Mtctce exam with answers

May 27, 2018 | Author: Vahid Esmaeilzadeh | Category: Proxy Server, Firewall (Computing), Ip Address, Router (Computing), Transmission Control Protocol
Share
Report this link


Comments



Description

1.When queue simple is placed in the same HTB (Hierarchical Token Bucket), it will take all the traffic away from the Queue Tree queue. False 2. You have a queue structure: queue "GP" max-limit=10M - queue "M" parent="GP" limit-at=4M max-limit=6M - - queue "C1" parent="M" limit-at=1M max-limit=7M priority=4 - - queue "C2" parent="M" limit-at=1M max-limit=4M priority=1 - - queue "C3" parent="M" limit-at=3M max-limit=7M priority=8 - queue "F" parent="GP" limit-at=5M max-limit=8M - - queue "D1" parent="F" limit-at=3M max-limit=4M priority=5 - - queue "D2" parent="F" limit-at=2M max-limit=5M priority=2 If queues "C2" and "C3" are not requiring any traffic, how is all the available bandwidth going to be distributed in worst case scenario? A. queue "C1" will get 4M, "D2" 7M, "D1" 4M B. queue "C1" will get 3M, "D2" 3M, "D1" 5M C. queue "C1" will get 5M, "D2" 2M, "D1" 3M D. queue "C1" will get 4M, "D2" 3M, "D1" 3M E. queue "C1" will get 2M, "D2" 5M, "D1" 3M 3. Simple Queue number 0 defines 2M for upload and download for target IP 10.10.0.33. Simple Queue number 1 defines 4M for upload and download for target IP 10.10.0.33. Client 10.10.0.33 is be able to obtain A. 4M upload/download B. 2M upload/download C. 0M upload/download D. 6M upload/download 4. To customise the look of the hotspot login page, you can edit A. login.html B. template.html C. redirect.html D. alogin.html 5. If a packet comes to a router and starts a new, previously unseen connection, which connection state would be applied to it? A. invalid B. unknown C. no connection state would be applied to such packet D. established E. new Enable "Allow Remote Requests" E. Which features are removed when advanced-tools package is uninstalled? A. upload D. download . In RouterOS queue configurations the word "total" usually represents A. ip-scan E.upload C. Your router should resolve any domain name. You are about to configure DNS Cache and make a static DNS rule. LCD support 8. upload + download . Configure Primary DNS server D. netwatch D. bandwidth-test B. neighbors F. Set cache size to 4096 C. ping C.6. download B. Configure both Primary and Secondary DNS servers B. Which are the minimum settings you will need? A. Add a new static DNS entry 7. Deficit Round Robin .for example a reply packet or a packet which belongs to already replied connection B.First In First Out (for Bytes or for Packets) C. Packet begins a new TCP connection D.Last In First Out F. Packet belongs to an existing connection. Two mangle rules defining different mangle marks for the same traffic type. Packet is related to. PCQ – Per Connection Queuing B. FIFO . LIFO . RED – Random Early Detect (or Drop) D. will make it have both mangle marks. Packet does not correspond to any known connection C. Mark the queue types that are available in RouterOS A. DRR . false 11. SFQ – Stochastic Fairness Queuing E. What is marked by connection-state=established matcher? A. but not part of an existing connection 10.9. 168. and place limitations in "global-out" HTB C.1M 13. C2. B-5M.. You can apply input firewall rules based on prerouting or forward mangle marks False 14. C1-1M. B-4M. B-5M. To place upload/download limitations for each client you can A.queue "B" parent="A" limit-at=2M max-limit=5M priority=1 .0/24. C1-2M. and place limitations in "global-out" HTB D. mark traffic in mangle chain "forward". what will be the traffic distribution ? A. mark traffic in mangle chain "postrouting". mark traffic in mangle chain "forward". C2..2M B.queue "C1" parent="C" limit-at=1M max-limit=2M priority=2 . C1-2M.2M D. and place limitations in interface HTB B.4M E. mark traffic in mangle chain "prerouting". and place limitations in interface HTB . C2.queue "C2" parent="C" limit-at=2M max-limit=4M priority=3 If all queues are utilizing the maximum. B-4M. B-2M. C2.12. and place limitations in "global-in" HTB E.4M C. You have masqueraded network 192. C1-2M. C1-2M. If we have the following queue structure: queue "A" max-limit=8M . C2. mark traffic in mangle chain "postrouting".queue "C" parent="A" limit-at=3M max-limit=6M .1. kind=pcq pcq-limit=256000 pcq-classifier=dst-address 17. Add only mark-connection . kind=pcq pcq-limit=5000000 pcq-classifier=src-address E. A. kind=pcq pcq-limit=256000 pcq-classifier=src-address B. Add only mark-packet B. Redirects a packet to a specified IP C. Choose correct argument values for the required queue. Redirects a packet to a specified port on the router 16. You want to use PCQ and allow 256k maximum download and upload for each client. What is the recommended sequence for traffic marking by mangle for QoS? A. kind=pcq pcq-limit=1256000 pcq-classifier=dst-address D. Add mark-connection then mark-packet C. Redirects a packet to a specified port on a host in the network D. Redirects a packet to the router B. kind=pcq pcq-limit=5000000 pcq-classifier=dst-address C. What does the firewall action "Redirect" do? A. Add action=passtrough D.15. after putting this rule: /ip firewall add chain=input action=drop.18. Marks packet can be used by other router facilities like routing and bandwidth management C. What is the best way to do that? A. and used by other routers B. The packet will be discarded regardless of its content 19. you will still be able to access the Router using the mac-address. Mangle facility can be used to modify some fields in the IP header and TTL fields 21. There is no way to send a static-route to DHCP clients D. You want to offer a static route to your DHCP clients (besides the default-route). An IP packet has matched all the conditions of a firewall rule and the action reject and the option icmp-network-unreachable was initiated for that packet. The packet header will receive a flag of \\\"icmp-network-unreacheble\\\" D. Set DHCP options 3 20. What will happen with the packet content ? A. Mangle facility is used to mark IP packets with special marks for future processing D. True . The packet will be rejected only if the destination network is unreachable B. The whole packet will be forwarded back to the sender regardless of its contents C. Which of the following is true for mangle facility in RouterOS? A. Set DHCP options 121 C. The mangle mark can be transmitted across the network. Set a static IP into /ip route and it will automatically be sent to clients B. web-proxy access-list D. Mac Address of reachable interface B. where does the data get stored? A. Remote Router routing Table . RAM (Memory) D. System Disk C.22. All layer3 addresses from all interfaces D. web-proxy cache-list 24. Remote router software version F. What RouterOS feature should be used to redirect user WEB browsing? A. Remote router identity E. USB Disk 23. It does not get stored B. Routing Protocol available C. Which of the following are reported by MikroTik Discovery Protocol: A. firewall nat action redirect C. When "Cache On Disk" is not checked under the web proxy settings. web-proxy direct-list B. "chain". "protocol".25. "chain". To block access to web proxies running on TCP port 8080. "port" B. "port" . "action". "limit" D. "action". "action". "action". "protocol" C. "chain". you have to create a firewall rule and specify: A. "chain". "protocol". mikrotik.2 /ip dhcp-server lease add mac-address=00:0C:42:01:02:04 address=192. In RouterOS queue configurations the word "total" usually represents A. /ip proxy access add path=*xxx* action=allow redirect-to=www. /ip proxy access add dst-host=*xxx* action=deny redirect-to=www.168.168.1 . upload + download 3.mikrotik. download B. /ip proxy access add dst-host=*xxx* action=allow redirect-to=www.com Choose correct proxy access rule.0.0.0.0. DHCP-server configuration.com C.0.upload D.mikrotik. A. /ip dhcp-server set 0 address-pool=static-only /ip dhcp-server lease add mac-address=00:0C:42:01:02:03 address=192.0/24 network except 192.1 /ip dhcp-server lease add mac-address=00:0C:42:01:02:02 address=192.com D. 192.* path=*xxx* action=deny redirect-to=www.com B.168. Any host from 192.254 B.com 2.google. You need to redirect a browser page from a search of "xxx" in google to another website such as www. upload C. download .168.mikrotik.1.0. /ip proxy access add dst-host=*.3 Which IP addresses will be handed out to client? A.168.mikrotik.168. D1 .2 4..0. D2 C. 192.C. What will happen with the packet content ? A.168.. The whole packet will be forwarded back to the sender regardless of its contents 5.queue "D1" parent="F" limit-at=3M max-limit=4M priority=5 . 192.0.queue "M" parent="GP" limit-at=4M max-limit=6M .. The packet will be discarded regardless of its content C. An IP packet has matched all the conditions of a firewall rule and the action reject and the option icmp-network-unreachable was initiated for that packet.. The packet header will receive a flag of \\\"icmp-network-unreacheble\\\" D.0.queue "D2" parent="F" limit-at=2M max-limit=5M priority=2 Which queue will get more than limit-at in worst case scenario? A.0. C2 E.1.queue "C1" parent="M" limit-at=1M max-limit=7M priority=4 . The packet will be rejected only if the destination network is unreachable B. You have a queue structure: queue "GP" max-limit=10M .. C1 B.1. 192.2.queue "C3" parent="M" limit-at=2M max-limit=7M priority=8 .168. 192.0. C3 D.168.3 D. 192.168.168.queue "F" parent="GP" limit-at=5M max-limit=8M .queue "C2" parent="M" limit-at=1M max-limit=4M priority=1 . You want to offer a static route to your DHCP clients (besides the default-route). There is no way to send a static-route to DHCP clients D. Set DHCP options 3 B.6. action=accept chain=prerouting disabled=no per-connection-classifier=both-addresses:3/3 E. /system watchdog 9. What is the best way to do that? A. Interface HTB can be specified as a parent for a simple queue. Set DHCP options 121 C. MikroTik RouterOS commands can be run once a day by: A. /system cron B. action=accept chain=prerouting disabled=no per-connection-classifier=both-addresses:0/0 F. A. action=accept chain=prerouting disabled=no per-connection-classifier=both-addresses:3/0 C. action=accept chain=prerouting disabled=no per-connection-classifier=both-addresses:3/2 7. /system scheduler C. what are the proper PCC settings. this way applying simple queue only for traffic that is leaving through that interface True 8. action=accept chain=prerouting disabled=no per-connection-classifier=both-addresses:1/1 D. You are splitting between three connections. action=accept chain=prerouting disabled=no per-connection-classifier=both-addresses:3/1 B. Set a static IP into /ip route and it will automatically be sent to clients . You created PCC mangle rules. "BB" 2M E. "BA" 10M. add-to-list C. queue "AA" will get 5M. tarpit D. "BB" 3M B. "AB" 2M. "BA" 10M. "AC" 4M. queue "AA" will get 5M. "BA" 10M. tarp B. You have a queue structure: queue "MK" max-limit=23M -queue "A" parent="MK" limit-at=10M max-limit=18M --queue "AA" parent="A" limit-at=3M max-limit=5M priority=1 --queue "AB" parent="A" limit-at=1M max-limit=2M priority=2 --queue "AC" parent="A" limit-at=4M max-limit=8M priority=4 -queue "B" parent="MK" limit-at=10M max-limit=18M --queue "BA" parent="B" limit-at=1M max-limit=10M priority=1 --queue "BB" parent="B" limit-at=2M max-limit=3M priority=3 Select the correct answer for the worst case scenario. queue "AA" will get 3M. "AC" 8M. "BA" 10M. "BB" 2M D. Possible actions of ip firewall filter are: A. "BA" 1M. queue "AA" will get 3M. "AC" 8M. "BB" 3M . "AB" 2M. "AC" 8M.10. "AB" 1M. bounce 11. "AC" 4M. "AB" 2M. queue "AA" will get 5M. "BB" 2M C. log E. A. "AB" 2M. accept F. 0/24. mark traffic in mangle chain "forward". ICMP Protocol B. and place limitations in "global-out" HTB D. UDP Protocol C. TCP Protocol D. mark traffic in mangle chain "postrouting".1. and place limitations in interface HTB C. A. mark traffic in mangle chain "prerouting". Any Protocol 13. kind=pcq pcq-limit=5000000 pcq-classifier=dst-address D.168. kind=pcq pcq-limit=5000000 pcq-classifier=src-address B. mark traffic in mangle chain "postrouting". To place upload/download limitations for each client you can A. Choose correct argument values for the required queue. kind=pcq pcq-limit=256000 pcq-classifier=src-address . kind=pcq pcq-limit=256000 pcq-classifier=dst-address C. You want to use PCQ and allow 256k maximum download and upload for each client. and place limitations in interface HTB 14. Action Tarpit can be applied to A. You have masqueraded network 192. and place limitations in "global-in" HTB E. kind=pcq pcq-limit=1256000 pcq-classifier=dst-address E. mark traffic in mangle chain "forward". and place limitations in "global-out" HTB B.12. . client discovery. client request.queue "C2" parent="M" limit-at=1M max-limit=4M priority=1 ..queue "C1" parent="M" limit-at=1M max-limit=7M priority=4 .queue "D2" parent="F" limit-at=2M max-limit=5M priority=2 If queues "C2" and "C3" are not requiring any traffic.queue "M" parent="GP" limit-at=4M max-limit=6M . will make it have both mangle marks.15. client request. The DHCP client . Two mangle rules defining different mangle marks for the same traffic type. server ack B. server ack. False 17. server offer. client discovery.. server ack C. You have a queue structure: queue "GP" max-limit=10M . server offer D.queue "C3" parent="M" limit-at=3M max-limit=7M priority=8 .queue "D1" parent="F" limit-at=3M max-limit=4M priority=5 . client request.server communication steps are A. how is all the available bandwidth going to be distributed in worst case scenario? . server offer. server offer 18. True 16. client discovery.queue "F" parent="GP" limit-at=5M max-limit=8M .. An IP address pool can contain addresses from more than one subnet. client request. client discovery.. client ack. "D1" 3M B. queue "C1" will get 4M. (select all that apply) A. Only the web server port should be visible to the public. "D2" 7M. "D1" 4M 19. Connection Tracking must be enabled on NAT router D. You can apply input firewall rules based on prerouting or forward mangle marks False 20. "D2" 2M. Which of the following configuration steps must be met. "D1" 5M C.A. in ip firewall NAT there should be a dst-nat between the public ip of the router and the private ip of the webserver E. "D1" 3M D. "D2" 3M. It is required to make a web server on a private LAN visible on the Public Internet. queue "C1" will get 3M. queue "C1" will get 4M. queue "C1" will get 5M. A route between the NAT Router and the webserver must exist B. "D1" 3M E. LAN address of the webserver should be routable on the internet . "D2" 5M. Public IP address of the webserver must be installed on the NAT Router C. queue "C1" will get 2M. "D2" 3M. 192.0. that can be used by this DHCP server.168.0. are: A.255 22. What feature of MikroTik firewall can help you in case of synflood attack? A.0. 192.168.168.168.169.0. TCP syn reject 23.0.99.168.254 D.0. "dst-limit" option is used to limit the number of hops a packet is allowed to take False .1-192. Possible IP pools.100/24 is assigned to the interface.168. IP address 192.0.1-192.1-192.254 B.168. DHCP server is configured on a router’s ether1 interface. 192. TCP syn Jump E. TCP syn deny B.1-192.0.168.101-192. In IP firewall filter. 192.0.169.0. TCP syn Cookie D. TCP syn drop C.21.0.192.14 C.168. unknown B. 3 D. invalid C. 1 B. if both laptops have same priority. established D. 2 ? 25. previously unseen connection. 4 C. no connection state would be applied to such packet E. According to the picture. which connection state would be applied to it? A. If a packet comes to a router and starts a new.24. new . how much bandwidth will be available for every laptop ? A. unicast address D. public address C. SFQ B. RED D. private address E. IP address C. Packet sniffer can stream results to A. A. broadcast address B.1. Local file D. Neighbor MAC address B. FIFO . MAC address 3. PFIFO E. In normal Network Conditions which types of addresses will never be a source address in an IP packet in your physical network. Which of these techniques equalizes the flow between connections when the link is completely full: A. loopback address F. multicast address 2. PCQ C. Packet marks can be set by ip firewall mangle in different chains. What does the firewall action "Redirect" do? A. A. Controls domains or servers which are allowed to cache by Proxy B. Choose correct statements for MikroTik proxy. Redirects a packet to a specified port on the router 5. Can deny access to a specific domains or servers.4. prerouting E. Firewall NAT rules process only the first packet of each connection. True 6. you have to mark your packets in chain: A. Destination NAT rule is required to utilize transparent proxy facility C. Redirects a packet to a specified IP D. input B. To use packet marks in Global-in Queue (Queue trees). but not specific web pages . caching should be enabled D. Redirects a packet to a specified port on a host in the network B. To deny access to a specific website. output D. Redirects a packet to the router C. forward 7. postrouting C. 10 action=drop B.8. which of the following rules would be needed? A.upload C.1.168. if you wish to prevent all access to a server located at 192. It adds a prefix to the packet and passes it through D. It logs the packet .1 dst-address=192.168. upload D.168. It blocks and logs the packet B.168.99.168. /ip firewall nat add chain=dstnat src-address=192.168.0/24 dst-address=192.10 action=drop C.168.10 action=drop D.99.0/24 gateway=192. What does the firewall action "log" do? A. upload + download 9.168.10 from LAN1 devices.2 /ip firewall natadd chain=srcnat out-interface=Ether1 action=masqueradeOn R2. /ip firewall filter add chain=forward src-address=192. you have the following configuration: /ip routeadd dst-address=192.10 action=drop 10. Consider the following network diagram.1. It logs and blocks the packet C.168.1. In RouterOS queue configurations the word "total" usually represents A.168. download B. download . In R1. /ip firewall filter add chain=input src-address=192. /ip firewall filter add chain=forward src-address=192.1 dst-address=192.1.0.168.99.1.99.1 dst-address=192.1. what are the proper PCC settings. The whole packet will be forwarded back to the sender regardless of its contents . What will happen with the packet content ? A.11. action=accept chain=prerouting disabled=no per-connection-classifier=both-addresses:3/3 C. There is no way to send a static-route to DHCP clients B. action=accept chain=prerouting disabled=no per-connection-classifier=both-addresses:3/2 E. The packet will be rejected only if the destination network is unreachable D. Set a static IP into /ip route and it will automatically be sent to clients D. What is the best way to do that? A. Set DHCP options 3 C. A. An IP packet has matched all the conditions of a firewall rule and the action reject and the option icmp-network-unreachable was initiated for that packet. action=accept chain=prerouting disabled=no per-connection-classifier=both-addresses:1/1 D. action=accept chain=prerouting disabled=no per-connection-classifier=both-addresses:3/0 B. You want to offer a static route to your DHCP clients (besides the default-route). The packet header will receive a flag of \\\"icmp-network-unreacheble\\\" C. The packet will be discarded regardless of its content B. action=accept chain=prerouting disabled=no per-connection-classifier=both-addresses:3/1 12. Set DHCP options 121 13. You are splitting between three connections. action=accept chain=prerouting disabled=no per-connection-classifier=both-addresses:0/0 F. You created PCC mangle rules. "bbb" B. "aaabbb" D. . Interface HTB can be specified as a parent for a simple queue. You have a queue structure: queue "MK" max-limit=23M -queue "A" parent="MK" limit-at=10M max-limit=18M --queue "AA" parent="A" limit-at=3M max-limit=5M priority=1 --queue "AB" parent="A" limit-at=1M max-limit=2M priority=2 --queue "AC" parent="A" limit-at=4M max-limit=8M priority=4 -queue "B" parent="MK" limit-at=10M max-limit=18M --queue "BA" parent="B" limit-at=1M max-limit=10M priority=1 --queue "BB" parent="B" limit-at=2M max-limit=3M priority=3 Select the correct answer for the worst case scenario. "aaa" and "bbb" 16.14. "aaa" C. There are two mangle rules:0 chain=forward action=mark-routing new-routing-mark="aaa" passthrough=yes1 chain=forward action=mark-routing new-routing-mark="bbb" passthrough=yesWhat routing mark will the packet have after passing the forward chain? A. this way applying simple queue only for traffic that is leaving through that interface True 15. /ip dhcp-server set 0 address-pool=static-only/ip dhcp-server lease add mac-address=00:0C:42:01:02:03 address=192. "BB" 3M E. 192.1. queue "AA" will get 5M.168.0.2 D. "BB" 2M D.3Which IP addresses will be handed out to client? A. "BB" 3M 17. "BA" 10M.168.168.168.0.168. 192. "AC" 8M. "BA" 10M.1/ip dhcp-server lease add mac- address=00:0C:42:01:02:02 address=192. These mangle marks can then be used across multiple routers in the network.0. "AB" 2M. queue "AA" will get 5M.0. 192. that can be used for routing and bandwidth management. "AC" 4M.1 18. Any host from 192.0.2/ip dhcp-server lease add mac- address=00:0C:42:01:02:04 address=192.254 C.2. like TOS (DSCP) and TTL fields. "AB" 2M. queue "AA" will get 3M. 192.168. queue "AA" will get 5M.0.0.168. Mangle allows you to mark IP packets with special marks.0.0.168. 192.1. "AB" 2M. "AB" 2M.3 B. True . "AC" 8M. 192. "AC" 4M. "BB" 2M C.168. "AB" 1M.0. DHCP-server configuration.168. "AC" 8M.0. "BA" 10M. queue "AA" will get 3M.A. log messages are stored on disk by default False 19.0/24 network except 192. "BA" 10M. The mangle facility can also be used to modify some fields in the IP header.168. "BB" 2M B. "BA" 1M. and place limitations in interface HTB C.html D. login. and place limitations in "global-out" HTB 21. tarp 22. and place limitations in "global-in" HTB D. add-to-list C. mark traffic in mangle chain "prerouting". mark traffic in mangle chain "postrouting". You have masqueraded network 192. accept F. tarpit B.html B. alogin. redirect.html . template. log E. and place limitations in "global-out" HTB B. mark traffic in mangle chain "forward".20. Possible actions of ip firewall filter are: A.html C. mark traffic in mangle chain "postrouting". To customise the look of the hotspot login page. mark traffic in mangle chain "forward".1. and place limitations in interface HTB E.0/24.168. To place upload/download limitations for each client you can A. you can edit A. bounce D. queue "C2" parent="M" limit-at=1M max-limit=4M priority=1 .queue "D1" parent="F" limit-at=3M max-limit=4M priority=5 . Is it possible to have 2 working DHCP servers on the same interface? A. Yes.queue "M" parent="GP" limit-at=4M max-limit=6M- . as long as only 1 is Authoritative C.. No it is not possible D. as long as 1 has a relay specified 24.queue "C3" parent="M" limit-at=2M max-limit=7M priority=8 . C2 B. D1 E.queue "D2" parent="F" limit-at=2M max-limit=5M priority=2 Which queue will get more than limit-at in worst case scenario? A. as long as 1 is set to Always Broadcast B. D2 D. Yes. C3 . Yes.... You have a queue structure: queue "GP" max-limit=10M.queue "C1" parent="M" limit-at=1M max-limit=7M priority=4 . C1 C.23.queue "F" parent="GP" limit-at=5M max-limit=8M . 3 C.25. if both laptops have same priority. how much bandwidth will be available for every laptop ? A. According to the picture. 1 B. 2 ? . 4 D.
Copyright © 2024 DOKUMEN.SITE Inc.