1. When queue simple is placed in the same HTB (Hierarchical Token Bucket), it will take all the t raffic away from the Queue Tree queue. False
2. You have a queue structure: queue "GP" max-limit=10M - queue "M" parent="GP" limit-at=4M max-limit=6M - - queue "C1" parent="M" limit-at=1M max-limit=7M priority=4 - - queue "C2" parent="M" limit-at=1M max-limit=4M priority=1 - - queue "C3" parent="M" limit-at=3M max-limit=7M priority=8 - queue "F" parent="GP" limit-at=5M max-limit=8M - - queue "D1" parent="F" limit-at=3M max-limit=4M priority=5 - - queue "D2" parent="F" limit-at=2M max-limit=5M priority=2
If queues "C2" and "C3" are not requiring any traffic, how is all the available bandwidth going to be distributed in worst case scenario?
A. queue "C1" will get 4M, "D2" 7M, "D1" 4M B. queue "C1" will get 3M, "D2" 3M, "D1" 5M C. queue "C1" will get 5M, "D2" 2M, "D1" 3M D.
queue "C1" will get 4M, "D2" 3M, "D1" 3M
E. queue "C1" will get 2M, "D2" 5M, "D1" 3M
3. Simple Queue number 0 defines 2M for upload and download for target IP 10.10.0.33. Simple Queue number 1 defines 4M for upload and download for target IP 10.10.0.33. Client 10.10.0.33 is be able to obtain
A. 4M upload/download B. 2M
upload/download
C. 0M upload/download D. 6M upload/download
4. To customise the look of the hotspot login page, you can edit A. login.html
B. template.html C. redirect.html D. alogin.html
5. If a packet comes to a router and starts a new, previously unseen connection, which connection state would be applied to it? A. invalid B. unknown C. no connection state would be applied to such packet D. established E.
new
6. You are about to configure DNS Cache and make a static DNS rule. Your router should resolve any domain name. Which are the minimum settings you will need? A. Configure both Primary and Secondary DNS servers B. Set cache size to 4096 C.
Configure Primary DNS server
D.
Enable "Allow Remote Requests"
E.
Add a new static DNS entry
7. Which features are removed when advanced-tools package is uninstalled? A. bandwidth-test B. ping C.
netwatch
D. ip-scan
E. neighbors F. LCD support
8. In RouterOS queue configurations the word "total" usually represents A. download B. download - upload C. upload D. upload + download
9. What is marked by connection-state=established matcher?
A.
Packet belongs to an existing connection,for example a reply packet or a
packet which belongs to already replied connection B. Packet does not correspond to any known connection C. Packet begins a new TCP connection D. Packet is related to, but not part of an existing connection
10. Two mangle rules defining different mangle marks for the same traffic type, will make it have both mangle marks. false
11. Mark the queue types that are available in RouterOS A.
PCQ – Per Connection Queuing
B.
FIFO - First In First Out (for Bytes or for Packets)
C.
RED – Random Early Detect (or Drop)
D.
SFQ – Stochastic Fairness Queuing
E. LIFO - Last In First Out F. DRR - Deficit Round Robin
12. If we have the following queue structure: queue "A" max-limit=8M - queue "B" parent="A" limit-at=2M max-limit=5M priority=1 - queue "C" parent="A" limit-at=3M max-limit=6M - - queue "C1" parent="C" limit-at=1M max-limit=2M priority=2 - - queue "C2" parent="C" limit-at=2M max-limit=4M priority=3 If all queues are utilizing the maximum. what will be the traffic distribution ?
A.
B-5M, C1-1M, C2- 2M
B. B-4M, C1-2M, C2- 4M C. B-4M, C1-2M, C2- 2M D. B-2M, C1-2M, C2- 4M E. B-5M, C1-2M, C2- 1M
13. You can apply input firewall rules based on prerouting or forward mangle marks False
14. You have masqueraded network 192.168.1.0/24. To place upload/download limitations for each client you can A. mark traffic in mangle chain "prero uting", and place limitations in interface HTB B. mark traffic in mangle chain "postrouting", and place limitations in "global-out" HTB C.
mark traffic in mangle chain "forward", and place limitations in "global-out" HTB
D.
mark traffic in mangle chain "forward", and place limitations in "global-in" HTB
E. mark traffic in mangle chain "postrouting", and place limitations in interface HTB
15. What does the firewall action "Redirect" do? A. Redirects a packet to the router B. Redirects a packet to a specified IP C. Redirects a packet to a specified port on a host in the network D.
Redirects a packet to a specified port on the router
16. You want to use PCQ and allow 2 56k maximum download and upload for each client. Choose correct argument values for the required queue.
A.
kind=pcq pcq-limit=256000 pcq-classifier=src-address
B. kind=pcq pcq-limit=5000000 pc q-classifier=dst-address C. kind=pcq pcq-limit=1256000 pcq-classifier=dst-address D. kind=pcq pcq-limit=5000000 pcq-classifier=src-address E.
kind=pcq pcq-limit=256000 pcq-c lassifier=dst-address
17. What is the recommended sequence for traffic marking by mangle for QoS? A. Add only mark-packet B.
Add mark-connection then mark-packet
C. Add action=passtrough D. Add only mark-connection
18. An IP packet has matched all the conditions of a firewall rule and the action reject and the option icmp-network-unreachable was initiated for t hat packet. What will happen with the packet co ntent ?
A. The packet will be rejected only if the destination network is unreachable B. The whole packet will be for warded back to the sender regardless of its contents C. The packet header will receive a flag of \\\"icmp-network-unreacheble\\\" D.
The packet will be discarded regardless of its content
19. You want to offer a static route to your DHCP clients (besides the default-route). What is the best way to do that? A. Set a static IP into /ip route and it will automatically be sent to clients B.
Set DHCP options 121
C. There is no way to send a static-route to DHCP clients D. Set DHCP options 3
20. Which of the following is true for mangle facility in RouterOS? A. The mangle mark can be transmitted across the network, and used by other routers B. Marks packet can be used by other router facilities like routing and bandwidth management C.
Mangle facility is used to mark IP packets with special marks for future processing
D.
Mangle facility can be used to modify some fields in t he IP header and TTL fields
21. after putting this rule: /ip firewall add chain=input action=drop, you will still be able to access the Router using the mac-address. True
22. When "Cache On Disk" is not checked under the web proxy settings, where does the data get stored? A. It does not get stored B. System Disk C.
RAM (Memory)
D. USB Disk
23. What RouterOS feature should be used to redirect user WEB browsing? A. web-proxy direct-list B. firewall nat action redirect C.
web-proxy access-list
D. web-proxy cache-list
24. Which of the following are re ported by MikroTik Discovery Protocol: A. Mac
Address of reachable interface
B. Routing Protocol available C. All layer3 addresses from all interfaces D.
Remote router identity
E.
Remote router software version
F. Remote Router routing Table
25. To block access to web proxies running on TCP port 8080, you have to create a firewall rule and specify: A. "chain", "action", "port" B. "chain", "action", "protocol" C. "chain", "action", "protocol", "limit" D.
"chain", "action", "protocol", "port"
1. You need to redirect a browser page from a search of "xxx" in google to another website such as www.mikrotik.com Choose correct proxy access rule. A. /ip proxy access add dst-host=*xxx* action=allow redirect-to=www.mikrotik.com B. /ip proxy
access add dst-host=*.google.* path=*xxx* action=deny redirect-to=www.mikrotik.com
C. /ip proxy access add path=*xxx* action=allow redirect-to=www.mikrotik.com D. /ip proxy access add dst-host=*xxx* action=deny redirect-to=www.mikrotik.com
2. In RouterOS queue configurations the word "total" usually represents A. download B. upload C. download - upload D. upload + download
3. DHCP-server configuration, /ip dhcp-server set 0 address-pool=static-only /ip dhcp-server lease add mac-address=00:0C:42:01:02:03 address=192.168.0.1 /ip dhcp-server lease add mac-address=00:0C:42:01:02:02 address=192.168.0.2 /ip dhcp-server lease add mac-address=00:0C:42:01:02:04 address=192.168.0.3 Which IP addresses will be handed out to client? A. Any host from 192.168.0.0/24 network except 192.168.0.254 B. 192.168.0.1
C. 192.168.0.1,
192.168.0.2, 192.168.0.3
D. 192.168.0.1, 192.168.0.2
4. An IP packet has matched all the conditions of a firewall rule and the action reject and the option icmp-network-unreachable was initiated for that packet. What will happen with the packet content ?
A. The packet will be rejected only if the destination network is unreachable B.
The packet will be discarded regardless of its content
C. The packet header will receive a flag of \\\"icmp-network-unreacheble\\\" D. The whole packet will be for warded back to the sender regardless of its contents
5. You have a queue structure: queue "GP" max-limit=10M - queue "M" parent="GP" limit-at=4M max-limit=6M - - queue "C1" parent="M" limit-at=1M max-limit=7M priority=4 - - queue "C2" parent="M" limit-at=1M max-limit=4M priority=1 - - queue "C3" parent="M" limit-at=2M max-limit=7M priority=8 - queue "F" parent="GP" limit-at=5M max-limit=8M - - queue "D1" parent="F" limit-at=3M max-limit=4M priority=5 - - queue "D2" parent="F" limit-at=2M max-limit=5M priority=2 Which queue will get more than limit-at in worst case scenario? A. C1 B. D2 C. C3 D. C2
E. D1
6. You created PCC mangle rules. You are splitting between three connections, what are the proper PCC settings.
A. action=accept chain=prerouting disabled=no per-connection-classifier=both-addresses:3/1 B. action=accept
chain=prerouting disabled=no per-connection-classifier=both-addresses:3/0
C. action=accept chain=prerouting disabled=no per-connection-classifier=both-addresses:1/1 D. action=accept chain=prerouting disabled=no per-connection-classifier=both-addresses:3/3 E. action=accept chain=prerouting disabled=no per-connection-classifier=both-addresses:0/0 F. action=accept chain=prerouting disabled=no per-connection-classifier=both-addresses:3/2
7. Interface HTB can be specified as a parent for a simple queue, this way applying simple queue only for traffic that is leaving through that interface True
8. MikroTik RouterOS commands can be run once a day by: A. /system cron B.
/system scheduler
C. /system watchdog
9. You want to offer a static route to your DHCP clients (besides the default-route). What is the best way to do that? A. Set DHCP options 3 B. Set
DHCP options 121
C. There is no way to send a static-route to DHCP clients D. Set a static IP into /ip route and it will automatically be sent to clients
10. Possible actions of ip firewall filter are: A. tarp B. add-to-list C. tarpit D. log E. accept
F. bounce
11. You have a queue structure: queue "MK" max-limit=23M -queue "A" parent="MK" limit-at=10M max-limit=18M --queue "AA" parent="A" limit-at=3M max-limit=5M priority=1 --queue "AB" parent="A" limit-at=1M max-limit=2M priority=2 --queue "AC" parent="A" limit-at=4M max-limit=8M priority=4 -queue "B" parent="MK" limit-at=10M max-limit=18M --queue "BA" parent="B" limit-at=1M max-limit=10M priority=1 --queue "BB" parent="B" limit-at=2M max-limit=3M priority=3 Select the correct answer for the worst case scenario. A. queue "AA" will get 3M, "AB" 1M, "AC" 8M, "BA" 1M, "BB" 3M B. queue
"AA" will get 5M, "AB" 2M, "AC " 4M, "BA" 10M, "BB" 2M
C. queue "AA" will get 5M, "AB" 2M, "AC" 8M, "BA" 10M, "BB" 2M D. queue "AA" will get 3M, "AB" 2M, "AC" 4M, "BA" 10M, "BB" 2M E. queue "AA" will get 5M, "AB" 2M, "AC" 8M, "BA" 10M, "BB" 3M
12. Action Tarpit can be applied to A. ICMP Protocol B. UDP Protocol C. TCP
Protocol
D. Any Protocol
13. You have masqueraded network 192.168.1.0/24. To place upload/download limitations for each client you can
A. mark traffic in mangle chain "postrouting", and place limitations in "global-out" HTB B. mark traffic in mangle chain "prerouting", and place limitations in interface HTB C.
mark traffic in mangle chain "forward", and place limitations in "global-out" HTB
D. mark
traffic in mangle chain "forward", and place limitations in "global-in" HTB
E. mark traffic in mangle chain "postrouting", and place limitations in interface HTB
14. You want to use PCQ and allow 2 56k maximum download and upload for each client. Choose correct argument values for the required queue. A. kind=pcq pcq-limit=5000000 pcq-c lassifier=src-address B. kind=pcq pcq-limit=256000 pc q-classifier=dst-address
C. kind=pcq pcq-limit=5000000 pcq-classifier=dst-address D. kind=pcq pcq-limit=1256000 pcq-classifier=dst-address E. kind=pcq pcq-limit=256000 pcq-classifier=src-address
15. An IP address pool can contain addresses from more than one subnet. True
16. Two mangle rules defining different mangle marks for the same traffic type, will make it have both mangle marks. False
17. The DHCP client - server communication steps are A. client request, server offer, client discovery, server ack B. client
discovery, server offer, client request, server ack
C. client discovery, client request, client ack, server offer D. client discovery, server ack, client request, server offer
18. You have a queue structure: queue "GP" max-limit=10M - queue "M" parent="GP" limit-at=4M max-limit=6M - - queue "C1" parent="M" limit-at=1M max-limit=7M priority=4 - - queue "C2" parent="M" limit-at=1M max-limit=4M priority=1 - - queue "C3" parent="M" limit-at=3M max-limit=7M priority=8 - queue "F" parent="GP" limit-at=5M max-limit=8M - - queue "D1" parent="F" limit-at=3M max-limit=4M priority=5 - - queue "D2" parent="F" limit-at=2M max-limit=5M priority=2 If queues "C2" and "C3" are not requiring any traffic, how is all the available bandwidth going to be distributed in worst case scenario?
A. queue "C1" will get 2M, "D2" 5M, "D1" 3M B. queue "C1" will get 3M, "D2" 3M, "D1" 5M C. queue
"C1" will get 4M, "D2" 3M, "D1" 3M
D. queue "C1" will get 5M, "D2" 2M, "D1" 3M E. queue "C1" will get 4M, "D2" 7M, "D1" 4M
19. You can apply input firewall rules based on prerouting or forward mangle marks False
20. It is required to make a web server on a private LAN visible on the Public Internet. Only the web server port should be visible to the public. Which of the following configuration steps must be met. (select all that apply)
A. A B.
route between the NAT Router and the webserver must exist
Public IP address of the webserver must be installed on the NAT Router
C. Connection
Tracking must be enabled on NAT router
D. in ip firewall NAT there should be a dst-nat between the public ip of the router and the private ip of the webserver E. LAN address of the webserver should be routable on the internet
21. DHCP server is configured on a router’s ether1 interface.
IP address 192.168.0.100/24 is assigned to the interface. Possible IP pools, that can be used by this DHCP server, are: A.
192.168.0.1-192.168.0.99,192.168.0.101-192.168.0.254
B.
192.168.0.1-192.168.0.14
C. 192.169.0.1-192.169.0.254 D. 192.168.0.1-192.168.0.255
22. What feature of MikroTik firewall can help you in case of synflood attack? A. TCP syn deny B. TCP syn drop C. TCP
syn Cookie
D. TCP syn Jump E. TCP syn reject
23. In IP firewall filter, "dst-limit" option is used to limit the number of hops a packet is allowed to take False
24. According to the picture, if both laptops have same priority, how much bandwidth will be available for every laptop ? A. 1 B. 4 C. 3 D. 2 ?
25. If a packet comes to a router and starts a new, previously unseen connection, which connection state would be applied to it?
A. unknown B. invalid C. established D. no connection state would be applied to such packet E.
new
1. In normal Network Conditions which types of addresses will never be a source address in an IP packet in your physical network. A. broadcast address B. public address C. unicast address D. private address E. loopback address F. multicast address
2. Packet sniffer can stream results to A. Neighbor MAC address B.
IP address
C.
Local file
D. MAC address
3. Which of these techniques equalizes the flow between connections when the link is completely full: A. SFQ B. PCQ
C. RED D. PFIFO E. FIFO
4. What does the firewall action "Redirect" do? A. Redirects a packet to a specified port on a host in the network B. Redirects a packet to the router C. Redirects a packet to a specified IP D.
Redirects a packet to a specified port on the router
5. Firewall NAT rules process only the first packet of each connection. True
6. Packet marks can be set by ip firewall mangle in different c hains. To use packet marks in Global-in Queue (Queue tre es), you have to mark your packets in chain: A. input B. postrouting C. output D.
prerouting
E. forward
7. Choose correct statements for MikroTik proxy. A.
Controls domains or servers which are allowed to cache by Proxy
B.
Destination NAT rule is required to utilize transparent proxy facility
C. To deny access to a specific website, caching should be enabled D. Can deny access to a specific domains or servers, but not specific web pages
8. In RouterOS queue configurations the word "total" usually represents A. download B. download - upload C. upload D. upload + download
9. Consider the following network diagram. In R1, you have the following configuration: /ip routeadd dst-address=192.168.1.0/24 gateway=192.168.99.2 /ip firewall natadd chain=srcnat out-interface=Ether1 action=masqueradeOn
R2, if you wish to prevent all access to a server located at 192.168.1.10 from LAN1 devices, which of the following rules would be needed? A. /ip firewall filter add chain=forward src-address=192.168.0.0/24 dst-address=192.168.1.10 action=drop B. /ip firewall nat add chain=dstnat src-address=192.168.99.1 dst-address=192.168.1.10 action=drop C. /ip firewall filter add chain=forward src-address=192.168.99.1 dst-address=192.168.1.10 action=drop D. /ip firewall filter add chain=input src-address=192.168.99.1 dst-address=192.168.1.10 action=drop
10. What does the firewall action "log" do? A. It blocks and logs the packet B. It logs and blocks the packet C. It adds a prefix to the packet and passes it through D.
It logs the packet
11. You created PCC mangle rules. You are splitting between three connections, what are the proper PCC settings. A.
action=accept chain=prerouting disabled=no per-connection-classifier=both-addresses:3/0
B. action=accept chain=prerouting disabled=no per-connection-classifier=both-addresses:3/3 C. action=accept chain=prerouting disabled=no per-connection-classifier=both-addresses:1/1 D.
action=accept chain=prerouting disabled=no per-connection-classifier=both-addresses:3/2
E. action=accept chain=prerouting disabled=no per-connection-classifier=both-addresses:0/0 F.
action=accept chain=prerouting disabled=no per-connection-classifier=both-addresses:3/1
12. You want to offer a static route to your DHCP clients (besides the default-route). What is the best way to do that? A. There is no way to send a static-route to DHCP clients B. Set DHCP options 3 C. Set a static IP into /ip route and it will automatically be sent to clients D.
Set DHCP options 121
13. An IP packet has matched all the conditions of a firewall rule and the action reject and the option icmp-network-unreachable was initiated for that packet. What will happen with the packet content ? A.
The packet will be discarded regardless of its content
B. The packet header will receive a flag of \\\"icmp-network-unreacheble\\\" C. The packet will be rejected only if the destination network is unreachable D. The whole packet will be for warded back to the sender regardless of its contents
14. Interface HTB can be specified as a parent for a simple queue, this way applying simple queue only for traffic that is leaving through that interface True
15. There are two mangle rules:0 chain=forward action=mark-routing new-routing-mark="aaa" passthrough=yes1 chain=forward action=mark-routing new-routing-mark="bbb" passthrough=yesWhat routing mark will the packet have after passing the forward chain? A.
"bbb"
B. "aaa" C. "aaabbb" D. "aaa" and "bbb"
16. You have a queue structure: queue "MK" max-limit=23M -queue "A" parent="MK" limit-at=10M max-limit=18M --queue "AA" parent="A" limit-at=3M max-limit=5M priority=1 --queue "AB" parent="A" limit-at=1M max-limit=2M priority=2 --queue "AC" parent="A" limit-at=4M max-limit=8M priority=4 -queue "B" parent="MK" limit-at=10M max-limit=18M --queue "BA" parent="B" limit-at=1M max-limit=10M priority=1 --queue "BB" parent="B" limit-at=2M max-limit=3M priority=3
Select the correct answer for the worst case scenario.
A. queue "AA" will get 3M, "AB" 2M, "AC" 4M, "BA" 10M, "BB" 2M B.
queue "AA" will get 5M, "AB" 2M, "AC" 4M, "BA" 10M, "BB" 2M
C. queue "AA" will get 5M, "AB" 2M, "AC" 8M, "BA" 10M, "BB" 2M D. queue "AA" will get 3M, "AB" 1M, "AC" 8M, "BA" 1M, "BB" 3M E. queue "AA" will get 5M, "AB" 2M, "AC " 8M, "BA" 10M, "BB" 3M
17. DHCP-server configuration,/ip dhcp-server set 0 address-pool=static-only/ip dhcp-server lease add mac-address=00:0C:42:01:02:03 address=192.168.0.1/ip dhcp-server lease add macaddress=00:0C:42:01:02:02 address=192.168.0.2/ip dhcp-server lease add macaddress=00:0C:42:01:02:04 address=192.168.0.3Which IP addresses will be handed out to client? A.
192.168.0.1, 192.168.0.2, 192.168.0.3
B. Any host from 192.168.0.0/24 network except 192.168.0.254 C. 192.168.0.1, 192.168.0.2 D. 192.168.0.1
18. log messages are stored on disk by default False
19. Mangle allows you to mark IP packets with special marks, that can be used for routing and bandwidth management. The mangle facility can also be used to modify some fields in the IP header, like TOS (DSCP) and TTL fields. These mangle marks can then be used across multiple routers in the network. True
20. You have masqueraded network 192.168.1.0/24. To place upload/download limitations for each client you can A.
mark traffic in mangle chain "forward", and place limitations in "global-out" HTB
B. mark traffic in mangle chain "postrouting", and place limitations in interface HTB C.
mark traffic in mangle chain "forward", and place limitations in "global-in" HTB
D. mark traffic in mangle chain "prerouting", and place limitations in interface HTB E. mark traffic in mangle chain "postrouting", and place limitations in "global-out" HTB
21. Possible actions of ip firewall filter are: A.
tarpit
B. add-to-list C. bounce D.
log
E.
accept
F. tarp
22. To customise the look of the hotspot login page, you can edit A. alogin.html B. redirect.html C.
login.html
D. template.html
23. Is it possible to have 2 working DHCP servers on the same interface? A. Yes, as long as 1 is set to Always Broadcast B. Yes, as long as only 1 is Authoritative C. No it is not possible D.
Yes, as long as 1 has a relay specified
24. You have a queue structure: queue "GP" max-limit=10M- queue "M" pare nt="GP" limit-at=4M max-limit=6M- queue "C1" parent="M" limit-at=1M max-limit=7M priority=4 - - queue "C2" parent="M" limit-at=1M max-limit=4M priority=1 - - queue "C3" parent="M" limit-at=2M max-limit=7M priority=8 - queue "F" parent="GP" limit-at=5M max-limit=8M - - queue "D1" parent="F" limit-at=3M max-limit=4M priority=5 - - queue "D2" parent="F" limit-at=2M max-limit=5M priority=2
Which queue will get more than limit-at in worst case scenario? A.
C2
B. C1 C. D2 D. D1 E. C3
25. According to the picture, if both laptops have same priority, how much bandwidth will be available for every laptop ? A. 1 B. 3 C. 4 D. 2 ?
