CAPTER 2
Soal - soal ini berdasarkan dari soal MTCNA
Soal - soal ini dimaksudkan untuk latihan dan untuk dipelajari. Jawaban dari soal-soal ini belum tentu semuanya benar, apabila ada jawaban yang keliru, mohon diberitahu pada kolom komentar
Selamat mengerjakan, semoga lulus ujian dan semoga tetap istiqomah semangat belajarnya :)
1. Consider
the following diagram. We want to communicate from a device on LAN1 to a device
on LAN2. Assuming that all necessary configurations are already included on R2,
which of the following configurations in R1 would enable this communication?
0/2
A.
/ip route add dst-address=192.168.1.0/24 src-address=192.168.0.0/24gateway=192.168.99.2
B.
/ip route add dst-address=0.0.0.0/0 gateway=Ether1
C.
/ip route add dst-address=192.168.0.0/24 gateway=192.168.0.1
D. /ip route add
dst-address=192.168.1.0/24 gateway=192.168.99.2
E.
/ip route add dst-address=0.0.0.0/0 gateway=192.168.99.2
2. How
long is level 1 (free) license valid?
2/2
A. Infinite time
B.
24 hours
C.
1 year
D.
1 month
3. Which
is a default baud-rate of currently manufactured RouterBOARDs?
0/2
A.
9600
B. 115200
C.
38400
D.
11520
4. When
viewing the routes in Winbox, some routes will show "DAC" in the
first column. These flags mean:
2/2
A.
Dynamic, Available, Created
B. Dynamic, Active,
Connected
C.
Direct, Available, Connected
D.
Dynamic, Active, Console
5. You
can control bandwidth of a client connected to AP with the resource / interface
wireless access-list ( assume the client uses MikroTik RouterOS).
0/2
True
False
6. Which
type of encryption could be used to establish a connection with a simple passkey
without using a 802.1X authentication server?
2/2
A. WPA EAP/WPA2 EAP
B.
WPA PSK/WPA2 PSK
7. Which
of the following is true for connection tracking
0/2
A.
Connection tracking must be enabled for NAT'ed network
B. Enabling connection
tracking reduces CPU usage in RouterOS
C. Disable
connection tracking for mangle to work
D. Connection tracking must be
enabled to be able to use all firewall features
8. Where
should you upload new MikroTik RouterOS version packages for upgrading router?
0/2
A.
System Backup menu
B. Any directory in /files
C.
FTP root directory or /files directory of the router
D.
System Package menu
9. What
kind of users are listed in the "/user" menu?
0/2
A. router users
B.
wireless users
C.
hotspot users
D.
pptp users
Jawaban
yang benar
A.
router users
10. What
does the firewall action "Redirect" do? Select all true statements.
0/2
A.
Redirects a packet to a specified IP
B. Redirects a packet to a
specified port on a host in the network
C. Redirects a
packet to the router
D. Redirects a packet to a specified
port on the router
11. A
routing table has following entries: 0 dst-address=10.0.0.0/24 gateway=10.1.5.126 1
dst-address=10.1.5.0/24 gateway=10.1.1.1 2
dst-address=10.1.0.0/24 gateway=25.1.1.1 3 dst-address=10.1.5.0/25 gateway=10.1.1.2 Which
gateway will be used for a packet with destination address 10.1.5.126?
0/2
A.
10.1.1.1
B.
10.1.5.126
C. 10.1.1.2
D.
25.1.1.1
12. PPPoE
server only works within one Ethernet broadcast domain that it is connected to.
If there is a router between server and end-user host, it will not be able to
create PPPoE tunnel to that PPPoE server.
0/2
1.
True
2. False
13. Destination
NAT (chain dstnat, action dst-nat) can be used to:
0/2
A. Change destination port
B.
Direct users from the Internet to a server within your local network
C.
Change source port
D.
Hide your local network from the Internet
14. When
viewing the routes in Winbox, some routes will show "DAC" in the
first column. These flags mean:
0/2
A.
Dynamic, Available, Created
B.
Direct, Available, Connected
C. Dynamic, Active,
Connected
D.
Dynamic, Active, Console
15. In
which order are the entries in Access List and Connect List processed?
2/2
A.
By Signal Strength Range
B.
In sequence order
C.
In a random order
D. By interface name
16. RouterOS
log messages are stored on disk by default
0/2
1.
True
2. False
17. Simple
Queue number 0 defines 2M for upload and download for target IP
10.10.0.33. Simple Queue number 1 defines 4M for upload and download for
target IP 10.10.0.33. The maximum bandwidth that the client 10.10.0.33 is
be able to obtain is:
0/2
A.
0M upload/download
B.
4M upload/download
C.
6M upload/download
D. 2M upload/download
18. Which
is the default port of IP-Winbox?
0/2
A.
UDP 8291
B.
TCP 80
C. TCP 8291
D.
TCP 8192
19. Which
configuration menu should you use to change router's Winbox default port?
0/2
A.
/ip firewall service-ports
B.
/system resource
C.
/ip firewall filter
D. /ip service
20. The
'check-gateway' option is enabled for one route. Select all statements that are
true:
2/2
A. In case of failure of the
gateway, routes pointing to that gateway will become inactive
B. Gateway is checked every
10 seconds and after 2 failures, the gateway is considered unreacheable
C. Gateway is
checked every 10 seconds and after a single failure, the gateway is considered
unreacheable
D. Check gateway
option can be configured for Ping, ARP and RARP (reverse ARP)
21. What
does the firewall action "log" do?
0/2
A.
It logs and blocks the packet
B.
It blocks and logs the packet
C.
It adds a prefix to the packet and passes it through
D. It logs the packet
22. You
have a DHCP server on your MikroTik router. The IP addresses 10.1.2.2-10.2.2.20
are distributed in the DHCP network. Additionally, 3 static IP address are
defined for your servers: 10.1.2.31-10.1.2.33. After a while 20 more IP
addresses need to be distributed in the network. It is possible to distribute
the extra IP address without adding another DHCP Server:
2/2
1.
True
2. False
23. Simple
Queue number 0 defines 2M for upload and download for target IP
10.10.0.33. Simple Queue number 1 defines 4M for upload and download for
target IP 10.10.0.33. Client 10.10.0.33 is be able to obtain
0/2
A.
6M upload/download
B.
0M upload/download
C.
4M upload/download
D. 2M upload/download
24. To
apply bandwidth restrictions using Simple queue on traffic that travels from
one bridge port to another bridge port within the same bridge interface,
following must be done:
2/2
A.
Enable 'Use IP Firewall' in bridge settings
B.
Use mangle to mark the connections
C. Configure an IP address
on the bridge interface
D.
Associate the Simple queue to the bridge interface
25. For
static routing functionality, additionally to the RouterOS 'system' package,
you will also need the following software package:
2/2
A. no extra package required
B.
advanced-tools
C.
dhcp
D.
routing
26. It
is required to make a web server residing on a private subnet in a LAN visible
on the public Internet. Only the web server port should be visible to the
public. Which of the following configuration steps must be met (select all that
apply):
0/2
A. A route between
the NAT Router and the web server must exist
B.
LAN address of the web server should be routable on the Internet
C. Connection
tracking must be enabled on the NAT router
D. In IP firewall NAT there should
be a dst-nat between the public IP address of the router and the private IP of
the web server
E.
Public IP address of the web server must be installed on the NAT Router
27. What
kind of packet is marked by connection-state=established matcher?
2/2
A.
Packet is related to, but not part of an existing connection
B. Packet belongs to an
existing connection, for example a reply packet or a packet which belongs to already
replied connection
C.
Packet does not correspond to any known connection
D.
Packet begins a new TCP connection
28. Consider
the following network diagram. In R1, you have the following
configuration: /ip route add dst-address=192.168.1.0/24 gateway=192.168.99.2 |||
/ip firewall nat add chain=srcnat out-interface=Ether1
action=masquerade ||| On R2, if you wish to prevent all access to a
server located at 192.168.1.10 from LAN1 devices, which of the following rules
would be needed?
0/2
A.
/ip firewall filter add chain=input src-address=192.168.99.1
dst-address=192.168.1.10 action=drop
B.
/ip firewall nat add chain=dstnat src-address=192.168.99.1
dst-address=192.168.1.10 action=drop
C.
/ip firewall filter add chain=forward src-address=192.168.99.1
dst-address=192.168.1.10 action=drop
D. /ip firewall filter add
chain=forward src-address=192.168.0.0/24 dst-address=192.168.1.10
action=drop
29. Consider
the following network diagram. In R1, you have the following
configuration: /ip route add dst-address=192.168.1.0/24 gateway=192.168.99.2 /ip
firewall nat add chain=srcnat out-interface=Ether1
action=masquerade On R2, if you wish to prevent all access to a server
located at 192.168.1.10 from LAN1 devices, which of the following rules would
be needed?
0/2
A.
/ip firewall filter add chain=forward src-address=192.168.99.1
dst-address=192.168.1.10 action=drop
B.
/ip firewall filter add chain=forward src-address=192.168.0.0/24dst-address=192.168.1.10 action=drop
C. /ip firewall filter add
chain=input src-address=192.168.99.1 dst-address=192.168.1.10 action=drop
D.
/ip firewall nat add chain=dstnat src-address=192.168.99.1
dst-address=192.168.1.10 action=drop
30. It
is possible to create an encrypted PPPoE tunnel in RouterOS:
0/2
True
False
31. Why
is it useful to set a Radio Name on the radio interface?
2/2
A.
To identify a station in a list of connected clients
B. To identify a station in
Neighbor discovery
C.
To identify a station in the Access List:
32. In
the Route List, the identification DAb for a route stands for
2/2
A. dynamic - active - bgp
B.
dynamic - active - backup
C.
direct - acknowledge - backup
D.
direct - active - bgp
33. Which
of the following keystrokes enables safe mode in console:
2/2
A. Ctrl+x
B.
Ctrl+c
C.
Ctrl+d
D.
Ctrl+s
34. What
can be used as "Target" in the simple queue?
2/2
A. Client IP address
B.
Client MAC address
C.
Address list name
D.
Server IP address
35. There
can be more than one PPPoE server in a single broadcast domain:
2/2
1.
True
2. False
36. Your
Company has been assigned a 172.16.25.0/25 network from your ISP. What are
the possible options to divide the network into subnets?
0/2
A.
one /23 and one /27
B.
four times /27
C.
two times /24
D. two times /26
37. When
using routing option 'check-gateway=ping' after how many timeouts is gateway
considered unreachable:
2/2
A.
4
B.
1
C. 2
D.
3
38. Select
minimal set of software packages in RouteOS required to configuring a wireless
AP
0/2
A. advanced-tools
B. routing
C. system
D. dhcp
E. wireless
39. Router
has wireless and ethernet client interfaces, all client interfaces are bridged.
To create a DHCP service for all clients, DHCP server must be configured on:
0/2
A.
Ethernet and wireless interfaces
B.
DHCP service is not possible in this setup
C. Only on the bridge interface
D.
Every bridge port
40. Which
of the following is used in standard 802.11 wireless networks?
2/2
A. CSMA/CA
B.
CDMA
C.
FDD
D.
CSMA/CD
41. Which
of the following would prevent unknown clients from connecting to your AP?
Choose the BEST answer.
0/2
A. Uncheck 'Default
Authenticate' in the wireless card configuration, and add each known client's
MAC address to your access-list configuration ensuring that you enable
'authenticate' in the entry
B.
Uncheck 'Default Authenticate' in the wireless card configuration, and add each
known client's MAC address to your connect-list configuration
C.
Configure the radius server under '/radius'
D.
Add each known client's MAC address to your access-list configuration is the
only step needed
E.
Check the 'Do not permit unknown client' box in the wireless configuration
42. In
RouterOS queue configurations the word "total" usually represents
0/2
A.
download - upload
B.
upload
C. upload + download
D.
Download
43. By
default info, error and warning messages are logged into memory of your
RouterOS device. You can add logging of visited web-pages and other message
topics
2/2
1. True
2.
False
44. What
is necessary for PPPoE client configuration?
0/2
A.
Static IP address on PPPoE client interface
B.
ip firewall nat masquerade rule
C. Interface (on which PPPoE
client is going to work)
45. Which
port does PPTP use by default?
2/2
A.
TCP 1721
B. TCP 1723
C.
UDP 1723
D.
UDP 1721
46. If
ARP=reply-only is configured on an interface, tcarmehis interface will
0/2
A. accept all IP addresses
listed in '/ip arp' as static entries
B.
add new MAC addresses in '/ip arp' list
C.
accept IP and MAC address combinations listed in '/ip arp' list
D.
accept all MAC-addresses listed in '/ip arp' as static entries
E.
add new IP addresses in '/ip arp' list
47. Which
option in the configuration of a wireless card must be disabled to cause the
router to permit ONLY known clients listed in the access list to connect?
0/2
A.
Security Profile
B.
Default Forward
C. Enable Access List
D.
Default Authenticate
48. Which
firewall chain should you use to filter ICMP packets from the router itself?
0/2
A. input
B.
postrouting
C.
forward
D.
output
49. Consider
a wireless access point with mode=ap-bridge. What is the maximum number of
concurrent clients that can connect to it?
2/2
A. 2007
B.
2012
C.
2048
D.
1024
50. What
is the meaning of the status letter "R" on a PPPoE client interface
in RouterOS Interfaces menu?
2/2
A. Running
B.
Remote
C.
Radius
D.
Reconnecting
0 Comments