MTCNA Exam Dumps : MikroTikCertified Network Associate Exam

Nstreme is a proprietary point-to-point wireless protocol developed by MikroTik to improve performance on long-distance wireless links. It enhances frame aggregation, reduces latency, and replaces standard 802.11 MAC timing behavior with a custom approach. Because of its specific mechanism, it imposes certain compatibility restrictions:

A. WDS between two station-wds devices is not compatible with Nstreme. This setup doesn't conform to proper AP-client architecture required by Nstreme, which operates in a master/slave role — typically ap-bridge and station.

B. Encryption (e.g., using WEP or WPA) is supported in Nstreme; however, MikroTik recommends encryption at higher layers like IPsec when performance is critical.

C. WDS between ap-bridge and station-wds is compatible with Nstreme. This is the standard pairing used when bridging two networks via wireless.

D. Bridging a station with an ap-bridge device using standard station mode (not station-wds or station-bridge) is not compatible for full Layer 2 bridging. Only station-wds or station-bridge supports bridging with ap-bridge mode.

Extract from Official MTCNA Course Material – Wireless Section:

"Nstreme is supported only between a device in ap-bridge mode and a device in station or station-wds mode. Both ends must support Nstreme. WDS is supported with station-wds and ap-bridge combinations. Encryption is supported, although optional."

Extract from Terry Combs MTCNA Notes – Nstreme Notes:

"Only ap-bridge <-> station-wds (or station-bridge in RouterOS v6+) is valid for bridging over Nstreme. Encryption like WPA2 is supported but optional."

Extract from René Meneses Study Guide – Wireless Features:

“Nstreme does not support station-station WDS. Proper implementation requires ap-bridge on one side and station-wds or station-bridge on the other. Basic encryption (WEP/WPA) is allowed.”

===========

The /interface wireless access-list in MikroTik is used to define a set of rules that permit or deny wireless clients based on their MAC addresses and signal strength.

This list applies only to clients trying to connect to the router’s wireless interface when it is configured as an Access Point.

Let’s break down the options:

A.✅Correct – Used to allow or deny client MAC addresses and apply settings like rate limits, VLANs, etc.

B.❌That’s the role of the registration table.

C.❌Security profiles are configured separately under /interface wireless security-profiles.

D.❌Hotspot authentication is handled via /ip hotspot, not wireless access lists.

MTCNA Wireless Module – MAC Access Control:

“Access-list matches incoming clients by MAC. You can allow, deny, and apply custom settings.”

René Meneses Study Guide – Wireless Security:

“Access-list is used to explicitly permit or block clients based on their MAC address.”

Terry Combs Notes – Wireless Filtering:

“Think of access-list like a whitelist/blacklist for Wi-Fi clients.”

Answer: AQUESTION NO: 65 [Firewall]

One host on an internal network is accessing an external web page through a MikroTik router that is doing source NAT. Select the correct statement about the packets that flow from that web page to the host:

A. Packets go through the input chain

B. Packets go through the forward chain

C. Packets go through the output chain

D. Packets go through the input chain before the routing decision and after that through output chain

Answer: B

When a host on a LAN accesses a website on the internet via a MikroTik router that’s performing source NAT (e.g., masquerade), the traffic path is as follows:

From LAN host to internet → forward chain → NAT (src-nat)

From internet back to LAN host → forward chain again → connection-tracked → src-nat reversed

Since the router is only routing the packets and is not the originator or final destination, the packet passes through the forward chain.

Clarifying the options:

A.❌input chain is for packets destined to the router itself

B.✅Correct – packet is routed through the router (forwarded)

C.❌output chain is for packets originating from the router

D.❌This description applies to packets sourced by the router itself

MTCNA Course Manual – Packet Flow Diagram:

“Forward chain handles packets that are being routed through the device (not destined to or from the router itself).”

René Meneses Guide – Firewall Chains:

“For routed traffic, the forward chain is used. This includes NATed traffic between LAN and WAN.”

Terry Combs Notes – Packet Flow:

“Understand the router’s role. If it’s just forwarding, only the forward chain applies.”

Answer: BWould you like to continue with Questions 66–70, or generate a full summary (PDF-style) of all 65 completed qu

The hardware-coded address that uniquely identifies a device's network interface card (NIC) on the local network is called a MAC address. It is “burned in” by the hardware manufacturer and remains constant unless manually overridden.

MAC stands for Media Access Control, and it operates at Layer 2 of the OSI model. It is used to identify devices on a local area network.

A. FQDN (Fully Qualified Domain Name) refers to a human-readable name used in DNS.

B. IP Address is a logical address used for routing at Layer 3.

C. Interface Address is a generic term and not a standard identifier.

D. MAC Address is correct and refers to the physical, hardware-encoded address on an interface.

Extract from MTCNA Course Manual – RouterBOARD Overview:

“A MAC address is a globally unique hardware identifier assigned to each Ethernet or wireless interface. It is used by Layer 2 to ensure local delivery.”

René Meneses Study Guide – MAC & OSI Layering:

“The MAC address is a 48-bit physical identifier, hardcoded by the device vendor and located in the NIC chip.”

Terry Combs MTCNA Notes – Layer 2 Concepts:

“MAC = Physical Address = Layer 2 Identifier. It’s what switches use to forward Ethernet frames.”

===========