Está en la página 1de 45

1. When viewing the routes in Winbox, some routes will show "DAC" in the first column.

These
flags mean:
A. Dynamic, Active, Console
B. Dynamic, Active, Connected
C. Direct, Available, Connected
D. Dynamic, Available, Created

2. In which situations Netinstall can not be used to install RouterOS on a RouterBOARD?


A. The router is connected only to a secondary Ethernet port
B. The router does not have an operating system
C. The router is connected only to a wireless network
D. The password of the router is not known

3. DHCP server is configured on a router’s ether1 interface. IP address 192.168.0.100/24 is assigned


to the interface. Possible IP pools, that can be used by this DHCP server, are:
A. 192.168.0.1-192.168.0.255
B. 192.169.0.1-192.169.0.254
C. 192.168.0.1-192.168.0.99 , 192.168.0.101-192.168.0.254
D. 192.168.0.1-192.168.0.14

4. You have a DHCP server on your MikroTik router. The IP addresses 10.1.2.2-10.2.2.20 are
distributed in the DHCP network. Additionally, 3 static IP address are defined for your servers:
10.1.2.31-10.1.2.33. After a while 20 more IP addresses need to be distributed in the network. It is
possible to distribute the extra IP address without adding another DHCP Server:

5. In which order are the entries in Access List and Connect List processed?
A. By Signal Strength Range
B. By interface name
C. In sequence order
D. In a random order

6. During a scan, in order to see all the available wireless frequencies that are supported by the card,
the following option must be selected in the wireless card's "Frequency Mode":
A. superchannel
B. regulatory domain
C. manual txpower

7. It is required to make a web server on a private LAN visible on the Public Internet. Only the web
server port should be visible to the public. Which of the following configuration steps must be met.
(select all that apply)
A. Public IP address of the webserver must be installed on the NAT Router
B. A route between the NAT Router and the webserver must exist
C. Connection Tracking must be enabled on NAT router
D. in ip firewall NAT there should be a dst-nat between the public ip of the router and the private ip
of the webserver
E. LAN address of the webserver should be routable on the internet

8. Is it possible to limit how many clients are able to connect to an access point?
A. No it's not possible at all
B. Yes, but only with access-lists
C. Yes
9. The highest queue priority is
A. 1
B. 256
C. 16
D. 8

10. How many different priorities can be selected for queues in MikroTik RouterOS?
A. 16
B. 1
C. 8
D. 0
Jawaban : C
Penjelasan : hanya ada 8 prioritas di Mikrotik RouterOS queue

11. What is marked by connection-state=established matcher?


A. Packet belongs to an existing connection,for example a reply packet or a packet which belongs to
already replied connection
B. Packet is related to, but not part of an existing connection
C. Packet does not correspond to any known connection
D. Packet begins a new TCP connection
Jawaban : A
Penjelasan : paket akan membalas client yang akan dia tuju

12. PPP Secrets are used for


A. PPPoE clients
B. L2TP clients
C. IPSec clients
D. PPP clients
E. PPtP clients
F. Router users
Jawaban : A, B, E
Penjelasan : hanya dapat digunakan untuk membuat user Bridge

13. How long is level 1 (free) license valid?


A. 1 month
B. 24 hours
C. 1 year
D. Infinite time
Jawaban : B
Penjelasan : lisensi level 1 hanya bisa dipakai selama 1 hari atau 24 jam

14. What is the correct action for a NAT rule on a router that should intercept SMTP traffic and send
it over to a specified mail server?
A. tarpit
B. dst-nat
C. passthrough
D. redirect
Jawaban : D
Penjelasan : router akan mengarahkan packet kea rah yang telah ditentukan oleh admininstrator

15. It is possible to create an encrypted PPPoE tunnel in RouterOS:


Jawaban :true
Penjelasan : karena ketika kita ingin membuat pppoe untuk kclient, client tersebut membutuhkan
autentikasi yang dibuat di Secret

16. Why is it useful to set a Radio Name on the radio interface?


A. To identify a station in the Access List
B. To identify a station in Neighbor discovery
C. To identify a station in a list of connected clients
Jawaban : B
Penjelasan : untuk mengidentifikasi station pada Neighbor Discovery pada AP

17. A DHCP server is configured on a LAN interface which is a port on a bridge. The DHCP server
does not start. What could be the reason(s)?
A. The DHCP server can not run on an interface which is also a bridge port
B. There might not be an IP address assigned to the LAN Interface
C. The IP address pool could be incorrectly defined
D. There may be multiple IP addresses set on the LAN interface
Jawaban : A
Penjelasan : jika interface tersebut sudah di bridge, dhcp server pada interface tersebut tidak akan
berjalan, kecuali kita memasang dhcp sernya pada interface Bridge.

18. There can be more than one PPPoE server in a single broadcast domain:
Jawaban : True

19. For static routing functionality, additionally to the RouterOS 'system' package, you will also
need the following software package:
A. no extra package required
B. advanced-tools
C. routing
D. dhcp
Jawaban : A
Penjelasan : kita tidak perlu menambahkan package static route karena, sudah ada pada package
system

20. You want to transfer existing '/ip firewall filter' configuration from one router to a new system.
Choose the best possible way to do:
A. Export global configuration and remove everything apart from '/ip firewall filter'
B. Export only '/ip firewall filter'
C. Create backup, edit backup file and restore on target router
D. Create backup only of '/ip firewall filter' rules
Jawaban : B
Penjelasan : hanya perlu meng-export konfigurasi /ip firewall filter

21. You want to use PCQ and allow 256k maximum download and upload for each client. Choose
correct argument values for the required queue.
A. kind=pcq pcq-rate=256000 pcq-classifier=src-address
B. kind=pcq pcq-rate=1256000 pcq-classifier=dst-address
C. kind=pcq pcq-rate=256000 pcq-classifier=dst-address
D. kind=pcq pcq-rate=5000000 pcq-classifier=src-address
E. kind=pcq pcq-rate=5000000 pcq-classifier=dst-address
Jawaban : A & C
Penjelasan : karena kita harus menyesuaikan max-limit
22. Which of the following Routes statuses are possible?
A. A = Active
B. C = Connected
C. S = Static
D. D = Drop
Jawaban : A, B, C
Penjelasan : statuses pada router tidak ada Drop, dan D pada royuter artinya Dynamic

23. Which default route will be active?


/ip route
add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.1
add disabled=no distance=5 dst-address=0.0.0.0/0 gateway=2.2.2.2
A. Route via gateway 2.2.2.2
B. Route via gateway 1.1.1.1
Jawaban : A
Penjelasan : yang distance-nya paling kecil, itu yang akan diprioritaskan.

24. What does the firewall action "Redirect" do? Select all true statements.
A. Redirects a packet to a specified port on the router
B. Redirects a packet to a specified IP
C. Redirects a packet to the router
D. Redirects a packet to a specified port on a host in the network
Jawaban : B, D
Penjelasan : router akan mengarahkan jalur paket ke ip, port, dan host di network yang telah
ditentukan

25. Which port does PPTP use by default?


A. TCP 1721
B. UDP 1723
C. TCP 1723
D. UDP 1721
Jawaban : C

=======================================================================
=================================================

6. Which firewall chain should you use to filter ICMP packets from the router itself?

A. input
B. postrouting
C. forward
D. output
Jawaba : input
Penjelasan : Karena ping harus memanggil router yang dimana itu menuju router

7. Destination NAT (chain dstnat, action dst-nat) can be used to:

A. Change destination port


B. Direct users from the Internet to a server within your local network
C. Change source port
D. Hide your local network from the Internet
Jawaban : A
Penjelasan : untuk mengubah dst port

9. Which is the default port of IP-Winbox?

A. UDP 8291
B. TCP 80
C. TCP 8291
D. TCP 8192
Jawaban : c

10. It is possible to create an encrypted PPPoE tunnel in RouterOS:

11. Why is it useful to set a Radio Name on the radio interface?

A. To identify a station in a list of connected clients


B. To identify a station in Neighbor discovery
C. To identify a station in the Access List:
Jawaban ; C
Penjelasan : untuk mengidentifikasi router (station) kepada AP

12. Your Company has been assigned a 172.16.25.0/25 network from your ISP. What are the
possible options to divide the network into subnets?

A. one /23 and one /27


B. four times /27
C. two times /24
D. two times /26
Jawaban :
Penjelasan :

13. You have a DHCP server on your MikroTik router. The IP addresses 10.1.2.2-10.2.2.20 are
distributed in the DHCP network. Additionally, 3 static IP address are defined for your servers:
10.1.2.31-10.1.2.33. After a while 20 more IP addresses need to be distributed in the network. It is
possible to distribute the extra IP address without adding another DHCP Server:

Penjelasan : kita harus menambah DHCP server lagi

14. When using routing option 'check-gateway=ping' after how many timeouts is gateway
considered unreachable:

A. 4
B. 1
C. 2
D. 3
Jawaban : C
Penjelasan : check-gateway akan memeriksa koneksi 2x10 detik bila timeout dan langsung ganti
jalur

15. There can be more than one PPPoE server in a single broadcast domain:

16. Which of the following is used in standard 802.11 wireless networks?

A. CSMA/CA
B. CDMA
C. FDD
D. CSMA/CD

17. Consider the following network diagram. In R1, you have the following configuration:
/ip route
add dst-address=192.168.1.0/24 gateway=192.168.99.2

/ip firewall nat


add chain=srcnat out-interface=Ether1 action=masquerade

On R2, if you wish to prevent all access to a server located at 192.168.1.10 from LAN1 devices,
which of the following rules would be needed?
A. /ip firewall filter add chain=forward src-address=192.168.99.1 dst-address=192.168.1.10
action=drop
B. /ip firewall filter add chain=forward src-address=192.168.0.0/24 dst-address=192.168.1.10
action=drop
C. /ip firewall filter add chain=input src-address=192.168.99.1 dst-address=192.168.1.10
action=drop
D. /ip firewall nat add chain=dstnat src-address=192.168.99.1 dst-address=192.168.1.10
action=drop
Jawaban : C
Penjeasan : kita akan mem-filter packet yang akan masuk ke router

18. If ARP=reply-only is configured on an interface, tcarmehis interface will

A. accept all IP addresses listed in '/ip arp' as static entries


B. add new MAC addresses in '/ip arp' list
C. accept IP and MAC address combinations listed in '/ip arp' list
D. accept all MAC-addresses listed in '/ip arp' as static entries
E. add new IP addresses in '/ip arp' list

Jawaban : A
Arp akan mengecek pada ip adde

19. Which option in the configuration of a wireless card must be disabled to cause the router to
permit ONLY known clients listed in the access list to connec
t?

A. Security Profile
B. Default Forward
C. Enable Access List
D. Default Authenticate
Jawaban : C
Penjelasan : gunakan Enable Access List

20. A routing table has following entries:

0 dst-address=10.0.0.0/24 gateway=10.1.5.126
1 dst-address=10.1.5.0/24 gateway=10.1.1.1
2 dst-address=10.1.0.0/24 gateway=25.1.1.1
3 dst-address=10.1.5.0/25 gateway=10.1.1.2

Which gateway will be used for a packet with destination address 10.1.5.126?

A. 10.1.1.1
B. 10.1.5.126
C. 10.1.1.2
D. 25.1.1.1
Jawaban : C
Penjelasan : kita menggunakan yang spesifik

21. In which order are the entries in Access List and Connect List processed?

A. By Signal Strength Range


B. In sequence order
C. In a random order
D. By interface name
Jawaban : D
Penjelasan : interface name akan muncul pada meu access list dan connect list

22. Simple Queue number 0 defines 2M for upload and download for target IP 10.10.0.33.
Simple Queue number 1 defines 4M for upload and download for target IP 10.10.0.33. Client
10.10.0.33 is be able to obtain

A. 6M upload/download
B. 0M upload/download
C. 4M upload/download
D. 2M upload/download
Jawaban : D
Penjelasan : berapapun jumlah simple queue yang dibuat, yang digunakan adalah yang paling
pertama.

1. Which features are removed when advanced-tools package is uninstalled?

A. neighbors
B. LCD support
C. ip-scan
D. ping
E. netwatch
F. bandwidth-test

Jawaban : C, D, E, F

2. What is the correct action to be specified in the NAT rule to hide a private network when
communicating to the outside world?

A. masquerade
B. allow
C. passthrough
D. tarpit

Jawaban : A
Penjelasan : action masquerade digunakan untuk menerjemahkan IP Private ke IP Public

3. Router A and B are both running as PPPoE servers on different broadcast domains of your
network. It is possible to set Router A to use "/ppp secret" accounts from Router B to authenticate
PPPoE customers.

Jawaban : False
Penjelasan : karena keduanya menjadi PPPoE Server

4. What does this simple queue do (check the image)?

A. Queue guarantees upload data rate of one megabit per second for host 192.168.1.10
B. Queue limits host 192.168.1.10 download data rate to one megabit per second.
C. Queue limits host 192.168.1.10 upload data rate to one megabit per second.
D. Queue guarantees download data rate of one megabit per second for host 192.168.1.10
Jawaban : C

5. /interface wireless access-list is used for

A. Handles a list of Client's MAC Address to permit/deny connection to AP


B. Shows a list of Client's MAC Address that are already registered at AP
C. Contains the security profiles settings
D. Authenticate Hotspot users

Jawaban : B
Penjelasan : untuk melihat MAC Address Client yang sudah terdaftar di AP
6. One host on an internal network is accessing an external web page through a MikroTik router that
is doing source NAT. Select correct statement about the packets that flow from that web page to the
host ?

A. Packets go through the input chain


B. Packets go through the forward chain
C. Packets go through the output chain
D. Packets go through the input chain before the routing decision and after that through output
chain

Jawaban : B
Penjelasan : karena chain forward melewati router

7. Which of the following is used in standard 802.11 wireless networks?

A. FDD
B. CDMA
C. CSMA/CA
D. CSMA/CD
Penjelasan: chek Wikipedia: https://en.wikipedia.org/wiki/Carrier-
sense_multiple_access_with_collision_avoidance#IEEE_802.11_RTS.2FCTS_Exchange

8. MikroTik RouterOS commands can be run once a day by:

A. /system watchdog
B. /system cron
C. /system scheduler

Jawaban : C
Penjelasan : /system scheduler gunanya untuk menjadwalkan menggunakan terminal pada router

9. Which port does PPTP use by default?

A. TCP 1721
B. UDP 1721
C. UDP 1723
D. TCP 1723

Jawaban : D

10. Where can you monitor (see addresses and ports) real-time connections which are processed by
the router?

A. Firewall Connection Tracking


B. Firewall Counters
C. Tool Torch
D. Queue Tree

Jawaban : A
Penjelasan : connection tracking digunakan untuk melacak station yang terhubung pada router
11. How many wireless clients can connect, when wireless card is configured to mode=bridge ?

A. 1
B. 100
C. 2007
D. 2

Jawaban :

12. For static routing functionality, additionally to the RouterOS 'system' package, you will also
need the following software package:

A. no extra package required


B. advanced-tools
C. dhcp
D. routing

Jawaban : A
Penjelasan : tidak perlu menambahkan package, karena router berfungsi untuk me-routing

13. You want to transfer existing '/ip firewall filter' configuration from one router to a new system.
Choose the best possible way to do:

A. Export global configuration and remove everything apart from '/ip firewall filter'
B. Create backup only of '/ip firewall filter' rules
C. Create backup, edit backup file and restore on target router
D. Export only '/ip firewall filter'

Jawaban : D
Penjelasan : karena yang diminta hanya filter rule

14. In which situations Netinstall can not be used to install RouterOS on a RouterBOARD?

A. The router does not have an operating system


B. The password of the router is not known
C. The router is connected only to a wireless network
D. The router is connected only to a secondary Ethernet port

Jawaban : C
Penjelasan : netinstall tidak dapat dihungkan melalui wireless

15. Which is the default port of IP-Winbox?

A. TCP 8192
B. TCP 80
C. TCP 8291
D. UDP 8291

Jawaban : C
16. In the Route List, the identification DAb for a route stands for

A. direct - active - bgp


B. direct - acknowledge - backup
C. dynamic - active - backup
D. dynamic - active - bgp

Jawaban : D

17. When using routing option 'check-gateway=ping' what is the ICMP echo request interval (in
seconds)?

A. 30s
B. 20s
C. 10s
D. 60s

Jawaba : C
Penjelasan : 10 detik = timeot, 20 detik = unreacheable

18. PPP Secrets are used for

A. PPP clients
B. L2TP clients
C. IPSec clients
D. PPtP clients
E. PPPoE clients
F. Router users

Jawaban : B, D, E

19. It is possible to have PPTP Client and PPTP server on one MikroTik router at the same time.

Jawaban : False
Penjelasan :
20. Which firewall chain would be used to block a client's MSN traffic on a router?

A. static
B. forward
C. output
D. input

Jawaban : B
Penjelasan ; karena melewati router

21. There are two routes in the routing table:


0 dst-addr=10.1.1.0/24 gateway=5.5.5.5
1 dst-addr=10.1.1.4/30 gateway=5.6.6.6
Which gateway will be used to get to the IP address 10.1.1.6?

A. both - half of the traffic will be routed through one gateway, half through the other
B. 5.5.5.5
C. the required route is not in the routing table
D. 5.6.6.6

Jawaban ; D
Penjelasan : router mencari prefix yang lebih spesifik

22. You want to use PCQ and allow 256k maximum download and upload for each client. Choose
correct argument values for the required queue.

A. kind=pcq pcq-rate=5000000 pcq-classifier=dst-address


B. kind=pcq pcq-rate=1256000 pcq-classifier=dst-address
C. kind=pcq pcq-rate=256000 pcq-classifier=src-address
D. kind=pcq pcq-rate=5000000 pcq-classifier=src-address
E. kind=pcq pcq-rate=256000 pcq-classifier=dst-address

Jawaban : C & E

23. In order to use dynamic keys in your wireless security profile for an AP, you MUST set up the
dhcp server to provide the dynamic keys.

Jawaban : false

24. Which firewall chain you should use to filter SSH access to the router itself?

A. output
B. input
C. prerouting
D. forward

Jawaban : B
Penjelasan ; karena masuk ke router

25. What can be used as ’target-address’ in the simple queue?

A. client’s MAC address


B. server’s address
C. address list name
D. client’s address

Jawaban : D
Penjelasan : target address diisi dengan address yang dituju
23. What kind of users are listed in the "/user" menu?

A. router users
B. wireless users
C. hotspot users
D. pptp users
Jawaban :A
Penjelasan : router user terletak pada system >user

24. Which is a default baud-rate of currently manufactured RouterBOARDs?

A. 9600
B. 115200
C. 38400
D. 11520
Jawaban : B
Penjelasan : 115200 adalah baud-rate routerboard

25. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These
flags mean:

A. Dynamic, Available, Created


B. Dynamic, Active, Connected
C. Direct, Available, Connected
D. Dynamic, Active, Console

1. You want to transfer existing '/ip firewall filter' configuration from one router to a new system.
Choose the best possible way to do:

A. Export only '/ip firewall filter'


B. Create backup only of '/ip firewall filter' rules
C. Create backup, edit backup file and restore on target router
D. Export global configuration and remove everything apart from '/ip firewall filter'
Jawaban : A
Penjelasan : kita hanya ingin meng-Export firelwall filter
2. How many DHCP servers can be configured per interface on RouterOS?

A. Five
B. One
C. Two
D. Unlimited
Jawaban : B
Penjelasan : karena DHCP server memiliki IP pool

3. There are two routes in the routing table:


0 dst-addr=10.1.1.0/24 gateway=5.5.5.5
1 dst-addr=10.1.1.4/30 gateway=5.6.6.6

Which gateway will be used to get to the IP address 10.1.1.6?

A. both - half of the traffic will be routed through one gateway, half through the other
B. 5.6.6.6
C. 5.5.5.5
D. the required route is not in the routing table
Jawaban : B
Penjelasan : preficx yang lebih spesifik akan di prioritaskan

4. A routing table has following entries:

0 dst-address=10.0.0.0/24 gateway=10.1.5.126

1 dst-address=10.1.5.0/24 gateway=10.1.1.1

2 dst-address=10.1.0.0/24 gateway=25.1.1.1

3 dst-address=10.1.5.0/25 gateway=10.1.1.2

Which gateway will be used for a packet with destination address 10.1.5.126?

A. 10.1.5.126
B. 10.1.1.1
C. 10.1.1.2
D. 25.1.1.1
Jawaban : C
Penjelasan : mengunakan prefix yang spesifik / detail

5. Which port does PPTP use by default?

A. TCP 1721
B. UDP 1721
C. UDP 1723
D. TCP 1723

Jawaban :

6. There are two wireless cards (wlan1 and wlan2) which are bridged together. On wlan1 card there
is a setting "Forwarding=no". Choose the correct answer(s):

A. Stations on wlan2 will be able to communicate with stations on wlan2


B. Stations on wlan2 will be able to communicate with stations on wlan1
C. Stations on wlan1 will be able to communicate with stations on wlan1
D. To prevent communication between wlan1 and wlan2 one cannot use Bridge Filters
E. Stations on wlan1 will be able to communicate with stations on wlan2
Jawaban : D
Penjelasan :

7. Consider a wireless access point with mode=ap-bridge. What is the maximum number of
concurrent clients that can connect to it?

A. 2007
B. 2012
C. 2048
D. 1024

8. Consider the following diagram. We want to communicate from a device on LAN1 to a device on
LAN2. Assuming that all necessary configurations are already included on R2, which of the
following configurations in R1 would enable this communication?

A. /ip route add dst-address=192.168.1.0/24 src-address=192.168.0.0/24 gateway=192.168.99.2


B. /ip route add dst-address=0.0.0.0/0 gateway=Ether1
C. /ip route add dst-address=192.168.0.0/24 gateway=192.168.0.1
D. /ip route add dst-address=192.168.1.0/24 gateway=192.168.99.2
E. /ip route add dst-address=0.0.0.0/0 gateway=192.168.99.2

9. PPP Secrets are used for

A. PPtP clients
B. L2TP clients
C. Router users
D. PPPoE clients
E. IPSec clients
F. PPP clients

Jawaban : A, B, D, F
Penjelasan : seluruh User Tunnel
10. For a Simple Queue to apply a bandwidth restrictions on a bridged interface, following must be
done:

A. Configure an IP address on the bridge interface


B. Use mangle to mark the connections
C. Associate the Simple Queue to the bridge interface
D. Enable 'Use IP Firewall' in bridge settings
Jawaban : B
Penjelasan : menggunakan interface bridge

11. In RouterOS queue configurations the word "total" usually represents

A. download - upload
B. upload
C. upload + download
D. Download
Jawaban : C
Penjelasan ; total adalah hasil dari bandwidth upload + bandwidth Download

12. What does the firewall action "log" do?

A. It logs and blocks the packet


B. It blocks and logs the packet
C. It adds a prefix to the packet and passes it through
D. It logs the packet

Jawaban : d
Pernjelasan : untuk memblok paket dan mencatatnya di Log

13. Which of the following is true for connection tracking

A. Connection tracking must be enabled for NAT'ed network


B. Enabling connection tracking reduces CPU usage in RouterOS
C. Disable connection tracking for mangle to work
D. Connection tracking must be enabled to be able to use all firewall features
jawaban : A, D
Penjelasan :untuk menggunakan connection tracking harus menyalakan NAT, dan juga dapat
menggunakan seluruh fitur dari firewall

14. How many different priorities can be selected for queues in MikroTik RouterOS?

A. 1
B. 16
C. 0
D. 8
Jawaban : B
Penjelasan :

15. Which of the following keystrokes enables safe mode in console:

A. Ctrl+x
B. Ctrl+c
C. Ctrl+d
D. Ctrl+s
Jawaban : A
Penjelasan :

16. Select minimal set of software packages in RouteOS required to configuring a wireless AP

A. Wireless
B. advanced-tools
C. dhcp
D. routing
E. System
Jawaban : A, E
Penjelasan : hanya 3 package terpenting untuk menjadi Wireless AP

17. For static routing functionality, additionally to the RouterOS 'system' package, you will also
need the following software package:

A. no extra package required


B. advanced-tools
C. dhcp
D. Routing

Jawaban : A
Penjelasan : tidak perlu menambah konfigurasi untuk melakukan static routing

18. What is possible with Netinstall?

A. MikroTik RouterOS reinstall


B. MikroTik RouterOS password reset with saving router's configuration
C. MikroTik RouterOS configuration reset

Jawaban :A, B, C
19. Possible actions of ip firewall filter are:

A. bounce
B. log
C. accept
D. tarp
E. add-to-list
F. Tarpit
Jawaban :

20. What is the minimal possible wireless configuration to create an Access Point?

A. DFS mode
B. WDS
C. scan-list
D. radio name
E. mode
F. frequency
G. band
H. ssid

Jawaban : E
Penjelasan : yang paling penting adalah Mode, karna bila mode tidak diseting maka tidak akan jalan
sebuah kelompok tsb.

21. What is the correct action for a NAT rule on a router that should intercept SMTP traffic and send
it over to a specified mail server?

A. redirect
B. passthrough
C. dst-nat
D. tarpit

Jawaban : C
Penjelasan : dst-nat digunakan untuk menerjemahkan IP public ke IP private

22. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there
is a router between server and end-user host, it will not be able to create PPPoE tunnel to that
PPPoE server.

23. It is possible to create an encrypted PPPoE tunnel in RouterOS:

24. Where should you upload new MikroTik RouterOS version packages for upgrading router?

A. FTP root directory or /files directory of the router


B. System Package menu
C. Any directory in /files
D. System Backup menu

Jawaban : B
Penjelasan : kita dapat melihatnya di system>package menu

25. During a scan, in order to see all the available wireless frequencies that are supported by the
card, the following option must be selected in the wireless card's "Frequency Mode":

A. regulatory domain
B. superchannel
C. manual txpower
=======================================================================
=======================================================================
============================================

1. A client uses a RouterBOARD1000. The clock is configured in '/system clock'. The clock resets
to default after each reboot.
Select the best solution for the problem.

A. Write a script in '/system script' to set the clock


B. Configure '/system ntp server' and set a valid and reachable NTP client address.
C. Configure '/system ntp client' and set a valid and reachable NTP server address.
D. Open the router and ensure the CMOS battery is fine.

Jawaban : C
Penjelasan : Karena NTP akan selalu menyinkornisasikan waktu selama router hidup atau menyala

2. Which of the protocols below is used by Netinstall?

A. arp
B. bootp
C. dhcp
D. rarp

Jawaban : B
Penjelasan :

3. /ip route configuration on router,

/ip route add gateway=192.168.0.1


/ip route add dst-address=192.168.1.0/24 gateway=192.168.0.2
/ip route add dst-address=192.168.2.0/24 gateway=192.168.0.3
/ip route add dst-address=192.168.3.0/26 gateway=192.168.0.4

Router needs to send packets to 192.168.3.240. Which gateway will be used?

A. 192.168.0.2
B. 192.168.0.4
C. 192.168.0.1
D. 192.168.0.3

Jawaban : C
Penjelasan : Karena IP termasuk pada config yang pertama

4. For a Simple Queue to apply a bandwidth restrictions on a bridged interface, following must be
done:

A. Configure an IP address on the bridge interface


B. Use mangle to mark the connections
C. Enable 'Use IP Firewall' in bridge settings
D. Associate the Simple Queue to the bridge interface

Jawaban :
Penjelasan : harus memasukan interface bridge pada simple queue
5. Mark all correct answers

A. Wireless access-list could allow and deny connect to your AP


B. The only way to prevent wireless clients connections - disable wireless interface
C. Default-Forwarding could be enabled for a specific clients by wireless access-list
D. /ip firewall filter allows to deny authentication to AP

Jawaban :

6. NAT rule is going to catch SMTP traffic and send it to a specific mail server.
What is the correct action for a NAT rule?

A. passthrough
B. dst-nat
C. redirect
D. tarpit

Jawaban : A
Penjelsan : akan di Passthrough ke Server langsung
7. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These
flags mean:

A. Direct, Available, Connected


B. Dynamic, Active, Connected
C. Dynamic, Available, Created
D. Dynamic, Active, Console

Jawaban : B
Penjelasan : DAC adalah flag dinamik routing, yang berarti Dynamic, Active, Connected

8. It is possible to create an encrypted PPPoE tunnel in RouterOS:

Penjelasan : kita dapat mengengkripsi PPPoE Tunnel

9. Action=redirect is applied in

A. chain=srcnat
B. chain=forward
C. chain=dstnat

Jawaban : B
Penjelasan : chain Forward berarti melewati router, saat melewati router, router mengubah jalur atau
me redirect jalur paket
10. MikroTik RouterOS commands can be run once a day by:

A. /system watchdog
B. /system cron
C. /system scheduler

Jawaban : C
Penjelasan : /system scheduler untuk menjadwal pemakaian Command

11. Router has wireless and ethernet client interfaces, all client interfaces are bridged. To create a
DHCP service for all clients, DHCP server must be configured on:

A. Ethernet and wireless interfaces


B. DHCP service is not possible in this setup
C. Every bridge port
D. Only on the bridge interface

Jawaban : D
Penjelasan : buat di interface bridge saja, Karena semua interface client sudah masuk bridge

12. You want to use PCQ and allow 256k maximum download and upload for each client. Choose
correct argument values for the required queue.

A. kind=pcq pcq-rate=1256000 pcq-classifier=dst-address


B. kind=pcq pcq-rate=5000000 pcq-classifier=src-address
C. kind=pcq pcq-rate=256000 pcq-classifier=dst-address
D. kind=pcq pcq-rate=5000000 pcq-classifier=dst-address
E. kind=pcq pcq-rate=256000 pcq-classifier=src-address

Jawaban : C & E
Penjelasan : Karena pcq rate sesuai seperti yang diminta

13. Which is a default baud-rate of currently manufactured RouterBOARDs?

A. 115200
B. 9600
C. 38400
D. 11520

Jawaban : C
Penjelasan : baud rate RouterBOARDs adalah 38400

14. DHCP server is configured on a router’s ether1 interface. IP address 192.168.0.100/24 is


assigned to the interface. Possible IP pools, that can be used by this DHCP server, are:

A. 192.169.0.1-192.169.0.254
B. 192.168.0.1-192.168.0.255
C. 192.168.0.1-192.168.0.99,192.168.0.101-192.168.0.254
D. 192.168.0.1-192.168.0.14
Jawaban : C
Penjelasan : Karena IP 192.168.0.100 sudah terpakai oleh router pada interface ether1

15. There can be more than one PPPoE server in a single broadcast domain:

Penjelasan : dapat menambah lebih dari satu, sesuai dengan lisensi yang digunakan

16. Which wireless mode allows you to connect to any standard AP (not only MikroTik) and to be
able to bridge this wireless interface to an Ethernet?

A. station
B. station-wds
C. bridge
D. station-pseudobridge

Jawaban : A
Penjelasan : mode station bias kita gunakan untuk konek ke semua AP (tidak hanya mikrotik)

17. To block communications between wireless clients connected to the same access point interface,
you should set

A. 'default-forwarding=no'
B. 'max-station-count=1'
C. 'default-authentication=no'
D. 'default-authentication=no' and 'default-forwarding=no'

Jawaban :

18. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there
is a router between server and end-user host, it will not be able to create PPPoE tunnel to that
PPPoE server.

Penjelasan : ethernet broadcast domain tidak harus sama

19. Which default route will be active?

/ip route
add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=1.1.1.1
add disabled=no distance=5 dst-address=0.0.0.0/0 gateway=2.2.2.2

A. Route via gateway 2.2.2.2


B. Route via gateway 1.1.1.1

Jawban : A
Penjelasan : Karena distancenya lebih kecil

20. Which are necessary sections in /queue simple to set bandwidth limitation?
A. max-limit
B. target-address, max-limit
C. target-address, dst-address
D. target-address, dst-address, max-limit

Jawaban : B
Penjelasan : kita hanya perlu mengatur target dan max-limit
21. Which option in the configuration of a wireless card must be disabled to cause the router to
permit ONLY known clients listed in the access list to connect?

A. Enable Access List


B. Security Profile
C. Default Authenticate
D. Default Forward

Jawaban : A
Penjelasan : access list dibuat untuk mendaftarkan router yang bisa mengakses AP

22. For static routing functionality, additionally to the RouterOS 'system' package, you will also
need the following software package:

A. advanced-tools
B. routing
C. dhcp
D. no extra package required

Jawaban : D
Penjelasan : sebuah router tidak perlu menambahkan konfigurasi tambahan untuk menjalankan
fungsinya sebagai router

23. Which firewall chain should you use to filter clients HTTP traffic going through the router?

A. prerouting
B. forward
C. output
D. input
Jawaban : B
Penjelasan : router akan memfilter paket yang melewati Router

24. What is necessary for PPPoE client configuration?

A. ip firewall nat masquerade rule


B. Interface (on which PPPoE client is going to work)
C. Static IP address on PPPoE client interface

Jawaban : C
Penjelasan : memerlukan IP address static PPPoE client

25. Action=redirect can be used in NAT chain src-nat


A. true
B. false

=======================================================================
=======================================================================
============================================

1. By default info, error and warning messages are logged into memory of your RouterOS device.
You can add logging of visited web-pages and other message topics

2. PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is
a router between server and end-user host, it will not be able to create PPPoE tunnel to that PPPoE
server.

3. What does the firewall action "Redirect" do? Select all true statements.

A. Redirects a packet to a specified IP


B. Redirects a packet to a specified port on a host in the network
C. Redirects a packet to the router
D. Redirects a packet to a specified port on the router

4. What kind of packet is marked by connection-state=established matcher?

A. Packet is related to, but not part of an existing connection


B. Packet belongs to an existing connection, for example a reply packet or a packet which belongs
to already replied connection
C. Packet does not correspond to any known connection
D. Packet begins a new TCP connection

5. Consider the following network diagram. In R1, you have the following configuration:
/ip route
add dst-address=192.168.1.0/24 gateway=192.168.99.2

/ip firewall nat


add chain=srcnat out-interface=Ether1 action=masquerade
On R2, if you wish to prevent all access to a server located at 192.168.1.10 from LAN1 devices,
which of the following rules would be needed?

A. /ip firewall filter add chain=input src-address=192.168.99.1 dst-address=192.168.1.10


action=drop
B. /ip firewall nat add chain=dstnat src-address=192.168.99.1 dst-address=192.168.1.10
action=drop
C. /ip firewall filter add chain=forward src-address=192.168.99.1 dst-address=192.168.1.10
action=drop
D. /ip firewall filter add chain=forward src-address=192.168.0.0/24 dst-address=192.168.1.10
action=drop

6. What is the meaning of the status letter "R" on a PPPoE client interface in RouterOS Interfaces
menu?

A. Running
B. Remote
C. Radius
D. Reconnecting

7. In the Route List, the identification DAb for a route stands for

A. dynamic - active - bgp


B. dynamic - active - backup
C. direct - acknowledge - backup
D. direct - active - bgp

8. When viewing the routes in Winbox, some routes will show "DAC" in the first column. These
flags mean:

A. Dynamic, Available, Created


B. Direct, Available, Connected
C. Dynamic, Active, Connected
D. Dynamic, Active, Console

9. Which type of encryption could be used to establish a connection with a simple passkey without
using a 802.1X authentication server?

A. WPA EAP/WPA2 EAP


B. WPA PSK/WPA2 PSK

10. Select minimal set of software packages in RouteOS required to configuring a wireless AP

A. advanced-tools
B. routing
C. system
D. dhcp
E. wireless

11. Which configuration menu should you use to change router's Winbox default port?

A. /ip firewall service-ports


B. /system resource
C. /ip firewall filter
D. /ip service

12. RouterOS log messages are stored on disk by default

13. What is necessary for PPPoE client configuration?

A. Static IP address on PPPoE client interface


B. ip firewall nat masquerade rule
C. Interface (on which PPPoE client is going to work)

14. To apply bandwidth restrictions using Simple queue on traffic that travels from one bridge port
to another bridge port within the same bridge interface, following must be done:

A. Enable 'Use IP Firewall' in bridge settings


B. Use mangle to mark the connections
C. Configure an IP address on the bridge interface
D. Associate the Simple queue to the bridge interface

15. The 'check-gateway' option is enabled for one route. Select all statements that are true:

A. In case of failure of the gateway, routes pointing to that gateway will become inactive
B. Gateway is checked every 10 seconds and after 2 failures, the gateway is considered
unreacheable
C. Gateway is checked every 10 seconds and after a single failure, the gateway is considered
unreacheable
D. Check gateway option can be configured for Ping, ARP and RARP (reverse ARP)

16. Simple Queue number 0 defines 2M for upload and download for target IP 10.10.0.33.
Simple Queue number 1 defines 4M for upload and download for target IP 10.10.0.33.

The maximum bandwidth that the client 10.10.0.33 is be able to obtain is:

A. 0M upload/download
B. 4M upload/download
C. 6M upload/download
D. 2M upload/download
17. Where should you upload new MikroTik RouterOS version packages for upgrading router?

A. System Backup menu


B. Any directory in /files
C. FTP root directory or /files directory of the router
D. System Package menu

18. How long is level 1 (free) license valid?

A. Infinite time
B. 24 hours
C. 1 year
D. 1 month

19. You can control bandwidth of a client connected to AP with the resource / interface wireless
access-list ( assume the client uses MikroTik RouterOS).

20. Which port does PPTP use by default?

A. TCP 1721
B. TCP 1723
C. UDP 1723
D. UDP 1721

21. Router has wireless and ethernet client interfaces, all client interfaces are bridged. To create a
DHCP service for all clients, DHCP server must be configured on:

A. Ethernet and wireless interfaces


B. DHCP service is not possible in this setup
C. Only on the bridge interface
D. Every bridge port

22. What can be used as "Target" in the simple queue?

A. Client IP address
B. Client MAC address
C. Address list name
D. Server IP address

23. Which of the following would prevent unknown clients from connecting to your AP? Choose
the BEST answer.
A. Uncheck 'Default Authenticate' in the wireless card configuration, and add each known client's
MAC address to your access-list configuration ensuring that you enable 'authenticate' in the entry
B. Uncheck 'Default Authenticate' in the wireless card configuration, and add each known client's
MAC address to your connect-list configuration
C. Configure the radius server under '/radius'
D. Add each known client's MAC address to your access-list configuration is the only step needed
E. Check the 'Do not permit unknown client' box in the wireless configuration

24. It is required to make a web server residing on a private subnet in a LAN visible on the public
Internet. Only the web server port should be visible to the public. Which of the following
configuration steps must be met (select all that apply):

A. A route between the NAT Router and the web server must exist
B. LAN address of the web server should be routable on the Internet
C. Connection tracking must be enabled on the NAT router
D. In IP firewall NAT there should be a dst-nat between the public IP address of the router and the
private IP of the web server
E. Public IP address of the web server must be installed on the NAT Router

25. For static routing functionality, additionally to the RouterOS 'system' package, you will also
need the following software package:

A. no extra package required


B. advanced-tools
C. dhcp
D. routing

=======================================================================
=======================================================================
============================================

1.A network ready device is directly connected to a MikroTik RouterBOARD 750 with a correct
U.T.P. RJ45 functioning cable. The device is configured with an IPv4 address of 192.168.100.70
using a subnet mask of 255.255.255.252. What will be a valid IPv4 address for the RouterBOARD
750 for a successful connection to the device?
a. 192.168.100.70/255.255.255.252
b. 192.168.100.69/255.255.255.252
c. 192.168.100.71/255.255.255.252
d. 192.168.100.68/255.255.255.252
Jawaban : b.192.168.100.69/255.255.255.252
gunakan prefix /30. kenapa ?
karena jumlah ip /30 adalah 4, rumus subnetmask adalah 256 - jumlah ip = subnet mask
jadi, 256-4=252. sekarang tinggal cari range ip 192.168.100.70. Range IP (68-71)
kenapa tidak menggunakan 68 atau 71 ? kenapa harus 69 ?. Karena 68 dan 70 bukan IP Host
2. In MikroTik RouterOS, Layer-3 communication between 2 hosts can be achieved by using an
address subnet of:
a. /31
b. /29
c. /32
d. /30
Jawaban : d. /30
kenapa /30 ?
karena jumlah ip pada /30 adalah 4 yakni 1 ip network, 1 ip broadcast, dan 2 ip host
jawaban b sebenarna juga bisa, akan tetapi saya tidak tahu apakah jawabannya multiple choice atau
bukan.

3. Which computers would be able to communicate directly (without any routers involved)
a. 192.168.17.15/29 and 192.168.17.20/28
b. 192.168.0.5/26 and 192.168.0.100
c. 10.5.5.1/24 and 10.5.5.100/25
d. 10.10.0.17/22 and 10.10.1.30/23
Jawaban : C & D
Karena c dan d ip-Nya berada dalam 1 network.
4. How many IP addresses can one find in the header of an IP packet?
a. 1
b. 3
c. 2
d. 4
Jawaban : C. 2

5. The network address is


a. The first usable address of the subnet
b. The last address of the subnet
c. The first address of the subnet
Jawaban : c. The first address of the subnet
Network Address adalah alamat network paling pertama didalam sebuah jaringan / subnet yang
dimana tidak bisa digunakan oleh host / client.

6. What is term for the hardware coded address found on an interface?


a. IP Address
b. MAC Address
c. FQDN Address
d. Interface Address
Jawaban : b. MAC Address
Karena MAC Address telah ditetapkan di setiap interface perangkat jaringan
7. How many usable IP addresses are there in a 23-bit (255.255.254.0) subnet?
a. 512
b. 510
c. 508
d. 254
Jawaban :
/23 adalah ip kelas B, untuk mengetahui jumlah ip-nya kita harus mengubahnya ke IP kelas C,
caranya kita tambahkan 8 sampai menjadi kelas C. /23 + 8 =/31. Jumlah Ip /31 adalah 2
Cara menghitung jumlah ip kelas B ialah 256 x jumlah ip kelas C = jumlah ip kelas b. jadi 256 x 2 =
512.

8. Is ARP used in the IPv6 protocol ?


False
True
Jawaban : False
kenapa ?. Karena pada IPv6 ARP telah digantikan oleh Neighbor Solicitation secara multicast.

9. Which of the following protocols / port s are used for SNMP. (Simple Network Management
Protocol)
a. TCP 162
b. UDP 162
c. UDP 161
d. TCP 25
e. TCP 123
f. TCP 161
Jawaban : B & C
TCP 162 ialah protocol SNMP Trap, TCP 25 ialah SMTP.

10. If ARP=reply-only is configured on an interface, what will this interface do


a. Accept all IP/MAC combinations listed in /ip arp as static entries
b. Accept all IP addresses listed in /ip arp as static entries
c. Add new MAC addresses in /ip arp list
d. Accept all MAC-addresses listed in /ip arp as static entries
e. Add new IP addresses in /ip arp list
Jawaban : A
karena ARP dapat menerima IP Address maupun MAC Address

11. Select which of the following are ‘Public IP addresses’:


a. 192.168.0.1
b. 172.168.254.2
c. 172.28.73.21
d. 10.110.50.37
e. 11.63.72.21
Jawaban : B & E
kenapa ?, karena 10.0.0.0 - 10.255.255.255, 172.16.0.0 - 172.31.255.255, 192.168.0.0 -
192.168.255.255
itu adalah ip private

12. Which of the following IP addresses are publicly routable?


a. 127.34.155.3
b. 192.168.1.4
c. 172.16.13.23
d. 11.3.10.4
Jawaban : d. 11.3.10.4
karena jawaban A, B, dan C adalah ip private.

13. If ARP=reply-only is enabled on one router interface, router can add dynamic ARP entries for
the particular interface.
False
True

14. The basic unit of a physical network (OSI Layer 1) is the:


a. Header
b. Byte
c. Bit
d. Frame
Jawaban : Bit
karena yang bekerja pada physical network hanyalah bit

15. Which ones of the following are valid IP addresses?


a. 192.168.13.255
b. 10.10.14.0
c. 192.168.256.1
d. 1.27.14.254
Jawaban :
jawaban c tidak bisa disebut valid ip karena, max ip adalah 255

16. How many usable IP addresses are there in a 20-bit subnet?


a. 2046
b. 2047
c. 4094
d. 4096
e. 2048
Jawaban : c. 4094
cara mencarinya /20 + 8 = 28, jumlah ip /28 adalah 16, maka 16 x 256 = 4094

17. Which of the following is NOT a valid MAC Address?


a. 13:16:86:53:89:43
b. 80:GF:AA:67:13:5D
c. 88:0C:00:99:5F:EF
d. EA:BA:AA:EE:FF:CB
e. 95:B5:DD:EE:78:8A
Jawaban : b. 80:GF:AA:67:13:5D
karena MAC Address terdiri dari Hexadesimal

18. MAC layer by OSI model is also known as


a. Layer 3
b. Layer 7
c. Layer 1
d. Layer 2
e. Layer 6
Jawaban : b. Layer 2
karena MAC address bekerja pada layer 2

19. Select valid MAC-address


a. G2:60:CF:21:99:H0
b. 00:00:5E:80:EE:B0
c. AEC8:21F1:AA44:54FF:1111:DD
d. AE:0212:1201
e. 192.168.0.0/16
Jawaban : b
karena huruf G tidak termasuk pada MAC Address

20. How many layers does Open Systems Interconnection model have?
a. 7
b. 6
c. 5
d. 12
e. 9
Jawaban : 7
OSI Layer hanya memiliki 7 layer

21. Action=redirect is applied in


a. chain=srcnat
b. chain=dstnat
c. chain=forward
Jawaban : b. chain=dstnat
karena action redirect membutuhkan tujuan untuk me-redirect
22. You have 802.11b/g wireless card. What frequencies are available to you?
a. 5800MHz
b. 2412MHz
c. 5210MHz
d. 2422MHz
e. 2327MHz

23. Mark all correct statements about /export (rsc file).


a. Exports logs from /log print
b. Exports full configuration of the router
c. Exports only part of the configuration (for example /ip firewall)
d. Exports scripts from /system
e. Exports files could not edited
Jawaban : B & C
File Export dapat diedit, kita tidak bisa meng-export script dari system kita tidak dapat
meng-export log dari /log print. kita hanya dapat meng-export Full configuration dan part
of the configuration dari router.

24. What wireless card can we use to achieve 100 Mbps actual wireless throughput?
a. 802.11 b/g
b. 802.11 a/b/g
c. 802.11 a
d. 802.11 a/n
e. 802.11 a/b/g/n
Jawaban : a. 802.11b/g
karena wireless card 802.11b/g memiliki bandwith up to 300Mbps

25. It is possible to add user-defined chains in ip firewall mangle


True
False
Jawaban : yes
26. Choose all valid hosts address range for subnet 15.242.55.62/27
a. 15.242.55.31-15.242.55.62
b. 15.242.55.32-15.242.55.63
c. 15.242.55.33-15.242.55.62
d. 15.242.55.33-15.242.55.63
Jawaban : c. 15.242.55.33 - 15.242.55.62
menghitung ip dengan prefix /27

27. Action=redirect allows you to make


a. Transparent DNS Cache
b. Forward DNS to another device IP address
c. Enable Local Service
d. Transparent HTTP Proxy
Jawaban : A & D
DNS dan Proxy membutuh kan Action=redirect
28. Which is correct masquerade rule for 192.168.0.0/24 network on the router with outgoing
interface=ether1?
a. /ip firewall nat add action=masquerade chain=srcnat
b. /ip firewall nat add action=masquerade chain=srcnat src-address=192.168.0.0/24
c. /ip firewall nat add action=masquerade out-interface=ether1 chain=dstnat
d. /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1
Jawaban : D
/ip firewall nat add action=masquerade chain=srcnat out-interface=ether1
29. What letters appear next to a route, which is automatically created by RouterOS when user adds
a valid address to an active interface?
a. I
b. D
c. A
d. S
e. C
Jawaban : B, C, E
D adalah Dynamic, A adalah Active, C adalah
30. Mark all features that are compatible with Nstreme
a. WDS between a device in station-wds mode and a device in station-wds mode
b. Encryption
c. WDS between a device in ap-bridge mode with a device in station-wds mode
d. Bridging a device in station mode with a device in ap-bridge mode
Jawaban : C
karena Nstreme membutuhkan decive AP dan Station
31. Can you manually add drivers to RouterOS in case your PCI Ethernet card is not recognized,
and it’s a driver issue?
a. Yes
b. No
Jawaban : No
karena hardware dari router tersebut tidak suport untuk drivernya
32. For static routing functionality, additionally to the RouterOS system package, you will also need
the following software package:
a. none
b. dhcp
c. routing
d. advanced-tools
Jawaban : None
untuk melakukan Static Routing kita tidak memutuhkan package tambahan. karena static routing
sudah ada pada package system.
33. Which are necessary sections in /queue simple to set bandwidth limitation?
a. target-address, max-limit
b. target-address, dst-address, max-limit
c. target-address, dst-address
d. max-limit
Jawaban : A
untuk melimit bandwidth, hanya perlu target address dan max limit untuk melimit bandwidth
34. What protocol is used for Ping and Trace route?
a. DHCP
b. IP
c. TCP
d. ICMP - ping
e. UDP – trace route
Jawaban : ICMP dan UDP
ICMP adalah protocol untuk ping, dan UDP bisa digunakan untuk Trace route
35. From which of the following locations can you obtain Winbox?
a. Router’s webpage
b. Files menu in your router
c. Via the console cable
d. mikrotik.com
Jawaban : A & D
kita hanya bisa mendownload winbox dari mikrotik.com dan router's webpage

36. Two hosts, A and B, are connected to a broadcast LAN. Select all the answers showing pairs of
IP address/mask which would allow IP connections to be established between the two hosts.
a. A: 10.1.2.66/25 and B: 10.1.2.109/26
b. A: 10.2.2.1/23 and B: 10.2.0.1/22
c. A: 10.1.2.192/24 and B: 10.1.2.129/26
d. A: 10.2.1.0/23 and B: 10.2.0.1/22
Jawaban : A
karena 10.1.2.66/25 dan 10.1.2.109/26 berada dalam network yang sama

37. Why is it useful to set a Radio Name on the radio interface?


a. To identify a station in a list of connected clients
b. To identify a station in the Access List
c. To identify a station in Neighbor discovery
Jawaban : A
untuk mengidentifikasi Sation di Connect List

38. What kind of users are listed in the Secrets window of the PPP menu?
a. pptp users
b. l2tp users
c. winbox users
d. wireless users
e. pppoe users
f. hotspot users
Jawaban : A, B, & E
pada menu secret, hanya ada user bridge
39. Router A and B are both running as PPPoE servers on different broadcast domains of your
network. Is it possible to set Router A to use “/ppp secret” accounts from Router B to authenticate
PPPoE customers ?
Yes
No
Jawaban : NO
karena IP Broadcastnya berbeda

40. MikroTik RouterOS DHCP client can receive following options


a. Byte limit
b. IP Gateway
c. Rate limit
d. Uptime limit
e. IP Address and Subnet
Jawaban : B, C, E
DHCP client tidak bisa melimit bandwidth karena itu adalah fitur Queue, dan DHCP client tidak
bisa mengatur uptime limit karena itu fitur dari DHCP server atau Hotspot

41. If you need to make sure that one computer in your HotSpot network can access the Internet
without HotSpot authentication, which menu allows you to do this?
a. Users
b. IP bindings
c. Walled-garden
d. Walled-garden IP
Jawaban :
fitur dari walled-garden ialah kita dapat membypass user ke web yang telah ditentukan tanpa harus
login ke hotspot tersebut

42. How many different priorities can be selected for queues in MikroTik RouterOS?
a. 8
b. 16
c. 0
d. 1

43. Which default route will be active? /ip route add disabled=no distance=10 dst-address=0.0.0.0/0
gateway=1.1.1.1 add disabled=no distance=5 dst-address=0.0.0.0/0 gateway=2.2.2.2
a. Route via gateway 1.1.1.1
b. Route via gateway 2.2.2.2
Jawaban : b.
distance yang paling kecil lebih diprioritaskan oleh router

44. How long is level 1 (demo) license valid?


a. 24 hours
b. Infinite time
c. 1 month
d. 1 year
Jawaban : a
license level 1 atau Demo, hanya berlaku selama 1 hari atau 24 jam
45. Is ARP used in the IPv6 protocol ?
True
False
Jawaban : False
karena ARP pada protocol IPv6 telah digantikan oleh Neighbor Solicitation

46. In MikroTik RouterOS, Layer-3 communication between 2 hosts can be


achieved by using an address subnet of:
a. /30
b. /29
c. /32
d. /31
Jawaban :
Prefix yang bisa digunakan oleh 2 host atau lebih

47. A PC with IP 192.168.1.2 can access internet, and static ARP has been set for that IP address on
gateway. When the PC Ethernet card failed, the user change it with a new card and set the same IP
for it. What else should be done?
a. Old static ARP entry on gateway has to be updated for the new card
b. Nothing – it will work as before
c. MAC-address of the new card has to be changed to MAC address of old card
d. Another IP has to be added for Internet access
Jawaban : A & C
Kita harus mengganti Ethernet Card-Nya, setelah diganti kita harus mengubah MAC Address pada
Interface kartu yang baru

48. How many usable IP addresses are there in a 20-bit subnet?


a. 2047
b. 4096
c. 2048
d. 2046
e. 4094
Jawaban : e
Kita menghitung IP yakni : 16 x 256 = 4094
49. What is the default TTL (time to live) on a router that an IP packet can experience before it will
be discarded ?
a. 60
b. 30
c. 1
d. 64
Jawaban : D
tu adalah TTL Router secara Default

50. The network address is


a. The first usable address of the subnet
b. The last address of the subnet
c. The first address of the subnet
Jawaban : C
alamat pada diawal depan subnetting.
51. Which ones of the following are valid IP addresses?
a. 192.168.13.255
b. 1.27.14.254
c. 10.10.14.0
d. 192.168.256.1
Jawaban : A, B, C
maksimal IP address adalah 255

52. Which of the following is NOT a valid MAC Address?


a. 95:B5:DD:EE:78:8A
b. 13:16:86:53:89:43
c. 80:GF:AA:67:13:5D
d. 88:0C:00:99:5F:EF
e. EA:BA:AA:EE:FF:CB
Jawaban : C
MAC address terdiri dari huruf Hexadesimal

53. If ARP=reply-only is configured on an interface, what will this interface do


a. Add new IP addresses in /ip arp list
b. Accept all IP/MAC combinations listed in /ip arp as static entries
c. Accept all MAC-addresses listed in /ip arp as static entries
d. Add new MAC addresses in /ip arp list
e. Accept all IP addresses listed in /ip arp as static entries
Jawaban : B
Menerima seluruh IP atau MAC Address yang terdaftar pada arp static entries
54. What is term for the hardware coded address found on an interface?
a. IP Address
b. Interface Address
c. MAC Address
d. FQDN Address
Jawaban : C
pada setiap interface telah disetting MAC Address masing masing
55. Which of the following IP addresses are publicly routable?
a. 127.34.155.3
b. 192.168.1.4
c. 172.16.13.23
d. 11.3.10.4
Jawaban : D
IP yang routeable tidak harus menggunakan Private Lesson
56. What protocol does ping use?
a. UDP
b. TCP
c. ARP
d. ICMP
Jawaban : D
ICMP adalah protocol untuk Ping

57. MAC layer by OSI model is also known as


a. Layer 3
b. Layer 7
c. Layer 2
d. Layer 6
e. Layer 1
Jawaban : C
IP yang routeable tidak harus menggunakan Private Lesson

58. How many layers does Open Systems Interconnection model have?
a. 12
b. 6
c. 9
d. 5
e. 7
Jawaban : E
OSI layer hanya memiliki 7 Moled pengket
59. How many IP addresses can one find in the header of an IP packet?
a. 3
b. 4
c. 1
d. 2
Jawaban : D

60. The basic unit of a physical network (OSI Layer 1) is the:


a. Byte
b. Frame
c. Bit
d. Header
Jawaban : C
yang bekerja pada physical network atau layer 1 adalah Bit atau kode binnary

61. You have a router with configuration


- Public IP :202.168.125.45/24
- Default gateway:202.168.125.1
- DNS server: 248.115.148.136, 248.115.148.137
- Local IP: 192.168.2.1/24
Mark the correct configuration on client PC to access to the Internet
a. IP:192.168.0.1/24 gateway:192.168.2.1
b. IP:192.168.2.253/24 gateway:202.168.0.1
c. IP:192.168.1.223/24 gateway:248.115.148.136
d. IP:192.168.2.115/24 gateway: 192.168.2.1
e. IP:192.168.2.2/24 gateway:202.168.125.45

62. On the advanced menu of the wireless setup there is a parameter called “Area”, it works directly
with:
a. Connect List
b. Access List
c. Security Profile
Jawaban : A
Connect list mendaftarkan Station pada AP

63. What menus should be used to allow certain websites to be accessed from behind a hotspot
interface, without client authentication
a. ip hotspot ip-binding
b. ip hotspot profile
c. ip hotspot walled-garden
d. ip hotspot walled-garden ip
Jawaban : C
Fungsi walled-garden ialah mengakses website tanpa harus login Hotspot terlebih dahulu

64. You want to use PCQ and allow 256k maximum download and upload for each client. Choose
correct argument values for the required queue.
a. kind=pcq pcq-limit=1256000 pcq-classifier=dst-address
b. kind=pcq pcq-limit=256000 pcq-classifier=dst-address
c. kind=pcq pcq-limit=5000000 pcq-classifier=src-address
d. kind=pcq pcq-limit=256000 pcq-classifier=src-address
e. kind=pcq pcq-limit=5000000 pcq-classifier=dst-address
Jawaban : B & D
kita akan me-limit download dan upload sebesar 256Kbps
65. Which of the following is true for connection tracking
a. Enabling connection tracking reduces CPU usage in RouterOS
b. Connection tracking must be enabled for firewall to be effective
c. Connection tracking must be enable for NAT’ed network
d. Disable connection tracking for mangle to work
Jawaban : B & C
66. Which of these are possible solutions to bridge two networks over a wireless link:
a. Both devices in AP mode and enable WDS mode
b. One device in AP mode, another one in station-pseudobridge-clone
c. One device in AP mode, another one in station-pseudobridge
d. One device in AP mode, another one in station
Jawaban : A
kedua AP menggunakan mode WDS

67. When backing up your router by using the ‘Export’ command, the following happens:
a. Winbox usernames and passwords are backed up
b. The Export file can be edited with a standard text editor after its creation
c. You are requested to give the export file a name
Jawaban : B & C
ketika ingin export kita diminta untuk memasukan Nama File dan File tsb dapat diedit

68. You need to reboot a RouterBoard after importing a previously exported rsc file to activate the
new configuration.
True
False
Jawaban : False
kita tidak perlu reboot router seletah import konfigurasi
69. It is impossible to disable user “admin” at the menu “/user”
True
False
Jawaban : False
kita dapat mendisable user admin ketika sudah ada penggantinya

70. If a packet comes to a router and starts a new, previously unseen connection, which connection
state
a. no connection state would be applied to such packet
b. new
c. unknown
d. invalid
e. established
Jawaban : B

71. We have two radio cards in a point-to-point link with settings:


Card Nr 1.: mode=ap-bridge ssid=”office”
frequency=2447 band=2.4ghz-b/g default-authentication=yes default-forwarding=yes security-
profile=wpa
Card Nr 2.: mode=station ssid=”office”
frequency=2412 band=2.4ghz-b/g default-authentication=yes default-forwarding=yes security-
profile=wpa2
Is Card Nr2. able to connect to Card Nr 1.?
a. Yes, if Nstreme is enabled or disabled on both
b. Yes, when security profile settings are compatible with each other and Nstreme is enabled or
disabled on both
c. No, because of the different frequencies
d. No, because of the different security profiles
Jawaban : D
Security Profiles Nr2 dengan Nr1 berbeda
72. If you need to make sure that one computer in your HotSpot network can access the Internet
without HotSpot authentication, which menu allows you to do this?
a. Walled-garden IP
b. Walled-garden
c. Users
d. IP bindings
Jawaban : D
Kita dapat membypass devices dengan IP bindings

73. Consider the following network diagram. In R1, you have the following configuration:
/ip route
add dst-address=192.168.1.0/24 gateway=192.168.99.2
/ip firewall nat
add chain=srcnat out-interface=Ether1 action=masquerade
On R2, if you wish to prevent all access to a server located at 192.168.1.10 from LAN1 devices,
which of the following rules would be needed?
a. /ip firewall filter add chain=forward src-address=192.168.99.1 dst-address=192.168.1.10
action=drop
b. /ip firewall filter add chain=input src-address=192.168.99.1 dst-address=192.168.1.10
action=drop
c. /ip firewall nat add chain=dstnat src-address=192.168.99.1 dst-address=192.168.1.10 action=drop
d. /ip firewall filter add chain=forward src-address=192.168.0.0/24 dst-address=192.168.1.10
action=drop
Jawaban : B
Menambah Filter Rules

74. What is the default protocol/port of (secure) winbox?


a. UDP/5678
b. TCP/8291
c. TCP/22 = ssh
d. TCP/8080 = proxy
Jawaban : B

75. Mark the queue types that are available in RouterOS


a. SFQ – Stochastic Fairness Queuing
b. DRR – Deficit Round Robin
c. FIFO – First In First Out (for Bytes or for Packets)
d. LIFO – Last In First Out
e. PCQ – Per Connection Queuing
f. RED – Random Early Detect (or Drop)
Jawaban : A, C, E, F

76. A network ready device is directly connected to a MikroTik RouterBOARD 750 with a correct
U.T.P. RJ45 functioning cable. The device is configured with an IPv4 address of 192.168.100.70
using a subnet mask of 255.255.255.252. What will be a valid IPv4 address for the RouterBOARD
750 for a successful connection to the device?
a. 192.168.100.70/255.255.255.252
b. 192.168.100.69/255.255.255.252
c. 192.168.100.71/255.255.255.252
d. 192.168.100.68/255.255.255.252
Jawaban : B
Menghitung Subnetting dengan prefix /30

77. How many usable IP addresses are there in a 23-bit (255.255.254.0) subnet?
a. 512
b. 510
c. 508
d. 254
Jawaban : A
23 + 8 = 31, /31 = 2, 2 x 256 =512
78. Is ARP used in the IPv6 protocol ?
True
False

79. Which of the following protocols / port s are used for SNMP. (Simple Network Managemnt
Protocol)
a. TCP 162
b. UDP 162
c. UDP 161
d. TCP 25
e. TCP 123
f. TCP 161
Jawaban : B & C

80. Select which of the following are ‘Public IP addresses’:


a. 192.168.0.1
b. 172.168.254.2
c. 172.28.73.21
d. 10.110.50.37
e. 11.63.72.21
Jawaban : B & E
A, C, D adalah IP Private

81. If ARP=reply-only is enabled on one router interface, router can add dynamic ARP entries for
the particular interface.
False
True
Jawaban : False

82. MAC layer by OSI model is also known as


a. Layer 3
b. Layer 7
c. Layer 1
d. Layer 2
e. Layer 6
Jawaban : D
Karena MAC Address berjalan pada Layer 2

83. Select valid MAC-address


a. G2:60:CF:21:99:H0
b. 00:00:5E:80:EE:B0
c. AEC8:21F1:AA44:54FF:1111:DDAE:0212:1201
d. 192.168.0.0/16
Jawaban : B
Mac address terdiri dari huruf hexadecimal

84. Which computers would be able to communicate directly (without any routers involved)
a. 192.168.17.15/29 and 192.168.17.20/28
b. 192.168.0.5/26 and 192.168.0.100
c. 10.5.5.1/24 and 10.5.5.100/25
d. 10.10.0.17/22 and 10.10.1.30/2
Jawaban : C & D

85. What kind of users are listed in the Secrets window of the PPP menu?
a. hotspot users
b. wireless users
c. l2tp users
d. pptp users
e. pppoe users
f. winbox users
Jawaban : C, D, E
Menu PPP hanya ada fitur Tunneling

86. What configuration is added by /ip hotspot setup command? (select all that apply)
a. /ip service
b. /ip hotspot user
c. /ip hotspot walled-garden
d. /ip dhcp-server
e. /queue tree
Jawaban : B & D
saat hotspot dibuat, hotspot user dan dhcp server akan terbuat secara dynamic

87. Using wireless connect-list it’s possible to prioritize connection to one Access Point over
another Access Point by changing the order of the entries.
a.False
b. True
Jawaban : False
88. If ARP=reply-only is configured on an interface, what will this interface do
a. Add new MAC addresses in /ip arp list
b. Accept all MAC-addresses listed in /ip arp as static entries
c. Add new IP addresses in /ip arp list
d. Accept all IP addresses listed in /ip arp as static entries
e. Accept all IP/MAC combinations listed in /ip arp as static entries
Jawaban : E
89. Router A and B are both running as PPPoE servers on different broadcast domains of your
network. It is possible to set Router A to use "/ppp secret" accounts from Router B to authenticate
PPPoE customers.
a. False
b. True
Jawaban : False
90. Can you manually add drivers to RouterOS in case your PCI Ethernet card is not recognized,
and you suspect it is a driver issue?
a. Yes
b. No
Jawaban : No
Karena Hardware tidak support kepada drivernya

91. What can be used as ’target-address’ in the simple queue?


a. client’s address
b. client’s MAC address
c. server’s address
d. address list name
Jawaban : A
IP Laptop Sendiri

92. MikroTik RouterOS is sending logs to an external syslog server. Which protocol and port is
used by RouterOS for sending logs (by default)?
a. UDP 514
b. UDP 21
c. UDP 113
d. TCP 110
Jawaban : A

93. Which route will be used to reach host 192.168.1.55?


/ip route
add disabled=no distance=1 dst-address=192.168.1.0/24 gateway=1.1.1.1
add disabled=no distance=1 dst-address=192.168.1.0/25 gateway=2.2.2.2
add disabled=no distance=1 dst-address=192.168.0.0/16 gateway=3.3.3.3

a. Route via gateway 1.1.1.1


b. Route via gateway 3.3.3.3
c. Route via gateway 2.2.2.2
Jawaban : C
Yang digunakan /25 karena lebih spesifik

94. In which situations can Netinstall NOT be used to install a RouterBOARD?


a. The router does not have an operating system
b. The router is connected only to a wireless network
c. You do not know the password of the router
d. The router is connected only to a secondary Ethernet port
JAwaban : B & D

95. To use masquerade, you need to specify


a. action=accept, out-interface, chain=src-nat
b. action=masquerade, out-interface, chain=src-nat
c. action=masquerade, in-interface, chain=src-nat
d. action=masquerade, out-interface, chain=dst-nat
Jawaban : B

96. Please select valid scan-list values in interface wireless configuration:


a. 5560,5620-5700
b. 5640~5680
c. default,5560,5600,5660-5700
d. 5540,5560,5620+5700
Jawaban : A & C

97. When adding a static route, you must always ensure that you add both the gateway and the
interface.
False
True
Jawaban : False
Kita hanya perlu menambah dst-address dan 1 gateway

98. You would like to allow multiple logins with one user name on a HotSpot server. How should
this be configured?
a. Set "Shared Users" option at /ip hotspot user profile
b. It's not possible
c. Set "Shared Users" option at /ip hotspot
d. Set "only-one=no' at /ip hotspot
Jawaban : A
Untuk membuat 1 akun setuja umat yang menggunakannya

99. In which order are the entries in Access List and Connect List processed?
a. In sequence order
b. In a random order
c. By Signal Strength Range
d. By interface name
Jawaban : A

100. Which is the default port of IP-Winbox?


a. TCP 8291
b. TCP 80
c. UDP 8291
d. TCP 8192
Jawaban : A