Test nebo-li certifikace MTCNA je MikroTik (oficiálně SIA „Mikrotīkls“) školení se závěrečnou zkouškou lotyšského výrobce síťových zařízení. Společnost vyvíjí a prodává drátové a bezdrátové síťové směrovače, síťové přepínače, přístupové body a také operační systémy a pomocný software. Společnost byla založena v roce 1996 se zaměřením na prodej zařízení na rozvíjejících se trzích. V srpnu 2019 bylo na webových stránkách společnosti uvedeno odhadem 280 zaměstnanců.
V roce 2021 byla společnost Mikrotik s hodnotou 1,24 miliardy EUR třetí největší společností v Lotyšsku a první soukromou společností, která v Lotyšsku překročila hodnotu 1 milionu EUR. Společnost Mikrotik byla založena v roce 1996 v lotyšské Rize jako společnost zabývající se softwarem pro PC. V roce 2002 začal MikroTik vyrábět vlastní hardware. Dne 23. května 2018 oznámila společnost Cisco Talos Intelligence Group, že některá zařízení MikroTik byla shledána zranitelnými vůči malwaru VPNFilter. Dne 3. srpna 2018 bylo zjištěno, že směrovače MikroTik byly napadeny malwarem pro kryptoměny Coinhive.
Obsah
Mikrotik Certifikace MTCNA
1. Action=redirect is applied in
A. chain=srcnat
B. chain=dstnat
C. chain=forward
2. You have 802.11b/g wireless card. What frequencies are available to you?
A. 5800MHz
B. 2412MHz
C. 5210MHz
D. 2422MHz
E. 2327MHz
3. Mark all correct statements about /export (rsc file).
A. Exports logs from /log print
B. Exports full configuration of the router
C. Exports only part of the configuration (for example /ip firewall)*
D. Exports scripts from /system script*
E. Exports files could not edited
4. What wireless card can we use to achieve 100 Mbps actual wireless throughput?
A. 802.11 b/g
B. 802.11 a/b/g
C. 802.11 a
D. 802.11 a/n
E. 802.11 a/b/g/n
5. It is possible to add user-defined chains in ip firewall mangle
A. NO
B. YES
6. Choose all valid hosts address range for subnet 15.242.55.62/27
A. 15.242.55.31-15.242.55.62
B. 15.242.55.32-15.242.55.63
C. 15.242.55.33-15.242.55.62
D. 15.242.55.33-15.242.55.63
7. Action=redirect allows you to make
A. Transparent DNS Cache*
B. Forward DNS to another device IP address*
C. Enable Local Service
D. Transparent HTTP Proxy*
8. Which is correct masquerade rule for 192.168.0.0/24 network on the router with outgoing interface=ether1?
A. /ip firewall nat add action=masquerade chain=srcnat
B. /ip firewall nat add action=masquerade chain=srcnat src-address=192.168.0.0/24
C. /ip firewall nat add action=masquerade out-interface=ether1 chain=dstnat
D. /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1
9. What letters appear next to a route, which is automatically created by RouterOS when user adds a valid address to an active interface?
A. S
B. I
C. A
D. D =dynamic
E. C =conected
10. Mark all features that are compatible with Nstreme
A. WDS between a device in station-wds mode and a device in station-wds mode -> GA BISA
B. Encryption -> GA BISA
C. WDS between a device in ap-bridge mode with a device in station-wds mode -> BISA
D. Bridging a device in station mode with a device in ap-bridge mode -> BISA (????)
untuk yg D saya ragu….. soalnya…. kalo bridge ga perlu pake fitur nstreme udah bisa
11. Can you manually add drivers to RouterOS in case your PCI Ethernet card is not recognized, and it’s a driver issue?
A. Yes
B. No
12. For static routing functionality, additionally to the RouterOS system package, you will also need the following software package:
A. none
B. dhcp
C. routing
D. advanced-tools
13. Which are necessary sections in /queue simple to set bandwidth limitation?
A. target-address, max-limit*
B. target-address, dst-address, max-limit*
C. target-address, dst-address
D. max-limit
/B
14. What protocol is used for Ping and Trace route?
A. DHCP
B. IP
C. TCP
D. ICMP
E. UDP
15. From which of the following locations can you obtain Winbox?
A. Router’s webpage
B. Files menu in your router
C. Via the console cable
D. mikrotik.com
16. Two hosts, A and B, are connected to a broadcast LAN. Select all the answers showing pairs of IP address/mask which would allow IP connections to be established between the two hosts.
A. A: 10.1.2.66/25 and B: 10.1.2.109/26
B. A: 10.2.2.1/23 and B: 10.2.0.1/22
C. A: 10.1.2.192/24 and B: 10.1.2.129/26 –> 10.1.2.1-10.1.2.254
D. A: 10.2.1.0/23 and B: 10.2.0.1/22
17. Why is it useful to set a Radio Name on the radio interface?
A. To identify a station in a list of connected clients
B. To identify a station in the Access List
C. To identify a station in Neighbor discovery
18. What kind of users are listed in the Secrets window of the PPP menu?
A. pptp users
B. L2TP users
C. winbox users
D. wireless users
E. PPPoE users
F. hotspot users
19. Router A and B are both running as PPPoE servers on different broadcast domains of your network. Is it possible to set Router A to use „/ppp secret“ accounts from Router B to authenticate PPPoE customers ?
A: YES
B: NO
20. MikroTik RouterOS DHCP client can receive following options
A. Byte limit
B. IP Gateway
C. Rate limit
D. Uptime limit
E. IP Address and Subnet
21. The HotSpot feature can be used only on ethernet interfaces. You have to use a separate access point if you want to use this feature with wireless.
A: YES
B: N0 / FALSE
22. How many different priorities can be selected for queues in MikroTik RouterOS?
A. 8
B. 16
C. 0
D. 1
23. Which default route will be active?
/ip route
add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.1
add disabled=no distance=5 dst-address=0.0.0.0/0 gateway=2.2.2.2
A. Route via gateway 1.1.1.1
B. Route via gateway 2.2.2.2
24. How long is level 1 (demo) license valid?
A. 24 hours
B. Infinite time
C. 1 month
D. 1 year
25. On the advanced menu of the wireless setup there is a parameter called „Area“, it works directly with:
A. Connect List +++
B. Access List
C. None of these
D. Security Profile
26. What menus should be used to allow certain websites to be accessed from behind a hotspot interface, without client authentication
A. ip hotspot ip-binding
B. ip hotspot profile
C. ip hotspot walled-garden +++
D. ip hotspot walled-garden ip
27. Which of the following is true for connection tracking
A. Enabling connection tracking reduces CPU usage in RouterOS
B. Connection tracking must be enabled for firewall to be effective
C. Connection tracking must be enable for NAT’ed network
D. Disable connection tracking for mangle to work
28. Which of these are possible solutions to bridge two networks over a wireless link:
A. Both devices in AP mode and enable WDS mode
B. One device in AP mode, another one in station-pseudobridge-clone
C. One device in AP mode, another one in station-pseudobridge
D. One device in AP mode, another one in station
29. You have a 802.11b/g wireless card. Which frequencies can be set?
A. 5210MHz
B. 2327MHz
C. 2422MHz
D. 2412MHz
E. 5800MHz
30. Which of the following Routes statuses are possible?
A. C = Connected
B. S = Static
C. A = Active
D. D = Drop
31. Action=redirect applies to
A. Route rules
B. DST-NAT rules
C. Firewall Filter rules
D. SRC-NAT rules
32. When backing up your router by using the ‚Export‘ command, the following happens:
A. Winbox usernames and passwords are backed up
B. The Export file can be edited with a standard text editor after its creation
C. You are requested to give the export file a name
33. You need to reboot a RouterBoard after importing a previously exported .rsc file to activate the new configuration.
A: YES
B: NO
34. If ARP=reply-only is configured on an interface, what will this interface do
A. Add new IP addresses in /ip arp list
B. Accept all IP/MAC combinations listed in /ip arp as static entries
C. Add new MAC addresses in /ip arp list
D. Accept all IP addresses listed in /ip arp as static entries
E. Accept all MAC-addresses listed in /ip arp as static entries
35. It is impossible to disable user „admin“ at the menu „/user“
A: YES
B: NO
36. If a packet comes to a router and starts a new, previously unseen connection, which connection state would be applied to it?
A. no connection state would be applied to such packet
B. new
C. unknown
D. invalid
E. established
37. We have two radio cards in a point-to-point link with settings:
Card Nr 1.: mode=ap-bridge ssid=“office“
frequency=2447 band=2.4ghz-b/g default-authentication=yes default-forwarding=yes security-profile=wpa
Card Nr 2.: mode=station ssid=“office“
frequency=2412 band=2.4ghz-b/g default-authentication=yes default-forwarding=yes security-profile=wpa2
Is Card Nr2. able to connect to Card Nr 1.?
A. Yes, if Nstreme is enabled or disabled on both
B. Yes, when security profile settings are compatible with each other and Nstreme is enabled or disabled on both
C. No, because of the different frequencies
D. No, because of the different security profiles
38. Consider the following network diagram. In R1, you have the following configuration:
/ip route
add dst-address=192.168.1.0/24 gateway=192.168.99.2
/ip firewall nat
add chain=srcnat out-interface=Ether1 action=masquerade
On R2, if you wish to prevent all access to a server located at 192.168.1.10 from LAN1 devices, which of the following rules would be needed?
A. /ip firewall filter add chain=forward src-address=192.168.99.1 dst-address=192.168.1.10 action=drop
B. /ip firewall filter add chain=input src-address=192.168.99.1 dst-address=192.168.1.10 action=drop
C. /ip firewall nat add chain=dstnat src-address=192.168.99.1 dst-address=192.168.1.10 action=drop
D. /ip firewall filter add chain=forward src-address=192.168.0.0/24 dst-address=192.168.1.10 action=drop
1. Is ARP used in the IPv6 protocol ?
A: YES
B: NO
2. In MikroTik RouterOS, Layer-3 communication between 2 hosts can be achieved by using an address subnet of:
[multiple answers]
a. /30
b. /29
c. /32
d. /31
3. A PC with IP 192.168.1.2 can access internet, and static ARP has been set for that IP address on gateway. When the PC Ethernet card failed, the user change it with a new card and set the same IP for it.
What else should be done?
[multiple answers]
a. Old static ARP entry on gateway has to be updated for the new card
b. Nothing – it will work as before
c. MAC-address of the new card has to be changed to MAC address of old card
d. Another IP has to be added for Internet access
4. How many usable IP addresses are there in a 20-bit subnet?
[single answer]
a. 2047
b. 4096
c. 2048
d. 2046
e. 4094
5. What is the default TTL (time to live) on a router that an IP packet can experience before it will be discarded ? [multiple answers]
a. 60
b. 30
c. 1
d. 64
6. The network address is [multiple answers]
a. The first usable address of the subnet
b. The last address of the subnet
c. The first address of the subnet
7. Choose all valid hosts address range for subnet 15.242.55.62/27 [single answer]
a. 15.242.55.32-15.242.55.63
b. 15.242.55.33-15.242.55.63
c. 15.242.55.33-15.242.55.62
d. 15.242.55.31-15.242.55.62
8. Which ones of the following are valid IP addresses? [multiple answers]
a. 192.168.13.255
b. 1.27.14.254
c. 10.10.14.0
d. 192.168.256.1
9. Which of the following is NOT a valid MAC Address? [multiple answers]
a. 95:B5D:EE:78:8A
b. 13:16:86:53:89:43
c. 80:GF:AA:67:13:5D
d. 88:0C:00:99:5F:EF
e. EA:BA:AA:EE:FF:CB
10. What is term for the hardware coded address found on an interface? [single answer]
a. IP Address
b. Interface Address
c. MAC Address
d. FQDN Address
11. Which of the following IP addresses are publicly routable? [multiple answers]
a. 127.34.155.3
b. 192.168.1.4
c. 172.16.13.23
d. 11.3.10.4
12. What protocol does ping use? [single answer]
a. UDP
b. TCP
c. ARP
d. ICMP
13. MAC layer by OSI model is also known as [single answer]
a. Layer 3
b. Layer 7
c. Layer 2
d. Layer 6
e. Layer 1
14. How many layers does Open Systems Interconnection model have? [single answer]
a. 12
b. 6
c. 9
d. 5
e. 7
15. How many IP addresses can one find in the header of an IP packet? [single answer]
a. 3
b. 4
c. 1
d. 2
16. Select valid MAC-address [single answer]
a. G2:60:CF:21:99:H0
b. 00:00:5E:80:EE:B0
c. 192.168.0.0/16
d. AEC8:21F1:AA44:54FF:1111DAE:0212:1201
17. The basic unit of a physical network (OSI Layer 1) is the: [single answer]
a. Byte
b. Frame
c. Bit
d. Header
18. You have a router with configuration
– Public IP :202.168.125.45/24
– Default gateway:202.168.125.1
– DNS server: 248.115.148.136, 248.115.148.137
– Local IP: 192.168.2.1/24
Mark the correct configuration on client PC to access to the Internet [single answer]
a. IP:192.168.0.1/24 gateway:192.168.2.1
b. IP:192.168.2.253/24 gateway:202.168.0.1
c. IP:192.168.1.223/24 gateway:248.115.148.136
d. IP:192.168.2.115/24 gateway: 192.168.2.1
e. IP:192.168.2.2/24 gateway:202.168.125.45
–
1. On the advanced menu of the wireless setup there is a parameter called “Area”, it works directly with:
A. Connect List
B. Access List
C. None of these
D. Security Profile
2. What menus should be used to allow certain websites to be accessed from behind a hotspot interface, without client authentication
A. ip hotspot ip-binding
B. ip hotspot profile
C. ip hotspot walled-garden
D. ip hotspot walled-garden ip
3. You want to use PCQ and allow 256k maximum download and upload for each client. Choose correct argument values for the required queue.
A. kind=pcq pcq-limit=1256000 pcq-classifier=dst-address
B. kind=pcq pcq-limit=256000 pcq-classifier=dst-address
C. kind=pcq pcq-limit=5000000 pcq-classifier=src-address
D. kind=pcq pcq-limit=256000 pcq-classifier=src-address
E. kind=pcq pcq-limit=5000000 pcq-classifier=dst-address
4. It is possible to disable user “admin” at the menu “/user”
A: YES
B: NO
5. If you need to make sure that one computer in your HotSpot network can access the Internet without HotSpot authentication, which menu allows you to do this?
A. Walled-garden IP
B. Walled-garden
C. Users
D. IP bindings
6. What is the default protocol/port of (secure) winbox?
A. UDP/5678
B. TCP/8291
C. TCP/22
D. TCP/8080
7. Mark the queue types that are available in RouterOS
A. SFQ – Stochastic Fairness Queuing
B. DRR – Deficit Round Robin
C. FIFO – First In First Out (for Bytes or for Packets)
D. LIFO – Last In First Out
E. PCQ – Per Connection Queuing
F. RED – Random Early Detect (or Drop)
8. Select which of the following are ‘Public IP addresses’:
A. 10.110.50.37
B. 11.63.72.21
C. 172.28.73.21
D. 192.168.0.1
E. 172.168.254.2
(172.16.0.0/12 = 172.16.0.1 – 172.31.255.254 is private block)
9. Which is the default port of IP-Winbox?
A. TCP 80
B. TCP 8291
C. TCP 8192
D. UDP 8291
10. What is the maximum number of ARP entries on a Mikrotik RouterOS device ?
A. Unlimited
B. 2048
C. 8192
D. 10240
11. Mark all correct answers: destination NAT will take place…
A. before ip firewall filter, chain forward
B. after routing decision
C. before routing decision
D. after ip firewall filter, chain forward
12. Which configuration menu should you use to change router’s Winbox default port?
A. /ip firewall service-ports
B. /ip firewall filter
C. /system resource
D. /ip service
13. MikroTik RouterOS is sending logs to an external syslog server. Which protocol and port is used by RouterOS for sending logs (by default)?
A. UDP 113
B. TCP 110
C. UDP 514
D. UDP 21
14. What is marked by connection-state=established matcher?
A. Packet is related to, but not part of an existing connection
B. Packet begins a new TCP connection
C. Packet does not correspond to any known connection
D. Packet belongs to an existing connection,for example a reply packet or a packet which belongs to already replied connection
15. What wireless modes can be used in a WDS setup?
A. ap-bridge
B. station
C. station-wds
D. bridge
E. nstreme-dual-slave
16. The following image shows a RouterOS Wireless Access List configuration.
Wireless interface „Default Authenticate“ is unchecked. What will happen with clients connecting to this AP?
A. No client is able to connect to the Wireless Access Point.
B. Client with mac-address 00:0C:42:31:38:A2 will connect to wlan1
C. 00:0C:42:61:6C:90 client will connect to wlan1
D. 00:0C:42:31:38:A2 will connect to wlan1 when the signal strength is greater than -60
17. Mark all correct answers
A. Default-Forwarding could be enabled for a specific clients by wireless access-list
B. The only way to prevent wireless clients connections – disable wireless interface
C. Wireless access-list could allow and deny access to your AP
D. /ip firewall filter allows to deny authentication to AP
18. Is it possible for a client to get an IP address but no gateway after a successful DHCP request?
19. You would like to allow multiple logins with one user name on a HotSpot server. How should this be configured?
A. Set „Shared Users“ option at /ip hotspot
B. It’s not possible
C. Set „only-one=no‘ at /ip hotspot
D. Set „Shared Users“ option at /ip hotspot user profile
20. Check the allowed input formats for wireless scan-list.
A. 5500,5700
B. 5500 5700
C. 5500/5700
D. 5500 – 5700
E. 5500-5700
21. Hotspot ip-binding is used to allow access to Internet web servers specifing the IP address of the web server instead of the URL.
22. There are two routes in the routing table:
0 dst-addr=10.1.1.0/24 gateway=5.5.5.5
1 dst-addr=10.1.1.4/30 gateway=5.6.6.6
Which gateway will be used to get to the IP address 10.1.1.6?
A. 5.6.6.6
B. the required route is not in the routing table
C. 5.5.5.5
D. both – half of the traffic will be routed through one gateway, half through the other
23. You have a router with configuration
– Public IP :202.168.125.45/24
– Default gateway:202.168.125.1
– DNS server: 248.115.148.136, 248.115.148.137
– Local IP: 192.168.2.1/24
Mark the correct configuration on client PC to access to the Internet
A. IP:192.168.2.115/24 gateway: 192.168.2.1
B. IP:192.168.2.2/24 gateway:202.168.125.45
C. IP:192.168.2.253/24 gateway:202.168.0.1
D. IP:192.168.1.223/24 gateway:248.115.148.136
E. IP:192.168.0.1/24 gateway:192.168.2.1
24. Collisions are possible in full-duplex Ethernet networks
Užitečné
Test 20 otázek CNAE.
Domovská stránka Mikrotik.