MTCNA Exam Dumps : MikroTikCertified Network Associate Exam

A stub network is defined as a network segment that is accessible by only one path (single entry/exit point). It does not serve as a transit network for routing between other networks. Traffic entering or leaving the stub network must pass through a single interface.

MTCNA Course Material – Routing Concepts:

“A stub network is one that is connected to the rest of the network by a single router interface. It has only one entry and one exit point.”

René Meneses MTCNA Study Guide – Routing Terms:

“Stub networks do not forward packets for other networks. They are endpoints with one route in and out.”

Other options:

A/B: Describe transit networks, not stub

C: Misleading—stub has both entry and exit, but only through one path

D:✔Correct definition

Final Answer: DQUESTION NO: 130 [PPP – Protocol Functions]

What PPP protocol provides dynamic addressing, authentication, and multilink?

A. NCP

B. HDLC

C. LCP

D. X.25

Answer: C

LCP (Link Control Protocol) is responsible for establishing, configuring, and testing the data-link connection in PPP. It handles features such as:

Authentication (PAP/CHAP)

Link quality testing

Multilink (combining multiple connections)

Negotiating link options

MTCNA Course Material – PPP Configuration:

“LCP handles link configuration, authentication, multilink, and error detection. NCP handles network layer protocol configuration.”

René Meneses MTCNA Study Guide – PPP Stack:

“LCP is the control protocol used to manage and negotiate the PPP connection, including authentication and multilink.”

Other options:

A: NCP negotiates Layer 3 protocol settings (e.g., IP, IPX)

B: HDLC is a simpler Layer 2 protocol, no support for dynamic addressing or multilink

D: X.25 is a packet-switched WAN protocol, not part of PPP

Final Answer: CQUESTION NO: 131 [Switching – Spanning Tree Protocol (STP)]

In a network with dozens of switches, how many root bridges would you have?

A. 1

B. 2

C. 5

D. 12

Answer: A

Spanning Tree Protocol (STP) is used in Ethernet switching environments to prevent loops. In any STP domain, only one switch is elected as the root bridge. All other switches determine the shortest path to this root bridge and may block redundant paths.

MTCNA Course Material – STP Basics:

“STP ensures a loop-free topology by electing a single root bridge. All path calculations are made from the root bridge’s perspective.”

René Meneses MTCNA Study Guide – STP and Loop Prevention:

“Only one root bridge exists per STP domain. Switches use BPDU messages to elect it based on bridge ID priority.”

No matter how many switches exist (2, 10, or 50), only one root bridge is present at any time.

Final Answer: AQUESTION NO: 132 [IP Addressing – Classful Networking]

Which class of IP address has the most host addresses available by default?

A. A

B. B

C. C

D. A and B

Answer: A

Classful IP addressing reserves different address ranges and host counts:

Class A: 1.0.0.0 – 126.255.255.255 (/8) → 2^24 – 2 = 16,777,214 hosts

Class B: 128.0.0.0 – 191.255.255.255 (/16) → 2^16 – 2 = 65,534 hosts

Class C: 192.0.0.0 – 223.255.255.255 (/24) → 2^8 – 2 = 254 hosts

MTCNA Course Material – IP Address Classes:

“Class A has the largest number of hosts per network, over 16 million. Class B allows around 65,000, and Class C allows 254.”

René Meneses MTCNA Study Guide – Classful IP Summary:

“Class A provides the most host addresses by default due to its /8 subnet.”

Only Class A has the highest host count.

To achieve actual throughput of 100 Mbps, you must use 802.11n, which supports higher data rates through technologies such as MIMO (Multiple Input, Multiple Output) and channel bonding. 802.11n provides theoretical speeds up to 150 Mbps per stream and actual throughput above 100 Mbps under good conditions.

802.11a/b/g maxes out around 20–25 Mbps real throughput

802.11n (especially in 5 GHz band via 802.11a/n) is required to exceed 100 Mbps actual throughput

MTCNA Course Material – Wireless Standards and Data Rates:

“802.11n with proper channel width and MIMO can achieve over 100 Mbps of real throughput.”

René Meneses MTCNA Study Guide – Wireless Performance:

“Only 802.11n can reach 100+ Mbps in practical use. Legacy modes (a/b/g) fall short due to modulation limits.”

Breakdown:

A/B/C: Do not support 100 Mbps throughput

D:✔802.11a/n supports 100+ Mbps

E: While also valid, D is more precise for the specific requirement (focused on a/n only)

Final Answer: DQUESTION NO: 156 [Firewall – Mangle Chains]

It is possible to add user-defined chains in ip firewall mangle.

A. True

B. False

Answer: A

RouterOS allows users to define custom chains in the mangle table, giving more flexibility for organizing and managing rules. This is particularly useful in complex routing and QoS configurations.

MikroTik Wiki – Firewall Mangle:

“Custom chains can be created using the add chain=your_chain_name command. Then you can jump to them from built-in chains.”

MTCNA Course Material – Mangle & Packet Flow:

“User-defined chains help separate logic and simplify processing. You can jump into them from prerouting, forward, or postrouting.”

Final Answer: AQUESTION NO: 157 [Firewall – NAT and Redirect Actions]

Action=redirect allows you to make:

A. Transparent DNS Cache

B. Forward DNS to another device IP address

C. Enable Local Service

D. Transparent HTTP Proxy

Answer: D

In RouterOS, action=redirect is used in NAT rules to redirect traffic destined for specific ports to local services. This is often used for:

Transparent web proxy (redirect port 80 to a local proxy service)

Transparent DNS interception (if RouterOS is the DNS server)

In most practical MikroTik use cases, redirect is associated with Transparent HTTP Proxy.

MTCNA Course Material – NAT Configuration:

“action=redirect rewrites the destination address to the router’s own IP. It is commonly used to create transparent web proxies.”

MikroTik Wiki – NAT Redirect:

“Redirect is used for redirecting traffic to local services like web proxy or DNS cache on the router.”

Breakdown:

A: Possible, but limited use; DNS cache works better with dst-nat

B: Incorrect — to forward to another IP, use dst-nat

C: Misleading — enabling local services doesn't require redirect

D:✔Correct—redirect enables transparent proxy setup

Final Answer: DQUESTION NO: 158 [Routing – Automatically Created Routes]

What letters appear next to a route, which is automatically created by RouterOS when user adds a valid address to an active interface?

A. I

B. D

C. A

D. S

E. C

Answer: E

In RouterOS, when an IP address is assigned to an interface, a connected route is automatically created. These routes are marked with the letter “C” in the routing table, denoting “Connected.”

MikroTik Wiki – Routing Table Flags:

“C – directly connected routes (assigned via /ip address), added automatically when interface is active.”

MTCNA Course Material – Static vs Dynamic Routes:

“Connected (C) routes are added automatically when IP is assigned to an interface.”

Flag meanings:

C:✔Connected

S: Static

D: Dynamic

A: Active (not a route type)

I: Invalid or intermediate (not shown for connected)

In MikroTik RouterOS, the masquerade action is used in source NAT (srcnat) rules to hide internal/private IP addresses behind a router’s public IP address. This is typically done for internet access from a LAN where the devices have private IP addresses (e.g., 192.168.x.x).

Masquerade dynamically changes the source IP of outgoing packets to the IP address of the router’s outbound interface, allowing multiple internal devices to share a single public IP.

Let’s evaluate the options:

A. masquerade →✅Correct. Used to perform source NAT for hiding private addresses.

B. allow →❌Not a valid NAT action.

C. passthrough →❌Used in mangle rules to continue processing additional rules, not for NAT.

D. tarpit →❌Used to delay TCP connections (often in firewall, not NAT).

MTCNA Course Manual – NAT Chapter:

“Masquerade is a special form of source NAT where the router replaces the source IP with the IP address of the outgoing interface.”

René Meneses Guide – NAT Configuration:

“Use masquerade on the router’s WAN interface to give internet access to private clients.”

Terry Combs Notes – NAT Rule Actions:

“Masquerade = dynamic src-nat. Useful when public IP is dynamic or unknown.”

Answer: AQUESTION NO: 62 [PPP / AAA]

Router A and B are both running as PPPoE servers on different broadcast domains of your network. It is possible to set Router A to use "/ppp secret" accounts from Router B to authenticate PPPoE customers.

A. true

B. false

Answer: B

/ppp secret accounts are local to each RouterOS device. These credentials are stored in the router’s own configuration and cannot be shared directly between routers.

To centralize authentication across multiple routers, a RADIUS server must be used. With RADIUS, multiple MikroTik routers can authenticate users against a single, centralized user database.

Without RADIUS or another external AAA system:

Each router maintains its own /ppp secret list

Router A cannot directly read or use the /ppp secrets from Router B

Evaluation:

A.❌False. There is no built-in mechanism for Router A to access secrets on Router B.

B.✅Correct. You must use RADIUS if you want shared authentication across routers.

MTCNA PPP Module – Authentication Methods:

“/ppp secrets are stored locally on the router. For shared user authentication, configure RADIUS.”

René Meneses Study Guide – PPPoE and RADIUS:

“To authenticate clients on multiple routers with a central database, RADIUS is required.”

Terry Combs Notes – PPP Secrets vs RADIUS:

“Local secrets cannot be accessed remotely. Use RADIUS to centralize authentication.”

Answer: B