiting client registrations to your access point:
A. access-list B. wpa C. WDS D. registration-table Jawaban : A Penjelasan : untuk melimit client yang connect kita bisa menggunakan Access-List. 24. You want to use PCQ and allow 256k maximum download and upload for each client. Choose correct argument values for the required queue. A. kind=pcq pcq-rate=256000 pcq-classifier=dst-address B. kind=pcq pcq-rate=1256000 pcq-classifier=dst-address C. kind=pcq pcq-rate=5000000 pcq-classifier=src-address D. kind=pcq pcq-rate=256000 pcq-classifier=src-address E. kind=pcq pcq-rate=5000000 pcq-classifier=dst-address Jawab : A dan D Penjelasan :dalam PCQ untuk melimit Upload classifier yang diisi adalah Src-Address dan untuk Download classfier yang diisi aalah dst-address 25. There can be more than one PPPoE server in a single broadcast domain: True Jawab : true Penjelasa: karena dalam satu broadcast domain bisa menjalankan lebih dari satu point to point dalam satu network 1. You want to transfer existing '/ip firewall filter' configuration from one router to a new system. Choose the best possible way to do: A. Export only '/ip firewall filter' B. Create backup only of '/ip firewall filter' rules C. Create backup, edit backup file and restore on target router D. Export global configuration and remove everything apart from '/ip firewall filter' Jawab :a Penjelasan : karena untuk menambahkan nama fitur tersebut untuk export yang lebh spesifik 2. A. Five B. One C. Two
D. Unlimited Jawab : b Penjelasan ; setiap interface hanya mendappat jatah 1 untuk setiap interface 3. There are two routes in the routing table: 0 dst-addr=10.1.1.0/24 gateway=5.5.5.5 1 dst-addr=10.1.1.4/30 gateway=5.6.6.6 Which gateway will be used to get to the IP address 10.1.1.6? A. both - half of the traffic will be routed through one gateway, half through the other B. 5.6.6.6 C. 5.5.5.5 D. the required route is not in the routing table Jawab : b Penjelasan : karena dia termasuk dalam range yang sama dan juga paling spesifik Jawaban yang A dan c tidak termasuk karena mereka kurang spesifik, 4. A routing table has following entries: 0 dst-address=10.0.0.0/24 gateway=10.1.5.126 1 dst-address=10.1.5.0/24 gateway=10.1.1.1 2 dst-address=10.1.0.0/24 gateway=25.1.1.1 3 dst-address=10.1.5.0/25 gateway=10.1.1.2 Which gateway will be used for a packet with destination address 10.1.5.126?
A. 10.1.5.126 B. 10.1.1.1 C. 10.1.1.2 D. 25.1.1.1 Jawab : c Penjelasan : karena dia termasuk dalam range yang sama dan juga paling spesifik Jawaban yang A,B dan D tidak termasuk karena mereka kurang spesifik
5. Which port does PPTP use by default? A. TCP 1721 B. UDP 1721 C. UDP 1723 D. TCP 1723 JAWAB :d Penjelasan : karena port pptp berjalan pada tcp 1723 bukan udp 6. There are two wireless cards (wlan1 and wlan2) which are bridged together. On wlan1 card there is a setting "Forwarding=no". Choose the correct answer(s): A. Stations on wlan2 will be able to communicate with stations on wlan2 B. Stations on wlan2 will be able to communicate with stations on wlan1 C. Stations on wlan1 will be able to communicate with stations on wlan1 D. To prevent communication between wlan1 and wlan2 one cannot use Bridge Filters E. Stations on wlan1 will be able to communicate with stations on wlan2 7. Consider a wireless access point with mode=ap-bridge. What is the maximum number of concurrent clients that can connect to it? A. 2007 B. 2012 C. 2048 D. 1024 8. Consider the following diagram. We want to communicate from a device on LAN1 to a device on LAN2. Assuming that all necessary configurations are already included on R2, which of the following configurations in R1 would enable this communication? A. /ip route add dst-address=192.168.1.0/24 srcaddress=192.168.0.0/24 gateway=192.168.99.2 B. /ip route add dst-address=0.0.0.0/0 gateway=Ether1 C. /ip route add dst-address=192.168.0.0/24 gateway=192.168.0.1 D. /ip route add dst-address=192.168.1.0/24 gateway=192.168.99.2
E. /ip route add dst-address=0.0.0.0/0 gateway=192.168.99.2
Jawab : B,D.E Penjelasan: semuanya benar karena , B. bisa memakai interface, D. konfigurasi static routing yang lengkap E. bisa memakai efault route 9. PPP Secrets are used for A. PPtP clients B. L2TP clients C. Router users D. PPPoE clients E. IPSec clients F. PPP clients Jawab : A,B,D Penjelasan : ppp secret berfungsi untuk membuat user an password untuk proses tunneling 10. For a Simple Queue to apply a bandwidth restrictions on a bridged interface, following must be done: A. Configure an IP address on the bridge interface B. Use mangle to mark the connections C. Associate the Simple Queue to the bridge interface D. Enable 'Use IP Firewall' in bridge settings Jawab : c Penjelasan : karena untuk menjalankan fungsi diatas mesti dipasang dibridge tersebut
11. In RouterOS queue configurations the word "total" usually represents A. download - upload B. upload C. upload + download D. Download Jawab : c
Penjelasan : karena total itu merupakan upload + download 12. What does the firewall action "log" do? A. It logs and blocks the packet B. It blocks and logs the packet C. It adds a prefix to the packet and passes it through D. It logs the packet Jawab : D Penjelasan : log itu fungsi mencatat, bukan memblok ataupun mengijinkan data untuk leat 13. Which of the following is true for connection tracking A. Connection tracking must be enabled for NAT'ed network B. Enabling connection tracking reduces CPU usage in RouterOS C. Disable connection tracking for mangle to work D. Connection tracking must be enabled to be able to use all firewall features 14. How many different priorities can be selected for queues in MikroTik RouterOS? A. 1 B. 16 C. 0 D. 8 Jawab : d Penjelasan : priority terbesar yang dapat diberikan pada client adlah 8 semakin kecil angkanya semaikn I prioritaskan 15. Which of the following keystrokes enables safe mode in console: A. Ctrl+x B. Ctrl+c C. Ctrl+d D. Ctrl+s Jawab : A Penjelasan ;
16. Select minimal set of software packages in RouteOS required to configuring a wireless AP A. wireless B. advanced-tools C. dhcp D. routing E. System Jawab : A dan E Penjelasan : karena untuk sekedar menghubungkan apstasion tidak dibutuhkan dhcp (untuk membagikan ip) dan juga routing (karena bisa memakai satu network yang sama) 17. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. no extra package required B. advanced-tools C. dhcp D. Routing Jawab : A Penjelasan :jika hanya static routing tidak memerlukan paket tambahan/extra package 18. What is possible with Netinstall? A. MikroTik RouterOS reinstall B. MikroTik RouterOS password reset with saving router's configuration C. MikroTik RouterOS configuration reset Jawaban : semua benar Penjelasan : netiinstall dapat melakukan ketiganya 19. Possible actions of ip firewall filter are: A. bounce B. log C. accept D. tarp E. add-to-list F. Tarpit
Jawab : B,C,D,F Penjelasan : 20. What is the minimal possible wireless configuration to create an Access Point? A. DFS mode B. WDS C. scan-list D. radio name E. mode F. frequency G. Band H. Ssid Jawab : g Penjelasan : jika hanya sekedar terhubung kita hanya mememrlukan band yang sama 21. What is the correct action for a NAT rule on a router that should intercept SMTP traffic and send it over to a specified mail server? A. redirect B. passthrough C. dst-nat D. Tarpit Jawab : c Karena : paket ingin DIOPER ke mail server 22. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is a router between server and end-user host, it will not be able to create PPPoE tunnel to that PPPoE server.
Penjelasan : karena PPPOE bisa berjalan meskipun beda IP network 23. It is possible to create an encrypted PPPoE tunnel in RouterOS:
24. Where should you upload new MikroTik RouterOS version packages for upgrading router?
A. FTP root directory or /files directory of the router B. System Package menu C. Any directory in /files D. System Backup menu Jawab : c Penjelasan : karena setiap upgrade akan diletakan I directory file 25. During a scan, in order to see all the available wireless frequencies that are supported by the card, the following option must be selected in the wireless card's "Frequency Mode": A. regulatory domain B. superchannel C. manual txpower Jawab A Penjelasan : karena memberi limit terhadap channel yang tersedia dan maximum transit sesuai dengan Negara masing2 1. What can be used as ’target-address’ in the simple queue? A. address list name B. client’s MAC address C. client’s address D. server’s address Jawab : c Penjelasan : karena untuk simple queue menggunakan ip address si client 2. When using routing option 'check-gateway=ping' after how many timeouts is gateway considered unreachable: A. 1 B. 3 C. 2 D. 4 Jawab : c Penjelasan : 3. The highest queue priority is A. 1 B. 8
C. 256 D. 16 Jawab :b Penjelasan : priority terbesar yang dapat diberikan pada client adlah 8 semakin kecil angkanya semaikn I prioritaskan 4. The 'connect-list' of wireless interfaces is used A. for specifying APs not to connect to B. for preventing communications between the clients C. for specifying APs to connect to D. for configuring SSID on the interface Jawab : a dan c Penjelasan : fungsi dari access-list ialah membatasi mana saja yang bisa connect ke ap tersebut 5. Which option in the configuration of a wireless s card must be disabled to cause the router to permit ONLY known clients listed in the access list to connect? A. Default Forward B. Default Authenticate C. Security Profile D. Enable Access List Jawab : b Penjelasan : karena dengan default authenticate semua bisa connect ke ap tersebut 6. DHCP server is configured on a router’s ether1 interface. IP address 192.168.0.100/24 is assigned to the interface. Possible IP pools, that can be used by this DHCP server, are:
A. 192.168.0.1-192.168.0.255 B. 192.168.0.1-192.168.0.99,192.168.0.101-192.168.0.254 C. 192.168.0.1-192.168.0.14 D. 192.169.0.1-192.169.0.254 Jawab : b dan c Penjelasan : karena untuk jawaban A dan B akan terjai overlap ip (ip gateway tidak dipisah) 7. There can be more than one PPPoE server in a single broadcast domain:
Jawab : true Penjelasa: karena dalam satu broadcast domain bisa menjalankan lebih dari satu point to point dalam satu network
8. There are two wireless cards (wlan1 and wlan2) which are bridged together. On wlan1 card there is a setting "Forwarding=no". Choose the correct answer(s): A. To prevent communication between wlan1 and wlan2 one cannot use Bridge Filters B. Stations on wlan2 will be able to communicate with stations on wlan1 C. Stations on wlan1 will be able to communicate with stations on wlan2 D. Stations on wlan1 will be able to communicate with stations on wlan1 E. Stations on wlan2 will be able to communicate with stations on wlan2 9. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These flags mean:
A. Dynamic, Active, Console B. Dynamic, Available, Created C. Dynamic, Active, Connected D. Direct, Available, Connected Penjelasan : bisa dilihat di bawah ini Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 10. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. no extra package required B. routing C. advanced-tools D. dhcp Jawaban : a Penjelasan :jika hanya static routing tidak memerlukan paket tambahan/extra package 11. Which of the following Routes statuses are possible? A. C = Connected B. A = Active C. S = Static
D. D = Drop Jawab : abc Penjelsan : d tidak termasuk karena dia termasuk action dari firewall bukan status dari table routing 12. It is possible to create an encrypted PPPoE tunnel in RouterOS:
Jawab true penjelasan: karena dalam satu broadcast domain bisa menjalankan lebih dari satu point to point dalam satu network 13. Action=redirect allows you to make
A. Transparent HTTP Proxy B. Enable Local Service C. Transparent DNS Cache D. Forward DNS to another device IP address Jawab : a dan c Penjelasan : karena redirect yang terpasang di dm chain=dstnat ini berfungsi untuk transparent http proxy dan juga transparent dns cache
14. What is possible with Netinstall? A. MikroTik RouterOS password reset with saving router's configuration B. MikroTik RouterOS configuration reset C. MikroTik RouterOS reinstall Jawaban : semua benar Penjelasan : netiinstall dapat melakukan ketiganya 15. A client uses a RouterBOARD1000. The clock is configured in '/system clock'. The clock resets to default after each reboot. Select the best solution for the problem. A. Write a script in '/system script' to set the clock B. Configure '/system ntp client' and set a valid and reachable NTP server address. C. Open the router and ensure the CMOS battery is fine. D. Configure '/system ntp server' and set a valid and reachable NTP client address. Jawab : b
Penjelasan : dengan memasang ntp client, maka ia akan mensingkronisasikan waktu sesuai dengan yang ada di internet, A, salah karna ketika reboot ia akan tetap kembali ke waktu sebelumnya B salah karena dhcp server digunakan untuk memberikan waktu (dan bertindak sebagai server) an ia tidak tersambung ke klien manapun D. rb 1000 tidak memiliki battry cmos 16. A. One B. Unlimited C. Five D. Two Jawaban : a Penjelasan ; setiap interface hanya mendappat jatah 1 untuk setiap interface 17. A wireless interface 'wlan1' is added to a bridge interface 'br-lan'. To enable dhcp-server for wireless interface 'wlan1', on which interface should dhcp-server be configured? A. On both 'br-lan' and 'wlan1' B. The dhcp-server cannot be enabled neither on 'wlan1', nor on 'br-lan' C. On 'wlan1' D. On 'br-lan' Jawaban :D Penjelasan tidak perlu lagi membuat ip address di wlan apabila sudah dimasukan kedalam bridge 18. It is possible to have PPTP Client and PPTP server on one MikroTik router at the same time.
Jawab : true Penjelasa: karena d 19. Which firewall chain should be used for filters that protect your router interface? A. post-routing B. forward C. pre-routing D. input 20. What does the firewall action "Redirect" do? Select all true statements. A. Redirects a packet to a specified port on a host in the network B. Redirects a packet to a specified IP
C. Redirects a packet to a specified port on the router D. Redirects a packet to the router 21. Which of the following would prevent unknown clients from connecting to your AP? Choose the BEST answer. A. Uncheck "Default Authenticate" in the wireless card configuration, and add each known client's MAC address to your connect-list configuration B. Configure the radius server under "/radius" C. Add each known client's MAC address to your access-list configuration is the only step needed D. Uncheck "Default Authenticate" in the wireless card configuration, and add each known client's MAC address to your access-list configuration ensuring that you enable "authenticate" in the entry E. Check the "Do not permit unknown client" box in the wireless configuration Jawb Penjelasan : karena dengan default authenticate semua bisa connect ke ap tersebut 22. Which port does PPTP use by default? A. UDP 1723 B. UDP 1721 C. TCP 1723 D. TCP 1721 Jawab : c Penjelasan : Port yang dipakai pptp ialah 1723secara default 23. Which are necessary sections in /queue simple to set bandwidth limitation? A. target-address, max-limit B. max-limit C. target-address, dst-address D. target-address, dst-address, max-limit Jawab : a Penjelasan : karena untuk simple queue hanya membutuhkan target dan juga max limit nya 24. It is required to make a web server on a private LAN visible on the Public Internet. Only the web server port should be visible to the public. Which of the following configuration steps must be met. (select all that apply) A. A route between the NAT Router and the webserver must exist B. in ip firewall NAT there should be a dst-nat between the public ip of the router and the private ip of the webserver
C. LAN address of the webserver should be routable on the internet D. Public IP address of the webserver must be installed on the NAT Router E. Connection Tracking must be enabled on NAT router 25. What is the default protocol/port of (secure) winbox? A. UDP/5678 B. TCP/22 C. TCP/8291 D. TCP/8080 Jawab : c Penjelasan ; port default dari winbox aalah 8291 1. A client uses a RouterBOARD1000. The clock is configured in '/system clock'. The clock resets to default after each reboot. Select the best solution for the problem. A. Write a script in '/system script' to set the clock B. Configure '/system ntp server' and set a valid and reachable NTP client address. C. Configure '/system ntp client' and set a valid and reachable NTP server address. D. Open the router and ensure the CMOS battery is fine. Jawab: C Penjelasan : dengan memasang ntp client, maka ia akan mensingkronisasikan waktu sesuai dengan yang ada di internet, A, salah karna ketika reboot ia akan tetap kembali ke waktu sebelumnya B salah karena dhcp server digunakan untuk memberikan waktu (dan bertindak sebagai server) an ia tidak tersambung ke klien manapun D. rb 1000 tidak memiliki battry cmos 2. Which of the protocols below is used by Netinstall? A. arp B. bootp C. dhcp D. rarp Jawab : b Penjelasan : protocol yang digunakan adalah bootp untuk menginstalasi gn netinstall Jawaban a salah karena dungsi ARP adalah memetakan layer2 dan 3 Jawaban c salah karena dhcp berfungsi untuk membagikan ip Jawaban d salah karena adlh kebalikan dari ARP
3. /ip route configuration on router, /ip route add gateway=192.168.0.1 /ip route add dst-address=192.168.1.0/24 gateway=192.168.0.2 /ip route add dst-address=192.168.2.0/24 gateway=192.168.0.3 /ip route add dst-address=192.168.3.0/26 gateway=192.168.0.4 Router needs to send packets to 192.168.3.240. Which gateway will be used? A. 192.168.0.2 B. 192.168.0.4 C. 192.168.0.1 D. 192.168.0.3 Jawab : c Penjelasan : jawaban A dan B salah karena dst addressnya tidak sesuai dengan yang diminta Sedangkan yang D karena rangenya berbeda dengan 240 4. For a Simple Queue to apply a bandwidth restrictions on a bridged interface, following must be done: A. Configure an IP address on the bridge interface B. Use mangle to mark the connections C. Enable 'Use IP Firewall' in bridge settings D. Associate the Simple Queue to the bridge interface 5. Mark all correct answers A. Wireless access-list could allow and deny connect to your AP B. The only way to prevent wireless clients connections - disable wireless interface C. Default-Forwarding could be enabled for a specific clients by wireless access-list D. /ip firewall filter allows to deny authentication to AP Jawab : a saja Penjelasan : wirelesss access-list dapat menentukan mana yang boleh terhubung ke ap, caranya dengan mendisable default authentication Selainnya salah karena tidak sesuai 6. NAT rule is going to catch SMTP traffic and send it to a specific mail server. What is the correct action for a NAT rule? A. passthrough B. dst-nat C. redirect
D. tarpit Jawab : b Penjelasan : karena untuk membelokan smtp traffic kesuatu network ialah tugas dst nat Untuk mengkonfigurasikannya ikuti command dibawah ini ip firewall nat add chain=dstnat protocol=tcp dst-port=25 action=dst-nat toaddresses=10.0.0.1 to-ports=25
7. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These flags mean:
A. Direct, Available, Connected B. Dynamic, Active, Connected C. Dynamic, Available, Created D. Dynamic, Active, Console Jawab : b Penjelasan : bisa dilihat di bawah ini Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 8. It is possible to create an encrypted PPPoE tunnel in RouterOS: Penjelasan : karena semua protocol ppp bisa di enkripsi 9. Action=redirect is applied in A. chain=srcnat B. chain=forward C. chain=dstnat Jawab : c Penjelasan: karena redirect membutuhkan destination bukan source atau pun forward 10. MikroTik RouterOS commands can be run once a day by: A. /system watchdog B. /system cron C. /system scheduler
Jawab: c Pejelasan : karena scheduler mengatur jadwal kapan fitur tersebut dijalankan 11. Router has wireless and ethernet client interfaces, all client interfaces are bridged. To create a DHCP service for all clients, DHCP server must be configured on: A. Ethernet and wireless interfaces B. DHCP service is not possible in this setup C. Every bridge port D. Only on the bridge interface Jawab: D Penjelasan : karena interface wireless dan ethernetnya sudah di bridge sehingga harus dimasukan kedalam interface bridge 12. You want to use PCQ and allow 256k maximum download and upload for each client. Choose correct argument values for the required queue. A. kind=pcq pcq-rate=1256000 pcq-classifier=dst-address B. kind=pcq pcq-rate=5000000 pcq-classifier=src-address C. kind=pcq pcq-rate=256000 pcq-classifier=dst-address D. kind=pcq pcq-rate=5000000 pcq-classifier=dst-address E. kind=pcq pcq-rate=256000 pcq-classifier=src-address Jawab : C dan E Penjelasan :dalam PCQ untuk melimit Upload classifier yang diisi adalah Src-Address dan untuk Download classfier yang diisi aalah dst-address 13. Which is a default baud-rate of currently manufactured RouterBOARDs? A. 115200 B. 9600 C. 38400 D. 11520 Jawaban :a Penjelasan : karena default yang dipasang ke netinstall adalah 11520 14. DHCP server is configured on a router’s ether1 interface. IP address 192.168.0.100/24 is assigned to the interface. Possible IP pools, that can be used by this DHCP server, are:
A. 192.169.0.1-192.169.0.254 B. 192.168.0.1-192.168.0.255 C. 192.168.0.1-192.168.0.99,192.168.0.101-192.168.0.254 D. 192.168.0.1-192.168.0.14
Jawab : c an d Penjelasan : karena untuk jawaban A dan B akan terjai overlap ip (ip gateway tidak dipisah) 15. There can be more than one PPPoE server in a single broadcast domain:
Jawab : true Penjelasa: karena dalam satu broadcast domain bisa menjalankan lebih dari satu point to point dalam satu network 16. Which wireless mode allows you to connect to any standard AP (not only MikroTik) and to be able to bridge this wireless interface to an Ethernet? A. station B. station-wds C. bridge D. station-pseudobridge Jawab : a Penjelasan : karena untuk jawaban B dan D khusus mikrotik untuk melakukan wds 17. To block communications between wireless clients connected to the same access point interface, you should set A. 'default-forwarding=no' B. 'max-station-count=1' C. 'default-authentication=no' D. 'default-authentication=no' and 'default-forwarding=no' Jawab : a Penjelasan : karena no default-forwarding akan men disable layer 2 dari client 18. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is a router between server and end-user host, it will not be able to create PPPoE tunnel to that PPPoE server.
Jawaban : false Penjelasan : karena PPPOE bisa berjalan meskipun beda IP network 19. Which default route will be active? /ip route add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.1 add disabled=no distance=5 dst-address=0.0.0.0/0 gateway=2.2.2.2 A. Route via gateway 2.2.2.2
B. Route via gateway 1.1.1.1 Jawab : a Penjelasan :semakin kecil distance nya semakin di prioritaskan 20. Which are necessary sections in /queue simple to set bandwidth limitation? A. max-limit B. target-address, max-limit C. target-address, dst-address D. target-address, dst-address, max-limit Jawab : b Penjelasan : karena untuk simple queue hanya membutuhkan target dan juga max limit nya 21. Which option in the configuration of a wireless card must be disabled to cause the router to permit ONLY known clients listed in the access list to connect? A. Enable Access List B. Security Profile C. Default Authenticate D. Default Forward Jawab : c Penjelasan : karena dengan default authenticate semua bisa onnect ke ap tersebut 22. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. advanced-tools B. routing C. dhcp D. no extra package required Jawab : d Penjelasan :jika hanya static routing tidak memerlukan paket tambahan/extra package 23. Which firewall chain should you use to filter clients HTTP traffic going through the router? A. prerouting B. forward C. output D. input Jawab :b
Penjelasan : kata kuncinya adalah “through” atau melewati sehingga yang dibutuhkan untuk “melewati” ialah chain=forward 24. What is necessary for PPPoE client configuration? A. ip firewall nat masquerade rule B. Interface (on which PPPoE client is going to work) C. Static IP address on PPPoE client interface Jawaban : b Penjelasan : karena yang dibutuhkan untuk pppoe client interface akan dipakai
25. Action=redirect can be used in NAT chain src-nat A. true B. false Jawab b Penjelasan: karena redirect membutuhkan destination bukan source atau pun forward
1. Is action=masquerade allowed in chain=dstnat? A. yes, but only if dst-addr is specified B. yes C. yes, but it works only for incoming connections D. no Jawaban : D Penjelasan : karena masquerade dipasang pada srcnat
2. What is the default protocol/port of (secure) winbox? A. UDP/5678 B. TCP/22 C. TCP/8291 D. TCP/8080 Jawaban : c
Penjelasan : karena port default dari winbox adalah tcp 8291 3. Which is the default port of IP-Winbox? A. UDP 8291 B. TCP 80 C. TCP 8291 D. TCP 8192 Jawab : c Penjelasan : karena port default dari winbox adalah tcp 8291 4. During a scan, in order to see all the available wireless frequencies that are supported by the card, the following option must be selected in the wireless card's "Frequency Mode": A. manual txpower B. superchannel C. regulatory domain Jawab : c Penjelasan : karena memberi limit terhadap channel yang tersedia dan maximum transit sesuai dengan Negara masing2 5. Which are necessary sections in /queue simple to set bandwidth limitation? A. target-address, dst-address B. target-address, max-limit C. target-address, dst-address, max-limit D. max-limit Jawab :b Penjelasan : karena untuk simple queue hanya membutuhkan target dan juga max limit nya 6. RouterOS log messages are stored on disk by default False Penjelasan : karena log message nya disimpan di memory bukan di disk 7. In order to use dynamic keys in your wireless security profile for an AP, you MUST set up the dhcp server to provide the dynamic keys. False Penjelasan karena dhcp tidak mengirimkan dynamic key 8. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These flags mean: A. Dynamic, Active, Connected B. Dynamic, Active, Console C. Dynamic, Available, Created D. Direct, Available, Connected Jawab :a
Penjelasan : bisa dilihat di bawah ini Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 9. Which wireless mode allows you to connect to any standard AP (not only MikroTik) and to be able to bridge this wireless interface to an Ethernet? A. station-pseudobridge B. station C. station-wds D. bridge Jawab : b Penjelasan : karena untuk jawaban B dan D khusus mikrotik untuk melakukan wds 10. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. no extra package required B. advanced-tools C. dhcp D. routing Jawab A Penjelasan : Penjelasan :jika hanya static routing tidak memerlukan paket tambahan/extra package 11. In RouterOS queue configurations the word "total" usually represents A. download B. upload + download C. upload D. download – upload Jawab b Penjelasan : karena total itu merupakan upload + download 12. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is a router between server and end-user host, it will not be able to create PPPoE tunnel to that PPPoE server. False Penjelasan : Penjelasan : karena PPPOE bisa berjalan meskipun beda IP network
13. PPP Secrets are used for A. PPtP clients B. IPSec clients C. PPP clients D. Router users E. L2TP clients
F. PPPoE clients Jawab : A,E,F Penjelasan : ppp secret berfungsi untuk membuat user an password untuk proses tunneling
14. When using routing option 'check-gateway=ping' after how many timeouts is gateway considered unreachable: A. 4 B. 3 C. 1 D. 2 15. Consider the following diagram. We want to communicate from a device on LAN1 to a device on LAN2. Assuming that all necessary configurations are already included on R2, which of the following configurations in R1 would enable this communication? A. /ip route add dst-address=192.168.1.0/24 src-address=192.168.0.0/24 gateway=192.168.99.2 B. /ip route add dst-address=0.0.0.0/0 gateway=192.168.99.2 C. /ip route add dst-address=192.168.0.0/24 gateway=192.168.0.1 D. /ip route add dst-address=0.0.0.0/0 gateway=Ether1 E. /ip route add dst-address=192.168.1.0/24 gateway=192.168.99.2 Jawab : Penjelasan: semuanya benar karena , D. bisa memakai interface, E. konfigurasi static routing yang lengkap B. bisa memakai Default route 16. What is possible with Netinstall? A. MikroTik RouterOS reinstall B. MikroTik RouterOS password reset with saving router's configuration C. MikroTik RouterOS configuration reset Jawaban : semua benar Penjelasan : netiinstall dapat melakukan ketiganya 17. If you wish to block user access to MSN messenger, which chain should the firewall rule be placed in? A. input B. process C. forward D. output Jawaban : C Penjelasan : karena chain yang digunakan untuk data / paket dari luar router menuju luar lainnya menggunakan Chain=Forward
18. If ARP=reply-only is configured on an interface, this interface will A. accept all MAC-addresses listed in '/ip arp' as static entries B. accept IP and MAC address combinations listed in '/ip arp' list C. add new MAC addresses in '/ip arp' list D. add new IP addresses in '/ip arp' list E. accept all IP addresses listed in '/ip arp' as static entries Jawaban : A Penjelasan : ARP=reply-only hanya membalas bagi yang IP dan MAC Addressnya sudah tercantum 19. In WinBox when clicking the 'Backup' button in the Files window, the following happens (select all that apply): A. Backup file is created. Name contains the router identity, the date and time of its creation B. Backup file is saved to the computer desktop C. Backup file will contain usernames and passwords of the router D. Optionally backup name and password can be specified Jawaban : A Penjelasan : Backup File berguna untuk membackup seluruh Konfigurasi termasuk Router Ientity, tanggal dan waktu 20. What is marked by connection-state=established matcher? A. Packet begins a new TCP connection B. Packet does not correspond to any known connection C. Packet belongs to an existing connection,for example a reply packet or a packet which belongs to already replied connection D. Packet is related to, but not part of an existing connection Jawaban c Penjelasan : karena estabilished merupakan hasil dari koneksi yang pernah ada Sedangkan 21. /ip firewall nat add chain=dstnat in-interface=ether1 protocol=tcp dst-port=3389 action=dst-nat toaddress=192.168.1.2 to-ports=81 The command shown above: A. Forwards any TCP traffic incoming through ether1 port 81 to the port 3389 of the internal host 192.168.1.2 B. Adds IP address 192.168.1.2 to the interface ether1 C. Forwards any TCP traffic incoming through ether1 port 3389 to the port 81 of the internal host 192.168.1.2 D. Forwards all TCP traffic from 192.168.1.2 to port 81 of the interface ether1 Jawaban : C
Penjelasan : firewall nat akan membelokan traffic ari ether satu engan dst-port 3389 ke port 81.Jawaban A salah karena port yang dibelokkan salah, Jawaban A menjelaskan bahwa port 81 akan dibelokkan ke port 3389. 22. What is necessary for PPPoE client configuration? A. Interface (on which PPPoE client is going to work) B. ip firewall nat masquerade rule C. Static IP address on PPPoE client interface Jawaban : a Penjelasan : karena yang dibutuhkan untuk pppoe client interface akan dipakai 23. Mark all the features that can be used for limiting client registrations to your access point: A. access-list B. wpa C. WDS D. registration-table Jawaban : A Penjelasan : untuk melimit client yang connect kita bisa menggunakan Access-List. 24. You want to use PCQ and allow 256k maximum download and upload for each client. Choose correct argument values for the required queue. A. kind=pcq pcq-rate=256000 pcq-classifier=dst-address B. kind=pcq pcq-rate=1256000 pcq-classifier=dst-address C. kind=pcq pcq-rate=5000000 pcq-classifier=src-address D. kind=pcq pcq-rate=256000 pcq-classifier=src-address E. kind=pcq pcq-rate=5000000 pcq-classifier=dst-address Jawab : A dan D Penjelasan :dalam PCQ untuk melimit Upload classifier yang diisi adalah Src-Address dan untuk Download classfier yang diisi aalah dst-address 25. There can be more than one PPPoE server in a single broadcast domain: True Jawab : true Penjelasa: karena dalam satu broadcast domain bisa menjalankan lebih dari satu point to point dalam satu network
1. You want to transfer existing '/ip firewall filter' configuration from one router to a new system. Choose the best possible way to do: A. Export only '/ip firewall filter' B. Create backup only of '/ip firewall filter' rules C. Create backup, edit backup file and restore on target router D. Export global configuration and remove everything apart from '/ip firewall filter' Jawab :a Penjelasan : karena untuk menambahkan nama fitur tersebut untuk export yang lebh spesifik ssss 2. A. Five B. One C. Two D. Unlimited Jawab : b Penjelasan ; setiap interface hanya mendappat jatah 1 untuk setiap interface 3. There are two routes in the routing table: 0 dst-addr=10.1.1.0/24 gateway=5.5.5.5 1 dst-addr=10.1.1.4/30 gateway=5.6.6.6 Which gateway will be used to get to the IP address 10.1.1.6? A. both - half of the traffic will be routed through one gateway, half through the other B. 5.6.6.6 C. 5.5.5.5 D. the required route is not in the routing table Jawab : b Penjelasan : karena dia termasuk dalam range yang sama dan juga paling spesifik Jawaban yang A dan c tidak termasuk karena mereka kurang spesifik, 4. A routing table has following entries: 0 dst-address=10.0.0.0/24 gateway=10.1.5.126
1 dst-address=10.1.5.0/24 gateway=10.1.1.1 2 dst-address=10.1.0.0/24 gateway=25.1.1.1 3 dst-address=10.1.5.0/25 gateway=10.1.1.2 Which gateway will be used for a packet with destination address 10.1.5.126?
A. 10.1.5.126 B. 10.1.1.1 C. 10.1.1.2 D. 25.1.1.1 Jawab : c Penjelasan : karena dia termasuk dalam range yang sama dan juga paling spesifik Jawaban yang A,B dan D tidak termasuk karena mereka kurang spesifik 5. Which port does PPTP use by default? A. TCP 1721 B. UDP 1721 C. UDP 1723 D. TCP 1723 JAWAB :d Penjelasan : karena port pptp berjalan pada tcp 1723 bukan udp 6. There are two wireless cards (wlan1 and wlan2) which are bridged together. On wlan1 card there is a setting "Forwarding=no". Choose the correct answer(s): A. Stations on wlan2 will be able to communicate with stations on wlan2 B. Stations on wlan2 will be able to communicate with stations on wlan1 C. Stations on wlan1 will be able to communicate with stations on wlan1 D. To prevent communication between wlan1 and wlan2 one cannot use Bridge Filters E. Stations on wlan1 will be able to communicate with stations on wlan2
7. Consider a wireless access point with mode=ap-bridge. What is the maximum number of concurrent clients that can connect to it? A. 2007 B. 2012 C. 2048 D. 1024 8. Consider the following diagram. We want to communicate from a device on LAN1 to a device on LAN2. Assuming that all necessary configurations are already included on R2, which of the following configurations in R1 would enable this communication? A. /ip route add dst-address=192.168.1.0/24 srcaddress=192.168.0.0/24 gateway=192.168.99.2 B. /ip route add dst-address=0.0.0.0/0 gateway=Ether1 C. /ip route add dst-address=192.168.0.0/24 gateway=192.168.0.1 D. /ip route add dst-address=192.168.1.0/24 gateway=192.168.99.2 E. /ip route add dst-address=0.0.0.0/0 gateway=192.168.99.2
Jawab : B,D.E Penjelasan: semuanya benar karena , B. bisa memakai interface, D. konfigurasi static routing yang lengkap E. bisa memakai efault route 9. PPP Secrets are used for A. PPtP clients B. L2TP clients C. Router users D. PPPoE clients E. IPSec clients F. PPP clients Jawab : A,B,D Penjelasan : ppp secret berfungsi untuk membuat user an password untuk proses tunneling 10. For a Simple Queue to apply a bandwidth restrictions on a bridged interface, following must be done:
A. Configure an IP address on the bridge interface B. Use mangle to mark the connections C. Associate the Simple Queue to the bridge interface D. Enable 'Use IP Firewall' in bridge settings Jawab : c Penjelasan : karena untuk menjalankan fungsi diatas mesti dipasang dibridge tersebut
11. In RouterOS queue configurations the word "total" usually represents A. download - upload B. upload C. upload + download D. Download Jawab : c Penjelasan : karena total itu merupakan upload + download 12. What does the firewall action "log" do? A. It logs and blocks the packet B. It blocks and logs the packet C. It adds a prefix to the packet and passes it through D. It logs the packet Jawab : D Penjelasan : log itu fungsi mencatat, bukan memblok ataupun mengijinkan data untuk leat 13. Which of the following is true for connection tracking A. Connection tracking must be enabled for NAT'ed network B. Enabling connection tracking reduces CPU usage in RouterOS C. Disable connection tracking for mangle to work D. Connection tracking must be enabled to be able to use all firewall features 14. How many different priorities can be selected for queues in MikroTik RouterOS?
A. 1 B. 16 C. 0 D. 8 Jawab : d Penjelasan : priority terbesar yang dapat diberikan pada client adlah 8 semakin kecil angkanya semaikn I prioritaskan 15. Which of the following keystrokes enables safe mode in console: A. Ctrl+x B. Ctrl+c C. Ctrl+d D. Ctrl+s Jawab : A Penjelasan ; 16. Select minimal set of software packages in RouteOS required to configuring a wireless AP A. wireless B. advanced-tools C. dhcp D. routing E. System Jawab : A dan E Penjelasan : karena untuk sekedar menghubungkan apstasion tidak dibutuhkan dhcp (untuk membagikan ip) dan juga routing (karena bisa memakai satu network yang sama) 17. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. no extra package required B. advanced-tools C. dhcp D. Routing Jawab : A Penjelasan :jika hanya static routing tidak memerlukan paket tambahan/extra package 18. What is possible with Netinstall?
A. MikroTik RouterOS reinstall B. MikroTik RouterOS password reset with saving router's configuration C. MikroTik RouterOS configuration reset Jawaban : semua benar Penjelasan : netiinstall dapat melakukan ketiganya 19. Possible actions of ip firewall filter are: A. bounce B. log C. accept D. tarp E. add-to-list F. Tarpit Jawab : B,C,D,F Penjelasan : 20. What is the minimal possible wireless configuration to create an Access Point? A. DFS mode B. WDS C. scan-list D. radio name E. mode F. frequency G. Band H. Ssid Jawab : g Penjelasan : jika hanya sekedar terhubung kita hanya mememrlukan band yang sama 21. What is the correct action for a NAT rule on a router that should intercept SMTP traffic and send it over to a specified mail server? A. redirect B. passthrough C. dst-nat
D. Tarpit Jawab : c Karena : paket ingin DIOPER ke mail server 22. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is a router between server and end-user host, it will not be able to create PPPoE tunnel to that PPPoE server.
Penjelasan : karena PPPOE bisa berjalan meskipun beda IP network 23. It is possible to create an encrypted PPPoE tunnel in RouterOS:
24. Where should you upload new MikroTik RouterOS version packages for upgrading router? A. FTP root directory or /files directory of the router B. System Package menu C. Any directory in /files D. System Backup menu Jawab : c Penjelasan : karena setiap upgrade akan diletakan I directory file 25. During a scan, in order to see all the available wireless frequencies that are supported by the card, the following option must be selected in the wireless card's "Frequency Mode": A. regulatory domain B. superchannel C. manual txpower Jawab A Penjelasan : karena memberi limit terhadap channel yang tersedia dan maximum transit sesuai dengan Negara masing2 1. What can be used as ’target-address’ in the simple queue? A. address list name B. client’s MAC address C. client’s address
D. server’s address Jawab : c Penjelasan : karena untuk simple queue menggunakan ip address si client 2. When using routing option 'check-gateway=ping' after how many timeouts is gateway considered unreachable: A. 1 B. 3 C. 2 D. 4 Jawab : c Penjelasan : 3. The highest queue priority is A. 1 B. 8 C. 256 D. 16 Jawab :b Penjelasan : priority terbesar yang dapat diberikan pada client adlah 8 semakin kecil angkanya semaikn I prioritaskan 4. The 'connect-list' of wireless interfaces is used A. for specifying APs not to connect to B. for preventing communications between the clients C. for specifying APs to connect to D. for configuring SSID on the interface Jawab : a dan c Penjelasan : fungsi dari access-list ialah membatasi mana saja yang bisa connect ke ap tersebut 5. Which option in the configuration of a wireless s card must be disabled to cause the router to permit ONLY known clients listed in the access list to connect? A. Default Forward B. Default Authenticate C. Security Profile D. Enable Access List
Jawab : b Penjelasan : karena dengan default authenticate semua bisa connect ke ap tersebut 6. DHCP server is configured on a router’s ether1 interface. IP address 192.168.0.100/24 is assigned to the interface. Possible IP pools, that can be used by this DHCP server, are:
A. 192.168.0.1-192.168.0.255 B. 192.168.0.1-192.168.0.99,192.168.0.101-192.168.0.254 C. 192.168.0.1-192.168.0.14 D. 192.169.0.1-192.169.0.254 Jawab : b dan c Penjelasan : karena untuk jawaban A dan B akan terjai overlap ip (ip gateway tidak dipisah) 7. There can be more than one PPPoE server in a single broadcast domain:
Jawab : true Penjelasa: karena dalam satu broadcast domain bisa menjalankan lebih dari satu point to point dalam satu network
8. There are two wireless cards (wlan1 and wlan2) which are bridged together. On wlan1 card there is a setting "Forwarding=no". Choose the correct answer(s): A. To prevent communication between wlan1 and wlan2 one cannot use Bridge Filters B. Stations on wlan2 will be able to communicate with stations on wlan1 C. Stations on wlan1 will be able to communicate with stations on wlan2 D. Stations on wlan1 will be able to communicate with stations on wlan1 E. Stations on wlan2 will be able to communicate with stations on wlan2 9. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These flags mean:
A. Dynamic, Active, Console B. Dynamic, Available, Created C. Dynamic, Active, Connected D. Direct, Available, Connected Penjelasan : bisa dilihat di bawah ini
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 10. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. no extra package required B. routing C. advanced-tools D. dhcp Jawaban : a Penjelasan :jika hanya static routing tidak memerlukan paket tambahan/extra package 11. Which of the following Routes statuses are possible? A. C = Connected B. A = Active C. S = Static D. D = Drop Jawab : abc Penjelsan : d tidak termasuk karena dia termasuk action dari firewall bukan status dari table routing 12. It is possible to create an encrypted PPPoE tunnel in RouterOS:
Jawab true penjelasan: karena dalam satu broadcast domain bisa menjalankan lebih dari satu point to point dalam satu network 13. Action=redirect allows you to make
A. Transparent HTTP Proxy B. Enable Local Service C. Transparent DNS Cache D. Forward DNS to another device IP address Jawab : a dan c Penjelasan : karena redirect yang terpasang di dm chain=dstnat ini berfungsi untuk transparent http proxy dan juga transparent dns cache
14. What is possible with Netinstall? A. MikroTik RouterOS password reset with saving router's configuration B. MikroTik RouterOS configuration reset C. MikroTik RouterOS reinstall Jawaban : semua benar Penjelasan : netiinstall dapat melakukan ketiganya 15. A client uses a RouterBOARD1000. The clock is configured in '/system clock'. The clock resets to default after each reboot. Select the best solution for the problem. A. Write a script in '/system script' to set the clock B. Configure '/system ntp client' and set a valid and reachable NTP server address. C. Open the router and ensure the CMOS battery is fine. D. Configure '/system ntp server' and set a valid and reachable NTP client address. Jawab : b Penjelasan : dengan memasang ntp client, maka ia akan mensingkronisasikan waktu sesuai dengan yang ada di internet, A, salah karna ketika reboot ia akan tetap kembali ke waktu sebelumnya B salah karena dhcp server digunakan untuk memberikan waktu (dan bertindak sebagai server) an ia tidak tersambung ke klien manapun D. rb 1000 tidak memiliki battry cmos 16. A. One B. Unlimited C. Five D. Two Jawaban : a Penjelasan ; setiap interface hanya mendappat jatah 1 untuk setiap interface 17. A wireless interface 'wlan1' is added to a bridge interface 'br-lan'. To enable dhcp-server for wireless interface 'wlan1', on which interface should dhcp-server be configured? A. On both 'br-lan' and 'wlan1' B. The dhcp-server cannot be enabled neither on 'wlan1', nor on 'br-lan' C. On 'wlan1' D. On 'br-lan' Jawaban :D
Penjelasan tidak perlu lagi membuat ip address di wlan apabila sudah dimasukan kedalam bridge 18. It is possible to have PPTP Client and PPTP server on one MikroTik router at the same time.
Jawab : true Penjelasa: karena d 19. Which firewall chain should be used for filters that protect your router interface? A. post-routing B. forward C. pre-routing D. input 20. What does the firewall action "Redirect" do? Select all true statements. A. Redirects a packet to a specified port on a host in the network B. Redirects a packet to a specified IP C. Redirects a packet to a specified port on the router D. Redirects a packet to the router 21. Which of the following would prevent unknown clients from connecting to your AP? Choose the BEST answer. A. Uncheck "Default Authenticate" in the wireless card configuration, and add each known client's MAC address to your connect-list configuration B. Configure the radius server under "/radius" C. Add each known client's MAC address to your access-list configuration is the only step needed D. Uncheck "Default Authenticate" in the wireless card configuration, and add each known client's MAC address to your access-list configuration ensuring that you enable "authenticate" in the entry E. Check the "Do not permit unknown client" box in the wireless configuration Jawb Penjelasan : karena dengan default authenticate semua bisa connect ke ap tersebut 22. Which port does PPTP use by default? A. UDP 1723 B. UDP 1721 C. TCP 1723 D. TCP 1721
Jawab : c Penjelasan : Port yang dipakai pptp ialah 1723secara default 23. Which are necessary sections in /queue simple to set bandwidth limitation? A. target-address, max-limit B. max-limit C. target-address, dst-address D. target-address, dst-address, max-limit Jawab : a Penjelasan : karena untuk simple queue hanya membutuhkan target dan juga max limit nya 24. It is required to make a web server on a private LAN visible on the Public Internet. Only the web server port should be visible to the public. Which of the following configuration steps must be met. (select all that apply) A. A route between the NAT Router and the webserver must exist B. in ip firewall NAT there should be a dst-nat between the public ip of the router and the private ip of the webserver C. LAN address of the webserver should be routable on the internet D. Public IP address of the webserver must be installed on the NAT Router E. Connection Tracking must be enabled on NAT router 25. What is the default protocol/port of (secure) winbox? A. UDP/5678 B. TCP/22 C. TCP/8291 D. TCP/8080 Jawab : c Penjelasan ; port default dari winbox aalah 8291 1. A client uses a RouterBOARD1000. The clock is configured in '/system clock'. The clock resets to default after each reboot. Select the best solution for the problem. A. Write a script in '/system script' to set the clock B. Configure '/system ntp server' and set a valid and reachable NTP client address. C. Configure '/system ntp client' and set a valid and reachable NTP server address. D. Open the router and ensure the CMOS battery is fine. Jawab: C
Penjelasan : dengan memasang ntp client, maka ia akan mensingkronisasikan waktu sesuai dengan yang ada di internet, A, salah karna ketika reboot ia akan tetap kembali ke waktu sebelumnya B salah karena dhcp server digunakan untuk memberikan waktu (dan bertindak sebagai server) an ia tidak tersambung ke klien manapun D. rb 1000 tidak memiliki battry cmos 2. Which of the protocols below is used by Netinstall? A. arp B. bootp C. dhcp D. rarp Jawab : b Penjelasan : protocol yang digunakan adalah bootp untuk menginstalasi gn netinstall Jawaban a salah karena dungsi ARP adalah memetakan layer2 dan 3 Jawaban c salah karena dhcp berfungsi untuk membagikan ip Jawaban d salah karena adlh kebalikan dari ARP 3. /ip route configuration on router, /ip route add gateway=192.168.0.1 /ip route add dst-address=192.168.1.0/24 gateway=192.168.0.2 /ip route add dst-address=192.168.2.0/24 gateway=192.168.0.3 /ip route add dst-address=192.168.3.0/26 gateway=192.168.0.4 Router needs to send packets to 192.168.3.240. Which gateway will be used? A. 192.168.0.2 B. 192.168.0.4 C. 192.168.0.1 D. 192.168.0.3 Jawab : c Penjelasan : jawaban A dan B salah karena dst addressnya tidak sesuai dengan yang diminta Sedangkan yang D karena rangenya berbeda dengan 240 4. For a Simple Queue to apply a bandwidth restrictions on a bridged interface, following must be done: A. Configure an IP address on the bridge interface B. Use mangle to mark the connections C. Enable 'Use IP Firewall' in bridge settings D. Associate the Simple Queue to the bridge interface
5. Mark all correct answers A. Wireless access-list could allow and deny connect to your AP B. The only way to prevent wireless clients connections - disable wireless interface C. Default-Forwarding could be enabled for a specific clients by wireless access-list D. /ip firewall filter allows to deny authentication to AP Jawab : a saja Penjelasan : wirelesss access-list dapat menentukan mana yang boleh terhubung ke ap, caranya dengan mendisable default authentication Selainnya salah karena tidak sesuai 6. NAT rule is going to catch SMTP traffic and send it to a specific mail server. What is the correct action for a NAT rule? A. passthrough B. dst-nat C. redirect D. tarpit Jawab : b Penjelasan : karena untuk membelokan smtp traffic kesuatu network ialah tugas dst nat Untuk mengkonfigurasikannya ikuti command dibawah ini ip firewall nat add chain=dstnat protocol=tcp dst-port=25 action=dst-nat toaddresses=10.0.0.1 to-ports=25
7. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These flags mean:
A. Direct, Available, Connected B. Dynamic, Active, Connected C. Dynamic, Available, Created D. Dynamic, Active, Console Jawab : b Penjelasan : bisa dilihat di bawah ini Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
8. It is possible to create an encrypted PPPoE tunnel in RouterOS: Penjelasan : karena semua protocol ppp bisa di enkripsi 9. Action=redirect is applied in A. chain=srcnat B. chain=forward C. chain=dstnat Jawab : c Penjelasan: karena redirect membutuhkan destination bukan source atau pun forward 10. MikroTik RouterOS commands can be run once a day by: A. /system watchdog B. /system cron C. /system scheduler Jawab: c Pejelasan : karena scheduler mengatur jadwal kapan fitur tersebut dijalankan 11. Router has wireless and ethernet client interfaces, all client interfaces are bridged. To create a DHCP service for all clients, DHCP server must be configured on: A. Ethernet and wireless interfaces B. DHCP service is not possible in this setup C. Every bridge port D. Only on the bridge interface Jawab: D Penjelasan : karena interface wireless dan ethernetnya sudah di bridge sehingga harus dimasukan kedalam interface bridge 12. You want to use PCQ and allow 256k maximum download and upload for each client. Choose correct argument values for the required queue. A. kind=pcq pcq-rate=1256000 pcq-classifier=dst-address B. kind=pcq pcq-rate=5000000 pcq-classifier=src-address C. kind=pcq pcq-rate=256000 pcq-classifier=dst-address D. kind=pcq pcq-rate=5000000 pcq-classifier=dst-address E. kind=pcq pcq-rate=256000 pcq-classifier=src-address Jawab : C dan E Penjelasan :dalam PCQ untuk melimit Upload classifier yang diisi adalah Src-Address dan untuk Download classfier yang diisi aalah dst-address 13. Which is a default baud-rate of currently manufactured RouterBOARDs?
A. 115200 B. 9600 C. 38400 D. 11520 Jawaban :a Penjelasan : karena default yang dipasang ke netinstall adalah 11520 14. DHCP server is configured on a router’s ether1 interface. IP address 192.168.0.100/24 is assigned to the interface. Possible IP pools, that can be used by this DHCP server, are:
A. 192.169.0.1-192.169.0.254 B. 192.168.0.1-192.168.0.255 C. 192.168.0.1-192.168.0.99,192.168.0.101-192.168.0.254 D. 192.168.0.1-192.168.0.14 Jawab : c an d Penjelasan : karena untuk jawaban A dan B akan terjai overlap ip (ip gateway tidak dipisah) 15. There can be more than one PPPoE server in a single broadcast domain:
Jawab : true Penjelasa: karena dalam satu broadcast domain bisa menjalankan lebih dari satu point to point dalam satu network 16. Which wireless mode allows you to connect to any standard AP (not only MikroTik) and to be able to bridge this wireless interface to an Ethernet? A. station B. station-wds C. bridge D. station-pseudobridge Jawab : a Penjelasan : karena untuk jawaban B dan D khusus mikrotik untuk melakukan wds 17. To block communications between wireless clients connected to the same access point interface, you should set A. 'default-forwarding=no' B. 'max-station-count=1' C. 'default-authentication=no' D. 'default-authentication=no' and 'default-forwarding=no'
Jawab : a Penjelasan : karena no default-forwarding akan men disable layer 2 dari client 18. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is a router between server and end-user host, it will not be able to create PPPoE tunnel to that PPPoE server.
Jawaban : false Penjelasan : karena PPPOE bisa berjalan meskipun beda IP network 19. Which default route will be active? /ip route add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.1 add disabled=no distance=5 dst-address=0.0.0.0/0 gateway=2.2.2.2 A. Route via gateway 2.2.2.2 B. Route via gateway 1.1.1.1 Jawab : a Penjelasan :semakin kecil distance nya semakin di prioritaskan 20. Which are necessary sections in /queue simple to set bandwidth limitation? A. max-limit B. target-address, max-limit C. target-address, dst-address D. target-address, dst-address, max-limit Jawab : b Penjelasan : karena untuk simple queue hanya membutuhkan target dan juga max limit nya 21. Which option in the configuration of a wireless card must be disabled to cause the router to permit ONLY known clients listed in the access list to connect? A. Enable Access List B. Security Profile C. Default Authenticate D. Default Forward Jawab : c Penjelasan : karena dengan default authenticate semua bisa onnect ke ap tersebut 22. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package:
A. advanced-tools B. routing C. dhcp D. no extra package required Jawab : d Penjelasan :jika hanya static routing tidak memerlukan paket tambahan/extra package 23. Which firewall chain should you use to filter clients HTTP traffic going through the router? A. prerouting B. forward C. output D. input Jawab :b Penjelasan : kata kuncinya adalah “through” atau melewati sehingga yang dibutuhkan untuk “melewati” ialah chain=forward 24. What is necessary for PPPoE client configuration? A. ip firewall nat masquerade rule B. Interface (on which PPPoE client is going to work) C. Static IP address on PPPoE client interface Jawaban : b Penjelasan : karena yang dibutuhkan untuk pppoe client interface akan dipakai
25. Action=redirect can be used in NAT chain src-nat A. true B. false Jawab b Penjelasan: karena redirect membutuhkan destination bukan source atau pun forward
1. Is action=masquerade allowed in chain=dstnat? A. yes, but only if dst-addr is specified B. yes C. yes, but it works only for incoming connections D. no Jawaban : D Penjelasan : karena masquerade dipasang pada srcnat
2. What is the default protocol/port of (secure) winbox? A. UDP/5678 B. TCP/22 C. TCP/8291 D. TCP/8080 Jawaban : c Penjelasan : karena port default dari winbox adalah tcp 8291 3. Which is the default port of IP-Winbox? A. UDP 8291 B. TCP 80 C. TCP 8291 D. TCP 8192 Jawab : c Penjelasan : karena port default dari winbox adalah tcp 8291 4. During a scan, in order to see all the available wireless frequencies that are supported by the card, the following option must be selected in the wireless card's "Frequency Mode": A. manual txpower B. superchannel C. regulatory domain Jawab : c Penjelasan : karena memberi limit terhadap channel yang tersedia dan maximum transit sesuai dengan Negara masing2 5. Which are necessary sections in /queue simple to set bandwidth limitation? A. target-address, dst-address B. target-address, max-limit C. target-address, dst-address, max-limit D. max-limit Jawab :b Penjelasan : karena untuk simple queue hanya membutuhkan target dan juga max limit nya
6. RouterOS log messages are stored on disk by default False Penjelasan : karena log message nya disimpan di memory bukan di disk 7. In order to use dynamic keys in your wireless security profile for an AP, you MUST set up the dhcp server to provide the dynamic keys. False Penjelasan karena dhcp tidak mengirimkan dynamic key 8. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These flags mean: A. Dynamic, Active, Connected B. Dynamic, Active, Console C. Dynamic, Available, Created D. Direct, Available, Connected Jawab :a Penjelasan : bisa dilihat di bawah ini Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 9. Which wireless mode allows you to connect to any standard AP (not only MikroTik) and to be able to bridge this wireless interface to an Ethernet? A. station-pseudobridge B. station C. station-wds D. bridge Jawab : b Penjelasan : karena untuk jawaban B dan D khusus mikrotik untuk melakukan wds 10. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. no extra package required B. advanced-tools C. dhcp D. routing Jawab A Penjelasan : Penjelasan :jika hanya static routing tidak memerlukan paket tambahan/extra package 11. In RouterOS queue configurations the word "total" usually represents A. download B. upload + download C. upload D. download – upload
Jawab b Penjelasan : karena total itu merupakan upload + download 12. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is a router between server and end-user host, it will not be able to create PPPoE tunnel to that PPPoE server. False Penjelasan : Penjelasan : karena PPPOE bisa berjalan meskipun beda IP network
13. PPP Secrets are used for A. PPtP clients B. IPSec clients C. PPP clients D. Router users E. L2TP clients F. PPPoE clients Jawab : A,E,F Penjelasan : ppp secret berfungsi untuk membuat user an password untuk proses tunneling
14. When using routing option 'check-gateway=ping' after how many timeouts is gateway considered unreachable: A. 4 B. 3 C. 1 D. 2 15. Consider the following diagram. We want to communicate from a device on LAN1 to a device on LAN2. Assuming that all necessary configurations are already included on R2, which of the following configurations in R1 would enable this communication? A. /ip route add dst-address=192.168.1.0/24 src-address=192.168.0.0/24 gateway=192.168.99.2 B. /ip route add dst-address=0.0.0.0/0 gateway=192.168.99.2 C. /ip route add dst-address=192.168.0.0/24 gateway=192.168.0.1 D. /ip route add dst-address=0.0.0.0/0 gateway=Ether1 E. /ip route add dst-address=192.168.1.0/24 gateway=192.168.99.2 Jawab : Penjelasan: semuanya benar karena , D. bisa memakai interface, E. konfigurasi static routing yang lengkap B. bisa memakai Default route 16. What is possible with Netinstall?
A. MikroTik RouterOS reinstall B. MikroTik RouterOS password reset with saving router's configuration C. MikroTik RouterOS configuration reset Jawaban : semua benar Penjelasan : netiinstall dapat melakukan ketiganya 17. If you wish to block user access to MSN messenger, which chain should the firewall rule be placed in? A. input B. process C. forward D. output Jawaban : C Penjelasan : karena chain yang digunakan untuk data / paket dari luar router menuju luar lainnya menggunakan Chain=Forward 18. If ARP=reply-only is configured on an interface, this interface will A. accept all MAC-addresses listed in '/ip arp' as static entries B. accept IP and MAC address combinations listed in '/ip arp' list C. add new MAC addresses in '/ip arp' list D. add new IP addresses in '/ip arp' list E. accept all IP addresses listed in '/ip arp' as static entries Jawaban : A Penjelasan : ARP=reply-only hanya membalas bagi yang IP dan MAC Addressnya sudah tercantum 19. In WinBox when clicking the 'Backup' button in the Files window, the following happens (select all that apply): A. Backup file is created. Name contains the router identity, the date and time of its creation B. Backup file is saved to the computer desktop C. Backup file will contain usernames and passwords of the router D. Optionally backup name and password can be specified Jawaban : A Penjelasan : Backup File berguna untuk membackup seluruh Konfigurasi termasuk Router Ientity, tanggal dan waktu 20. What is marked by connection-state=established matcher? A. Packet begins a new TCP connection B. Packet does not correspond to any known connection C. Packet belongs to an existing connection,for example a reply packet or a packet which belongs to already replied connection D. Packet is related to, but not part of an existing connection Jawaban c
Penjelasan : karena estabilished merupakan hasil dari koneksi yang pernah ada Sedangkan 21. /ip firewall nat add chain=dstnat in-interface=ether1 protocol=tcp dst-port=3389 action=dst-nat toaddress=192.168.1.2 to-ports=81 The command shown above: A. Forwards any TCP traffic incoming through ether1 port 81 to the port 3389 of the internal host 192.168.1.2 B. Adds IP address 192.168.1.2 to the interface ether1 C. Forwards any TCP traffic incoming through ether1 port 3389 to the port 81 of the internal host 192.168.1.2 D. Forwards all TCP traffic from 192.168.1.2 to port 81 of the interface ether1 Jawaban : C Penjelasan : firewall nat akan membelokan traffic ari ether satu engan dst-port 3389 ke port 81.Jawaban A salah karena port yang dibelokkan salah, Jawaban A menjelaskan bahwa port 81 akan dibelokkan ke port 3389. 22. What is necessary for PPPoE client configuration? A. Interface (on which PPPoE client is going to work) B. ip firewall nat masquerade rule C. Static IP address on PPPoE client interface Jawaban : a Penjelasan : karena yang dibutuhkan untuk pppoe client interface akan dipakai 23. Mark all the features that can be used for limiting client registrations to your access point: A. access-list B. wpa C. WDS D. registration-table Jawaban : A Penjelasan : untuk melimit client yang connect kita bisa menggunakan Access-List. 24. You want to use PCQ and allow 256k maximum download and upload for each client. Choose correct argument values for the required queue. A. kind=pcq pcq-rate=256000 pcq-classifier=dst-address B. kind=pcq pcq-rate=1256000 pcq-classifier=dst-address C. kind=pcq pcq-rate=5000000 pcq-classifier=src-address D. kind=pcq pcq-rate=256000 pcq-classifier=src-address E. kind=pcq pcq-rate=5000000 pcq-classifier=dst-address Jawab : A dan D
Penjelasan :dalam PCQ untuk melimit Upload classifier yang diisi adalah Src-Address dan untuk Download classfier yang diisi aalah dst-address 25. There can be more than one PPPoE server in a single broadcast domain: True Jawab : true Penjelasa: karena dalam satu broadcast domain bisa menjalankan lebih dari satu point to point dalam satu network 1. You want to transfer existing '/ip firewall filter' configuration from one router to a new system. Choose the best possible way to do: A. Export only '/ip firewall filter' B. Create backup only of '/ip firewall filter' rules C. Create backup, edit backup file and restore on target router D. Export global configuration and remove everything apart from '/ip firewall filter' Jawab :a Penjelasan : karena untuk menambahkan nama fitur tersebut untuk export yang lebh spesifik 2. A. Five B. One C. Two D. Unlimited Jawab : b Penjelasan ; setiap interface hanya mendappat jatah 1 untuk setiap interface 3. There are two routes in the routing table: 0 dst-addr=10.1.1.0/24 gateway=5.5.5.5 1 dst-addr=10.1.1.4/30 gateway=5.6.6.6 Which gateway will be used to get to the IP address 10.1.1.6? A. both - half of the traffic will be routed through one gateway, half through the other B. 5.6.6.6 C. 5.5.5.5 D. the required route is not in the routing table
Jawab : b Penjelasan : karena dia termasuk dalam range yang sama dan juga paling spesifik Jawaban yang A dan c tidak termasuk karena mereka kurang spesifik, 4. A routing table has following entries: 0 dst-address=10.0.0.0/24 gateway=10.1.5.126 1 dst-address=10.1.5.0/24 gateway=10.1.1.1 2 dst-address=10.1.0.0/24 gateway=25.1.1.1 3 dst-address=10.1.5.0/25 gateway=10.1.1.2 Which gateway will be used for a packet with destination address 10.1.5.126?
A. 10.1.5.126 B. 10.1.1.1 C. 10.1.1.2 D. 25.1.1.1 Jawab : c Penjelasan : karena dia termasuk dalam range yang sama dan juga paling spesifik Jawaban yang A,B dan D tidak termasuk karena mereka kurang spesifik 5. Which port does PPTP use by default? A. TCP 1721 B. UDP 1721 C. UDP 1723 D. TCP 1723 JAWAB :d Penjelasan : karena port pptp berjalan pada tcp 1723 bukan udp 6. There are two wireless cards (wlan1 and wlan2) which are bridged together. On wlan1 card there is a setting "Forwarding=no". Choose the correct answer(s): A. Stations on wlan2 will be able to communicate with stations on wlan2
B. Stations on wlan2 will be able to communicate with stations on wlan1 C. Stations on wlan1 will be able to communicate with stations on wlan1 D. To prevent communication between wlan1 and wlan2 one cannot use Bridge Filters E. Stations on wlan1 will be able to communicate with stations on wlan2 7. Consider a wireless access point with mode=ap-bridge. What is the maximum number of concurrent clients that can connect to it? A. 2007 B. 2012 C. 2048 D. 1024 8. Consider the following diagram. We want to communicate from a device on LAN1 to a device on LAN2. Assuming that all necessary configurations are already included on R2, which of the following configurations in R1 would enable this communication? A. /ip route add dst-address=192.168.1.0/24 srcaddress=192.168.0.0/24 gateway=192.168.99.2 B. /ip route add dst-address=0.0.0.0/0 gateway=Ether1 C. /ip route add dst-address=192.168.0.0/24 gateway=192.168.0.1 D. /ip route add dst-address=192.168.1.0/24 gateway=192.168.99.2 E. /ip route add dst-address=0.0.0.0/0 gateway=192.168.99.2
Jawab : B,D.E Penjelasan: semuanya benar karena , B. bisa memakai interface, D. konfigurasi static routing yang lengkap E. bisa memakai efault route 9. PPP Secrets are used for A. PPtP clients B. L2TP clients C. Router users D. PPPoE clients E. IPSec clients
F. PPP clients Jawab : A,B,D Penjelasan : ppp secret berfungsi untuk membuat user an password untuk proses tunneling 10. For a Simple Queue to apply a bandwidth restrictions on a bridged interface, following must be done: A. Configure an IP address on the bridge interface B. Use mangle to mark the connections C. Associate the Simple Queue to the bridge interface D. Enable 'Use IP Firewall' in bridge settings Jawab : c Penjelasan : karena untuk menjalankan fungsi diatas mesti dipasang dibridge tersebut
11. In RouterOS queue configurations the word "total" usually represents A. download - upload B. upload C. upload + download D. Download Jawab : c Penjelasan : karena total itu merupakan upload + download 12. What does the firewall action "log" do? A. It logs and blocks the packet B. It blocks and logs the packet C. It adds a prefix to the packet and passes it through D. It logs the packet Jawab : D Penjelasan : log itu fungsi mencatat, bukan memblok ataupun mengijinkan data untuk leat 13. Which of the following is true for connection tracking A. Connection tracking must be enabled for NAT'ed network
B. Enabling connection tracking reduces CPU usage in RouterOS C. Disable connection tracking for mangle to work D. Connection tracking must be enabled to be able to use all firewall features 14. How many different priorities can be selected for queues in MikroTik RouterOS? A. 1 B. 16 C. 0 D. 8 Jawab : d Penjelasan : priority terbesar yang dapat diberikan pada client adlah 8 semakin kecil angkanya semaikn I prioritaskan 15. Which of the following keystrokes enables safe mode in console: A. Ctrl+x B. Ctrl+c C. Ctrl+d D. Ctrl+s Jawab : A Penjelasan ; 16. Select minimal set of software packages in RouteOS required to configuring a wireless AP A. wireless B. advanced-tools C. dhcp D. routing E. System Jawab : A dan E Penjelasan : karena untuk sekedar menghubungkan apstasion tidak dibutuhkan dhcp (untuk membagikan ip) dan juga routing (karena bisa memakai satu network yang sama) 17. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. no extra package required
B. advanced-tools C. dhcp D. Routing Jawab : A Penjelasan :jika hanya static routing tidak memerlukan paket tambahan/extra package 18. What is possible with Netinstall? A. MikroTik RouterOS reinstall B. MikroTik RouterOS password reset with saving router's configuration C. MikroTik RouterOS configuration reset Jawaban : semua benar Penjelasan : netiinstall dapat melakukan ketiganya 19. Possible actions of ip firewall filter are: A. bounce B. log C. accept D. tarp E. add-to-list F. Tarpit Jawab : B,C,D,F Penjelasan : 20. What is the minimal possible wireless configuration to create an Access Point? A. DFS mode B. WDS C. scan-list D. radio name E. mode F. frequency G. Band H. Ssid Jawab : g Penjelasan : jika hanya sekedar terhubung kita hanya mememrlukan band yang sama
21. What is the correct action for a NAT rule on a router that should intercept SMTP traffic and send it over to a specified mail server? A. redirect B. passthrough C. dst-nat D. Tarpit Jawab : c Karena : paket ingin DIOPER ke mail server 22. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is a router between server and end-user host, it will not be able to create PPPoE tunnel to that PPPoE server.
Penjelasan : karena PPPOE bisa berjalan meskipun beda IP network 23. It is possible to create an encrypted PPPoE tunnel in RouterOS:
24. Where should you upload new MikroTik RouterOS version packages for upgrading router? A. FTP root directory or /files directory of the router B. System Package menu C. Any directory in /files D. System Backup menu Jawab : c Penjelasan : karena setiap upgrade akan diletakan I directory file 25. During a scan, in order to see all the available wireless frequencies that are supported by the card, the following option must be selected in the wireless card's "Frequency Mode": A. regulatory domain B. superchannel C. manual txpower Jawab A
Penjelasan : karena memberi limit terhadap channel yang tersedia dan maximum transit sesuai dengan Negara masing2 1. What can be used as ’target-address’ in the simple queue? A. address list name B. client’s MAC address C. client’s address D. server’s address Jawab : c Penjelasan : karena untuk simple queue menggunakan ip address si client 2. When using routing option 'check-gateway=ping' after how many timeouts is gateway considered unreachable: A. 1 B. 3 C. 2 D. 4 Jawab : c Penjelasan : 3. The highest queue priority is A. 1 B. 8 C. 256 D. 16 Jawab :b Penjelasan : priority terbesar yang dapat diberikan pada client adlah 8 semakin kecil angkanya semaikn I prioritaskan 4. The 'connect-list' of wireless interfaces is used A. for specifying APs not to connect to B. for preventing communications between the clients C. for specifying APs to connect to D. for configuring SSID on the interface Jawab : a dan c Penjelasan : fungsi dari access-list ialah membatasi mana saja yang bisa connect ke ap tersebut
5. Which option in the configuration of a wireless s card must be disabled to cause the router to permit ONLY known clients listed in the access list to connect? A. Default Forward B. Default Authenticate C. Security Profile D. Enable Access List Jawab : b Penjelasan : karena dengan default authenticate semua bisa connect ke ap tersebut 6. DHCP server is configured on a router’s ether1 interface. IP address 192.168.0.100/24 is assigned to the interface. Possible IP pools, that can be used by this DHCP server, are:
A. 192.168.0.1-192.168.0.255 B. 192.168.0.1-192.168.0.99,192.168.0.101-192.168.0.254 C. 192.168.0.1-192.168.0.14 D. 192.169.0.1-192.169.0.254 Jawab : b dan c Penjelasan : karena untuk jawaban A dan B akan terjai overlap ip (ip gateway tidak dipisah) 7. There can be more than one PPPoE server in a single broadcast domain:
Jawab : true Penjelasa: karena dalam satu broadcast domain bisa menjalankan lebih dari satu point to point dalam satu network
8. There are two wireless cards (wlan1 and wlan2) which are bridged together. On wlan1 card there is a setting "Forwarding=no". Choose the correct answer(s): A. To prevent communication between wlan1 and wlan2 one cannot use Bridge Filters B. Stations on wlan2 will be able to communicate with stations on wlan1 C. Stations on wlan1 will be able to communicate with stations on wlan2 D. Stations on wlan1 will be able to communicate with stations on wlan1 E. Stations on wlan2 will be able to communicate with stations on wlan2 9. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These flags mean:
A. Dynamic, Active, Console B. Dynamic, Available, Created C. Dynamic, Active, Connected D. Direct, Available, Connected Penjelasan : bisa dilihat di bawah ini Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 10. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. no extra package required B. routing C. advanced-tools D. dhcp Jawaban : a Penjelasan :jika hanya static routing tidak memerlukan paket tambahan/extra package 11. Which of the following Routes statuses are possible? A. C = Connected B. A = Active C. S = Static D. D = Drop Jawab : abc Penjelsan : d tidak termasuk karena dia termasuk action dari firewall bukan status dari table routing 12. It is possible to create an encrypted PPPoE tunnel in RouterOS:
Jawab true penjelasan: karena dalam satu broadcast domain bisa menjalankan lebih dari satu point to point dalam satu network 13. Action=redirect allows you to make
A. Transparent HTTP Proxy B. Enable Local Service
C. Transparent DNS Cache D. Forward DNS to another device IP address Jawab : a dan c Penjelasan : karena redirect yang terpasang di dm chain=dstnat ini berfungsi untuk transparent http proxy dan juga transparent dns cache
14. What is possible with Netinstall? A. MikroTik RouterOS password reset with saving router's configuration B. MikroTik RouterOS configuration reset C. MikroTik RouterOS reinstall Jawaban : semua benar Penjelasan : netiinstall dapat melakukan ketiganya 15. A client uses a RouterBOARD1000. The clock is configured in '/system clock'. The clock resets to default after each reboot. Select the best solution for the problem. A. Write a script in '/system script' to set the clock B. Configure '/system ntp client' and set a valid and reachable NTP server address. C. Open the router and ensure the CMOS battery is fine. D. Configure '/system ntp server' and set a valid and reachable NTP client address. Jawab : b Penjelasan : dengan memasang ntp client, maka ia akan mensingkronisasikan waktu sesuai dengan yang ada di internet, A, salah karna ketika reboot ia akan tetap kembali ke waktu sebelumnya B salah karena dhcp server digunakan untuk memberikan waktu (dan bertindak sebagai server) an ia tidak tersambung ke klien manapun D. rb 1000 tidak memiliki battry cmos 16. A. One B. Unlimited C. Five D. Two Jawaban : a Penjelasan ; setiap interface hanya mendappat jatah 1 untuk setiap interface
17. A wireless interface 'wlan1' is added to a bridge interface 'br-lan'. To enable dhcp-server for wireless interface 'wlan1', on which interface should dhcp-server be configured? A. On both 'br-lan' and 'wlan1' B. The dhcp-server cannot be enabled neither on 'wlan1', nor on 'br-lan' C. On 'wlan1' D. On 'br-lan' Jawaban :D Penjelasan tidak perlu lagi membuat ip address di wlan apabila sudah dimasukan kedalam bridge 18. It is possible to have PPTP Client and PPTP server on one MikroTik router at the same time.
Jawab : true Penjelasa: karena d 19. Which firewall chain should be used for filters that protect your router interface? A. post-routing B. forward C. pre-routing D. input 20. What does the firewall action "Redirect" do? Select all true statements. A. Redirects a packet to a specified port on a host in the network B. Redirects a packet to a specified IP C. Redirects a packet to a specified port on the router D. Redirects a packet to the router 21. Which of the following would prevent unknown clients from connecting to your AP? Choose the BEST answer. A. Uncheck "Default Authenticate" in the wireless card configuration, and add each known client's MAC address to your connect-list configuration B. Configure the radius server under "/radius" C. Add each known client's MAC address to your access-list configuration is the only step needed D. Uncheck "Default Authenticate" in the wireless card configuration, and add each known client's MAC address to your access-list configuration ensuring that you enable "authenticate" in the entry E. Check the "Do not permit unknown client" box in the wireless configuration
Jawb Penjelasan : karena dengan default authenticate semua bisa connect ke ap tersebut 22. Which port does PPTP use by default? A. UDP 1723 B. UDP 1721 C. TCP 1723 D. TCP 1721 Jawab : c Penjelasan : Port yang dipakai pptp ialah 1723secara default 23. Which are necessary sections in /queue simple to set bandwidth limitation? A. target-address, max-limit B. max-limit C. target-address, dst-address D. target-address, dst-address, max-limit Jawab : a Penjelasan : karena untuk simple queue hanya membutuhkan target dan juga max limit nya 24. It is required to make a web server on a private LAN visible on the Public Internet. Only the web server port should be visible to the public. Which of the following configuration steps must be met. (select all that apply) A. A route between the NAT Router and the webserver must exist B. in ip firewall NAT there should be a dst-nat between the public ip of the router and the private ip of the webserver C. LAN address of the webserver should be routable on the internet D. Public IP address of the webserver must be installed on the NAT Router E. Connection Tracking must be enabled on NAT router 25. What is the default protocol/port of (secure) winbox? A. UDP/5678 B. TCP/22 C. TCP/8291 D. TCP/8080 Jawab : c Penjelasan ; port default dari winbox aalah 8291
1. A client uses a RouterBOARD1000. The clock is configured in '/system clock'. The clock resets to default after each reboot. Select the best solution for the problem. A. Write a script in '/system script' to set the clock B. Configure '/system ntp server' and set a valid and reachable NTP client address. C. Configure '/system ntp client' and set a valid and reachable NTP server address. D. Open the router and ensure the CMOS battery is fine. Jawab: C Penjelasan : dengan memasang ntp client, maka ia akan mensingkronisasikan waktu sesuai dengan yang ada di internet, A, salah karna ketika reboot ia akan tetap kembali ke waktu sebelumnya B salah karena dhcp server digunakan untuk memberikan waktu (dan bertindak sebagai server) an ia tidak tersambung ke klien manapun D. rb 1000 tidak memiliki battry cmos 2. Which of the protocols below is used by Netinstall? A. arp B. bootp C. dhcp D. rarp Jawab : b Penjelasan : protocol yang digunakan adalah bootp untuk menginstalasi gn netinstall Jawaban a salah karena dungsi ARP adalah memetakan layer2 dan 3 Jawaban c salah karena dhcp berfungsi untuk membagikan ip Jawaban d salah karena adlh kebalikan dari ARP 3. /ip route configuration on router, /ip route add gateway=192.168.0.1 /ip route add dst-address=192.168.1.0/24 gateway=192.168.0.2 /ip route add dst-address=192.168.2.0/24 gateway=192.168.0.3 /ip route add dst-address=192.168.3.0/26 gateway=192.168.0.4 Router needs to send packets to 192.168.3.240. Which gateway will be used? A. 192.168.0.2 B. 192.168.0.4 C. 192.168.0.1 D. 192.168.0.3 Jawab : c Penjelasan : jawaban A dan B salah karena dst addressnya tidak sesuai dengan yang diminta Sedangkan yang D karena rangenya berbeda dengan 240
4. For a Simple Queue to apply a bandwidth restrictions on a bridged interface, following must be done: A. Configure an IP address on the bridge interface B. Use mangle to mark the connections C. Enable 'Use IP Firewall' in bridge settings D. Associate the Simple Queue to the bridge interface 5. Mark all correct answers A. Wireless access-list could allow and deny connect to your AP B. The only way to prevent wireless clients connections - disable wireless interface C. Default-Forwarding could be enabled for a specific clients by wireless access-list D. /ip firewall filter allows to deny authentication to AP Jawab : a saja Penjelasan : wirelesss access-list dapat menentukan mana yang boleh terhubung ke ap, caranya dengan mendisable default authentication Selainnya salah karena tidak sesuai 6. NAT rule is going to catch SMTP traffic and send it to a specific mail server. What is the correct action for a NAT rule? A. passthrough B. dst-nat C. redirect D. tarpit Jawab : b Penjelasan : karena untuk membelokan smtp traffic kesuatu network ialah tugas dst nat Untuk mengkonfigurasikannya ikuti command dibawah ini ip firewall nat add chain=dstnat protocol=tcp dst-port=25 action=dst-nat toaddresses=10.0.0.1 to-ports=25
7. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These flags mean:
A. Direct, Available, Connected
B. Dynamic, Active, Connected C. Dynamic, Available, Created D. Dynamic, Active, Console Jawab : b Penjelasan : bisa dilihat di bawah ini Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 8. It is possible to create an encrypted PPPoE tunnel in RouterOS: Penjelasan : karena semua protocol ppp bisa di enkripsi 9. Action=redirect is applied in A. chain=srcnat B. chain=forward C. chain=dstnat Jawab : c Penjelasan: karena redirect membutuhkan destination bukan source atau pun forward 10. MikroTik RouterOS commands can be run once a day by: A. /system watchdog B. /system cron C. /system scheduler Jawab: c Pejelasan : karena scheduler mengatur jadwal kapan fitur tersebut dijalankan 11. Router has wireless and ethernet client interfaces, all client interfaces are bridged. To create a DHCP service for all clients, DHCP server must be configured on: A. Ethernet and wireless interfaces B. DHCP service is not possible in this setup C. Every bridge port D. Only on the bridge interface Jawab: D Penjelasan : karena interface wireless dan ethernetnya sudah di bridge sehingga harus dimasukan kedalam interface bridge 12. You want to use PCQ and allow 256k maximum download and upload for each client. Choose correct argument values for the required queue.
A. kind=pcq pcq-rate=1256000 pcq-classifier=dst-address B. kind=pcq pcq-rate=5000000 pcq-classifier=src-address C. kind=pcq pcq-rate=256000 pcq-classifier=dst-address D. kind=pcq pcq-rate=5000000 pcq-classifier=dst-address E. kind=pcq pcq-rate=256000 pcq-classifier=src-address Jawab : C dan E Penjelasan :dalam PCQ untuk melimit Upload classifier yang diisi adalah Src-Address dan untuk Download classfier yang diisi aalah dst-address 13. Which is a default baud-rate of currently manufactured RouterBOARDs? A. 115200 B. 9600 C. 38400 D. 11520 Jawaban :a Penjelasan : karena default yang dipasang ke netinstall adalah 11520 14. DHCP server is configured on a router’s ether1 interface. IP address 192.168.0.100/24 is assigned to the interface. Possible IP pools, that can be used by this DHCP server, are:
A. 192.169.0.1-192.169.0.254 B. 192.168.0.1-192.168.0.255 C. 192.168.0.1-192.168.0.99,192.168.0.101-192.168.0.254 D. 192.168.0.1-192.168.0.14 Jawab : c an d Penjelasan : karena untuk jawaban A dan B akan terjai overlap ip (ip gateway tidak dipisah) 15. There can be more than one PPPoE server in a single broadcast domain:
Jawab : true Penjelasa: karena dalam satu broadcast domain bisa menjalankan lebih dari satu point to point dalam satu network 16. Which wireless mode allows you to connect to any standard AP (not only MikroTik) and to be able to bridge this wireless interface to an Ethernet? A. station B. station-wds C. bridge
D. station-pseudobridge Jawab : a Penjelasan : karena untuk jawaban B dan D khusus mikrotik untuk melakukan wds 17. To block communications between wireless clients connected to the same access point interface, you should set A. 'default-forwarding=no' B. 'max-station-count=1' C. 'default-authentication=no' D. 'default-authentication=no' and 'default-forwarding=no' Jawab : a Penjelasan : karena no default-forwarding akan men disable layer 2 dari client 18. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is a router between server and end-user host, it will not be able to create PPPoE tunnel to that PPPoE server.
Jawaban : false Penjelasan : karena PPPOE bisa berjalan meskipun beda IP network 19. Which default route will be active? /ip route add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.1 add disabled=no distance=5 dst-address=0.0.0.0/0 gateway=2.2.2.2 A. Route via gateway 2.2.2.2 B. Route via gateway 1.1.1.1 Jawab : a Penjelasan :semakin kecil distance nya semakin di prioritaskan 20. Which are necessary sections in /queue simple to set bandwidth limitation? A. max-limit B. target-address, max-limit C. target-address, dst-address D. target-address, dst-address, max-limit Jawab : b Penjelasan : karena untuk simple queue hanya membutuhkan target dan juga max limit nya
21. Which option in the configuration of a wireless card must be disabled to cause the router to permit ONLY known clients listed in the access list to connect? A. Enable Access List B. Security Profile C. Default Authenticate D. Default Forward Jawab : c Penjelasan : karena dengan default authenticate semua bisa onnect ke ap tersebut 22. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. advanced-tools B. routing C. dhcp D. no extra package required Jawab : d Penjelasan :jika hanya static routing tidak memerlukan paket tambahan/extra package 23. Which firewall chain should you use to filter clients HTTP traffic going through the router? A. prerouting B. forward C. output D. input Jawab :b Penjelasan : kata kuncinya adalah “through” atau melewati sehingga yang dibutuhkan untuk “melewati” ialah chain=forward 24. What is necessary for PPPoE client configuration? A. ip firewall nat masquerade rule B. Interface (on which PPPoE client is going to work) C. Static IP address on PPPoE client interface Jawaban : b Penjelasan : karena yang dibutuhkan untuk pppoe client interface akan dipakai
25. Action=redirect can be used in NAT chain src-nat A. true B. false Jawab b Penjelasan: karena redirect membutuhkan destination bukan source atau pun forward
1. Is action=masquerade allowed in chain=dstnat? A. yes, but only if dst-addr is specified B. yes C. yes, but it works only for incoming connections D. no Jawaban : D Penjelasan : karena masquerade dipasang pada srcnat
2. What is the default protocol/port of (secure) winbox? A. UDP/5678 B. TCP/22 C. TCP/8291 D. TCP/8080 Jawaban : c Penjelasan : karena port default dari winbox adalah tcp 8291 3. Which is the default port of IP-Winbox? A. UDP 8291 B. TCP 80 C. TCP 8291 D. TCP 8192 Jawab : c Penjelasan : karena port default dari winbox adalah tcp 8291 4. During a scan, in order to see all the available wireless frequencies that are supported by the card, the following option must be selected in the wireless card's "Frequency Mode": A. manual txpower B. superchannel C. regulatory domain
Jawab : c Penjelasan : karena memberi limit terhadap channel yang tersedia dan maximum transit sesuai dengan Negara masing2 5. Which are necessary sections in /queue simple to set bandwidth limitation? A. target-address, dst-address B. target-address, max-limit C. target-address, dst-address, max-limit D. max-limit Jawab :b Penjelasan : karena untuk simple queue hanya membutuhkan target dan juga max limit nya 6. RouterOS log messages are stored on disk by default False Penjelasan : karena log message nya disimpan di memory bukan di disk 7. In order to use dynamic keys in your wireless security profile for an AP, you MUST set up the dhcp server to provide the dynamic keys. False Penjelasan karena dhcp tidak mengirimkan dynamic key 8. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These flags mean: A. Dynamic, Active, Connected B. Dynamic, Active, Console C. Dynamic, Available, Created D. Direct, Available, Connected Jawab :a Penjelasan : bisa dilihat di bawah ini Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 9. Which wireless mode allows you to connect to any standard AP (not only MikroTik) and to be able to bridge this wireless interface to an Ethernet? A. station-pseudobridge B. station C. station-wds D. bridge Jawab : b Penjelasan : karena untuk jawaban B dan D khusus mikrotik untuk melakukan wds
10. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. no extra package required B. advanced-tools C. dhcp D. routing Jawab A Penjelasan : Penjelasan :jika hanya static routing tidak memerlukan paket tambahan/extra package 11. In RouterOS queue configurations the word "total" usually represents A. download B. upload + download C. upload D. download – upload Jawab b Penjelasan : karena total itu merupakan upload + download 12. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is a router between server and end-user host, it will not be able to create PPPoE tunnel to that PPPoE server. False Penjelasan : Penjelasan : karena PPPOE bisa berjalan meskipun beda IP network
13. PPP Secrets are used for A. PPtP clients B. IPSec clients C. PPP clients D. Router users E. L2TP clients F. PPPoE clients Jawab : A,E,F Penjelasan : ppp secret berfungsi untuk membuat user an password untuk proses tunneling
14. When using routing option 'check-gateway=ping' after how many timeouts is gateway considered unreachable: A. 4 B. 3 C. 1 D. 2
15. Consider the following diagram. We want to communicate from a device on LAN1 to a device on LAN2. Assuming that all necessary configurations are already included on R2, which of the following configurations in R1 would enable this communication? A. /ip route add dst-address=192.168.1.0/24 src-address=192.168.0.0/24 gateway=192.168.99.2 B. /ip route add dst-address=0.0.0.0/0 gateway=192.168.99.2 C. /ip route add dst-address=192.168.0.0/24 gateway=192.168.0.1 D. /ip route add dst-address=0.0.0.0/0 gateway=Ether1 E. /ip route add dst-address=192.168.1.0/24 gateway=192.168.99.2 Jawab : Penjelasan: semuanya benar karena , D. bisa memakai interface, E. konfigurasi static routing yang lengkap B. bisa memakai Default route 16. What is possible with Netinstall? A. MikroTik RouterOS reinstall B. MikroTik RouterOS password reset with saving router's configuration C. MikroTik RouterOS configuration reset Jawaban : semua benar Penjelasan : netiinstall dapat melakukan ketiganya 17. If you wish to block user access to MSN messenger, which chain should the firewall rule be placed in? A. input B. process C. forward D. output Jawaban : C Penjelasan : karena chain yang digunakan untuk data / paket dari luar router menuju luar lainnya menggunakan Chain=Forward 18. If ARP=reply-only is configured on an interface, this interface will A. accept all MAC-addresses listed in '/ip arp' as static entries B. accept IP and MAC address combinations listed in '/ip arp' list C. add new MAC addresses in '/ip arp' list D. add new IP addresses in '/ip arp' list E. accept all IP addresses listed in '/ip arp' as static entries Jawaban : A Penjelasan : ARP=reply-only hanya membalas bagi yang IP dan MAC Addressnya sudah tercantum
19. In WinBox when clicking the 'Backup' button in the Files window, the following happens (select all that apply): A. Backup file is created. Name contains the router identity, the date and time of its creation B. Backup file is saved to the computer desktop C. Backup file will contain usernames and passwords of the router D. Optionally backup name and password can be specified Jawaban : A Penjelasan : Backup File berguna untuk membackup seluruh Konfigurasi termasuk Router Ientity, tanggal dan waktu 20. What is marked by connection-state=established matcher? A. Packet begins a new TCP connection B. Packet does not correspond to any known connection C. Packet belongs to an existing connection,for example a reply packet or a packet which belongs to already replied connection D. Packet is related to, but not part of an existing connection Jawaban c Penjelasan : karena estabilished merupakan hasil dari koneksi yang pernah ada Sedangkan 21. /ip firewall nat add chain=dstnat in-interface=ether1 protocol=tcp dst-port=3389 action=dst-nat toaddress=192.168.1.2 to-ports=81 The command shown above: A. Forwards any TCP traffic incoming through ether1 port 81 to the port 3389 of the internal host 192.168.1.2 B. Adds IP address 192.168.1.2 to the interface ether1 C. Forwards any TCP traffic incoming through ether1 port 3389 to the port 81 of the internal host 192.168.1.2 D. Forwards all TCP traffic from 192.168.1.2 to port 81 of the interface ether1 Jawaban : C Penjelasan : firewall nat akan membelokan traffic ari ether satu engan dst-port 3389 ke port 81.Jawaban A salah karena port yang dibelokkan salah, Jawaban A menjelaskan bahwa port 81 akan dibelokkan ke port 3389. 22. What is necessary for PPPoE client configuration? A. Interface (on which PPPoE client is going to work) B. ip firewall nat masquerade rule C. Static IP address on PPPoE client interface Jawaban : a Penjelasan : karena yang dibutuhkan untuk pppoe client interface akan dipakai 23. Mark all the features that can be used for limiting client registrations to your access point:
A. access-list B. wpa C. WDS D. registration-table Jawaban : A Penjelasan : untuk melimit client yang connect kita bisa menggunakan Access-List. 24. You want to use PCQ and allow 256k maximum download and upload for each client. Choose correct argument values for the required queue. A. kind=pcq pcq-rate=256000 pcq-classifier=dst-address B. kind=pcq pcq-rate=1256000 pcq-classifier=dst-address C. kind=pcq pcq-rate=5000000 pcq-classifier=src-address D. kind=pcq pcq-rate=256000 pcq-classifier=src-address E. kind=pcq pcq-rate=5000000 pcq-classifier=dst-address Jawab : A dan D Penjelasan :dalam PCQ untuk melimit Upload classifier yang diisi adalah Src-Address dan untuk Download classfier yang diisi aalah dst-address 25. There can be more than one PPPoE server in a single broadcast domain: True Jawab : true Penjelasa: karena dalam satu broadcast domain bisa menjalankan lebih dari satu point to point dalam satu network 1. You want to transfer existing '/ip firewall filter' configuration from one router to a new system. Choose the best possible way to do: A. Export only '/ip firewall filter' B. Create backup only of '/ip firewall filter' rules C. Create backup, edit backup file and restore on target router D. Export global configuration and remove everything apart from '/ip firewall filter' Jawab :a Penjelasan : karena untuk menambahkan nama fitur tersebut untuk export yang lebh spesifik 2. A. Five B. One C. Two
D. Unlimited Jawab : b Penjelasan ; setiap interface hanya mendappat jatah 1 untuk setiap interface 3. There are two routes in the routing table: 0 dst-addr=10.1.1.0/24 gateway=5.5.5.5 1 dst-addr=10.1.1.4/30 gateway=5.6.6.6 Which gateway will be used to get to the IP address 10.1.1.6? A. both - half of the traffic will be routed through one gateway, half through the other B. 5.6.6.6 C. 5.5.5.5 D. the required route is not in the routing table Jawab : b Penjelasan : karena dia termasuk dalam range yang sama dan juga paling spesifik Jawaban yang A dan c tidak termasuk karena mereka kurang spesifik, 4. A routing table has following entries: 0 dst-address=10.0.0.0/24 gateway=10.1.5.126 1 dst-address=10.1.5.0/24 gateway=10.1.1.1 2 dst-address=10.1.0.0/24 gateway=25.1.1.1 3 dst-address=10.1.5.0/25 gateway=10.1.1.2 Which gateway will be used for a packet with destination address 10.1.5.126?
A. 10.1.5.126 B. 10.1.1.1 C. 10.1.1.2 D. 25.1.1.1 Jawab : c Penjelasan : karena dia termasuk dalam range yang sama dan juga paling spesifik Jawaban yang A,B dan D tidak termasuk karena mereka kurang spesifik
5. Which port does PPTP use by default? A. TCP 1721 B. UDP 1721 C. UDP 1723 D. TCP 1723 JAWAB :d Penjelasan : karena port pptp berjalan pada tcp 1723 bukan udp 6. There are two wireless cards (wlan1 and wlan2) which are bridged together. On wlan1 card there is a setting "Forwarding=no". Choose the correct answer(s): A. Stations on wlan2 will be able to communicate with stations on wlan2 B. Stations on wlan2 will be able to communicate with stations on wlan1 C. Stations on wlan1 will be able to communicate with stations on wlan1 D. To prevent communication between wlan1 and wlan2 one cannot use Bridge Filters E. Stations on wlan1 will be able to communicate with stations on wlan2 7. Consider a wireless access point with mode=ap-bridge. What is the maximum number of concurrent clients that can connect to it? A. 2007 B. 2012 C. 2048 D. 1024 8. Consider the following diagram. We want to communicate from a device on LAN1 to a device on LAN2. Assuming that all necessary configurations are already included on R2, which of the following configurations in R1 would enable this communication? A. /ip route add dst-address=192.168.1.0/24 srcaddress=192.168.0.0/24 gateway=192.168.99.2 B. /ip route add dst-address=0.0.0.0/0 gateway=Ether1 C. /ip route add dst-address=192.168.0.0/24 gateway=192.168.0.1 D. /ip route add dst-address=192.168.1.0/24 gateway=192.168.99.2
E. /ip route add dst-address=0.0.0.0/0 gateway=192.168.99.2
Jawab : B,D.E Penjelasan: semuanya benar karena , B. bisa memakai interface, D. konfigurasi static routing yang lengkap E. bisa memakai efault route 9. PPP Secrets are used for A. PPtP clients B. L2TP clients C. Router users D. PPPoE clients E. IPSec clients F. PPP clients Jawab : A,B,D Penjelasan : ppp secret berfungsi untuk membuat user an password untuk proses tunneling 10. For a Simple Queue to apply a bandwidth restrictions on a bridged interface, following must be done: A. Configure an IP address on the bridge interface B. Use mangle to mark the connections C. Associate the Simple Queue to the bridge interface D. Enable 'Use IP Firewall' in bridge settings Jawab : c Penjelasan : karena untuk menjalankan fungsi diatas mesti dipasang dibridge tersebut
11. In RouterOS queue configurations the word "total" usually represents A. download - upload B. upload C. upload + download D. Download Jawab : c
Penjelasan : karena total itu merupakan upload + download 12. What does the firewall action "log" do? A. It logs and blocks the packet B. It blocks and logs the packet C. It adds a prefix to the packet and passes it through D. It logs the packet Jawab : D Penjelasan : log itu fungsi mencatat, bukan memblok ataupun mengijinkan data untuk leat 13. Which of the following is true for connection tracking A. Connection tracking must be enabled for NAT'ed network B. Enabling connection tracking reduces CPU usage in RouterOS C. Disable connection tracking for mangle to work D. Connection tracking must be enabled to be able to use all firewall features 14. How many different priorities can be selected for queues in MikroTik RouterOS? A. 1 B. 16 C. 0 D. 8 Jawab : d Penjelasan : priority terbesar yang dapat diberikan pada client adlah 8 semakin kecil angkanya semaikn I prioritaskan 15. Which of the following keystrokes enables safe mode in console: A. Ctrl+x B. Ctrl+c C. Ctrl+d D. Ctrl+s Jawab : A Penjelasan ;
16. Select minimal set of software packages in RouteOS required to configuring a wireless AP A. wireless B. advanced-tools C. dhcp D. routing E. System Jawab : A dan E Penjelasan : karena untuk sekedar menghubungkan apstasion tidak dibutuhkan dhcp (untuk membagikan ip) dan juga routing (karena bisa memakai satu network yang sama) 17. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. no extra package required B. advanced-tools C. dhcp D. Routing Jawab : A Penjelasan :jika hanya static routing tidak memerlukan paket tambahan/extra package 18. What is possible with Netinstall? A. MikroTik RouterOS reinstall B. MikroTik RouterOS password reset with saving router's configuration C. MikroTik RouterOS configuration reset Jawaban : semua benar Penjelasan : netiinstall dapat melakukan ketiganya 19. Possible actions of ip firewall filter are: A. bounce B. log C. accept D. tarp E. add-to-list F. Tarpit
Jawab : B,C,D,F Penjelasan : 20. What is the minimal possible wireless configuration to create an Access Point? A. DFS mode B. WDS C. scan-list D. radio name E. mode F. frequency G. Band H. Ssid Jawab : g Penjelasan : jika hanya sekedar terhubung kita hanya mememrlukan band yang sama 21. What is the correct action for a NAT rule on a router that should intercept SMTP traffic and send it over to a specified mail server? A. redirect B. passthrough C. dst-nat D. Tarpit Jawab : c Karena : paket ingin DIOPER ke mail server 22. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is a router between server and end-user host, it will not be able to create PPPoE tunnel to that PPPoE server.
Penjelasan : karena PPPOE bisa berjalan meskipun beda IP network 23. It is possible to create an encrypted PPPoE tunnel in RouterOS:
24. Where should you upload new MikroTik RouterOS version packages for upgrading router?
A. FTP root directory or /files directory of the router B. System Package menu C. Any directory in /files D. System Backup menu Jawab : c Penjelasan : karena setiap upgrade akan diletakan I directory file 25. During a scan, in order to see all the available wireless frequencies that are supported by the card, the following option must be selected in the wireless card's "Frequency Mode": A. regulatory domain B. superchannel C. manual txpower Jawab A Penjelasan : karena memberi limit terhadap channel yang tersedia dan maximum transit sesuai dengan Negara masing2 1. What can be used as ’target-address’ in the simple queue? A. address list name B. client’s MAC address C. client’s address D. server’s address Jawab : c Penjelasan : karena untuk simple queue menggunakan ip address si client 2. When using routing option 'check-gateway=ping' after how many timeouts is gateway considered unreachable: A. 1 B. 3 C. 2 D. 4 Jawab : c Penjelasan : 3. The highest queue priority is A. 1 B. 8
C. 256 D. 16 Jawab :b Penjelasan : priority terbesar yang dapat diberikan pada client adlah 8 semakin kecil angkanya semaikn I prioritaskan 4. The 'connect-list' of wireless interfaces is used A. for specifying APs not to connect to B. for preventing communications between the clients C. for specifying APs to connect to D. for configuring SSID on the interface Jawab : a dan c Penjelasan : fungsi dari access-list ialah membatasi mana saja yang bisa connect ke ap tersebut 5. Which option in the configuration of a wireless s card must be disabled to cause the router to permit ONLY known clients listed in the access list to connect? A. Default Forward B. Default Authenticate C. Security Profile D. Enable Access List Jawab : b Penjelasan : karena dengan default authenticate semua bisa connect ke ap tersebut 6. DHCP server is configured on a router’s ether1 interface. IP address 192.168.0.100/24 is assigned to the interface. Possible IP pools, that can be used by this DHCP server, are:
A. 192.168.0.1-192.168.0.255 B. 192.168.0.1-192.168.0.99,192.168.0.101-192.168.0.254 C. 192.168.0.1-192.168.0.14 D. 192.169.0.1-192.169.0.254 Jawab : b dan c Penjelasan : karena untuk jawaban A dan B akan terjai overlap ip (ip gateway tidak dipisah) 7. There can be more than one PPPoE server in a single broadcast domain:
Jawab : true Penjelasa: karena dalam satu broadcast domain bisa menjalankan lebih dari satu point to point dalam satu network
8. There are two wireless cards (wlan1 and wlan2) which are bridged together. On wlan1 card there is a setting "Forwarding=no". Choose the correct answer(s): A. To prevent communication between wlan1 and wlan2 one cannot use Bridge Filters B. Stations on wlan2 will be able to communicate with stations on wlan1 C. Stations on wlan1 will be able to communicate with stations on wlan2 D. Stations on wlan1 will be able to communicate with stations on wlan1 E. Stations on wlan2 will be able to communicate with stations on wlan2 9. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These flags mean:
A. Dynamic, Active, Console B. Dynamic, Available, Created C. Dynamic, Active, Connected D. Direct, Available, Connected Penjelasan : bisa dilihat di bawah ini Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 10. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. no extra package required B. routing C. advanced-tools D. dhcp Jawaban : a Penjelasan :jika hanya static routing tidak memerlukan paket tambahan/extra package 11. Which of the following Routes statuses are possible? A. C = Connected B. A = Active C. S = Static
D. D = Drop Jawab : abc Penjelsan : d tidak termasuk karena dia termasuk action dari firewall bukan status dari table routing 12. It is possible to create an encrypted PPPoE tunnel in RouterOS:
Jawab true penjelasan: karena dalam satu broadcast domain bisa menjalankan lebih dari satu point to point dalam satu network 13. Action=redirect allows you to make
A. Transparent HTTP Proxy B. Enable Local Service C. Transparent DNS Cache D. Forward DNS to another device IP address Jawab : a dan c Penjelasan : karena redirect yang terpasang di dm chain=dstnat ini berfungsi untuk transparent http proxy dan juga transparent dns cache
14. What is possible with Netinstall? A. MikroTik RouterOS password reset with saving router's configuration B. MikroTik RouterOS configuration reset C. MikroTik RouterOS reinstall Jawaban : semua benar Penjelasan : netiinstall dapat melakukan ketiganya 15. A client uses a RouterBOARD1000. The clock is configured in '/system clock'. The clock resets to default after each reboot. Select the best solution for the problem. A. Write a script in '/system script' to set the clock B. Configure '/system ntp client' and set a valid and reachable NTP server address. C. Open the router and ensure the CMOS battery is fine. D. Configure '/system ntp server' and set a valid and reachable NTP client address. Jawab : b
Penjelasan : dengan memasang ntp client, maka ia akan mensingkronisasikan waktu sesuai dengan yang ada di internet, A, salah karna ketika reboot ia akan tetap kembali ke waktu sebelumnya B salah karena dhcp server digunakan untuk memberikan waktu (dan bertindak sebagai server) an ia tidak tersambung ke klien manapun D. rb 1000 tidak memiliki battry cmos 16. A. One B. Unlimited C. Five D. Two Jawaban : a Penjelasan ; setiap interface hanya mendappat jatah 1 untuk setiap interface 17. A wireless interface 'wlan1' is added to a bridge interface 'br-lan'. To enable dhcp-server for wireless interface 'wlan1', on which interface should dhcp-server be configured? A. On both 'br-lan' and 'wlan1' B. The dhcp-server cannot be enabled neither on 'wlan1', nor on 'br-lan' C. On 'wlan1' D. On 'br-lan' Jawaban :D Penjelasan tidak perlu lagi membuat ip address di wlan apabila sudah dimasukan kedalam bridge 18. It is possible to have PPTP Client and PPTP server on one MikroTik router at the same time.
Jawab : true Penjelasa: karena d 19. Which firewall chain should be used for filters that protect your router interface? A. post-routing B. forward C. pre-routing D. input 20. What does the firewall action "Redirect" do? Select all true statements. A. Redirects a packet to a specified port on a host in the network B. Redirects a packet to a specified IP
C. Redirects a packet to a specified port on the router D. Redirects a packet to the router 21. Which of the following would prevent unknown clients from connecting to your AP? Choose the BEST answer. A. Uncheck "Default Authenticate" in the wireless card configuration, and add each known client's MAC address to your connect-list configuration B. Configure the radius server under "/radius" C. Add each known client's MAC address to your access-list configuration is the only step needed D. Uncheck "Default Authenticate" in the wireless card configuration, and add each known client's MAC address to your access-list configuration ensuring that you enable "authenticate" in the entry E. Check the "Do not permit unknown client" box in the wireless configuration Jawb Penjelasan : karena dengan default authenticate semua bisa connect ke ap tersebut 22. Which port does PPTP use by default? A. UDP 1723 B. UDP 1721 C. TCP 1723 D. TCP 1721 Jawab : c Penjelasan : Port yang dipakai pptp ialah 1723secara default 23. Which are necessary sections in /queue simple to set bandwidth limitation? A. target-address, max-limit B. max-limit C. target-address, dst-address D. target-address, dst-address, max-limit Jawab : a Penjelasan : karena untuk simple queue hanya membutuhkan target dan juga max limit nya 24. It is required to make a web server on a private LAN visible on the Public Internet. Only the web server port should be visible to the public. Which of the following configuration steps must be met. (select all that apply) A. A route between the NAT Router and the webserver must exist B. in ip firewall NAT there should be a dst-nat between the public ip of the router and the private ip of the webserver
C. LAN address of the webserver should be routable on the internet D. Public IP address of the webserver must be installed on the NAT Router E. Connection Tracking must be enabled on NAT router 25. What is the default protocol/port of (secure) winbox? A. UDP/5678 B. TCP/22 C. TCP/8291 D. TCP/8080 Jawab : c Penjelasan ; port default dari winbox aalah 8291 1. A client uses a RouterBOARD1000. The clock is configured in '/system clock'. The clock resets to default after each reboot. Select the best solution for the problem. A. Write a script in '/system script' to set the clock B. Configure '/system ntp server' and set a valid and reachable NTP client address. C. Configure '/system ntp client' and set a valid and reachable NTP server address. D. Open the router and ensure the CMOS battery is fine. Jawab: C Penjelasan : dengan memasang ntp client, maka ia akan mensingkronisasikan waktu sesuai dengan yang ada di internet, A, salah karna ketika reboot ia akan tetap kembali ke waktu sebelumnya B salah karena dhcp server digunakan untuk memberikan waktu (dan bertindak sebagai server) an ia tidak tersambung ke klien manapun D. rb 1000 tidak memiliki battry cmos 2. Which of the protocols below is used by Netinstall? A. arp B. bootp C. dhcp D. rarp Jawab : b Penjelasan : protocol yang digunakan adalah bootp untuk menginstalasi gn netinstall Jawaban a salah karena dungsi ARP adalah memetakan layer2 dan 3 Jawaban c salah karena dhcp berfungsi untuk membagikan ip Jawaban d salah karena adlh kebalikan dari ARP
3. /ip route configuration on router, /ip route add gateway=192.168.0.1 /ip route add dst-address=192.168.1.0/24 gateway=192.168.0.2 /ip route add dst-address=192.168.2.0/24 gateway=192.168.0.3 /ip route add dst-address=192.168.3.0/26 gateway=192.168.0.4 Router needs to send packets to 192.168.3.240. Which gateway will be used? A. 192.168.0.2 B. 192.168.0.4 C. 192.168.0.1 D. 192.168.0.3 Jawab : c Penjelasan : jawaban A dan B salah karena dst addressnya tidak sesuai dengan yang diminta Sedangkan yang D karena rangenya berbeda dengan 240 4. For a Simple Queue to apply a bandwidth restrictions on a bridged interface, following must be done: A. Configure an IP address on the bridge interface B. Use mangle to mark the connections C. Enable 'Use IP Firewall' in bridge settings D. Associate the Simple Queue to the bridge interface 5. Mark all correct answers A. Wireless access-list could allow and deny connect to your AP B. The only way to prevent wireless clients connections - disable wireless interface C. Default-Forwarding could be enabled for a specific clients by wireless access-list D. /ip firewall filter allows to deny authentication to AP Jawab : a saja Penjelasan : wirelesss access-list dapat menentukan mana yang boleh terhubung ke ap, caranya dengan mendisable default authentication Selainnya salah karena tidak sesuai 6. NAT rule is going to catch SMTP traffic and send it to a specific mail server. What is the correct action for a NAT rule? A. passthrough B. dst-nat C. redirect
D. tarpit Jawab : b Penjelasan : karena untuk membelokan smtp traffic kesuatu network ialah tugas dst nat Untuk mengkonfigurasikannya ikuti command dibawah ini ip firewall nat add chain=dstnat protocol=tcp dst-port=25 action=dst-nat toaddresses=10.0.0.1 to-ports=25
7. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These flags mean:
A. Direct, Available, Connected B. Dynamic, Active, Connected C. Dynamic, Available, Created D. Dynamic, Active, Console Jawab : b Penjelasan : bisa dilihat di bawah ini Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 8. It is possible to create an encrypted PPPoE tunnel in RouterOS: Penjelasan : karena semua protocol ppp bisa di enkripsi 9. Action=redirect is applied in A. chain=srcnat B. chain=forward C. chain=dstnat Jawab : c Penjelasan: karena redirect membutuhkan destination bukan source atau pun forward 10. MikroTik RouterOS commands can be run once a day by: A. /system watchdog B. /system cron C. /system scheduler
Jawab: c Pejelasan : karena scheduler mengatur jadwal kapan fitur tersebut dijalankan 11. Router has wireless and ethernet client interfaces, all client interfaces are bridged. To create a DHCP service for all clients, DHCP server must be configured on: A. Ethernet and wireless interfaces B. DHCP service is not possible in this setup C. Every bridge port D. Only on the bridge interface Jawab: D Penjelasan : karena interface wireless dan ethernetnya sudah di bridge sehingga harus dimasukan kedalam interface bridge 12. You want to use PCQ and allow 256k maximum download and upload for each client. Choose correct argument values for the required queue. A. kind=pcq pcq-rate=1256000 pcq-classifier=dst-address B. kind=pcq pcq-rate=5000000 pcq-classifier=src-address C. kind=pcq pcq-rate=256000 pcq-classifier=dst-address D. kind=pcq pcq-rate=5000000 pcq-classifier=dst-address E. kind=pcq pcq-rate=256000 pcq-classifier=src-address Jawab : C dan E Penjelasan :dalam PCQ untuk melimit Upload classifier yang diisi adalah Src-Address dan untuk Download classfier yang diisi aalah dst-address 13. Which is a default baud-rate of currently manufactured RouterBOARDs? A. 115200 B. 9600 C. 38400 D. 11520 Jawaban :a Penjelasan : karena default yang dipasang ke netinstall adalah 11520 14. DHCP server is configured on a router’s ether1 interface. IP address 192.168.0.100/24 is assigned to the interface. Possible IP pools, that can be used by this DHCP server, are:
A. 192.169.0.1-192.169.0.254 B. 192.168.0.1-192.168.0.255 C. 192.168.0.1-192.168.0.99,192.168.0.101-192.168.0.254 D. 192.168.0.1-192.168.0.14
Jawab : c an d Penjelasan : karena untuk jawaban A dan B akan terjai overlap ip (ip gateway tidak dipisah) 15. There can be more than one PPPoE server in a single broadcast domain:
Jawab : true Penjelasa: karena dalam satu broadcast domain bisa menjalankan lebih dari satu point to point dalam satu network 16. Which wireless mode allows you to connect to any standard AP (not only MikroTik) and to be able to bridge this wireless interface to an Ethernet? A. station B. station-wds C. bridge D. station-pseudobridge Jawab : a Penjelasan : karena untuk jawaban B dan D khusus mikrotik untuk melakukan wds 17. To block communications between wireless clients connected to the same access point interface, you should set A. 'default-forwarding=no' B. 'max-station-count=1' C. 'default-authentication=no' D. 'default-authentication=no' and 'default-forwarding=no' Jawab : a Penjelasan : karena no default-forwarding akan men disable layer 2 dari client 18. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is a router between server and end-user host, it will not be able to create PPPoE tunnel to that PPPoE server.
Jawaban : false Penjelasan : karena PPPOE bisa berjalan meskipun beda IP network 19. Which default route will be active? /ip route add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.1 add disabled=no distance=5 dst-address=0.0.0.0/0 gateway=2.2.2.2 A. Route via gateway 2.2.2.2
B. Route via gateway 1.1.1.1 Jawab : a Penjelasan :semakin kecil distance nya semakin di prioritaskan 20. Which are necessary sections in /queue simple to set bandwidth limitation? A. max-limit B. target-address, max-limit C. target-address, dst-address D. target-address, dst-address, max-limit Jawab : b Penjelasan : karena untuk simple queue hanya membutuhkan target dan juga max limit nya 21. Which option in the configuration of a wireless card must be disabled to cause the router to permit ONLY known clients listed in the access list to connect? A. Enable Access List B. Security Profile C. Default Authenticate D. Default Forward Jawab : c Penjelasan : karena dengan default authenticate semua bisa onnect ke ap tersebut 22. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. advanced-tools B. routing C. dhcp D. no extra package required Jawab : d Penjelasan :jika hanya static routing tidak memerlukan paket tambahan/extra package 23. Which firewall chain should you use to filter clients HTTP traffic going through the router? A. prerouting B. forward C. output D. input Jawab :b
Penjelasan : kata kuncinya adalah “through” atau melewati sehingga yang dibutuhkan untuk “melewati” ialah chain=forward 24. What is necessary for PPPoE client configuration? A. ip firewall nat masquerade rule B. Interface (on which PPPoE client is going to work) C. Static IP address on PPPoE client interface Jawaban : b Penjelasan : karena yang dibutuhkan untuk pppoe client interface akan dipakai
25. Action=redirect can be used in NAT chain src-nat A. true B. false Jawab b Penjelasan: karena redirect membutuhkan destination bukan source atau pun forward
1. Is action=masquerade allowed in chain=dstnat? A. yes, but only if dst-addr is specified B. yes C. yes, but it works only for incoming connections D. no Jawaban : D Penjelasan : karena masquerade dipasang pada srcnat
2. What is the default protocol/port of (secure) winbox? A. UDP/5678 B. TCP/22 C. TCP/8291 D. TCP/8080 Jawaban : c
Penjelasan : karena port default dari winbox adalah tcp 8291 3. Which is the default port of IP-Winbox? A. UDP 8291 B. TCP 80 C. TCP 8291 D. TCP 8192 Jawab : c Penjelasan : karena port default dari winbox adalah tcp 8291 4. During a scan, in order to see all the available wireless frequencies that are supported by the card, the following option must be selected in the wireless card's "Frequency Mode": A. manual txpower B. superchannel C. regulatory domain Jawab : c Penjelasan : karena memberi limit terhadap channel yang tersedia dan maximum transit sesuai dengan Negara masing2 5. Which are necessary sections in /queue simple to set bandwidth limitation? A. target-address, dst-address B. target-address, max-limit C. target-address, dst-address, max-limit D. max-limit Jawab :b Penjelasan : karena untuk simple queue hanya membutuhkan target dan juga max limit nya 6. RouterOS log messages are stored on disk by default False Penjelasan : karena log message nya disimpan di memory bukan di disk 7. In order to use dynamic keys in your wireless security profile for an AP, you MUST set up the dhcp server to provide the dynamic keys. False Penjelasan karena dhcp tidak mengirimkan dynamic key 8. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These flags mean: A. Dynamic, Active, Connected B. Dynamic, Active, Console C. Dynamic, Available, Created D. Direct, Available, Connected Jawab :a
Penjelasan : bisa dilihat di bawah ini Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 9. Which wireless mode allows you to connect to any standard AP (not only MikroTik) and to be able to bridge this wireless interface to an Ethernet? A. station-pseudobridge B. station C. station-wds D. bridge Jawab : b Penjelasan : karena untuk jawaban B dan D khusus mikrotik untuk melakukan wds 10. For static routing functionality, additionally to the RouterOS 'system' package, you will also need the following software package: A. no extra package required B. advanced-tools C. dhcp D. routing Jawab A Penjelasan : Penjelasan :jika hanya static routing tidak memerlukan paket tambahan/extra package 11. In RouterOS queue configurations the word "total" usually represents A. download B. upload + download C. upload D. download – upload Jawab b Penjelasan : karena total itu merupakan upload + download 12. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is a router between server and end-user host, it will not be able to create PPPoE tunnel to that PPPoE server. False Penjelasan : Penjelasan : karena PPPOE bisa berjalan meskipun beda IP network
13. PPP Secrets are used for A. PPtP clients B. IPSec clients C. PPP clients D. Router users E. L2TP clients
F. PPPoE clients Jawab : A,E,F Penjelasan : ppp secret berfungsi untuk membuat user an password untuk proses tunneling
14. When using routing option 'check-gateway=ping' after how many timeouts is gateway considered unreachable: A. 4 B. 3 C. 1 D. 2 15. Consider the following diagram. We want to communicate from a device on LAN1 to a device on LAN2. Assuming that all necessary configurations are already included on R2, which of the following configurations in R1 would enable this communication? A. /ip route add dst-address=192.168.1.0/24 src-address=192.168.0.0/24 gateway=192.168.99.2 B. /ip route add dst-address=0.0.0.0/0 gateway=192.168.99.2 C. /ip route add dst-address=192.168.0.0/24 gateway=192.168.0.1 D. /ip route add dst-address=0.0.0.0/0 gateway=Ether1 E. /ip route add dst-address=192.168.1.0/24 gateway=192.168.99.2 Jawab : Penjelasan: semuanya benar karena , D. bisa memakai interface, E. konfigurasi static routing yang lengkap B. bisa memakai Default route 16. What is possible with Netinstall? A. MikroTik RouterOS reinstall B. MikroTik RouterOS password reset with saving router's configuration C. MikroTik RouterOS configuration reset Jawaban : semua benar Penjelasan : netiinstall dapat melakukan ketiganya 17. If you wish to block user access to MSN messenger, which chain should the firewall rule be placed in? A. input B. process C. forward D. output Jawaban : C Penjelasan : karena chain yang digunakan untuk data / paket dari luar router menuju luar lainnya menggunakan Chain=Forward
18. If ARP=reply-only is configured on an interface, this interface will A. accept all MAC-addresses listed in '/ip arp' as static entries B. accept IP and MAC address combinations listed in '/ip arp' list C. add new MAC addresses in '/ip arp' list D. add new IP addresses in '/ip arp' list E. accept all IP addresses listed in '/ip arp' as static entries Jawaban : A Penjelasan : ARP=reply-only hanya membalas bagi yang IP dan MAC Addressnya sudah tercantum 19. In WinBox when clicking the 'Backup' button in the Files window, the following happens (select all that apply): A. Backup file is created. Name contains the router identity, the date and time of its creation B. Backup file is saved to the computer desktop C. Backup file will contain usernames and passwords of the router D. Optionally backup name and password can be specified Jawaban : A Penjelasan : Backup File berguna untuk membackup seluruh Konfigurasi termasuk Router Ientity, tanggal dan waktu 20. What is marked by connection-state=established matcher? A. Packet begins a new TCP connection B. Packet does not correspond to any known connection C. Packet belongs to an existing connection,for example a reply packet or a packet which belongs to already replied connection D. Packet is related to, but not part of an existing connection Jawaban c Penjelasan : karena estabilished merupakan hasil dari koneksi yang pernah ada Sedangkan 21. /ip firewall nat add chain=dstnat in-interface=ether1 protocol=tcp dst-port=3389 action=dst-nat toaddress=192.168.1.2 to-ports=81 The command shown above: A. Forwards any TCP traffic incoming through ether1 port 81 to the port 3389 of the internal host 192.168.1.2 B. Adds IP address 192.168.1.2 to the interface ether1 C. Forwards any TCP traffic incoming through ether1 port 3389 to the port 81 of the internal host 192.168.1.2 D. Forwards all TCP traffic from 192.168.1.2 to port 81 of the interface ether1 Jawaban : C
Penjelasan : firewall nat akan membelokan traffic ari ether satu engan dst-port 3389 ke port 81.Jawaban A salah karena port yang dibelokkan salah, Jawaban A menjelaskan bahwa port 81 akan dibelokkan ke port 3389. 22. What is necessary for PPPoE client configuration? A. Interface (on which PPPoE client is going to work) B. ip firewall nat masquerade rule C. Static IP address on PPPoE client interface Jawaban : a Penjelasan : karena yang dibutuhkan untuk pppoe client interface akan dipakai 23. Mark all the features that can be used for limiting client registrations to your access point: A. access-list B. wpa C. WDS D. registration-table Jawaban : A Penjelasan : untuk melimit client yang connect kita bisa menggunakan Access-List. 24. You want to use PCQ and allow 256k maximum download and upload for each client. Choose correct argument values for the required queue. A. kind=pcq pcq-rate=256000 pcq-classifier=dst-address B. kind=pcq pcq-rate=1256000 pcq-classifier=dst-address C. kind=pcq pcq-rate=5000000 pcq-classifier=src-address D. kind=pcq pcq-rate=256000 pcq-classifier=src-address E. kind=pcq pcq-rate=5000000 pcq-classifier=dst-address Jawab : A dan D Penjelasan :dalam PCQ untuk melimit Upload classifier yang diisi adalah Src-Address dan untuk Download classfier yang diisi aalah dst-address 25. There can be more than one PPPoE server in a single broadcast domain: True Jawab : true Penjelasa: karena dalam satu broadcast domain bisa menjalankan lebih dari satu point to point dalam satu network
