Catatan untuk Belajar MTCRE Mikrotik Certified Routing Engineer

 

Catatan penting belajar Mikrotik MTCRE

JIka ada 2 IP address yang berasal dari subnet yang sama pada satu interface, hanya akan ada 1 connected Route

Jagna menempatkan atau membuat IP Address yang sama dari sebuah subnet pada 2 interface yang berbeda karena akan membingungkan table routing dan logika routing

Static Route dibuat untuk menambahkn routing secara manual

pada static route yang ditambahkan adalah Network Tujuan dan Gateway Tujuan nya

Mikrotik Routerboard 1 RB1:

Koneksi dengan static routing dengan cara membuat route baru di menu IP > Route.

Dst.Address : 192.168.20.0/24   

Gateway : 30.30.30.2

Mikrotik Routerboard 2 RB2:

Koneksi dengan static routing dengan cara membuat route baru di menu IP > Route.

Dst.Address : 192.168.10.0/24   

Gateway : 30.30.30.1

bisa dikatakan melewati Network apa ? dan Gateway Apa?

• Static Routing dilakukan dengan pengaturan arah paket data yang melalui router, dengan menentukkan gateway untuk dst.Address (Network tertentu)
• gateway dapat berupa ip address atau Interface
• IP gateway harus satu subnet dengan salah satu ip interface router
• router akan memilih gateway untuk network tujuan (subnet lebih besar)

Load Balancing adalah teknik untuk mendistribusikan beban kerja di 2 atau beberapa link jaringan 

tujuan Load balancing: memaksimalkan troughput, me minimalisasi response time dan menghindari overload.

Vail over adalah membuat jalur cadangan ketika jalur link utama terganggu.

Beberapa macam metode Load Balancing

sumber wiki.mikrotik

Firewall Marking

• Per traffic Load Balancing
• Load balancing over multiple gateways
• Manual load balancing multiple some subnet link
• Manual Failover with firewall marking

ECMP (Equel Cost Multi-path)

• ECMP load balancing with masquerade
• ECMP failover script
• Manual/IP/Route/Multipath

1.  memungkinkan router memiliki lebih dari satu gateway
2. menggunakan algoritma round roubin
3. dapat menggunakan gateway yang sama berulang ulang

ECMP Load balancing

jika parameter distance 1 berarti sabagai jalur utama

ECMP NAT rule 

ECMP NAT

PCC ( per connection classifier)

• Manual PCC

NTH

• NTH load balancing with masquerade
• nth load balancing with masquerade approach
• Manual NTH in routeros 3.x

Bonding

OSPF

BGP

Konfigurasi Mikrotik LHG ber mode Station

 Pada dasarnya konfigurasi untuk mode Station sama saja pada umumnya ketika kita menggunkan Mikrotik RB941 station

Tata Cara Station 

1. Menyiapkan Konfigurasi Station pada interface WLAN Mikrotik LHG

2. membuat  HDCP client pada Interface WLAN Mikrotik LHG

Langkah 1:Setting pada menu wireless tab general

Langkah 2: setting pada tab wireless

Langkah 3: Menambahkan Nstream memperkuat sinyal

Baca juga LHG wireless Bridge https://cendikialearning.blogspot.com/2021/12/konfigurasi-mikrotik-lhg-ber-mode-bridge.html

Konfigurasi Mikrotik LHG ber Mode Bridge

 

Ilustrasi Mikrotik LHG

ata cara:

1. Mikrotik Server atau utama (RB491)

2. Mikrotik LHG 

Posisi kabel pada mikrotik server ether2 ke LHG

                                             

                                                 KONFIGURASI MIKROTIK SERVER 

Address List pada Mikrotik server ether2 menuju LHG

KONFIGURASI MIKROTIK LHG 

Langkah 1: Membuat Interface Bridge

Langkah 2: WLAN1 dan Ether1 dalam 1 interface bridge

Langkah 3: membuat mode Bridge pada Interface WLAN

Pada langkah 3jangn lupa menambahkan Security Profile. mode bridge untuk pengganti Access Point (AP Bridge)

Langkah 4:menambahkan properti pada Nstream

Langkah 5: Membuat IP address pada Interface Bridge

Langkah 6: Mengecek Route List

Baca juga Konfigurasi LHG ber mode Station https://cendikialearning.blogspot.com/2021/12/konfigurasi-mikrotik-lhg-ber-mode.html

MTCNA Exam 11 Januari 2022

PENGUMUMAN DARI CITRAWEB

 Januari 2022, Citraweb Jogja mengadakan Ujian MTCNA di 11 Januari 2022

Persyaratan umum pelatihan dan resertifikasi berbasiskan MTCOPS :

Online - Mikrotik Re-Certification MTCNA (MTCOPS)

Yogyakarta, 10 Januari 2022 - Review materi, 11 Januari 2022 - Ujian sertifikasi

Citraweb Solusi Teknologi (Mikrotik OEM Authorized Reseller for Indonesia) bekerja sama dengan Mikrotik, mengadakan pelatihan dan re-sertifikasi berbasiskan MTCOPS.

Pelatihan kali ini ditujukan kepada pemegang sertifikat Mikrotik yang ingin mereview kembali materi yang pernah didapat dan memperbarui sertifikat tanpa harus mendatangi lokasi pelatihan.

Tanggal: 10 Januari 2022 - Review materi, 11 Januari 2022 - Ujian sertifikasi

Jam: 09.00 - 17.00 WIB WIB

Tempat: Online

Harga: Rp 500.000,00

* Biaya training ini sudah termasuk pajak

Kapasitas: 8 orang

Peserta sudah pernah memiliki sertifikat MTCNA (baik yang masih berlaku atau tidak) dan didapatkan dari mengikuti pelatihan Citraweb. Peserta diharapkan mempelajari terlebih dahulu materi dari softcopy yang diberikan setelah melakukan pendaftaran. Pelaksanaan pelatihan akan dilakukan secara Online menggunakan aplikasi Zoom, dengan metode diskusi dan tanya jawab

Pelaksanaan test sertifikasi akan dilakukan secara Online tanpa harus datang ke kantor Citraweb. Persyaratan teknis yang harus disiapkan peserta :

1.Wajib memiliki koneksi Internet yang stabil dengan minimal 4mbps upload dan 4mbps download. Disarankan untuk memiliki backup Internet

2.1 Buah laptop / PC yang memiliki fitur Camera dan Microphone builtin serta berfungsi dengan Normal. Bisa mempergunakan USB Camera / USB Microphone jika tidak tersedia

3.Memiliki aplikasi Zoom dan browser Google Chrome atau yang mendukung Chrome Extension seperti Chromium, MS Edge, Brave, Opera

4.Memasang Chrome extension yang akan diberikan sebelum melakukan test resertifikasi

5.Aturan selama training dan renewal sertifikasi :

6.Peserta harus mengerjakan test resertifikasi secara mandiri dan tidak berkomunikasi dengan orang lain menggunakan metode apapun baik secara langsung ataupun tidak langsung

7.Hanya menggunakan 1 browser selama mengerjakan test. Diperbolehkan membuka banyak tab dalam 1 halaman browser

8.Diperbolehkan membuka materi softcopy dari Citraweb dan halaman Internet atau wiki.mikrotik.com, tetapi tidak diperbolehkan untuk membuka halaman yang menyediakan materi mengenai kisi-kisi soal / jawaban ujian test sertifikasi.

9.Tidak diperbolehkan menggunakan aplikasi Screen / video recorder / semacamnya selama pelatihan dan ujian sertifikasi

10.Segala aktifitas pada layar akan direkam dan dievaluasi oleh Mikrotik Latvia

11.Tidak ada perlakuan khusus,tambahan waktu atau test ulang jika terjadi masalah di sisi peserta baik yang sengaja atau tidak disengaja

12.Jika ada indikasi kecurangan, maka pihak Mikrotik atau Citraweb berhak membatalkan sertifikat yang sudah dikeluarkan tanpa pemberitahuan sebelumnya

Dengan mengikuti pelatihan ini, peserta dianggap menyetujui syarat dan aturan yang telah ditetapkan Pendaftaran

Tata cara pendaftaran:

1.Seluruh proses pendaftaran training akan dilakukan secara online.

2.Pendaftar harus memiliki account di website www.mikrotik.co.id. Jika Anda berminat mendaftarkan diri dan belum memiliki account, segeralah lakukan proses pembuatan account.

3.Setelah pendaftaran dilakukan, kami akan mengkonfirmasikan apakah masih tersedia tempat via email.

4.Pembayaran harus dilakukan selambat-lambatnya 10 hari setelah konfirmasi ketersediaan tempat diberikan. Calon peserta yang tidak dapat melakukan pembayaran sampai batas yang ditentukan akan dibatalkan pendaftarannya dan dapat diisi oleh peserta lain.

5.Pendaftaran Anda baru dianggap lengkap setelah kami menerima pembayaran.

6.Seluruh proses pendaftaran dan pesan yang berkaitan dengan pendaftaran dapat dilihat di halaman user area training. 

Level 0 vs level 1 Mikrotik License

Comparison Level 0 and level 1 Mikrotik License

RouterOS is routing software that runs on a PC based hardware platform. Whether it’s a conventional X86 based PC, a RouterBOARD, embedded device, or a virtual machine, RouterOS is an operating system that will make your device a dedicated router, a bandwidth shaper, a transparent packet filter, or a wireless enabled device. Have an old PC lying around? With RouterOS, it can be converted into a powerful router! RouterOS can also be installed on a virtual machine, VMware/ESX environment, or parallels if you are using Mac. RouterBOARD is a hardware platform manufactured by MikroTik. The product can range from a very small home router to a carrier class access concentrator. If you need features and power on a budget, then read on. If you are new to MikroTik or RouterOS, this is going to astound you.

Level 0 Trial

Level zero licenses will reset the device after 24 hours and require re-installation to test for another

day. RouterOS x86 installations have a level zero license by default for testing and proof-of�concept but the license can be upgraded in-place.

Level 1 Demo

Level one demo licenses can be requested for free via the MikroTik client portal at the following

URL: https://mikrotik.com/client/keyDemo

Unlike level zero trial keys, the demo doesn’t expire after 24 hours. However, there are a number

of stipulations to running a device at this level. See the URL above for more information on these

restrictions applied to demo license keys:

• Limited connections for tunnels like PPTP, EoIP, etc.

• No wireless support

• No included version upgrades

• No included support from MikroTik

• Not eligible for resale

Dalam RouterOS terdapat lisensi dengan berbagai level yang berbeda. Level pada RouterOS mulai dari 0-6. Terdapat perbedaan antara masing-masing level, perbedaannya terdapat pada fitur-fitur dan kemampuan dalam menampung jumlah user, semakin tinggi level yang RouterOS semakin banyak pula user yang akan di tampungnya.

 

l  Level 0 Free

Level 0 adalah level Demo, jadi tidak ada biaya yang harus dikeluarkan alias gratis (free). Namun ada batasan untuk menggunakan lisensi level 0 ini yaitu 24 jam. Apabila kita telah melebihi batas penggunaan maka secara otomatis mikrotik tidak dapat di gunakan.

 

l  Level 1 Demo

Level ini masih sama dengan level 0, masih Demo dan tentunya gratis. Untuk level ini sudah tidak dibatasi waktu (infinity time), akan tetapi pada level ini hanya dapat di gunakan oleh satu pengguna (user).

 

l  Level 3

            Untuk level ini fiturnya sudah termasuk fitur level , ditambah dengan kemampuan memanagement perangkat keras dan perangkat wireless. Level ini juga banyak digunakan oleh RouterBoard versi wireless yang digunakan untuk point to point.

 

l  Level 4

            Level 4 ini adalah level yang banyak digunakan oleh user saat ini, karena kebanyakan RouterBoard saat ini digunakan untuk menangani masalah pada jaringan yang skalanya lebih kecil.

 

l  Level 5

            RouterOS dengan level 5 ini tentu memiliki kelebihan di banding level dibawahnya yakni level 4. Diantara perbedaan level 5 dan level 4 yang sangat mencolok adalah sebagai berikut :

u  Jumlah tunnel yang lebih banyak

u  OVPN Unlimited

u  Hotspot User 500

u  User Management Active Session 50

Dengan adanya perbedaan jumlah tampungan user yang lebih banyak, tentunya berdampak pada harga yang ditawarkan jauh lebih mahal di bandingka dengan level 4.

l  Level 6

            Level 6 adalah level tertinggi yang dimiliki RouterOS karena sudah mencakup semua level dibawahnya atau tidak ada limitnya. Dengan inisial controler yang tentu harganya jauh lebih mahal dibandingkan dengan RouterOS level dibawahnya. Umumnya RouterBoard yang dilengkapi dengan RouterOS level ini memiliki Spesifikasi High, karena daya tampung yang dimiliki oleh RouterOS level 6 sangat jauh berbeda dengan level di bawahnya.

Soal MTCNA Prediction Part 1

 Quiz MTCNA Prediction Part 1

MikroTik RouterOS commands can be run once a day by:

a. /system watchdog

b. /system scheduler

c. /system cron

reason:

What is the meaning of the status letter “R” on PPPoE client interface in RouterOS Interfaces

menu? 

a. Running

b. Remote

c. Radius

reason

Router has wireless and ethernet client interfaces, all client interfaces are bridged. To create a DHCP service for all clients, I be configured on : 

a.Only on the bridge interface

b. DHCP server ont work

reason:

be able on the bridge interface

In the Route List, the identification DAb for a route stands for? 

a. Dynamic - active - bgp

b.  Dynamic - active -connected

reeason:

 

Pertanyaan Hampir Mirip:

What kind of users are listed in the Secrets window of the PPP menu?

a. winbox users

b. pppoe users

c. wireless users

d. l2tp users

e. pptp users

f. Hot-Spot users

reason:

4 is PPP, PPPOE, L2TP,PPTP

PPP secrets are used for

a.PPP clients

b.PPTP clients

c.L2TP clients

d.PPPoE clients

reason:

4 is PPP, PPPOE, L2TP,PPTP

Destination NAT (chain dstnat, action dst-nat) can be used to:

a. Change destination port

b. Hide your local network from the Internet

c. Direct users from the Internet to a server within your local network

d. Change source port

How long is level 1 (free) license valid? 

a. Inifinite time

b. 24 hours

reason:

A wireless interface ‘wlan1’ is added to a bridge interface ‘br-lan’. To enable dhcp-server for

wireless interface ‘wlan1’, on which interface should dhcp-server be configured? On 

a.br-lan

b.wlan

c.lan

Which of the following is true for connection tracking (multiple answer)

a.Connection tracking must be enabled for NAT’ed network

b.Connection tracking must be enabled to be able to use all firewall features

Choose the correct PCQ argument values to allow 256kbps maximum download and upload for

each client: (multiple answer)

a.kind=pcq pcq-rate=256000 pcq-classifier=dst-address

b.kind=pcq pcq-rate=256000 pcq-classifier=src-address

Evaluate the following information :

Access Point configuration :

-- wlan1 is in ‘AP-Bridge’ mode

-- Bridge1 has wlan1 and ether1 as ports

CPE configuration :

-- wlan1 is in ‘Station-Bridge’ mode

-- Bridge1 has wlan1 and ether1 as ports

Select protocols that will pass from ether1 on the CPE to ether1 on the Access Point

BGP

PPPoE

DHCP

IPv4

IPv6

ARP

In RouterOS queue configuration the word “total” usually represents : 

a.Upload + Download

b.Upload

c.Download

Simple Queue number 0 defines 2M for upload and download for target IP 10.10.0.33. Simple

Queue number 1 defines 4M for upload and download for target IP 10.10.0.33.

The maximum bandwidth that the client 10.10.0.33 is be able to obtain is: 

a.2M upload/download

b.4M upload/download

reason:

number 0 is the First

PPPoE server only works within one Ethernet broadcast domain that it is connected to. If there is a

router between server and end-user host, it will not be able to create PPPoE tunnel to that PPPoE

server : 

a.True

b.False

What is the correct action for NAT rule on a router that should intercept SMTP traffic and send it

over to a specified mail server? 

a.dst-nat

b.redirect

c.tarpit

Netinstall can be used to

a.Reinstall software without losing licence

b.Install different software version (upgrade or downgrade)

RouterOS log messages are stored on disk by default : 

False

.Which of the following is used in standard 802.11 wireless networks? CSMA/CA

Why is it useful to set a Radio Name on the radio interface?

To identify a station in a list of connected clients

Domain Name System (DNS) requests can be use protocol/port:

UDP 53

UDP 80

You have to connect to a RouterBOARD without any previous configuration. Select all possibilities

to connect and do some basic

MAC-Winbox

Serial Connection

Attach monitor/keyboard

To masquerade, you need to specify : 

a.action=masquerade, in-interface, chain=src-nat

b.action=masquerade, out-interface, chain=dst-nat

c.action=masquerade, out-interface, chain=src-nat

Destination NAT (chain dstnat, action dst-nat) can be used to:

Change destination port

Direct users from the internet to a server within your local network

To apply bandwidth restrictions using Simple queue on traffic that travels from one bridge port to

another bridge port within the same bridge interface, following must be done:

Enable use IP Firewall in bridge settings

Which firewall chain would be used to block a client’s MSN traffic on a router?

 Forward

Assuming DHCP relay is not being used, how many DHCP servers can be configured per interface on

RouterOS?

a. 1

b.3

Which features are removed when advanced-tools package is uninstalled?

 netwatch

 bandwich-test

When frequency mode is set ‘regulatory domain’ in wireless interface configuration :

It restricts operation to only the permitted channels and transmit powers according to the value

of the country selected

Which of the protocols below is used by Netinstall? 

bootp

There are two routes in the routing table :

0 dst-addr=10.1.1.0/24 gateway=5.5.5.5

1 dst-addr=10.1.1.4/30 gateway=5.6.6.6

Which gateway will be used to get to the IP address 10.1.1.6?

 

a.5.6.6.6

reason: /30 The Most Specific -> 4 host 1 netword ID and 1 Broadcast ID

SOAL MTCNA BAB FIREWALL

 SOAL MTCNA BAB FIREWALL

1. Which firewall chain filters traffic inbound to the router itself?

(a) Input

(b) Forward

(c) Output

(d) NAT

2. What protocol is allowed for monitoring via the Input chain in the default firewall rules?

(a) TCP

(b) UDP

(c) IP

(d) ICMP

3. An ICMP packet notifying a sender that a host cannot be found will be a related packet.

(a) True

(b) False

4. What firewall action blocks a packet without sending a reply to the sender?

(a) Reject

(b) Drop

(c) Jump

(d) Accept

5. Which firewall action speeds packets through the filtering process once they’ve been al�lowed?

(a) Passthrough

(b) Jump

(c) FastPath

(d) FastTrack

6. Rules are evaluated in alphabetical order by name in their respective chains.

(a) True

(b) False

7. Sending a ping from the router to another device creates traffic in which firewall chain?

(a) Input

(b) Forward

(c) Output

(d) Jump Chain

8. Once traffic has passed in both directions between a source and destination, what type of

connection is created?

(a) New

(b) Related

(c) Established

(d) Invalid

9. Port scan traffic, like from a TCP SYN scan, inbound to the router can typically create what

type of connection?

(a) New

(b) Established

(c) Related

(d) Invalid

10. Which rule should be placed at the end of each firewall chain?

(a) Drop Invalid

(b) Drop All

(c) Drop Connections

(d) Drop Source Routing

SOAL MTCNA BAB QEUEUS

 

1. BFIFO uses packets to measure the queue size.

(a) True

(b) False

2. What does FIFO stand for?

(a) First In, First Out

(b) First In, Final Out

(c) Filter In, Filter Out

(d) Forward In, Filter Out

3. Which type of algorithm is good for managing traffic on a per-connection basis?

(a) None

(b) RED

(c) PCQ

(d) PFIFO

4. Simple queues manage traffic inbound to the router.

(a) True

(b) False

5. Interface queues allow traffic to be policed as it heads inbound to an interface.

(a) True

(b) False

6. What is the default interface queue type assigned to bridged?

(a) only-hardware-queue

(b) wireless-default

(c) ethernet-small

(d) no-queue

7. What value for upload and download means ”unlimited”?

(a) ”100”

(b) ”100%”

(c) ”0”

(d) ”None”

8. How many priority levels can be assigned to a queue?

(a) Five

(b) Six

(c) Seven

(d) Eight

9. One is the highest priority level that can be assigned to a queue.

(a) True

(b) False

10. The default priority assigned to a queue is seven.

(a) True

(b) False

SOAL MTCNA BAB VPNS TUNNELS

 

1. Which protocol is used by both PPTP and PPPoE?

(a) PPP

(b) GRE

(c) L2TP

(d) EoIP

2. Where are the IPs available for client use configured?

(a) DHCP Servers

(b) IP Filters

(c) IP Pools

(d) Access Lists

3. PPP connections are encrypted by default.

(a) True

(b) False

4. Which protocol and port does SSTP use?

(a) User Datagram Protocol (UDP)/4343

(b) UDP/443

(c) TCP/4343

(d) TCP/443

5. The PPTP server listens for connections on TCP/1723.

(a) True

(b) False

6. Which protocol can be used to authenticate remote PPP users on RouterOS?

(a) TACACS

(b) RADIUS

(c) TACACS+

(d) LDAP

7. What protocol beside TCP is used to establish PPTP tunnels?

(a) TCP

(b) UDP

(c) GRE

(d) ICMP

8. ISPs use which protocol to run PPP over commodity connections like broadband?

(a) EoIP

(b) GRE

(c) PPTP

(d) PPPoE

9. 1600 is the default MTU for SSTP connections.

(a) True

(b) False

10. Which option allows each PPP user to only have one connection established at a time?

(a) only-one

(b) default-authenticate

(c) default-forward

(d) pfs

SOAL MTCNA BAB ROUTING

 

1. Which type of route is typically put into the routing table by a software process?

(a) Dynamic

(b) Static

(c) Active

(d) Blackhole

2. What will a route become when the connection to its gateway is lost?

(a) Invalid

(b) Blackhole

(c) Prohibit

(d) Unreachable

3. Two static routes for 10.10.10.0/24 are configured by an administrator:

/ip route

add dst-address=10.10.10.0/24 gateway=172.16.1.2/30 distance=1

add dst-address=10.10.10.0/24 gateway=172.16.1.6/30 distance=2

Which gateway will be used first if both gateways are reachable?

(a) 172.16.1.2

(b) 172.16.1.6

(c) 172.16.1.1

(d) 172.16.1.5

4. Static routes have a lower AD than Connected routes.

(a) True

(b) False

5. Which type of route will force a router to silently discard traffic to a destination address?

(a) Prohibit

(b) Unreachable

(c) Blackhole

(d) Dynamic

6. Which route option makes a router regularly verify a gateway is still online?

(a) ping-gateway

(b) check-gateway

(c) arp-gateway

(d) verify-gateway

7. A route entered into the table by RouterOS for a dynamic tunnel that’s being used to route

traffic will have which flags set?

(a) AC

(b) AS

(c) AD

(d) SD

8. Which type of route will force a router to discard traffic to a destination address and return

an ICMP message to the sender?

(a) Prohibit

(b) Unreachable

(c) Blackhole

(d) Dynamic

9. The following commands are entered:

/ip route

add dst-address=0.0.0.0/0 gateway=17.25.36.1,132.45.76.1

What distance value will be automatically assigned to the route?

(a) 0

(b) 1

(c) 5

(d) 10

10. An OSPF route will be chosen before a RIP route for the same given source and destination

addresses.

(a) True

(b) False

SOAL MTCNA BAB ADDRESSES

 

1. Multiple IP addresses can be added to the same Ethernet interface.

(a) True

(b) False

2. Which CIDR masks can be used for point-to-point IPv4 connections?

(a) /30

(b) /31

(c) /32

(d) /33

3. MAC addresses use which type of numbering?

(a) Binary

(b) Base-10

(c) Dotted Decimal

(d) Hexadecimal

4. In each /30 network there are two ”wasted” IP addresses.

(a) True

(b) False

5. What is the third step in the DHCP request process?

(a) Acknowledge

(b) Request

(c) Offer

(d) Discover

6. How can administrators force dynamic addresses to always be assigned to the same client?

(a) Create a reservation

(b) Extend the lease duration

(c) Configure additional DHCP servers

(d) Set a static address on the client

7. How many sets of numbers make up a MAC address OUI?

(a) Two

(b) Three

(c) Four

(d) Five

8. Creating a DHCP ensures a client receives the same address all the time.

(a) Relay

(b) Adjacency

(c) Reservation

(d) Advertisement

9. Which table contains MAC addresses and their associated IPs?

(a) Routing table

(b) ARP table

(c) RIB

(d) NAT table

10. Which DHCP option specifies the router address?

(a) 3

(b) 2

(c) 1

(d) 15

SOAL MTCNA INTERFACES

 

1. Which print command option shows interface statistics in real-time?

(a) follow

(b) monitor

(c) print

(d) blink

2. What is the default duplex setting for ethernet interfaces?

(a) Half

(b) Full

(c) Multi

(d) Auto

3. What is the default MTU value for ethernet interfaces?

(a) 1024

(b) 1500

(c) 1600

(d) 1900

4. On most SOHO-oriented RouterBOARD models, which interface is designated as the master

port under the default configuration?

(a) ether4

(b) ether3

(c) ether2

(d) ether1

5. What metric does POE use to determine which ports remain on in an over-current condition?

(a) AD

(b) Weight

(c) Priority

(d) MAC

6. The following commands are used:

/interface bridge add name="LAN Bridge" comment="My bridge"

Which ports will be assigned by default to the new bridge?

(a) None

(b) ether1, ether2

(c) LAN Bridge, ether1

(d) LAN Bridge, ether2

7. What type of physical link has two SFP or SFP+ modules integrated into a high-speed connection?

(a) NAC

(b) CAC

(c) MAC

(d) DAC

8. What OSI layer do bridges operate on primarily?

(a) Layer 1

(b) Layer 2

(c) Layer 3

(d) Layer 4

9. Which type of interfaces allow 10 Gb fiber connections to CCR routers?

(a) SFP+

(b) SFP

(c) MPCI

(d) MPCI-E

10. Which type(s) of expansion module adds wireless network interfaces to a router?

(a) MPCI

(b) MPCI-E

(c) DAC

(d) SFP

SOAL MTCNA MANAGING USERS

 

1. The name of the default RouterOS user is administrator.

(a) True

(b) False

2. It’s considered a best practice to rename the built-in default account.

(a) True

(b) False

3. Which default user group is appropriate for junior network analysts?

(a) Full

(b) Write

(c) Read

(d) All

4. Which command lists users currently logged in?

(a) /user print

(b) /user active print

(c) /print user active

(d) /show user active

5. Which default user group is appropriate for senior network administrators?

(a) Full

(b) Write

(c) Read

(d) All

6. The ”/user remove. . . ” command can be undone.

(a) True

(b) False

7. Accountability includes what permissions are assigned to a user.

(a) True

(b) False

8. Which protocol can be used to authenticate credentials to a centralized database?

(a) PIM

(b) IGMP

(c) SNMP

(d) RADIUS

9. Users can be restricted to only logging in via certain addresses without the use of firewall

filter rules.

(a) True

(b) False

10. Which actions are appropriate for a user account belonging to an administrator that was

recently terminated?

(a) Leave account intact

(b) Disable account

(c) Remove account

(d) Rename account

SOAL MTCNA BAB CONFIGURING MIKROTIK

 

1. Which console command will list all sub-commands and brief description for each?

(a) Question Mark

(b) Tab

(c) Double Tab

(d) Tilde

2. Which command moves up the command hierarchy at the console?

(a) .

(b) ..

(c) ...

(d)

3. Which mode rolls back changes made in the current session if it’s disconnected unexpectedly?

(a) Command Mode

(b) Commit Mode

(c) Enable Mode

(d) Safe Mode

4. Which option makes DNS services available on the router to internal and external network

hosts?

(a) allow-remote-requests=yes

(b) allow-dns=yes

(c) drop-remote-requests=no

(d) remote-name-query=yes

5. Which feature puts basic, default settings in place that work for most SOHO environments?

(a) Factory reset

(b) Quick Set

(c) Default Set

(d) Mainboard Jumper

6. What protocol updates a router’s data and time?

(a) ICMP

(b) IGMP

(c) NTP

(d) SMTP

7. The ”/system export” command creates a binary backup file for a router.

(a) True

(b) False

8. What will RouterOS use DNS servers for?

(a) Locating MikroTik update servers

(b) Pinging well-known domain names for troubleshooting

(c) Resolving IP addresses for domain names used in address lists

(d) All of the above

9. Which security group is appropriate for analysts who need to view logs but not change

configurations?

(a) Full

(b) Write

(c) Read

(d) Read-Only

10. Which command sets the router’s host name to ”router.lan”?

(a) /system hostname set name=router.lan

(b) /system name set name=router.lan

(c) /system identity set name=router.lan

(d) /system prompt set name=router.lan

SOAL MTCNA BAB ACCESING MIKROTIK

 SOAL MTCNA BAB ACCESING MIKROTIK

1. Which remote access and configuration protocol sends traffic ”in the clear” without encryption?

(a) Telnet

(b) Winbox

(c) SSH

(d) MAC

2. What is the default baud rate for serial ports?

(a) 512

(b) 112800

(c) 1024

(d) 9600

3. 16 data bits are used by default for serial port connections.

(a) True

(b) False

4. Which feature allows routers to be configured programmatically via Python, PHP, and other

languages?

(a) FTP

(b) API

(c) Webfig

(d) MAC Winbox

5. Which step(s) are recommended for allowing secure monitoring of devices via LCD screens?

(a) Set the LCD to read-only

(b) Disable the LCD

(c) Configure a non-default PIN

(d) Change the baud rate

6. Which port and protocol does SSH run on by default?

(a) TCP port 21

(b) UDP port 20

(c) TCP port 23

(d) TCP port 22

7. What is the default PIN for LCD touchscreens?

(a) 9999

(b) 4321

(c) 0000

(d) 1234

8. Which SSH option enables more robust encryption algorithms?

(a) strong-crypto

(b) robust-crypto

(c) secure-crypto

(d) high-crypto

9. Which feature allows you to connect to a RouterBOARD without first assigning an IP address?

(a) Webfig

(b) MAC Address

(c) MAC Winbox

(d) SSH

10. Unencrypted connections to Webfig can be made via TCP port 8080.

(a) True

(b) False

SOAL MTCNA BAB MIKROTIK DEFAULT

 

1. Telnet is enabled by default and can be used to administer RouterOS devices.

(a) True

(b) False

2. Which technology is used to allow internal hosts to connect to the internet via a single

publicly-routable IPv4 address?

(a) GRE

(b) NAT

(c) IP Helper

(d) SLAAC

3. What is the password for the default admin RouterOS user?

(a) mikrotik

(b) admin

(c) No password

(d) router

4. Which Network ID does a default installation of RouterOS use for the LAN?

(a) 192.168.88.0

(b) 192.168.88.1

(c) 192.168.1.0

(d) 192.168.1.1

5. Which interface on a SOHO router is typically configured to be the WAN out-of-the-box?

(a) ether3

(b) ether2

(c) ether1

(d) ether0

6. How is the IPv4 address assigned on the WAN interface for a RouterBOARD with the default

configuration?

(a) SLAAC

(b) DHCP

(c) BOOTP

(d) PXE

7. Which NAT action is used to translate traffic out to the ISP using a single public IP address?

(a) Mangle

(b) DST-NAT

(c) Masquerade

(d) SRC-NAT

8. What dynamic address will be handed out to the first DHCP client that requests it from a

default RouterOS installation?

(a) 192.168.1.2

(b) 192.168.88.1

(c) 192.168.88.0

(d) 192.168.88.254

9. Output-type traffic is filtered by default in the firewall.

(a) True

(b) False

10. Which protocol is permitted inbound to the router on all interfaces by default?

(a) UDP

(b) GRE

(c) TCP

(d) ICMP

SOAL MTCNA BAB ROUTERBOARD

 

1. Which file is manually generated to assist MikroTik when investigating possible bugs?

(a) supout.rif

(b) support.rif

(c) supout.txt

(d) autosupout.rif

2. Which document outlines updates in new RouterOS releases?

(a) RouterBoard product sheets

(b) Changelog

(c) MikroTik MuMs

(d) Release Candidate

3. RouterOS and command documentation is located where?

(a) RouterOS.com

(b) MikroTik Subreddit

(c) MikroTik Forum

(d) MikroTik Wiki

4. What is the software that powers MikroTik products?

(a) RouterNOS

(b) RouterBoard

(c) RouterOS

(d) RouterBOOT

5. Which MikroTik product is designed to run in a virtualized environment?

(a) CHR

(b) CCR

(c) CRS

(d) RouterBoard

6. What speed is the CHR limited to until a valid license is input?

(a) 1000Mb/sec

(b) 100Mb/sec

(c) 10Mb/sec

(d) 1Mb/sec

7. Which line of RouterBoard models is most appropriate for large enterprises or service providers?

(a) CHR

(b) CCR

(c) CRS

(d) RB-951

8. How long do you have to enter a valid license key on an x86 installation?

(a) 24 hours

(b) 48 hours

(c) 7 days

(d) 30 days

9. What is the minimum amount of RAM required to run a CHR?

(a) 64 MB

(b) 128 MB

(c) 256 MB

(d) 512 MB

10. What command will output the license level and product key in RouterOS?

(a) /show system license

(b) /system key print

(c) /license print

(d) /system license print

SOAL MTCNA untuk latihan 1-25

 

What does the passive command provide to dynamic routing protocols?

A. Stops an interface from sending or receiving periodic dynamic updates.

B. Stops the router from sending any dynamic updates.

C. Stops an interface from sending periodic dynamic updates but not from receiving updates.

D. Stops the router from receiving any dynamic updates.

Alasan:

The passive command, short for passive-interface, stops regular updates from being sent out an interface. However, the interface can still receive updates.

What configuration is added by /ip Hot-Spot setup command? (select all that apply)

A. /ip Hot-Spot user

B. /ip dhcp-server

C. /queue tree

D. /ip service

E. /ip Hot-Spot walled-garden

Alasan

[admin@MikroTik] /ip hotspot> print 

Flags: X - disabled, I - invalid, S - HTTPS 

 #   NAME        INTERFACE       ADDRESS-POOL       PROFILE       IDLE-TIMEOUT

 0   hotspot1    ether3          hs-pool-3          hsprof1       5m 

[admin@MikroTik] /ip hotspot> 

[admin@MikroTik] /ip pool> print 

 # NAME                                        RANGES                         

 0 hs-pool-3                                   10.5.50.2-10.5.50.254          

[admin@MikroTik] /ip pool> /ip dhcp-server 

[admin@MikroTik] /ip dhcp-server> print 

Flags: X - disabled, I - invalid 

 #   NAME      INTERFACE    RELAY           ADDRESS-POOL    LEASE-TIME ADD-ARP

 0   dhcp1     ether3                       hs-pool-3       1h        

[admin@MikroTik] /ip dhcp-server> /ip firewall nat 

[admin@MikroTik] /ip firewall nat> print 

Flags: X - disabled, I - invalid, D - dynamic 

 0 X ;;; place hotspot rules here

     chain=unused-hs-chain action=passthrough 

 1   ;;; masquerade hotspot network

     chain=srcnat action=masquerade src-address=10.5.50.0/24 

[admin@MikroTik] /ip firewall nat> 

/ip hotspot user

/ip hotspot profile

/ip hotspot ip-binding

Which are necessary sections in /queue simple to set bandwidth limitation?

A. target-address, dst-address, max-limit

B. target-address, max-limit

C. max-limit

D. target-address, dst-address

Alasan:

Firewall NAT rules process only the first packet of each connection.

A. False

B. True

Alasan:

not only

Which protocol does Ping use?

A. TCP

B. BootP

C. ICMP

D. ARP

Alasan

ICMP is probably most well known as the message protocol used for the ping command. A ping command sends an ICMP echo request to the target host. 

What protocol is used for Ping and Trace route?

A. UDP - trace route

B. IP

C. ICMP - ping

D. TCP

E. DHCP

Alasan:

UDP traceroute is similar to ICMP traceroute in the fact that it plays with the TTL field in the IP header. In a UDP traceroute, the client transmits a simple UDP packet to an invalid destination port value.

The basic unit of a physical network (OSI Layer 1) is the:

A. Byte

B. Bit

C. Frame

D. Header

Alasan

What kind of users are listed in the Secrets window of the PPP menu?

A. winbox users

B. pppoe users

C. wireless users

D. l2tp users

E. pptp users

F. Hot-Spot users

Alasannya

ada PPP, PPTP, L2TP, PPP0E,

What menus should be used to allow certain websites to be accessed from behind a Hot-Spot interface, without client authentication

A. ip Hot-Spot walled-garden

B. ip Hot-Spot profile

C. ip Hot-Spot ip-binding

D. ip Hot-Spot walled-garden ip

Alasan:

HTTP walled-garden menu permits authentication bypass settings for HTTP and HTTPs resources.

 IP > Hotspot > Walled Garden

What is necessary for PPPoE client configuration?

A. ip firewall nat masquerade rule

B. Static IP address on PPPoE client interface

C. Interface (on which PPPoE client is going to work)

Alasan

How long is level 1 (demo) license valid?

A. 24 Hour

B. 1 month

C. Infinite time

D. 1 year

Yang dimaksudkan lama valid digunakannya bukan lama penggunaan

Which of the following are layers in the TCP/IP model?

Application

Session

Transport

Internet

Data Link

Physical

A. 1, 3 and 4

B. 3, 4 and 5

C. 2, 3 and 5

D. 1 and 2

alasan

Which of the following keystrokes enables safe mode in console:

A. Ctrl+x

B. Ctrl+s

C. Ctrl+d

D. Ctrl+c

alasan

Control-C

keyboard interrupt.

Control-D

log out (if input line is empty)

Control-K

clear from cursor to the end of line

Control-X

toggle safe mode

Control-V

toggle hotlock mode mode

What is a stub network?

A. A network that has only one entry and exit point.

B. A network with only one entry and no exit point.

C. A network with more than one exit point.

D. A network with more than one exit and entry point.

Collisions are possible in fullduplex Ethernet networks

A. true

B. false

What is the correct action for a NAT rule on a router that should intercept SMTP traffic and send it over to a specified mail server?

A. passthrough

B. tarpit

C. dst-nat

d. redirect

Alasan

intercept itu artinya mencegat/ memblok.

To a particular Mail Server, meaning the mail server is outside the proxy itself, then the action that can be used is dst-nat 

Untuk Mail Server tertentu, artinya mail server berada di luar proxy itu sendiri, maka action yang bisa digunakan adalah dst-nat

What is the correct action to be specified in the NAT rule to hide a private network when communicating to the outside world?

A. tarpit

B. passthrough

C. allow

D. masquerade

Alasan

NAT Action (6 specific action NAT)

dst-nat and redirect

src-nat and masquarade

netmap

same

Action “masquerade” changes packet’s source address router’s address and specified port

This action can take place only in chain srcnat

Typical application: hide specific LAN resources behind one dynamic public IP address

How many layers does Open Systems Interconnection model have?

A. 5

B. 7

C. 6

D. 9

E. 12

MAC layer by OSI model is also known as

A. Layer 1

B. Layer 2

C. Layer 7

D. Layer 6

E. Layer 3

Alasan:

There are two routes in the routing table:

0 dst-addr=10.1.1.0/24 gateway=5.5.5.5

1 dst-addr=10.1.1.4/30 gateway=5.6.6.6

Which gateway will be used to get to the IP address 10.1.1.6?

A. the required route is not in the routing table

B. both - half of the traffic will be routed through one gateway, half through the other

C. 5.5.5.5

D. 5.6.6.6

What are the two main types of access control lists (ACLs)?

1.Standard

2.IEEE

3.Extended

4.Specialized

A. 1 and 3

B. 1 and 2

C. 3 and 4

D. 2 and 4

alasan:

For user in local PPP Secrets/PPP Profiles database, it is possible to

A. Deny services (like telnet) only for this user or for one group of users

B. Allow login by PPPoE and PPTP, but deny login by L2TP

C. Allow/deny use of more than one login by this user

D. Set max values for transferred data (Rx/Tx)

E. Allow only PPPoE login

Which is the default port of IP-Winbox?

A. TCP 8291

B. TCP 80

C. UDP 8291

D. TCP 8192

On the Wireless path with mode = ap-bridge. According to tool constraints, what is the maximum number of clients that can be connected to it?

A. 2012

B. 2048

C. 1024

D. 2007

The router's firewall rules are:

/ ip firewall filter add chain = forward action = jump jump-target = custom

/ ip firewall filter add chain = custom action = passthrough

/ ip firewall filter add chain = forward action = log

When traffic reaches the end of 'chain = custom'. What will happen next?

A. Traffic will continue in the chain = forward action = log

B. Traffic will be accepted in the chain = custom

C. Traffic will be dropped in the chain = custom    

  alasan:

jawabannya A, end chain    

Where should you upload the new MikroTik RouterOS package package to upgrade the router?

A. Any directory in / files

B. FTP the root directory or / files directory of the router

C. System Backup menu

D. System Package menu            

alasan: b

Discussion: Router OS Mikrotik Firmware must be placed / uploaded to the outermost folder or commonly called the root folder so that it can be read by the proxy system and upgraded. 

SOAL MTCNA 10 SOAL BAB ROUTEROS

 SOAL MTCNA 10 SOAL BAB ROUTEROS

1. Which software bootstraps the RouterOS environment?

(a) RouterBOOT

(b) RouterBIOS

(c) NetBOOT

(d) MikroTik IOS

2. What is the most appropriate RouterOS release channel for production router devices?

(a) RouterOS v6

(b) Bugfix

(c) Release Candidate

(d) Current

3. What file format are RouterOS packages contained in?

(a) .pkg

(b) .npk

(c) .deb

(d) .tar

4. What command would disable the IPv6 package in RouterOS?

(a) /system software disable ipv6

(b) /system package disable ipv6

(c) /system running disable ipv6

(d) /system os disable ipv6

5. What service must be available for RouterOS to check for updates?

(a) DNS

(b) DHCP

(c) FTP

(d) SFTP

6. You can create and upload your own .npk files for RouterOS.

(a) True

(b) False

7. What is the most appropriate RouterOS release channel for bench-testing new features?

(a) RouterOS v6

(b) Bugfix

(c) Release Candidate

(d) Current

8. Which CHR virtual hard disk format would be used on Microsoft Hyper-V?

(a) ISO

(b) Raw Disk Image

(c) OVF

(d) VHDX

9. A reboot is required to complete an update of RouterOS.

(a) True

(b) False

10. It’s possible to update the factory-firmware version of RouterBOOT.

(a) True

(b) False